Cloud Identity and Access Management Game Changers: Top 3 Innovations in Cloud Security for 2023
Blog Published: 11/20/2023
Originally published by Britive. As multi-cloud business operations proliferated throughout 2023, it became clear that the future of cloud security favors those committed to staying on the cutting edge of access management. 2023 delivered an arsenal of innovative trends and strategies to navigate...
Behind the Curtain with a CCZT Developer: Security Solution Architect Bernard Coetzee
Blog Published: 11/18/2023
The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...
Generative AI in the Workplace: Striking a Balance Between Innovation and Risk
Blog Published: 11/17/2023
Originally published by CXO REvolutionaries. Written by Christopher Jablonski, Director, CXO REvolutionaries & Community, Zscaler. Given what we’ve observed since the launch of OpenAI’s ChatGPT last Fall, generative AI and large language models look poised to eventually make every employee an...
Building an Effective User Identity Ecosystem Through Secure Digital Access
Blog Published: 11/17/2023
Written by Sanjay Karandikar, Director & Global Practice Head for IAM, Cybersecurity, HCLTech. In today's rapidly evolving digital landscape, user identity and cybersecurity concepts have emerged as pivotal concerns. With the widespread adoption of cloud technology and the ever-expanding atta...
Google’s Vertex AI Platform Gets Freejacked
Blog Published: 11/17/2023
Originally published by Sysdig. Written by Michael Clark. The Sysdig Threat Research Team (Sysdig TRT) recently discovered a new Freejacking campaign abusing Google’s Vertex AI platform for cryptomining. Vertex AI is a SaaS, which makes it vulnerable to a number of attacks, such as Freejacking an...
My Reflections on OpenAI DevDay 2023: Security of New Features
Blog Published: 11/16/2023
Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR. Image generated by DALL.E 3 of OpenAI 1: Introduction On November 6th, 2023, I had the opportunity to attend the inaugural OpenAI Developer Day. This event was a significant gathering, unveiling a variety of new,...
Who Can Access My Sensitive Data?
Blog Published: 11/16/2023
Originally published at Dig Security. Written by Sharon Farber. Data serves as the lifeblood of organizations, fueling insights, driving decision-making, and nurturing customer relationships. However, the challenge lies in effectively managing this valuable asset, particularly when it resides in ...
CSA STAR CCM Lite
Blog Published: 11/16/2023
Written by Ashwin Chaudhary, CEO, Accedere. The Cloud Security Alliance (CSA) STAR CCM Lite is a streamlined version of the CSA Cloud Controls Matrix (CCM) v4, a cybersecurity controls framework for cloud computing developed by CSA. CCM v4 was released in September 2021. The CCM Lite is a compreh...
Top 3 Reasons to Replace Your SEG
Blog Published: 11/15/2023
Originally published by Abnormal Security. Written by Lane Billings. By manipulating generative AI and other forms of new technology, highly skilled cybercriminals have made defending email an ever-evolving uphill battle. Traditional secure email gateways (SEGs) are no longer an effective means o...
Cloud Security Alliance Launches the Industry’s First Authoritative Zero Trust Training and Credential, the Certificate of Competence in Zero Trust (CCZT)
Press Release Published: 11/15/2023
Uniquely positions CSA as the authoritative source to deliver the industry’s first holistic benchmark for measuring Zero Trust knowledgeSEATTLE – Nov. 15, 2023 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices...
Behind the Curtain with a CCZT Developer: Head of Identity Security Sesh Ramasharma
Blog Published: 11/14/2023
The Certificate of Competence in Zero Trust (CCZT) is the first vendor-neutral credential available for industry professionals to demonstrate their expertise in Zero Trust principles. The winner of Cyber Defense Magazine’s 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training, the cer...
CCZT: A Major Milestone on the Zero Trust Journey
Blog Published: 11/14/2023
My personal history in cybersecurity began in the very early days of the commercialization of the nascent Internet. I started out as a firewall guy in 1992, primarily because my customers relied on firewalls to protect their network perimeters. Firewall implementation was underpinned by a simple ...
More on Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
Blog Published: 11/14/2023
Originally published by Mitiga. Written by Ariel Szarf and Or Aspir. Imagine that you’re a SOC (Security Operations Center) analyst receiving an alert about suspicious behavior from a binary on an EC2 instance. After checking the binary on VirusTotal, you find it was an AWS-developed software sig...
The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2
Blog Published: 11/14/2023
Originally published by CrowdStrike. In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries.Opportunities for RansomwareThe Restart Manager preempts unwelcome reboots by shut...
Understanding Data Inventory and Why It Matters to CISOs
Blog Published: 11/13/2023
Originally published by Symmetry Systems. Written by Claude Mandy, Chief Evangelist, Symmetry Systems. In a modern organization, you cannot overstate the role of data. It is the largest, distributed and most valuable asset they have. Data influences everything from revenue growth to security risk...
Understanding and Enhancing the Values of ISO/IEC 27001 Internal Audit
Blog Published: 11/13/2023
Originally published by CAS Assurance. What is the ISO 27001 Internal Audit?Generally, internal audit is defined as “an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization achieve its objectives by brin...
Nonprofit Cyber Launches World More Than a Password Day
Press Release Published: 11/10/2023
Coalition of nonprofit organizations releases groundbreaking Common Guidance on Passwords with 90 signatories globallyNew York, Nov. 10, 2023: Safeguarding your online identity and data has never been more critical. “World More Than a Password Day” is a global movement to emphasize the importance...
I’m Implementing Generative AI Into My Company’s Cybersecurity Product. Here’s What I’ve Learned.
Blog Published: 11/09/2023
Originally published by Dazz. Written by Eshel Yaron, Software Engineer, Dazz. AI is ubiquitously on everyone’s minds today – from large corporations to middle school classrooms. And it’s no wonder—this technology is transformative in the speed of creation and innovation.When ChatGPT came out, I ...
Navigating Compliance Requirements for Businesses Collecting Consumer Health Information
Blog Published: 11/09/2023
Originally published by BARR Advisory.The Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) recently released an updated joint publication for organizations that collect consumer health information. The publication provides businesses guidance for complying...
Bad Zero Trust is Not Good Security
Blog Published: 11/08/2023
Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler. As an advocate and veteran practitioner of zero trust, I was intrigued by a recent article decrying its "vulnerability.” In fact, seeing zero trust and vulnerability in the same headline had me wonderin...