Behind the Eight-Ball: Why Companies Struggle with Penetration Risk
Blog Published: 09/08/2023
Originally published by Coalfire. Written by Adam Kerns, Managing Principal, Commercial Services: Product Development, Coalfire. Key takeaways:Cloud migration has exposed organizations to new risks such as misconfiguration, injection and encryption issues.To stay ahead of cybercrime in the new er...
Security Challenges with SaaS Applications
Blog Published: 09/08/2023
Written by Eyal Estrin. SaaS (Software as a Service) is the most common cloud service model. According to the Shared Responsibility Model, "The consumer does not manage or control the underlying cloud infrastructure". As customers, this leaves us with very little control over services managed b...
The Great Agent Debate: New Research Breaks Down the Love-Hate Relationship
Blog Published: 09/07/2023
Written by Andy Schneider, EMEA Field CISO, Lacework. While there are new cloud security debates every day, there's a common thread that security professionals can't seem to stop discussing: security agents. If your feelings toward agents go back and forth between appreciation and skepticism, you...
Debunking Five Cybersecurity Myths
Blog Published: 09/07/2023
Originally published by ThreatLocker.Introduction Cybersecurity is not an easy topic to fully understand if you are new to the field, and just when you think you have a decent understanding of the technical aspects of it, you open a door to much more undiscovered knowledge. It is this reason that...
How To Avoid a Security Potluck With Good Governance from Code to Cloud
Blog Published: 09/07/2023
Originally published by Tenable. Written by Upkar Lidder. Organizations are pushing their application development teams to integrate security into their daily operations and throughout the development process. However, without an overlying strategy or security governance, you can end up w...
SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto
Blog Published: 09/06/2023
Originally published by Sysdig. Written by Alessandro Brucato. SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques u...
What to Do After Receiving a Phishing Attack
Blog Published: 09/06/2023
Originally published by Abnormal Security. Written by Emily Burns. Phishing is an increasingly common form of cyberattack that relies on social engineering tactics and malicious links to gain access to confidential data or financial accounts. In fact, over the past two years, phishing has been th...
Discover How to Navigate Compliance Challenges at the Intersection of Data Governance and AI Integration
Blog Published: 09/06/2023
Written by Arun Dhanaraj, Vice President of Cloud Practices, Global Bank. Artificial intelligence (AI) is being used by businesses to innovate and go ahead in today's fast-paced market. However, with this adoption comes a multitude of data governance requirements and regulations that can be overw...
How to Detect and Prevent Corporate Espionage
Blog Published: 09/05/2023
Originally published by Code42. Written by Aimee Simpson. Employees’ hard work, innovative ideas and collaborative efforts drive every organization’s success. In fact, many companies consider their employees their greatest asset. However, the trade secrets those employees create and use daily can...
Resolving the Data Protection Challenge Across Cloud and Remote Devices
Blog Published: 09/05/2023
Written by David Richardson, Vice President of Product, Lookout. As IT operations migrated to the cloud, it became easier to support remote and hybrid workers. The problem is that it has also complicated the infrastructure IT and security teams are tasked to protect.Organizations far and wide hav...
The Deception Game: Negative Trust in Cybersecurity
Blog Published: 09/05/2023
Originally published by CXO REvolutionaries. Written by Sam Curry, VP & CISO, Zscaler. Cybersecurity is an unfair, asymmetric race. For years, we have studied the opponent, from the Kill Chain™ to MITRE ATT&CK, and have inadvertently lionized the attacker’s course and journey from sniffin...
Securing Healthcare Enterprises with Future-Ready IAM Solutions
Blog Published: 09/01/2023
Written by Sanjay Karandikar, Global Practice Head, IAM, Cybersecurity Services, HCLTech. The healthcare sector stands at a crucial crossroads. As it embraces cloud technologies to augment patient care and operational efficiency, the demand for robust, reliable cybersecurity solutions is at an al...
Delivering Digital Trust to Home Automation and Robotics Software
Blog Published: 09/01/2023
Originally published by DigiCert.Remember The Jetsons? This 1960s-era cartoon depicts space-age life, complete with flying cars and watches that let you call people. The Jetson household used home automation in everything from cooking to carpooling, with Rosey, the sassy robot housekeeper, making...
GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure
Blog Published: 09/01/2023
Originally published by Dig Security. Written by Ofir Balassiano and Ofir Shaty. One of the top three cloud providers is Google Cloud Platform (GCP), which offers a range of services including a managed database service called CloudSQL. CloudSQL is capable of supporting three different database e...
News of Note: Facing Days of Opportunity, Massive Change… and AI
Blog Published: 08/31/2023
Having just recorded a podcast with one of CSA’s Corporate Members, I find myself reflecting on how far the cybersecurity industry has come. Twenty-some years ago, cybersecurity, while getting some play with the executive suite in verticals like government and financial services, was all about th...
Future-Proofing Your DevSecOps: Adopting Least Privilege Access for Cloud Permissioning
Blog Published: 08/31/2023
Originally published by Britive. In today’s rapidly evolving cloud landscape, businesses are turning to new models for access management as a means to streamline operations, enhance scalability, and drive innovation. Security leaders and DevOps decision makers are all aware of the need for cloud ...
What is a Hyperscaler and Are They Really Cost-Effective?
Blog Published: 08/31/2023
Originally published by Sangfor. Written by Nicholas Tay Chee Seng, CTO, Sangfor Cloud. “Do More with Less”“Do more with less” is an often-used phrase for IT teams globally. It encapsulates the challenging and growing expectations of IT. Today’s IT departments are charged with not only “keeping t...
Is Your Data Insider-Proof? Five Steps To Keep Your Secrets Safe
Blog Published: 08/30/2023
Written by Yaki Faitelson, Co-Founder and CEO, Varonis. The recent Pentagon breach—in which 21-year-old guardsman Jack Teixeira allegedly leaked sensitive intelligence on social media sites to elevate his social standing—is reigniting conversations about protecting data from malicious insid...
NIST's AI Risk Management Framework Explained
Blog Published: 08/30/2023
Originally published by Schellman. The National Institute of Standards and Technology (NIST) has made a significant move in introducing its groundbreaking AI Risk Management Framework (AI RMF). Designed to empower organizations and individuals with comprehensive risk management guidance, the AI R...
Sovereignty in the Cloud Environment – What Does it Mean?
Blog Published: 08/29/2023
Originally published by T-Systems International. Written by Moritz Nowitzki. Why a Sovereign Cloud?For those currently considering a cloud transformation in Germany, the concept of a Sovereign Cloud is unavoidable. But what does sovereignty entail, and why is it so crucial? European businesses re...
