Application Developers and Network Security Engineers: Better Together
Blog Published: 06/05/2023
Originally published by TrueFort.How can network security engineers and application developers work towards best practices? As two crucial roles in any organization, network security and application development teams must rely on each other to ensure the safe and efficient operation of a company’...
How Zero Trust Can Help Address Healthcare’s IoT Dilemma
Blog Published: 06/05/2023
Originally published by CXO REvolutionaries. Written by Tamer Baker, Field CTO - Healthcare, Government, & Education, Zscaler. Healthcare organizations need rigorous security – but don’t always get it In healthcare, medical devices required for patient care, like dialysis machines, intravenou...
Anatomy of a Modern Attack Surface
Blog Published: 06/02/2023
Originally published by Microsoft Security. Six areas for organizations to manage As the world becomes more connected and digital, cybersecurity is becoming more complex. Organizations are moving more infrastructure, data, and apps to the cloud, supporting remote work, and engaging with third-par...
Which Security Framework is Right for You?
Blog Published: 06/02/2023
Originally published by NCC Group. Written by Sourya Biswas, Technical Director, NCC Group. One of the problems that cyber security stakeholders face is the overabundance of tools and processes. Just Google “firewall providers” and you are deluged with information; replace firewall with any other...
Behind the Curtain: Hunting Leads Explained
Blog Published: 06/02/2023
Originally published by CrowdStrike. Most hunting enthusiasts agree that the thrill of hunting lies in the chase. Equipped with experience and tools of their trade, hunters skillfully search for signs of prey — a broken twig, a track in the mud. Threat hunters are no different. They search for si...
Solving the Identity Puzzle: How Interoperability Unlocks Cloud Security Potential
Blog Published: 06/01/2023
Originally published by Strata.Written by Steve Lay.With increased cloud migration and the adoption of cloud-based apps, Cloud Security Architects and IT Decision-Makers are in a race to achieve interoperability between diverse identity systems. This creates a monumental challenge, where the solu...
Vulnerability Prioritization – Combating Developer Fatigue
Blog Published: 06/01/2023
Originally published by Sysdig on February 14, 2023. Written by Miguel Hernández. We are in early 2023, and we have over 2700 new vulnerabilities registered in CVE. It is still a challenge for developers to endure the fatigue of continual vulnerability prioritization and mitigation of new threats...
Communicating Cybersecurity ROI to Your CFO
Blog Published: 06/01/2023
Originally published by Abnormal Security. Written by Arun Singh. Over the past several months, organizations have felt the strain of tumultuous economic conditions. Budget reductions ranging in severity from technology spending cutbacks to throngs of employee layoffs have sent waves of uncertain...
Threat-Informed Defense: The Evolution of Red Teaming in Cybersecurity
Blog Published: 05/31/2023
Originally published by Coalfire. Written by Mark Carney, Executive Vice President, Coalfire. Continuous adaptation of defensive strategies is needed to mitigate, detect, and respond to modern threats. Ensuring that investments achieve the required level of agility should be a primary objective o...
Improving GuardDuty’s Data Exfiltration Protections
Blog Published: 05/31/2023
Originally published by Gem Security. Written by Itay Harel and Ran Amos. A few weeks ago, Gem’s threat research team discovered a technique that could have allowed an attacker to bypass AWS GuardDuty’s threat detection service. Using these methods, threat actors in possession of IAM active c...
Our Top 5 Cybersecurity Hacks
Blog Published: 05/31/2023
Originally published by Avanade. Written by Malcolm Barske and Jason Revill. On the 23rd of February, we gathered a panel of security experts to host a cybersecurity showcase at the exclusive RSA Vaults in London. The panel included our own security leads Malcolm Barske (UKI Security Lead), Jason...
Compromise Detection vs. Threat Detection: Why ‘Right of Boom’ Now
Blog Published: 05/30/2023
Originally published by Netography. Written by Matt Wilson, VP Product Management, Netography. In 2022, the average total cost of a data breach reached a record high of $4.35 million. And it took an average of 277 days – about 9 months – to identify and contain a breach. But when organizations ca...
What Are the 5 Key Areas of Cloud Security
Blog Published: 05/30/2023
Originally published by InsiderSecurity. Concerns of cloud data breaches are a key reason that cloud adoptions hit a roadblock in companies despite an eagerness to go “cloud first”. Despite the promise and flexibility that the cloud offers, security is something that companies cannot compromise o...
The Top 5 Cloud Security Risks of 2023 (So Far)
Blog Published: 05/30/2023
Originally published by Orca Security. Written by Bar Kaduri and Jason Silberman. As we approach the middle of 2023, we thought it an appropriate time to reflect on the cloud security risks and threats that we have seen so far this year. After careful analysis of aggregated scan results ...
CSA’s PayForward Cloud Security Training Program
Blog Published: 05/26/2023
Accessible Cloud Security Training for Disadvantaged Individuals The COVID-19 pandemic and resulting lockdown saw an increase in cloud usage and adoption. Many enterprises pivoted to the cloud to take advantage of its elasticity, scalability, and agility to enhance their time to market. There has...
Four Things You Need to Know Before Building a Secure SDLC
Blog Published: 05/26/2023
Originally published by Dazz. Written by Rotem Lebovich, Principal Product Manager, Dazz. The rapid evolution of cyber threats makes security a crucial element of your software development lifecycle (SDLC). When you build applications for employees or customers you need to make sure the final del...
What Might a Four-Day Work Week Mean for IT Security?
Blog Published: 05/26/2023
Originally published by CXO REvolutionaries. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. Now that the largest-ever pilot program for testing the feasibility of a four-day workweek has concluded in the U.K., it may be worth asking what the IT security implications of...
News of Note: Promoting Independent Guidance, Expert Advice, and Frameworks for Cloud Security and Assurance
Blog Published: 05/25/2023
It seems ages ago, but this year’s RSA Conference proved robust and fruitful for many of us. On top of that, it gave us a chance to catch up with longtime industry friends we hadn’t seen in person for quite some time and furnished us with that treasured custom of sizing up trends as we walked the...
Hypervisor Jackpotting, Part 3: Lack of Antivirus Support Opens the Door to Adversary Attacks
Blog Published: 05/25/2023
Originally published by CrowdStrike. Since 2020, CrowdStrike has increasingly observed big game hunting (BGH) threat actors deploying Linux versions of ransomware tools specifically designed to affect VMWare’s ESXi vSphere hypervisor (read Part 1 and Part 2 of this series). In the first quarter o...
Insider Threat Detection: What You Need To Know
Blog Published: 05/25/2023
Originally published by Code42. Written by Aimee Simpson. The modern hybrid and remote workplace relies more than ever on cloud-based applications and data sharing. Because of the evolving cybersecurity landscape, security professionals must rely on a comprehensive insider threat detection strate...
