CSA’s Enterprise Architecture: Information Technology Operation & Support
Blog Published: 05/19/2023
Written by CSA’s Enterprise Architecture Working Group. The Enterprise Architecture is both a methodology and a set of tools that enable security architects, enterprise architects, and risk management professionals to leverage a common set of solutions and controls. It can be used to assess oppor...
Cyber Tetris: Making Security Fall Into Place
Blog Published: 05/18/2023
Originally published by CXO REvolutionaries. Written by Ben Corll, CISO - Americas, Zscaler. Security is often a thankless job. The only time it makes headlines is when it fails, or things go wrong. No one opens a web browser and pulls up a news feed about companies that have not been breached fo...
5 Benefits of Adding a DSPM Solution to Your Security Stack
Blog Published: 05/18/2023
Originally published by Laminar. Written by Michael Holburn, Solutions Engineer, Laminar. Last year, data security posture management appeared in the Gartner Hype Cycle for the first time. And the hype has only grown bigger since then. But why is DSPM at the forefront of today’s security conversa...
Why Hybrid Cloud Computing Makes Sense for the Healthcare Industry
Blog Published: 05/18/2023
Originally published by Sangfor Technologies. Written by Nicholas Tay Chee Seng, Cloud Chief Technology Officer, Sangfor Technologies. Healthcare is one of the biggest beneficiaries of cloud adoption as it relies on technical innovation by design, and cloud computing has made each aspect of innov...
Understanding the Two Maturity Models of Zero Trust
Blog Published: 05/17/2023
Written by John Kindervag, Senior Vice President, Cybersecurity Strategy, ON2IT Cybersecurity. The top mistake in the Zero Trust world is monolithic thinking. There has become the belief that eating the entire elephant in one bite is possible. Organizations' top mistake is trying to deploy all of...
Chaos in the Cloud: Rampant Cloud Activity Requires Modern Protection
Blog Published: 05/17/2023
Originally published by CrowdStrike. Digital transformation isn’t only for the good guys. Adversaries are undergoing their own digital transformation to exploit modern IT infrastructures — a trend we’re seeing play out in real time as they increasingly adapt their knowledge and tradecraft to expl...
Community Alert: Organized Credential Stuffing Attack Observed on Azure Cloud Environments
Blog Published: 05/17/2023
Originally published by Gem Security on May 5, 2023. Written by Alice Klimovitsky. Over the past few days, researchers at Gem Security have been tracking what appears to be an organized credential stuffing attack playing out on Azure cloud environments. This post serves as a community warning abo...
Millions Wasted on Kubernetes Resources
Blog Published: 05/16/2023
Originally published by Sysdig. Written by Javier Martínez. The Sysdig 2023 Cloud-Native Security and Container Usage Report has shed some light on how organizations are managing their cloud environments. Based on real-world customers, the report is a snapshot of the state of cloud-native in 2023...
Identity in the Cloud is at its Breaking Point
Blog Published: 05/16/2023
Originally published by Strata. The hardest part of identity and access management (IAM) technology is making it work with multi-vendor infrastructure and the growing number of applications that enterprises rely on to get business done. Primarily because the last-mile integration of applications ...
The Internet-Based Threats Putting Your Organization at Risk
Blog Published: 05/15/2023
Originally published by Lookout. Written by Stephen Banda, Senior Manager, Security Solutions, Lookout. The way we connect in the workplace has changed. For one, “the workplace” isn’t just limited to the office anymore, and that means instead of relying on a corporate network, employees are u...
Keeping VIP Emails Safe: Why Your Executives Are Your Largest Security Concern
Blog Published: 05/15/2023
Originally published by Abnormal Security. Written by Mike Britton. Account takeovers are, unfortunately, relatively easy to execute and incredibly difficult for legacy email security solutions to detect. Additionally, once an account has been compromised, it can lead to more costly attacks such ...
The Art of Prioritizing Vulnerabilities: Maximizing Your Defense
Blog Published: 05/12/2023
Written by Alex Vakulov According to FIRST, organizations can eliminate from 5% to 20% of vulnerabilities per month. The average time to fix vulnerabilities is growing. At the same time, according to Skybox Security, there was a 3x increase in the number of vulnerabilities over the past decade. ...
Responding to Insider Risk is Hard. Here Are 4 Things You Need to Do.
Blog Published: 05/11/2023
Originally published by Code42. Written by Meredith Atkinson. Data doesn’t move outside your organization by itself. It’s your employees who move it. Data loss from insiders is a growing concern for organizations. In fact, there was a 32% year-over-year average increase in the number of insider e...
Exploring Challenges and Solutions for API Security
Blog Published: 05/11/2023
Originally published by CXO REvolutionaries. Written by Sanjay Kalra, VP, Product Management, Zscaler. It’s an unfortunate reality that APIs are easy to expose but difficult to defend. By acting as translators between applications, they have become the favored tools for ensuring apps of varied or...
8 Things Healthcare Organizations Can Do to Ensure HIPAA Compliance in the Cloud
Blog Published: 05/11/2023
Originally published by Schellman. “Clouds come floating into my life, no longer to carry rain or usher storm, but to add color to my sunset sky,” said Bengali polymath Rabindranath Tagore. It’s a nice, optimistic sentiment, but if you’re a healthcare provider using the cloud, you’re likely think...
QakBot eCrime Campaign Leverages Microsoft OneNote Attachments
Blog Published: 05/10/2023
Originally published by CrowdStrike. In November 2021[1] and February 2022[2], Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the internet. Following these changes, CrowdStrike Intelligence observed eCrime adversaries that had previous...
Four Considerations for Building a Secure and Efficient Hybrid Cloud Enterprise
Blog Published: 05/10/2023
Originally published by Signal Hill. Written by Steve Jones, President and Founder, Signal Hill. Most organizations today are operating within a hybrid cloud environment, where the IT enterprise is made up of both on-prem hardware and public cloud-hosted services. While the public cloud offers s...
Maintaining PCI Compliance when Using Multiple Processors
Blog Published: 05/09/2023
Originally published by TokenEx. Written by Anni Burchfiel. Compliance with PCI DSS 4.0 (the Payment Card Industry Data Security Standard) is a necessary, but complicated, part of accepting payments for your business. Any system that processes or stores cardholder data, including third-party paym...
Data Flow Security: Mitigating the Risks of Continuous Data Movement in the Cloud
Blog Published: 05/09/2023
Originally published by Dig Security. Written by Yotam Ben-Ezra. Executive Summary Data movement is ubiquitous in cloud environments due to diffuse architectural patterns and broad organizational access to data.Uncontrolled data flows can create compliance issues and lead to poor visibility over ...
A Complete Roadmap for Tackling a Ransomware Incident
Blog Published: 05/09/2023
Written by David Balaban. Ransomware continues to keep enterprises and governments on their toes. The unscrupulous operators of notorious strains such as LockBit, Clop, ALPHV/BlackCat, and Conti are increasingly adept at infiltrating networks and raiding them via two-step extortion that combines ...