SOC 1, SOC 2, and SOC 3 Reports: Type 1, Type 2, or Readiness Assessment?
Blog Published: 08/26/2022
Originally published by A-LIGN here. Written by Alex Welsh, Manager, ISO Practice, A-LIGN. SOC reports are gaining in popularity across industries and across the globe. More and more customers are asking for demonstrated SOC compliance, and independent cybersecurity control validation and attesta...
How Can Transit Gateway VPC Flow Logs Help My Incident & Response Readiness?
Blog Published: 08/26/2022
Originally published by Mitiga here. Written by Or Aspir, Mitiga. On July 14th 2022, AWS announced a new capability: flow logs for Transit Gateway. Transit Gateway VPC flow logs allows users to gain more visibility and insights into network traffic on the Transit Gateway.AWS highlights these ke...
Defending Your Enterprise Against a Sea of Increasingly Stringent Data Privacy Laws
Blog Published: 08/25/2022
Originally published by Thales here.Written by Krishna Ksheerabdhi, VP, Product Marketing, Thales.While international privacy regulations are front and center in much of the press I’d like to turn your attention to a developing patchwork of US Federal and State privacy regulations in this post.Th...
Defending Against Email Attacks Means Optimizing Your Team (Not Just Your Tech)
Blog Published: 08/25/2022
Originally published by CXO REvolutionaries here. Written by Heng Mok, CISO APJ, Zscaler. Social Engineering is Still Very Much in Style Among Attackers Though cybersecurity is a swiftly evolving field, one principle remains constant: it’s often easier to fool people than to circumvent security t...
Trends in Cybersecurity Breaches
Blog Published: 08/25/2022
The complete blog was originally posted by Alert Logic on July 7, 2022. Written by Antonio Sanchez. You may be used to hearing that cyberattacks are becoming more widespread and destructive every year. Recent world events are underscoring the point. COVID-19 left a lasting mark on our working l...
Rise of Cloud Computing Adoption and Cybercrimes
Blog Published: 08/24/2022
Originally published by HCL Technologies here.Written by Sam Thommandru, VP, Global Alliances and Product Management, Cybersecurity & GRC Services, HCL Technologies. The COVID-19 pandemic has caused a major disruption in the business leaders’ perspectives of their company’s’ requirements. A s...
Securing Australia's Critical Infrastructure
Blog Published: 08/24/2022
Originally published by Onapsis here. For more than a decade, cyberattacks on critical infrastructure have been growing as core systems, like power generation and distribution, have become more complex and reliant on networks of connected devices. In fact, over the past 18 months, we’ve seen a ra...
Improve Visibility in Cyberattacks with Cybersecurity Asset Management
Blog Published: 08/24/2022
Originally published by Axonius here. Written by Kathleen Ohlson, Axonius. Google issued three emergency security updates, in as many weeks, to all of its 3.2 billion users of its Chrome browser. One was for a high-severity zero-day vulnerability that attackers exploited. Okta’s platform experien...
Cloud Security is Broken but it Doesn’t Have to Be
Blog Published: 08/23/2022
Originally published by Dazz here. Written by Tomer Schwartz, Co-founder & CTO, Dazz. Continuous Delivery is Here to StayDevelopment is in the cloud in a big way. Modern engineering teams have built continuous integration pipelines, pulling together code repositories, continuous integration p...
Analyzing the Travis CI Attack and Exposure of Developer Secrets
Blog Published: 08/23/2022
Originally published by Open Raven here. Written by Michael Ness, Security Researcher, Open Raven. IntroductionThe Continuous Integration (CI) platform Travis CI was recently victim of a research based attack, where researchers from Aqua security were able to obtain approximately 73,000 sensitive...
Comments on the Extensible Visibility Reference Framework (eVRF) Program Guidebook
Blog Published: 08/23/2022
Originally published by Gigamon here. Written by Orlie Yaniv and Ian Farquhar, Gigamon. Editor’s note: Gigamon is very happy to see the CISA’s recent work on formalizing and structuring what visibility means and assessing its efficacy. As Zero Trust accelerates, visibility becomes a key focu...
Writing Good Legislation is Hard
Blog Published: 08/22/2022
It’s hard to write good legislation. Recently H.R.7900 - National Defense Authorization Act for Fiscal Year 2023 came out. It includes the following text:At first glance, the intent seems reasonable. Vendors need to include an SBOM for their software and services, and any known vulnerabilities (a...
The State of Cloud Data Security
Blog Published: 08/22/2022
We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?To answer this que...
Tales from the Dark Web: How Tracking eCrime’s Underground Economy Improves Defenses
Blog Published: 08/22/2022
Originally published by CrowdStrike here. Written by Bart Lenaerts-Bergmans, CrowdStrike. Ransomware is not new; adversarial groups have relied on compromises for many years. However, over the past 2-3 years, their strategy has started to shift toward a more community based business model enabled...
Top Threat #3 to Cloud Computing: Misconfiguration and Inadequate Change Control
Blog Published: 08/22/2022
Written by the CSA Top Threats Working Group.The CSA Top Threats to Cloud Computing Pandemic Eleven report aims to raise awareness of threats, vulnerabilities, and risks in the cloud. The latest report highlights the Pandemic Eleven top threats, in which the pandemic and the complexity of workloa...
Using AI/ML to Create Better Security Detections
Blog Published: 08/19/2022
Originally published by LogicHub here. Written by Anthony Morris, Solution Architect, LogicHub. The blue-team challenge Ask any person who has interacted with a security operations center (SOC) and they will tell you that noisy detections (false positives) are one of the biggest challenges. There...
The CISOs Report: A Spotlight on Today’s Cybersecurity Challenges
Blog Published: 08/19/2022
Originally published by CXO REvolutionaries here. Written by Sean Cordero, CISO - Americas, Zscaler. New attacks and attack classes demand new solutions and strategies The swift evolution of IT infrastructures has made cybersecurity more challenging than ever for CISOs. They face a broader range ...
Zero Trust for Cloud-Native Workloads: Mitigating Future Log4j Incidents
Blog Published: 08/19/2022
Originally published by Tigera here. Written by Giri Radhakrishnan, Tigera. In my previous blog post, I introduced the brief history of zero trust, the core pillars of a zero-trust model, and how to build a zero-trust model for cloud-native workloads. In this blog post, you will learn how to miti...
An Introduction to CSA STAR and ISO 27001
Blog Published: 08/18/2022
Originally published by Schellman here. Written by Ryan Mackie, Schellman. When making decisions about the kind of compliance your organization needs, the process can be akin to creating an ice cream sundae (albeit, less fun). No doubt your customers and prospects want to see comprehensive assu...
Cyber Resilience – Lessons From Ukraine
Blog Published: 08/18/2022
Originally published by KPMG here. Written by David Ferbrache, Leadership, Global Head of Cyber Futures, KPMG in the UK. Alongside the tragic war in Ukraine, cyber-attacks have played their part, too. This complex and increasingly uncertain situation in cyberspace is driving many countries and or...
