Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
5 Common Security Mistakes When Moving to Azure
Published: 10/28/2021

Written by Jordi Vilanova, Cloudtango.Microsoft Azure is a powerful and wide ecosystem; covering all security aspects of a cloud environment is a complex undertaking. Although Azure is comprehensively secured by Microsoft, it does work based on a shared responsibility model with their customers. ...

Inside the Mind of a Cybercriminal: Common Hacking Methods, Explained
Published: 10/27/2021

This blog was originally published by Black Kite here. Cyber attacks are flooding today’s headlines. Not only are they growing in frequency, but the cost of a data breach in 2021 is more than $4 million per incident— a 10% increase over last year alone. Now all organizations are being called upon...

Are You Still Having Problems Building Secure Remote Access?
Published: 10/25/2021

Written by Alex Vakulov In this article, I want to talk about the practical issues of implementing secure remote access as well as what is happening in the market, how regulators affect teleworking, and whether it is necessary to monitor employees who work from home. In the spring of last year, ...

CISO DDoS Handbook - The DDoS Threat to Digital Transformation
Published: 10/18/2021

This blog was originally published by MazeBolt here. Written by Yotam Alon, MazeBolt. As the global economy and its reliance on technology continue to evolve, so do cyberattackers’ strategies and techniques - working on launching debilitating DDoS attacks with the intent to cause downtime a...

Why Phishing is a Bigger Threat than Ransomware
Published: 10/08/2021

This blog was originally published by Bitglass here.Written by Jonathan Andresen, Bitglass.While enterprise security teams have had their hands full battling an increasing number of more sophisticated ransomware attacks, phishing attacks are on the rise with the easing of pandemic-related restric...

Four Ways Automation Can Transform Your Third-Party Cyber Risk Management Strategy
Published: 10/07/2021

This blog was originally published by Black Kite here. Supply chains are growing at an annual rate of 11.2% and are forecasted to double in size by 2026. Growing supply chains inherently pose greater supply chain risk and require a scalable approach to vendor risk management. Cyber risk monitorin...

Top Vulnerability Assessment and Management Best Practices
Published: 10/05/2021

This blog was originally published by Sysdig here. Written by Víctor Jiménez Cerrada, Sysdig. Vulnerability assessment and vulnerability management practices are critical to minimizing the exposure and attack surface of your whole infrastructure. We’re human, and many things we build aren't pe...

How To Fix Vulnerabilities Regularly And Block DDoS Attacks
Published: 10/04/2021

This blog was originally published by MazeBolt here. In cybersecurity, a vulnerability is a weakness in a computer system or a network, making it susceptible to a cyberattack. Attackers exploit network vulnerabilities when they launch DDoS attacks that cause the target system or service to crash...

Think Your Data is Secure? Three Questions You Need to Answer Right Now
Published: 09/24/2021

Written by Yaki Faitelson, Co-Founder and CEO of Varonis. As organizations become more data driven, they store more data in more places and access it in more ways -- with phones, tablets and laptops. These ever-connected endpoints serve as gateways to large, centralized troves of sensitive infor...

If a SYN Flood Attacks Your Network Tomorrow – Would Your Mitigation Be Able to Block It?
Published: 09/08/2021

This blog was originally published by MazeBolt here.Written by Vova Kamenker, MazeBolt.There are various DDoS vectors that cause networks to crash, resulting in downtime for enterprises. One of these vectors, a common one, is the SYN flood. As DDoS attackers continue to change and vary their stra...

The Future of DDoS Protection - Simulation Not Resilience!
Published: 08/31/2021

This blog was originally published by MazeBolt here. Written by Yotam Alon, MazeBolt. Existing DDoS Protection Shortcomings As the word 'Resilient,' indicates, DDoS mitigation solutions do not prepare for attacks ahead of time, they adapt to and recover from DDoS attacks, after they have been ...

Top 20 Dockerfile Best Practices
Published: 08/10/2021

This blog was originally published by Sysdig here.Written by Álvaro Iradier, Sysdig.Learn how to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds.If you are familiar with containerized applications and micros...

Blue Team Diaries: Becoming ‘data-smart’
Published: 08/05/2021

Written by Derek Wood, Open Raven“I can’t afford to not be data-smart.” - Doug Clendening, Principal Services Consultant at Open Raven (Previously Principal Cyber Incident Commander at Splunk) Blue teams aren’t quite the cape-wearing heroes featured in comics, but they aren't far off when it come...

Detecting new crypto-mining attack targeting Kubeflow and TensorFlow
Published: 07/23/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, Security Researcher, SysdigMicrosoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments....

Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry as we have to be careful that we d...

Top 10 Linux Server Hardening and Security Best Practices
Published: 06/28/2021

This blog was originally published by Intezer here.If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from bad actors.Linux server hardening is a set of measures used to reduce the attack surface and improve the security of your ...

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass
Published: 06/22/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, SysdigThe CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates.The kube-apiserver affected are:kube-a...

Security Spotlight: Ransomware Woes Continue Even As DarkSide Shuts Down After Claiming Multiple Victims
Published: 06/15/2021

This blog was originally published by Bitglass hereWritten by Jeff Birnbaum, BitglassHere are the top security stories from recent weeks. DarkSide Ransomware Operations Shut Down Colonial Pipeline Pays $5 Million Ransomware Demand After DarkSide Ransomware AttackChemical Distributor Brenntag Pays...

7 Simple but effective tactics to protect your website against DDoS attacks in 2021
Published: 06/04/2021

Written by Tars Geerts, from Mlytics Intro Experts believe that the total number of DDoS attacks will double from the 7.9 million seen in 2018 to over 15 million by 2023. One of the reasons for this significant increase is that DDoS attacks are quite easy to pull off, making them very appeali...

President Biden’s Cybersecurity Executive Order: What will it mean for you?
Published: 06/01/2021

This blog was originally published by OneTrust here.On May 12, US President Joe Biden issued an executive order on cybersecurity seeking to improve the state of national cybersecurity in the US and to increase protection of government networks following incidents involving SolarWinds and more rec...

Browse by Topic
Write for the CSA blog
Submit your blog proposal