Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
Defining an Effective Multi-Cloud Strategy: Identifying Vulnerabilities Before They Wreak Havoc
Published: 11/22/2021

This blog was originally published by Alert Logic here. It’s not news that organizations are facing a growing number and frequency of cyber threats, nor that new, sophisticated attacks are evading traditional security tools. But the growing threat that companies face is the complexity of the...

Einstein’s Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
Published: 11/12/2021

This blog was originally published by Varonis here. Written by Nitay Bachrach, Varonis. If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator’s Outlook or Google calendar events to the internet due to a bug called Ein...

5 Best Practices to Reduce the Attack Surface in the Cloud
Published: 11/10/2021

This blog was originally published by Virsec here. Written by Matt Ambroziak, Virsec. Over the last 18 months the cloud has gone mainstream. In case you need proof, Gartner forecasts end-user spending on public cloud services to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion...

Security Spotlight: Critical Vulnerability Exploits and Patches, Plus Novel Attack Tactics
Published: 11/09/2021

This blog was originally published by Bitglass here. Written by Jeff Birnbaum, Bitglass. Here are the top security stories from September 2021: Cisco Patches Three Critical Vulnerabilities Impacting Wireless Controllers and SD-WAN.Critical VMware vCenter Vulnerability Exploited in the WildNew APT...

4 Misconceptions About DDoS Mitigation
Published: 11/02/2021

This blog was originally published by MazeBolt here. Written by Yotam Alon, MazeBolt. After several years in cybersecurity and specifically in the DDoS mitigation space, I often come across certain common and widespread misconceptions. Here are my top four: Misconception #1: "DDoS attacks are ...

5 Common Security Mistakes When Moving to Azure
Published: 10/28/2021

This blog was originally published by Cloudtango here. Written by Jordi Vilanova, Cloudtango. Microsoft Azure is a powerful and wide ecosystem; covering all security aspects of a cloud environment is a complex undertaking. Although Azure is comprehensively secured by Microsoft, it does work based...

Inside the Mind of a Cybercriminal: Common Hacking Methods, Explained
Published: 10/27/2021

This blog was originally published by Black Kite here. Cyber attacks are flooding today’s headlines. Not only are they growing in frequency, but the cost of a data breach in 2021 is more than $4 million per incident— a 10% increase over last year alone. Now all organizations are being called upon...

Are You Still Having Problems Building Secure Remote Access?
Published: 10/25/2021

Written by Alex Vakulov In this article, I want to talk about the practical issues of implementing secure remote access as well as what is happening in the market, how regulators affect teleworking, and whether it is necessary to monitor employees who work from home. In the spring of last year, ...

CISO DDoS Handbook - The DDoS Threat to Digital Transformation
Published: 10/18/2021

This blog was originally published by MazeBolt here. Written by Yotam Alon, MazeBolt. As the global economy and its reliance on technology continue to evolve, so do cyberattackers’ strategies and techniques - working on launching debilitating DDoS attacks with the intent to cause downtime a...

Why Phishing is a Bigger Threat than Ransomware
Published: 10/08/2021

This blog was originally published by Bitglass here. Written by Jonathan Andresen, Bitglass. While enterprise security teams have had their hands full battling an increasing number of more sophisticated ransomware attacks, phishing attacks are on the rise with the easing of pandemic-related restr...

Four Ways Automation Can Transform Your Third-Party Cyber Risk Management Strategy
Published: 10/07/2021

This blog was originally published by Black Kite here. Supply chains are growing at an annual rate of 11.2% and are forecasted to double in size by 2026. Growing supply chains inherently pose greater supply chain risk and require a scalable approach to vendor risk management. Cyber risk monitorin...

Top Vulnerability Assessment and Management Best Practices
Published: 10/05/2021

This blog was originally published by Sysdig here. Written by Víctor Jiménez Cerrada, Sysdig. Vulnerability assessment and vulnerability management practices are critical to minimizing the exposure and attack surface of your whole infrastructure. We’re human, and many things we build aren't pe...

How To Fix Vulnerabilities Regularly And Block DDoS Attacks
Published: 10/04/2021

This blog was originally published by MazeBolt here. In cybersecurity, a vulnerability is a weakness in a computer system or a network, making it susceptible to a cyberattack. Attackers exploit network vulnerabilities when they launch DDoS attacks that cause the target system or service to crash...

Think Your Data is Secure? Three Questions You Need to Answer Right Now
Published: 09/24/2021

Written by Yaki Faitelson, Co-Founder and CEO of Varonis. As organizations become more data driven, they store more data in more places and access it in more ways -- with phones, tablets and laptops. These ever-connected endpoints serve as gateways to large, centralized troves of sensitive infor...

If a SYN Flood Attacks Your Network Tomorrow – Would Your Mitigation Be Able to Block It?
Published: 09/08/2021

This blog was originally published by MazeBolt here.Written by Vova Kamenker, MazeBolt.There are various DDoS vectors that cause networks to crash, resulting in downtime for enterprises. One of these vectors, a common one, is the SYN flood. As DDoS attackers continue to change and vary their stra...

The Future of DDoS Protection - Simulation Not Resilience!
Published: 08/31/2021

This blog was originally published by MazeBolt here. Written by Yotam Alon, MazeBolt. Existing DDoS Protection Shortcomings As the word 'Resilient,' indicates, DDoS mitigation solutions do not prepare for attacks ahead of time, they adapt to and recover from DDoS attacks, after they have been ...

Top 20 Dockerfile Best Practices
Published: 08/10/2021

This blog was originally published by Sysdig here.Written by Álvaro Iradier, Sysdig.Learn how to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds.If you are familiar with containerized applications and micros...

Blue Team Diaries: Becoming ‘data-smart’
Published: 08/05/2021

Written by Derek Wood, Open Raven“I can’t afford to not be data-smart.” - Doug Clendening, Principal Services Consultant at Open Raven (Previously Principal Cyber Incident Commander at Splunk) Blue teams aren’t quite the cape-wearing heroes featured in comics, but they aren't far off when it come...

Detecting new crypto-mining attack targeting Kubeflow and TensorFlow
Published: 07/23/2021

This blog was originally published by Sysdig hereWritten by Stefano Chierici, Security Researcher, SysdigMicrosoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero cryptocurrency in Kubernetes cluster environments....

Got Vulnerability? Cloud Security Alliance Wants to Identify It
Published: 07/15/2021
Author: Jim Reavis

I wanted to take some time to tell you about a new CSA working group in formation that I am taking a personal interest in. I am sure you have all heard the expression, “when you have a hammer, all problems look like nails.” This is very relatable to our industry, as we have to be careful that we ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal

Sign up to receive CSA's latest blogs

This list receives 1-2 emails a month.