Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

Automated SCM project scanning with Black Duck SCA | Synopsys

Feb 1, 2024 By Synopsys In Synopsys
Black Duck’s automated project onboarding meets teams where they already are and enables them to quickly onboard and scan multiple projects in a single step. This means no manual scanning needed, and no interfacing with builds or pipeline – these scans are mapped and executed entirely within Black Duck. In this video, we'll demonstrate how to.
View Video
upguard

Protecting Student-Athlete Data: TPRM for Collegiate Athletics

Feb 1, 2024 By Leah Sadoian In UpGuard
American college athletics is a foundational pillar of higher education institutions and a profitable business model for universities. The National Collegiate Athletic Association (NCAA), which regulates college athletics, reported that in 2020, Division I schools earned $15.7 billion in athletics revenue. In 2023, NCAA Division I school Ohio State University reported a record-breaking revenue of over $275 million from its athletic department alone.
Read Post

What Is a Password Manager?

Feb 1, 2024 By Keeper In Keeper
A password manager is a tool that allows you to store and manage your personal information, such as login credentials, credit card numbers, passport and more, in an encrypted digital vault. Some password managers allow you to store passkeys too. With a password manager, the only password you have to remember is your master password, which acts as the key to enter your secure vault.
View Video

DevSecOps Security Best Practices

Feb 1, 2024 By JFrog In JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
View Video
cato networks

Busting the App Count Myth

Feb 1, 2024 By Avishay Zawoznik In Cato Networks
Many security vendors offer automated detection of cloud applications and services, classifying them into categories and exposing attributes such as security risk, compliance, company status etc. Users can then apply different security measures, including setting firewall, CASB and DLP policies, based on the apps categories and attributes. It makes sense to conclude that the more apps are classified, the merrier. However, such a conclusion must be taken with a grain of salt.
Read Post
elastic

Introducing the Elastic Trust Center!

Feb 1, 2024 By Abby Zumstein In Elastic
Your one-stop shop for transparent cloud security information Elastic® knows that security and compliance requirements are mandatory for regulated and non-regulated customers alike. We strongly believe in providing clear and transparent information to earn your trust in Elastic as an organization and in the services we provide. Our Trust Center is a public one-stop shop for information on security, compliance, privacy, and resiliency for Elastic and the Elastic Cloud.
Read Post
Forescout

Why should OT Companies follow NIS2: Safeguarding Critical Infrastructure in a Digitally Connected Era

Feb 1, 2024 By Eduard Serkowitsch In Forescout
The digital transformation of industrial landscapes has brought unprecedented advancements in efficiency and productivity for Operational Technology (OT) companies. But this surge in connectivity exposes critical infrastructure to heightened cybersecurity risks, such as: To address these risks, OT companies should adhere to the guidelines in the European Union’s Directive on Security of Network and Information Systems (NIS2).
Read Post
sysdig

Detecting 'Leaky Vessels' Exploitation in Docker and Kubernetes

Feb 1, 2024 By Michael Clark In Sysdig
On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker. For Kubernetes, the vulnerabilities are specific to the runc CRI. Successful exploitation allows an attacker to escape the container and gain access to the host operating system. To exploit these vulnerabilities, an attacker will need to control the Dockerfile when the containers are built.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.