The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.

The annual list of top security projects from Gartner provides key insights on where security leaders should focus their limited time and resources to be the most effective at protecting their data, users, and infrastructure. Netskope provides value for each of the top 10 recommended security projects for this year and next, including many critical capabilities. This blog series will highlight each Gartner recommendation and how Netskope specifically can help.

This summer, Ada Logics integrated continuous fuzzing into Teleport to strengthen the security posture of the project. We’d like to thank Adam Korczynski from Ada Logics for initiating contact and doing the work. In this blog post, we will give a brief introduction to fuzzing and explain how to carry on the work moving forward. The motive for this work was to take the first steps in implementing fuzzing into Teleport’s development pipeline.

If you joined us for Netskope’s SASE Week, you’ll know that we covered quite a bit of ground with our talks and programming. For a relatively new concept, there’s still so much potential to explore and discuss that we could probably talk about it for much longer than just a week. Netskope customers, large and small, are seeing the cost and business benefits of moving to a cloud-native control point, with the security posture and risk management tools they need.

On Dec 8, 2020, the cybersecurity company FireEye reported that there had been a cyber attack on their systems. As part of this attack, their inventory of Red Team tools was stolen. These tools could potentially be used by a threat actor against unsuspecting victims. On Dec 13, 2020, after further investigation of this attack, FireEye reported that the initial vector came through SolarWinds, an upstream vendor, as a malicious trojanized update of SolarWinds’ Orion IT platform.

Moving to the cloud means a lot more than just moving your servers and applications to the cloud; it’s also about the data – and data always has a target on it. A lot of IT departments are finding that it’s easier to meet the “five nines” (99.999%) of uptime and availability by going outside their organization and letting AWS, Microsoft, or Google handle the infrastructure and personnel needed to meet those requirements.

In the recently released 2020 Gartner Magic Quadrant for Secure Web Gateways (SWG) report, Netskope was recognized as a visionary, entering a decades-old legacy security solution area first defined by proxy cache appliances. Times have changed since human rating labs, regional web filtering lists, the use of ICAP for threat and data protection of files, web object caching, bandwidth management, and scripting policies to filter out undesired web objects.

The maturation of software development has been driven by the increasing segmentation of functions into their own portable environments. Infrastructure is splintered into dozens of computing resources, physical servers, containers, databases, Kubernetes pods, dashboards, etc. Such compartmentalization has made it incredibly simple for developers to enter their desired environments with minimal disruption to other working parts.

We at Netskope Threat Labs have published a series of blogs detailing the misconfigurations in cloud apps causing data exposure. Misconfiguration and sensitive data exposure have been listed as predominant top 10 OWASP security risks for years, and are now also the predominant cause of cloud data breaches.

There is no shortage of IT cloud software services out there for businesses to choose from. Regardless of their business needs you can be sure there will be a myriad of solutions. Instead of a few grand does-it-all services, IT has become a swarm of inter-playing, inter-operating, and interconnecting services. It’s no surprise that services like zapier and IFTTT are thriving in this ecosystem where they can become the glue and automate the gap between them. The future is surely bright.

Earlier this year, the news broke of a new method that attackers were using to infiltrate Google Drive.

Kubernetes clusters have become the go-to solution for hosting applications in the cloud. Most cloud providers offer Kubernetes services, such as the Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (Amazon EKS), or Google Kubernetes Engine (GKE). But are you spending too much on compute resources in the cloud? Is your load pattern complex and difficult to predict? Is the load growing inconsistently or are you running applications on-demand that could cause sudden bursts?

Enabling enclaves-based security is key for enterprise cloud adoption General availability of Nitro Enclaves, recently announced by AWS, is Amazon’s way of delivering confidential computing to its customers. Following similar announcements by Microsoft Azure and Google Cloud, AWS announcement further confirms growing demand for additional runtime protection of customer’s data and other intellectual properties.

Modern languages like Python, NodeJS, and Go make it easy to handle concurrent requests for multiple customers at the same time by using threads or goroutines. Such services seem very cost effective because one process can handle hundreds or thousands of tenants. However, this efficiency comes at a hidden, steep price. When language runtime scheduling breaks down, one tenant can cause an outage for everyone.

Today, cybersecurity, risk, and data protection are issues that are on upper management’s radar. Seeking to minimize the potential for business disruption, board members are getting more involved with the organization’s security program. Recent surveys indicate that 65% of companies are recruiting board members who are knowledgeable about security issues.

This blog post marks an important milestone for us! Just four years ago, as we grew frustrated with the state of SSH server access, Teleport was born. Eventually it grew way bigger than just SSH access, as our users want to use the same access workflow for all layers of their stacks. And today we’re announcing another way to use Teleport: as a hosted offering. Let’s dig deeper!

No matter where you host your data, there are always risks. The public cloud is no exception. While providers like Amazon, Microsoft and Google offer security features, ultimately, cloud security is your responsibility. Where do you start? This article explains the key elements of a strong security posture in the cloud and how to choose the right security software solutions for your organization.