In an ideal scenario, security would be baked into the development process from the very beginning. Security teams would primarily exist to verify that best practices have been followed at every step in the process. In practice, security is an enormous challenge for most organizations. This challenge is compounded by the increasingly complex and fast-paced nature of modern service-oriented architectures, such as Kubernetes.
Information security policy is a set of policies put forward by high ranking members of an organization to assure that all information technology users within the domain of that organization is its networks adhere to the same rules and guidelines related to the security of information that is transferred or stored at any point within the organization’s boundaries of authority.
Have you noticed that people are just too busy to read important information you send to them? One of the problems with disseminating information, especially when it is about cybersecurity, is that there needs to be a balance between timing, priority, and cadence.
Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a habit of giving consumers connected devices that are controlled by unauthenticated HTTP requests via the local network.
Murphy’s Law (“Anything that can go wrong will go wrong”) hangs over every jobsite like a dark cloud. When you’re dealing with massive construction projects being overseen by scores of project managers and swarms of subcontractors—all of whom are dealing with highly intricate details and a deluge of documents—the opportunities for snafus to rear their ugly little heads are in no short supply.
Investigating a once trusted employee for potential misuse, theft, or other offenses regarding company resources can be a complicated process. While we all hope to hire ethically sound employees, various factors can contribute to ending up with a bad apple in the bunch. Labeled, insider threats, these employees pose a grave risk to organizations due to the insider knowledge and often authorized access they have to critical resources.
Congratulations Twistlock! One of the best signs of an emerging market is when existing, massive players are willing to put hundreds of millions of dollars on the line to get into that market right now. Given today’s Twistlock acquisition by Palo Alto Networks, and other recent acquisitions like Heptio/VMware, we believe this is happening in the cloud-native market. Congratulations to Twistlock on their success.
Container orchestration and cloud-native computing has gained lots of traction the recent years. The adoption has increased to such level that even enterprises in finance, banking and the public sector are interested. Compared to other businesses they differ by having extensive requirements on information security and IT security. One important aspect is how containers could be used in production environments while maintaining system separation between applications.
There’s a lot of talk about the ability of AI and machine learning to augment digital transformation journeys by creating better customer experiences and empowering employees to make decisions using data. However, IT and business leaders can sometimes face analysis paralysis when confronted with this topic because it means something different for every business – and it means shifting an entire company culture towards a new way of working. One key shift is making use of machine data.
These days the word ‘intelligence’ pops up in any conversation on security. Why is the industry cannot get enough of it? What is the difference between intelligence and information? What is intelligence-led security? Let’s take a look.
