Cybersecurity is a growing concern as breaches continue to increase in frequency and make headline news. Unfortunately, due to time and other constraints, many smaller businesses postpone the complicated task of risk management, only to eventually succumb to the devastating ramifications of a cyberattack. While the security solutions themselves appear complicated, the ability to mitigate risk is within reach of all.
Alarms and alerts surround us every day. From the moment our clocks wake us up in the morning, we rely on alarms for many things. But what happens when those alarms and alerts malfunction? What does it do to us and how does that affect our day to day life? Recall the Dallas Emergency Alert Malfunction. As it turns out, getting tired of these alarms can prove dangerous to cybersecurity.
A multi-cloud network is a cloud network that consists of more than one cloud services provider. A straightforward type of multi-cloud network involves multiple infrastructure as a service (IaaS) vendors. For example, you could have some of your cloud network’s servers and physical network provided by Amazon Web Services (AWS), but you’ve integrated that with your servers and physical networking that’s provided by Microsoft Azure.
Last month, Google Chrome started marking all non-HTTPS sites as not secure. The main reason for this is because all non-HTTPS sites are insecure, so there is some logic to it. It was part of a plan announced way back in 2016 that sought to improve security across the Net. The first stage of this was to mark all HTTP sites that collect passwords or credit card details (and the like) as being insecure.
Data drives us at Devo—and although most organizations would benefit from a more data-driven approach, recent research shows organizations are grappling with the challenges of accessing and using operational data for business benefit. Data volumes are continuing to grow, fueled by machine data from a multitude of sources. But there is often a significant gap between the volume of data collected and the operational benefits that can be gained from that data.
We recently discussed data security requirements for federal contractors and now we are doing a deeper dive into one of the trickier compliance factors: reporting cyber incidents.
In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I’ve also been spending time working with my amazing colleagues here at Tripwire on a really cool new offering for DevOps pipelines – Tripwire for DevOps (learn more here). Spending so much time going back and forth from “back to basics” and “the future of development” had me thinking that securing DevOps is really Back to the Future.
It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, however, a couple of things that make a discussion about security and DevOps important.
Despite living in a world where the internet is becoming ever-more fundamental to everyday life, there is currently a world-wide shortage of cyber security professionals who are able to keep it all secure. Within four years this shortage is expected to reach 1.8 million. According to a recent study, only 35% of the enterprises involved felt they were adequately staffed to deal with cyber-attacks. 35% is not a good percentage.
Data generated by various devices connected in a network and operations being carried out on them is called as log data and we have already discussed why log management is important, considering the exponentially increasing number of attacks and their sophistication. Further, in the last blog post, we dealt with questions that you must your cloud-based log management service provider.
