Controlling access to sensitive data is tough. Be too restrictive, and your employees run into too many roadblocks to do their jobs effectively. Too loose, and you are effectively guaranteeing that your organization will find itself on the front page as a victim of one of the many data breaches happening every day. That is why it is important to craft an effective data security strategy: one that relies on automation and oversight to ensure the privacy of your users’ data.

Even though cloud computing isn’t all that new anymore, learning how to use it effectively can be overwhelming. It’s unfortunately very easy to make mistakes.

Windows 10 is probably the most used Operating System (OS) in organizations these days. The fact that every level of user in the organization, from IT experts to entities that has little knowledge in cybersecurity use it, it is prone to be targeted by attackers as a gate to the entire network. A lot of attention is invested in users’ behavior and phishing campaigns, while many risks hide in the OS itself.

The coronavirus pandemic has accelerated the massive increase in using cloud computing services. As the world progresses through its online evolution, cloud computing services have become more of a necessity. However, along with businesses, cybercriminals have also seen this virtualization as a means of snagging more prey. The rapid increase in cloud computing services has made organizations face novel security challenges.

One of my first tasks after leaving NSA for private industry in the early 90s was to write my new company’s information security policy. I’m not sure my previous job as a cryptanalyst left me qualified for this, but I was viewed as the security guy. So, I attacked the task with vim and vigor. That first information security policy I wrote was a thing of beauty. I scoured the Orange Book and other resources to find every security requirement that might help us prevent a security incident.

If you receive a Data Subject Access Request (DSAR) today, what will you do? How does your organization respond to a request from a customer who wants to know what personal data you have and how you use it? What if a customer requests the “right to be forgotten”? How do you know you have deleted every instance of personal data from all locations in your company? Will you be able to respond quickly and completely?

On October 26, 2021, Devo announced a new round of $250 million in venture funding that gives the company a valuation of $1.5 billion. In a new Devo Inside Out video, CEO Marc van Zadelhoff and CFO Jennifer Grunebaum discuss the details of the investment and what it means for Devo’s ability to bring the industry’s most comprehensive logging and security analytics solution to more customers worldwide. Video Player 00:00 00:00 00:00 Use Up/Down Arrow keys to increase or decrease volume.

CISA, the US Cybersecurity and Infrastructure agency, has recently released a report on Managed Service Providers (MSPs). The agency recognizes that MSPs play a critical role for businesses, providing IT services that would otherwise be too costly or too time-consuming and resource-intensive.

Over the last year, many of us have been introduced to the term “Software Supply Chain”. For better or worse, it is now part of our defense vernacular and won’t be going away any time soon. If anything, it has consumed us in many ways and has been the cause of many nights of lost sleep. Well, that could just be us on the SURGe team here at Splunk.

The JFrog Security research team has recently disclosed two denial of service issues (CVE-2021-37136, CVE-2021-37137) in Netty, a popular client/server framework which enables quick and easy development of network applications such as protocol servers and clients. In this post we will elaborate on one of the issues – CVE-2021-37136.