Today we’re announcing a new container security cheat sheet and report — created in collaboration with our partner Sysdig. Download cheatsheet In this post, we’ll outline tips to help you successfully navigate the challenges of container security with a focus on three core principles: Traditional security approaches are incapable of handling the distributed and ephemeral nature of containers.

Many organizations want to leverage encryption in their environments. This usually starts off with encrypting data and devices that physically leave the organization. External USB drives with encryption or internal drive encryption on laptops using BitLocker for example. We have all heard stories of secret government documentation being left behind on the train or a laptop with employee information being left in a Taxi while traveling.

For its 25th year, Black Hat USA presented a “unique hybrid event experience, offering the cybersecurity community a choice in how they wish to participate” virtually or in person. It was a jam-packed four days of trainings, conferences, briefings, special events, and cybersecurity solutions.

Learn about API authentication and authorization best practices to ensure your APIs are secure. While we often use the terms interchangeably, authorization and authentication are two separate functions. Authentication is the process of verifying who a user is, and authorization is the process of verifying what they have access to.

If you’re like many organizations that have heavily invested in Microsoft 365, you may be considering, or already attempting, to use SharePoint Online as your company file server. After all, it’s “free” since it’s included in the service, right? While Microsoft has made improvements on the front-end with OneDrive for Business and Teams, there are still many challenges and hidden costs associated with using SharePoint as your primary company file system.

Software supply chain is anything and everything that contributes to making software functional. This includes code in the developer system, the CICD pipeline, dependencies, binaries, and deployed software in production, as well as people, processes, and the technology space. With the growing adoption of assembling software from distributed, unmanaged components rather than building it from scratch, more often than not, organizations are not aware whose, or what, code is running within their software.

Distributed containerized systems compose applications, resources, services, databases, and other artifacts. These components often need sensitive information such as user keys, passwords, API keys, and certificates to function properly. Secrets management is critical for adequately handling sensitive information and Kubernetes deployments often utilize their built-in Secrets resource type and associated RBAC controls but what if you aren’t deploying on Kubernetes?

With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business. Today we will be looking at some top tips for changing the tide on board-level buy-in.

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential for physical harm due to compromised medical imaging equipment.

In the past, purchasing cybersecurity insurance was considered a luxury rather than a necessity. However, as the number of cyber attacks continues to grow, many educational institutions have started to buy insurance policies to cover the damaging costs of malware and ransomware attacks. The education sector saw the most cyber attacks in 2021 and 2022 compared to every other industry, including healthcare and finance.