Continuing on our exciting and informative webinar series, last week Appknox hosted a webinar on 'Building Org-Wide Software Security Practices'. Organized in association with Xoxoday, the leading technology platform helping businesses manage incentives, rewards, incentives and loyalty programs, I had an amazing discussion regarding various aspects of security when it comes to org-wide business initiatives and so much more with Mr Srivatsan Mohan (VP, Xoxoday).

Usually, when it comes to cybersecurity spending, people tend to try to calculate risk, savings on breach costs, compliance gaps, reputation costs. Those are all very relevant, but it turns out that for the business, one of the most important aspects of cybersecurity is speed. Below are five different aspects of speed by which a cybersecurity solution (e.g. a SIEM) should be evaluated.

Today, Sysdig has completed the acquisition of Apolicy to enable our customers to secure their infrastructure as code. I am very pleased to see the Apolicy team become part of the Sysdig family, bringing rich security DNA to our company.

With the changing tech landscape, v8 of CIS critical security controls presents a more consolidated approach that replaced CIS Top 20 released a while ago.

The identification of every user making a request to a given system is vital to ensuring that action is only taken by, and information only returned to, those who need it. This happens in two steps: first, the requester is identified (authenticated), and then that identity is used to determine which parts of the application they are allowed to access.

I can’t tell you how many times I’ve been asked by customers if we can help them apply sensitivity labels at scale to data at rest in SharePoint Online. Unfortunately, I’ve had to tell them that there’s really only one option, and it’s not pretty. To date, there is no API that allow an end user to apply a sensitivity label directly to a file in a SharePoint Online site, so the only real option is to download the file locally, apply the label and then upload the file.

People’s involvement has been inevitable with log management despite advancements in ITOps. Log management at a high level collects and indexes all your application and system log files so that you can search through them quickly. It also lets you define rules based on log patterns so that you can get alerts when an anomaly occurs. Log management analytics solution leveraging RDA has been able to detect anomalies and aid predictive models over a machine learning layer.

In this episode of AppSec Decoded, we discuss the major open source trends identified within the 2021 OSSRA report. The explosive growth of open source is not new. Developers have been using this collaborative method of building software applications to meet the market demands for quality and speed for many years. Synopsys has conducted research on trends in open source usage with commercial applications since 2015.

Your cybersecurity team walks into the office, and their day is instantly taken off the rails. They get an alert informing them that something on the network is acting suspiciously. It isn’t necessarily a threat, but they don’t have the tools to know for sure. After looking into it, they learn that a SaaS provider for one of their departments delivered an update that caused a service degradation. Thankfully, it isn’t an attack.

As organizations continue to adopt DevSecOps practices to deliver secure software, security ownership is an ever-critical consideration. Snyk recently held a roundtable with Twilio to discuss security ownership in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Yashvier Kosaraju, Senior Manager of Product Security at Twilio.