Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Old mobile numbers can compromise unsecure MFA systems

Multi-factor authentication (MFA) adds a layer of security to logins that is essential to prevent unwanted access. This verification process uses a second device (owned by the user) as an additional identity verification element to which a token is sent (or generated) that certifies access veracity. The most secure MFA systems use applications to generate temporary codes, but many still rely on sending text messages to mobile phones (OTP).

Managing license compliance with Black Duck SCA

Black Duck provides a comprehensive SCA solution for managing security, quality, and license compliance risks associated with open source use. Given today’s development trends, your organization is undoubtedly leaning heavily on open source in any number of ways. According to Synopsys’ annual Open Source Security and Risk Analysis (OSSRA) report.

Solving User Monitoring Use Cases With Splunk Enterprise Security

I’ve been working with Splunk customers around the world for years to help them answer security questions with their data. And, like you probably know, sometimes it’s hard to know where to start for specific security use cases. We all know Splunk’s data platform is capable of delivering incredible analytics and insights at scale, but how do we tie that power with all of the content and premium solutions for security that Splunk provides?

Compliance vs Risk Management: What You Need to Know

According to a study conducted by Ropes & Gray, 57% of senior-level executives rate “risk and compliance” as the top two categories they feel the least prepared to address. There are a lot of misconceptions about compliance and risk management. Both help to prevent security threats to the organization’s legal structure and physical assets. And often, when people hear the terms compliance and risk management, they assume the two are the same.

Hypergrowth Playbook: 7 best practices as you go from startup to scaleup

Across the tech startup space, growth is on fire, and a key differentiator of success will be your ability to scale your talent at the pace needed. Based on having gone through this phase at various companies over the past decade, I’ve been pulled into helping advise founders and heads of people at several earlier-stage startups. So I made it simpler, and drafted a Hypergrowth Playbook , with my learnings. We are happy to share this openly, to help the community at large.

Stories from the SOC -SolarWinds Sunburst attack with malicious file

In late 2020, SolarWinds was the victim of a cyberattack that spread to their clients and went undetected for months. The foreign entities were able to add malicious code into the Orion system and gain access to companies of all sizes and across industries. The malicious code was distributed to all of the systems via a routine software update. Attacks like this are becoming increasingly frequent, amplifying the importance of security solutions that can quickly detect a potential breach.

Core Values at Detectify: Turning problems into opportunities

At Detectify , we like to approach problems as opportunities for improvement. In the last couple of months, we’ve faced two challenges where we have taken the opportunity to rethink how we work. We’d like to share them with you to give you insight into how we work together and, hopefully, inspire some of you to try a new approach when solving your own challenges in the future! Both of these examples are related to our payment process.

Build an Automation-First Security Culture

When you think about how to automate processes within the IT industry, your mind probably goes first to tools. After all, the past decade has witnessed an explosion of tools from across the industry that promise to make it easy to automate virtually every aspect of IT operations — from low-code development solutions that automate coding, to release automation tools for applications, to automated monitoring and security platforms.

Flexible Incident Response playbooks for any situation

One of the major buzzwords when talking about cyber incident response is playbooks, advanced workflows with specific actions tailored to deal with and respond to cyber incidents. Over the past few security conferences, I have noticed something of a trend emerging that centers on the uncertainty and hesitance that some incident response teams have regarding the use of playbooks and, in particular, around the notion of automation in incident response.

Mobile app SDKs: The nesting dolls of hidden risk

Here’s an obvious statement for you: mobile applications are essential to how we go about our lives. From sharing files with colleagues to managing finances and connecting with family and friends, they seem to be able to do everything we need. But here’s the catch: developers rarely build apps from scratch and security is not typically their top priority. To quickly add features, they often rely on prepackaged code known as software development kits (SDKs).