Managing the security of your Amazon Web Services (AWS) environment requires constant vigilance. Your strategy should include identifying potential threats to your environment and proactively monitoring for vulnerabilities and system weaknesses that malicious actors might exploit. In a complex environment—such as your AWS account with a multitude of services, coupled with various architectures and applications—the ideal solution should be both comprehensive and straightforward.

Security Service Edge (SSE) describes the evolving security stack crucial to a Secure Access Service Edge (SASE) journey, with core platform requirements that include CASB, SWG, and ZTNA capabilities. SASE is an architecture—really, a long-term journey that will change how we all think about security and networking. But SSE, as part of SASE, is a set of cloud-delivered security services you can acquire and make the most of today.

SSH bastion hosts are an indispensable security enforcement stack for secure infrastructure access. Every security compliance standard that deals with remote infrastructure access (e.g., FedRAMP AC-17 - Remote Access, HIPAA §164.312(a)(1) - Access control, SOC2 CC6.1 - Manage Points of Access) mandates preventing direct network access to the servers and APIs.

Both proxy servers and VPNs hide your IP address, allowing you to access websites anonymously, but only VPNs direct all network traffic through an encrypted tunnel. Another key difference is that VPNs address all network data while proxy servers only operate on an application level. The differences between the two solutions can be summarized as follows: Before diving into their technical differences, its important to first solidify your understanding of proxy servers and VPNs.

Compliance management is the process of ensuring all workflow, internal policies and IT initiatives align with specific industry cybersecurity regulations. This effort is ongoing since the digital attack surface is always expanding.

A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations. As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations – has been mailing out malicious USB sticks in the hope that workers will plug them into their computers.

As the pandemic continues, organizations around the world are working hard to adapt to the “new normal.” This article highlights the key trends that we will face in 2022 and beyond. Ransomware attacks more than doubled in 2021 compared to 2020, with healthcare and utilities the most commonly targeted sectors. Moreover, attacks are getting more expensive, with the average ransomware payment leaping from US$312,000 in 2020 to $570,000 in 2021.

The volume, variety, and velocity of data being collected in clinical trials is constantly increasing. It regularly surpasses what any one person or even a team of people can process, organize and monitor. Companies can no longer throw people at the problem, which is why many have turned to automation and AI to fill the gap.

The early stages of an intrusion usually include initial access, execution, persistence, and command-and-control (C2) beaconing. When structured threats use zero-days, these first two stages are often not detected. It can often be challenging and time-consuming to identify persistence mechanisms left by an advanced adversary as we saw in the 2020 SUNBURST supply chain compromise. Could we then have detected SUNBURST in the initial hours or days by finding its C2 beacon?

Following the discovery of Log4Shell, a vulnerability in Log4J2, Elastic released a blog post describing how users of our platform can leverage Elastic Security to help defend their networks. We also released an advisory detailing how Elastic products and users are impacted.