Integrity is a word thrown around a lot in the cybersecurity space. That’s not surprising. It is one of the three components that make up the CIA Triad, after all. However, the meaning and use of the word has been relatively limited in many security circles up until now. Let’s take a look at the security industry more broadly. In most conversations dealing with integrity, data security and File Integrity Monitoring (FIM) controls often end up being the primary focal areas.

Personal information (PI) enables businesses to customize the customer experience and boost sales. However, consumer rights advocacy and privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) and state data privacy laws enacted in the United States, limit the collection of PI. Preeminent among these laws is the California Consumer Privacy Act of 2018 (CCPA).

The COVID-19 pandemic pushed more employees to work from home than ever before. While this shift has many advantages—including reduced office space costs and more geographic flexibility—it also leads workers to access data from a variety of entry points.

We are excited to announce that Nightfall DLP for GitHub now has two plans available: Pro and Enterprise. Both plans allow you to discover, classify and protect sensitive information in any GitHub organization by actively scanning your codebase for secrets, credentials, PII, and other business-critical data to notify you of data policy violations. The Enterprise plan provides the additional ability to scan the commit history of any repo within your GitHub org.

As you may have heard, a massive breach of Microsoft Exchange servers was revealed in the last several weeks. The attack is not over yet. We can always wait for another attack and blame another vendor, but when it comes to Microsoft, well, who can we rely on after that? SolarWinds, Centreon and now Microsoft Exchange… With almost 80% enterprise market share, the Exchange holds the biggest secrets of our times, and now nobody knows where they went.

Cyber-attacks are commonly viewed as one of the most severe risks to worldwide security. Cyber-attacks are not the same as they were five years back in aspects of availability and efficiency. Improved technology and more efficient offensive techniques provide the opportunity for cybercriminals to initiate attacks on a vast scale with a higher effect. Intruders employ new methods and launch more comprehensive strategies based on AI to compromise systems.

The Cyber kill chain, also called CKC, is a phase based cybersecurity model developed by Lockheed Martin. It is co-opted from the military term ‘kill-chain’ used to break down the structure of an attack. The team developed the model to help security teams understand with break down of an externally originated attack into seven different steps. It helps teams to learn how cyber attacks work and help prepare the defensive controls of an organisation.

A question that comes up every now and then is whether it’s possible to compose policies based on dynamic attributes provided with the request when querying Open Policy Agent (OPA) for decisions. Could we for example provide a group, team or role name as part of the input and have OPA evaluate all policies provided for that group, team or role, but no additional policies other than those? Imagine you have several teams in an organization, each of them with their own responsibilities.

We’re pleased to announce support for viewing all of your Snyk Infrastructure as Code (Snyk IaC) configuration issues in the reporting functionality of the Snyk platform.