Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Snyk named Visionary in 2021 Gartner Magic Quadrant for AST

We have more than a few reasons to be thrilled with the results of the 2021 Gartner Magic Quadrant for Application Security Testing. In our debut on the report, Snyk has been recognized as a Visionary. Additionally, we are placed furthest in the Visionaries quadrant for both Completeness of Vision and Ability to Execute, and second-furthest for Completeness of Vision in the overall Magic Quadrant.

Introducing Sumo Logic Cloud SIEM powered by AWS

The Sumo Logic team is pleased to introduce the general availability of Sumo Logic Cloud SIEM powered by AWS. This joint solution will empower CIOs, CISOs, security and IT leaders to solve modern and legacy security operations use cases for Enterprises of all sizes and maturity with deep and contextualized insights to reduce the time to detect and respond to threats.

3 Key Observations on Network and Security Transformation

Recently I attended another great Evanta CIO event, and in the course of a day packed with excellent talks and knowledge-sharing opportunities, I had the opportunity to sit down and discuss the topic of network and security transformation with Stuart Hughes, the CIDO at Rolls Royce. Stuart shared his experiences over the past 18 months, discussing how the pandemic—among other things—had changed his strategic approach to security.

Veracode Named a Leader in 2021 Gartner Magic Quadrant for Application Security Testing

Veracode has been named a Leader in the 2021 Gartner Magic Quadrant for Application Security Testing (AST) for the eighth consecutive year. Gartner evaluates vendors based on their completeness of vision and ability to execute in the application security testing (AST) market. This recognition comes just months after we were named Gartner Peer Insights Customers’ Choice for AST, proving, in our opinion, the strength of our AST offerings according to both experts and users.

How to Apply the Risk Management Framework (RMF)

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004. It was updated in December 2018 to revision 2. This was the result of a Joint Task Force Transformation Initiative Interagency Working Group; it’s something that every agency of the U.S.

Understanding the Cloud Security Challenges for SMBs

The events of 2020 didn’t prevent small- to mid-sized businesses (SMBs) from adopting the cloud. Impact Networking reported that SMBs’ overall cloud spending grew 6.3% between 2019 and 2020. Such growth is projected to lead more than a third (35%) of SMBs to annually spend between $600,000 and $1.2 million on public cloud services by the end of 2021, noted Statista.

Understanding Splunk Phantom's Join Logic

If you’re an active Splunk Phantom user, it’s safe to assume you know what a playbook is. If not, here’s a quick summary: Phantom playbooks allow analysts to automate everyday security tasks, without the need for human interaction. Manual security tasks that used to take 30 minutes can now be executed automatically in seconds using a playbook. The result? Increased productivity and efficiency, time saved, and headaches avoided.

3 Steps To Prevent Cyberthreats & Secure Your Company's Data

While data security has been an important topic since the internet’s inception, the issue is experiencing renewed prominence as platforms collect and struggle to secure copious amounts of personal information and prevent cyberthreats at the same time. The early 2000s were characterized by unprecedented growth and participation in the digital data economy, but the 2010s saw the creeping consequences of this ecosystem.

Going Beyond Exclude Patterns: Safe Repositories With Priority Resolution

You probably remember the Namespace Shadowing a.k.a. “Dependency Confusion” attack that was in the news a couple of weeks ago. I blogged back then about the Exclude Patterns feature of JFrog Artifactory which we’ve had forever and was always intended to protect you against those kinds of attacks.

How to Proactively Plan Threat Hunting Queries

As your security capabilities improve with centralized log management, you can create proactive threat hunting queries. Setting baselines, determining abnormal behavior, and choosing an attack framework helps you mitigate risk and respond to incidents. To reduce key metrics like the mean time to investigate (MTTI) and mean time to respond (MTTR), security operations teams need to understand and create proactive queries based on their environments.