Vulnerability scan reports are requested from a wide variety of people or entities for many different reasons. Historically a report meant a static snapshot of the scan data. Some company stakeholders may want an executive overview of the current vulnerabilities present in their environment. In contrast, others may want additional data points such as trending to reflect how well they have made progress in remediating previous vulnerability scans detected.

I previously talked about how to get started with a threat intelligence program, which is the cornerstone to any security operation. Such a program enables security teams to gain a deeper understanding of adversaries and their tactics, techniques and procedures (TTPs), in order to determine what is relevant to the organization and how to mitigate risk.

Detectify is expanding its web app fuzzing engine to scan public-facing APIs for vulnerabilities. Earlier in the year, we released a new fuzzing engine, and it was developed with API scanning in mind. In Fall 2021, we will roll out open beta testing. You can register for Detectify API fuzzer updates and beta testing program.

Since our last update in January, there has been an unprecedented amount of activity in the data privacy world. And yes, we probably do say that every time! New laws have passed in Virginia and Colorado. The UK’s post-Brexit EU adequacy was confirmed. Plus of course, the EU’s significant changes to Standard Contractual Clauses and the reawakening of the debates over Identity Verification, especially in the context of social media.

PKI stands for Public Key Infrastructure. It is the foundation of modern information security. PKI is a set of practices, policies, and technologies that protect sensitive data from unauthorised access or use. If you’re not using it yet, there are many reasons why you should be.

Cloud-based solutions are the holy grail for the modern day business. The convenience of being able to access enterprise data and tools any time, any place, and from any device has been a key ingredient for business success - particularly if you’re in the middle of a global pandemic. But, there are plenty of unspoken risks that come with the use of an always-connected workforce.

If you’re reading this, and you don’t live under a rock, you know organizational security is important. But, these days, the term ‘organizational security’ means so much more than it has in the past. It’s not quite as simple as installing a highly-rated anti-virus solution on employees' computers and calling it a day.

As we discovered in our Women in Tech panel earlier this year, it’s important to show women succeeding in male-dominated industries, like technology/security, and to talk about how men can help create space for others in the workplace. We’ve previously highlighted our women-led Security team and now want to continue sharing stories about women in leadership by introducing you to two leaders that are helping create space for women and non-binary people in the tech industry.

Those who don’t move forward are moving backward. This saying particularly holds true in the cyber security world, as the constantly evolving threat landscape puts enormous pressure on traditional SOC teams. Most traditional SOC teams are understaffed, lack specific skills and are overworked.

Zero Trust is not something you purchase. Zero Trust is a security strategy you build out using the working assumption that there are no safe network zones, no perimeters, no safe users, and no safe devices. The Spectra Alliance helps enable a Zero Trust model across the scope of six elements including applications, data, networks, infrastructure, identities, and devices.