In November 2019, just after Styra raised $14 million in our Series A funding round, I wrote that the market’s move away from monolithic apps and adoption of containerized cloud-native application architectures was going to provide “a substantial market opportunity for policy and authorization to evolve.” A lot has happened since I wrote that, and I’m happy to report that while our Series A round showed the market opportunity, our latest round of funding proves the validity of t

Our phones know a lot about us, so it’s important we can trust them. After discovering and then publishing our findings on SourMint — the malicious iOS ad SDK — the Snyk Security Team decided to dig deeper in the Android ecosystem. To do so, we leveraged Snyk Code to analyze and search for vulnerabilities in applications uploaded to the Google Play store.

As organizations continue to evolve their security operations maturity and the SOC increasingly focuses on detection and response, three capabilities are foundational for success – threat intelligence, integration and automation. In a recent webinar, “Evolution of CTI – Use Case in a Modern SOC,” ThreatQuotient’s Yann Le Borgne, together with Ben van Ditmars of Atos and Martin Ohl from McAfee tackle this topic.

Netskope is excited to announce the publication of our new book, Designing a SASE Architecture for Dummies. You’re likely familiar with the iconic Dummies series of books as helpful introductory guides to complex topics.

A Distributed Denial of Service (DDoS) attack, is an illegal attempt to make a website unavailable by overloading its server with high amounts of fake traffic. The onslaught of malicious connection requests places legitimate visitors at the back of an undiminishing traffic queue which prevents the website from loading.

Software security is a big focus of the Biden administration’s recent executive order on cybersecurity. In fact, an entire section, or 25 percent, of the order is dedicated to software security requirements. In the wake of the SolarWinds cyberattack, the security of the software supply chain is clearly top of mind at the White House, and has prompted these unprecedented and detailed security requirements for any software vendor looking to do business with the federal government.

Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon, Uber and FedEx.

Amazon’s, Google’s and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in cloud security. It’s a short read, and it’s well worth the time invested in downloading a copy.

In our recent infographic we reported that almost 1 in 6 construction companies reported a ransomware attack in the past year so, yes, ransomware is a serious problem for construction companies. The question then becomes: why are construction and engineering companies being targeted with such frequency? For two reasons; first is a distributed workforce.

When it comes to malware attacks, one of the more common techniques is “living off the land” (LOtL). Utilizing standard tools or features that already exist in the target environment allows these attacks to blend into the environment and avoid detection. While these techniques can appear normal in isolation, they start looking suspicious when observed in the parent-child context. This is where the ProblemChild framework can help.