Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Report: Organizations not completely clear on what IT security incidents to report

Defining a data breach can be tough for a lot of organizations. However, since the introduction of the General Data Protection Regulation (GDPR) in 2018, organizations that operate in the EU need to follow regulatory guidelines that can have real business implications if ignored. But when a cyber incident hits your organization, do you know if it needs to be disclosed to the public? How prepared are you to let your customers and authorities know?

13 Reasons Why WordPress Hacks are Successful

In the attacker’s world, all vulnerabilities and potential exploits work toward the hacker’s advantage — not yours, not mine. This includes WordPress hacks. While living back east (over a decade ago), I was friends with several small business owners. One weekend morning, the owner of the local photography studio called me at 7 am and said: “I think I’ve been hacked.” I could hear the soft clicking of a keyboard in the background.

Single Sign-On for Kubernetes: The Command Line Experience

One of these problems is that Kubernetes has no login process. Ordinarily, the client software would initiate this login flow, but kubectl does not have this built in. Kubernetes leaves it up to you to design the login experience. In this post, I will explain the journey we took to get engineers logged in from the terminal and the challenges we faced along the way. The first step to SSO was to set up Dex as our Identity Provider.

Signs Your Organization Needs a GRC Solution

Before beginning, you might ask yourself: Does my organization need a GRC Solution? The simple answer is yes. There are over 200 complex frameworks and workflows that simply can’t be managed by floods of repetitious spreadsheets or word documents. Let’s define “Governance Risk-Management Compliance” and how the three pillars work together in relation to an organization and its objectives. Check top 30 security frameworks – 2019.

An overview on insider threat awareness

Organizations usually focus on cyber threats which are external in origin. These include anti-malware, external firewalls, DDoS attack mitigation, external data loss prevention, and the list goes on. That's great, external cyber attacks are very common so it's vital to protect your networks from unauthorized access and malicious penetration. The internet and unauthorized physical access to your facilities will always be risks and they must be monitored and managed.

3 key takeaways on Cloud SIEM from Gartner Security & Risk Management Conference 2019

Gartner has been a thought leader in the SIEM space for the last few years. Gartner’s Magic Quadrant is considered one of the top market research reports on SIEM’s capabilities and vendors. Very recently, I attended the 2019 Gartner Security & Risk Management Conference, and based on thousands of conversations Gartner has had with their clients, they have a good vantage point on the SIEM space this year.

A Google Cloud Platform Primer with Security Fundamentals

We’ve previously discussed best practices for securing Microsoft Azure and Amazon Web Services, but this time we are going to turn our attention to Google Cloud Platform. Google Cloud Platform (GCP) is growing at an impressive 83 percent year over year, but generally receives less focus than AWS and Azure. We can use some of our best practice cloud security knowledge to outline some fundamental steps for keeping Google Cloud Platform secure.

State of Cybersecurity Today

Today, the majority of our critical systems are intertwined with each other and are administrated by/through computers. Many decisions are automated and our lives are to some extent reliant on IoT connected devices. A great deal of our data is on cloud storage facilities and almost all of our personal data is stored in a device that has internet connection. The connectivity and complexity of these systems make them vulnerable. That is why cybersecurity has been gaining more and more importance.

What's New and Changing in the World of Vulnerability Management?

According to CIS, “Organizations that do not scan for vulnerabilities and proactively address discovered flaws face a significant likelihood of having their computer systems compromised.” While vulnerability management (VM) isn’t new, I’ve seen it evolve a lot over my 22 years in the industry. Here are some big trends: The idea of an asset has changed and grown over the years. Back in the ‘90s, it was a PC or a server.

Price vs. Cost: What the Stock Market Teaches Us about Data Breaches

Normally, when you hear about stocks dropping, it’s due to some scandal or crisis. Market watchers will tell you that a range of elements can affect the value of a publicly traded company and cause stock prices to rise or fall. Consumer confidence is a major factor that influences a company’s reputation and perceived value. What does that have to do with data breaches? A lot more than you might think.