There are several tactics that threat actors can use to access cloud environments, services, and data. A common example is lateral movement, which involves techniques that enable a threat actor to pivot from one host to the next within an environment. This type of activity often uses other tactics, such as initial access and privilege escalation, as part of a larger attack flow.

The Cybersecurity Maturity Model Certification, or CMMC, has been a long time coming. It was first developed in 2019, primarily as a way for defense contractors for the Department of Defense to switch from self-attestation to a validated certification. CMMC 1.0 has been in effect since 2020, but there has been a lot of feedback regarding the complexity and clarity of the system, leading to the development of CMMC 2.0.

By James Rees, MD, Razorthorn Security In today’s complex cybersecurity landscape, Governance, Risk and Compliance (GRC) tools have become essential for organisations managing intricate security ecosystems. These tools are designed to centralise information, streamline processes and offer crucial insights into an organisation’s risk posture. However, as cybersecurity expert Jack Jones revealed when he joined me on a recent podcast, the reality often falls short of these ambitious claims.

Feeling overwhelmed by alerts? You’re not alone. At SOC Analyst Appreciation Day (SAAD) 2024, we heard from countless analysts facing the same challenges of burnout, perfectionism, and the need for mentorship. With a fantastic line-up of speakers, including John Hammond, Ron Eddings, Peter Coroneos from Cybermindz, and other security leaders, this year’s event provided valuable insights and sparked engaging discussions.

Mobile Breakthrough Awards has named Forward Networks the winner of its “2024 Enterprise Cloud Computing Software of the Year” award. This is Forward Networks’ fifth consecutive award win for Enterprise Cloud Computing from Mobile Breakthrough’s Award program.

In 2024, healthcare organizations face heightened security challenges, mainly as they increasingly rely on Application Programming Interfaces (APIs) to support critical functions. APIs have become indispensable in driving digital transformation and improving operational efficiencies across healthcare systems. However, the rising complexity and volume of APIs, alongside insufficient security practices, have created a vulnerable environment ripe for exploitation.

At Indiana University, OpenInfra Days North America 2024 was an event that brought together the brilliant minds of the open infrastructure community. For my teammate Kevin Jackson and I, this was not just another tech event; it was a long-overdue reunion with friends in the OpenStack community and an exciting opportunity to forge new relationships. The atmosphere was charged with collaboration and learning, with best practices, user journeys, and insightful panel discussions taking center stage.

False positives in API security are a serious problem, often resulting in wasted results and time, missing real threats, alert fatigue, and operational disruption. Fortunately, however, emerging technologies like machine learning (ML) can help organizations minimize false positives and streamline the protection of their APIs. Let's examine how.

Discover key takeaways from SOSS Fusion 2024, where security experts gathered to learn from one another about improving our world, AI, and the future of open-source security.

The traditional methods of detecting and mitigating cyberattacks will no longer be adequate as these attacks become sophisticated and frequent. These days, risk-based alerting and network detection and response (NDR) are regarded as essential tools for safeguarding enterprises. By avoiding false positives or low-priority warnings, risk-based alerting allows security teams to concentrate on the high-risk threats, saving time and resources.