I blame my life-long work obsession with automation and avoiding repetitive drudgery on my first boss and mentor Danny in S3. He was horrified to see me doing the same thing over and over in a VAX code editor and introduced me to the magical world of macros. From that point onwards, I was a man on a mission to save us all as much time as possible in our working days.

We can’t always stop the bad guys from getting in, but we can stop them from wreaking havoc. Professor Avishai Wool, AlgoSec CTO, summarizes notable breaches from 2021 and explains the role of micro-segmentation.

Threat analysis and risk assessment (commonly referred to as TARA) are the key activities that should be carried out by all organisations whether they are enterprises or small scale companies. At present, there are many methodologies for how risk assessment and threat analysis can be performed.

Email messaging is the most widely used form of communication, whether in the business world or in our daily personal lives. And it is because of this reason that email communication is one of the most targeted areas by cybercriminals.

Have you considered how often your phone number has been shared? Most of us give out our cell phone numbers all the time – to friends, acquaintances, colleagues, and even big, monolithic, impersonal companies. We may even print them on business cards or list them on public forums. A cell phone is no longer just a way to contact someone to engage in conversation.

Tripwire Configuration Manager allows for user created configuration and compliance management content via a new Policy Management capability. Custom user content can be used alongside existing cloud service provider and third-party SaaS policies, providing multiple new use cases for data gathering and expanding policy compliance support into new services. This blog will describe some of the features and use cases for the Policy Management capability.

All companies are moving towards a digital landscape. Developments in the design and manufacturing industry have expanded the innovation of p roducts as digital collaborations are increasingly enabled from concept generation to product realization and after-market. These collaborations expand beyond the enterprise and national boundaries, leading to growing concern about the security of their sensitive information such as Intellectual Property (IP) and trade secrets.

Researcher Moshe Zioni from Apiiro, discovered a major software supply chain critical vulnerability - CVE-2022-24348 - in the popular open-source CD platform Argo CD. Exploiting it enables attackers to obtain sensitive information like credentials, secrets, API keys from other applications. This in turn can lead to privilege escalation, lateral movements, and information disclosure.

In a world driven by digital business, enterprise security needs to be continuously monitored and improved to keep up with evolving cyber-threats and to ensure data protection across the web. As the corporate, office-based workforce evolves to become more permanently remote, increased access control to business assets is needed for those both within and outside of the company network.

An industry with a vast amount of disciplines and specialisations is likely to make newcomers apprehensive when starting. An individual may consider the many paths they wish to walk down and become encumbered with feelings of fear and doubt in their abilities. This is a position that many cyber-security professionals are likely to find themselves in.