Penetration testing is the cornerstone of any cyber security strategy, yet enterprises often don’t get an optimal outcome from their pen test engagements. In this blog I’ll be looking at the three main reasons behind this, and also suggesting an alternative way of working that could vastly improve security outcomes whilst also increasing business value.
In 2021, digital transformation has accelerated. At the tail end of the COVID pandemic, with companies remaining remote, the demand for cloud services in the enterprise is the highest It’s ever been. Healthcare organizations, which more directly encountered the acute challenges posed by the pandemic, were among the first to be shaped by the current wave of digital transformation.
As a cloud-native data loss prevention solution, Nightfall DLP can natively integrate with some of the most popular SaaS applications in order to protect against the proliferation of sensitive data in these environments. With our native integrations, Nightfall helps keep client data safe on apps including Slack, GitHub, Google Drive, Confluence, and Jira. But did you know that Nightfall also exists as a standalone DLP API?
The Linux/UNIX process model creates a new process by cloning the currently running one using the fork() system call. Subsequently, exec()—or one of its variants—loads a new program image into the newly cloned child process. There are a variety of issues that stem from using this approach in modern systems. There are also various widely used techniques and APIs aiming to alleviate the issues in different ways with different degrees of success and quirks.
Penetration testing, also known as “pen testing,” is an intentional, simulated cyberattack against your IT systems to find vulnerabilities and test the efficacy of cybersecurity controls. For example, penetration testers can use this tactic to improve web application security mechanisms such as firewalls. Pen testing might involve an attempt to breach access controls to gain access to a private network.
It is increasingly common to hear about cyber threats to energy and utility industries. These are malicious acts by adversaries that target our data, intellectual property, or other digital assets. All too often it seems as though energy and utility companies are put in a defensive position to battle it out with these cyber intruders. How can the industry switch to a more offensive position when it comes to understanding these threats?
As supply chain attacks continue to dominate headlines, software development teams are beginning to realize that package management can’t be taken lightly — the threats hidden under the hood are real. In this installment of The Source, we want to talk about the practices and tools that developers need to adopt in order to protect against supply chain attacks.
This is part 2 in a mini-series about the current paradigm shift in security towards a continuous security approach. Richard Carlsson, Detectify CEO, was on Enterprise Security Weekly to shed light on it and this article delves into the need for velocity to activate this strategy.
President Biden’s cybersecurity executive order from last month should cause little surprise for anyone following news headlines over the past year. The order is the U.S. Federal Government’s important response to a long list of incidents, starting with the SolarWinds attack and ending with a recent ransomware attack against Colonial Pipeline —- the largest known attack against a US energy firm.
The old saying “it takes a village” applies to many things in life, including securing your organization. Security is a team sport that requires a variety of solutions and providers — such as a firewall, endpoint protection, security information and event management (SIEM), threat intelligence provider, IT service management (ITSM), governance, risk, and compliance solution (GRC), and cloud access security broker (CASB) — to name a few.
