From containerized workloads to microservice architectures, developers are rapidly adopting new technology that allows organizations to scale their products at unprecedented rates. In order to make sense of these complex deployments, many teams are abstracting applications away from the environments in which they run. Because of this trade-off, developers and security teams lose the access to the unified context from infrastructure to application needed to fully secure their services.

Software containers are at the heart of cloud-native business transformation initiatives. Containers are a natural evolution from virtual machines to a more granular and portable application environment in clouds. They are designed to support rapid development and deployment of cloud-native applications in what is called a DevOps model, a set of practices that combines software development and IT operations.

In part 1 of this blog series on Kubernetes and cloud native application data protection, we addressed The need for Data Protection for Containerized Applications. In part 2 of this blog series, we go through.

Last year, we wrote about the threat landscape we saw on the horizon for 2020 in our SaaS threat landscape post. Focusing on apps like Slack, we honed in on the risks that would matter in 2020. Although our analysis was written well ahead of the COVID-19, some of our concerns were exacerbated as a result of the pandemic. With the pandemic continuing into 2021, we wanted to take the time to review the state of cloud adoption in 2020 and update our threat assessment going into the new year.

Client-side technology (such as JavaScript) can be used to create a unique “fingerprint” for a specific device/browser combination, which can be used to modify functionality or detect returning users. Some fraud prevention tools will use fingerprinting to block transactions from browsers that have been previously identified as insecure or involved in fraudulent activity.

Not only do cybersecurity organizations need to deliver the level of security required to protect corporate assets, they also need to align with the strategic goals and objectives of the business. By defining, establishing and managing your organization's cybersecurity posture, you can deliver the results needed for the business to be successful.

The notion that the time we are living in now is “unprecedented” is a common one, but historians and philosophers alike will happily note that things are rarely so different that we can’t learn a lot from the past. Despite IT often being dominated by forward-thinking individuals developing novel and innovative new designs, a lot of the problems and potential solutions for IT security are ones that have stood the test of time.

Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users. Let us start by exploring what Apple notarization is. We will then discuss some recent examples of Apple-notarized malware and some prevention techniques.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore how credential stuffing attacks are evolving and why they pose a greater threat than meets the eye. Credential stuffing is perhaps the simplest form of cyberattack, but it continues to make headlines despite its lack of sophistication. It has become the attack method of choice for cybercriminals primarily because of its high success rate and ROI.

At Bulletproof, we know that different people learn in different ways. So when a healthcare provider came to us needing an innovative, engaging way of delivering security awareness training, we stood ready to deliver. The healthcare provider in question was St Andrews Healthcare – providers of specialist care for people with challenging mental health needs. Being a company that works with vulnerable individuals, staff awareness of cyber security is essential.