Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Continuously Hack Yourself because WAF security is not enough

Have the WAF security companies got you thinking that a firewall is enough? In a modern landscape, development and security move faster, and so do web application vulnerabilities. Unfortunately, WAF doesn’t prevent many of these events, and hackers of all hats have known ways of bypassing WAF to exploit common and creative web vulnerabilities.

Keeping Your Data Safe in the "Gig Economy"

As workforces continue to evolve and adapt to the COVID-19 pandemic, the door is open for organizations to hire workers from anywhere around the country to offer their skills remotely as needed, often as a freelancer or gig worker. While this outgrowth of the burgeoning gig economy stands to benefit many businesses in need, it’s important that you assess your risk of utilizing gig workers and freelancers.

Emerging Public Cloud Security Challenges in 2020 and Beyond

According to last year’s Gartner forecast, public cloud services are anticipated to grow to $USD 266.4 billion by the end of this year, up from $USD 227.8 billion just a year ago. Clearly, cloud computing is making its way to cloud nine, (See what I did there?) leveraging the sweet fruits of being in the spotlight for a decade. However, the threats to public cloud security are growing at the same rate.

Best Tools for Building Your DLP Tech Stack

Most organizations are aware that data loss prevention must be a top priority – but few understand how different tools and policies must be leveraged in combination to create complete, 360-degree protection for critical data. Data loss prevention (DLP) has traditionally focused on securing data on devices – laptops, phones, and internal company networks.

The Second Critical Step to Building the Modern SOC

The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the second in a series of posts about the four steps that highlight some of the most important concepts. The first post covered Step 1, which is about establishing a foundation of centralized, scalable visibility. This post excerpts Step 2, extracting intelligent insights from your data.

AppSec Decoded: The consequences of insecure IoT devices

Watch the latest video in our AppSec Decoded series to learn why manufacturers should consider building security into their IoT devices. Application Security Decoded: Manufacturers should build security into their IoT devices | Synopsys - YouTube An error occurred. Try watching this video on www.youtube.com, or enable JavaScript if it is disabled in your browser.

IT security under attack blog series: Instant domain persistence by registering a rogue domain controller

In this blog in the IT security under attack series, we will learn about an advanced Active Directory (AD) domain controller (DC) attack to obtain persistence in AD environments. Dubbed DCShadow, this is a late-stage kill chain attack that allows a threat actor with admin (domain or enterprise admin) credentials to leverage the replication mechanism in AD to register a rogue domain controller in order to inject backdoor changes to an AD domain.

What is Third-Party Risk Management?

Creating and maintaining relationships with third parties brings about multiple risks. Whether your organization is large or small, it’s almost certain that you have business relationships with many third parties for specific types of operations. When operational data and confidential information are exchanged with third parties, that data and information are vulnerable to misuse and exploitation. This is where risk comes into the equation.

SIEM Solutions and Data Protection Compliance

Security Information and Event Management (SIEM) systems are vital to each organization. They transform simple event logs from various applications to detailed, in-depth behavior analysis thanks to advanced visualizations and analytics and sometimes machine learning and AI. They contain a palette of aspects covering the most crucial information security issues.

Using Open Policy Agent for cloud-native app authorization

How companies like Netflix, Pinterest, Yelp, Chef, and Atlassian use OPA for ‘who-and what-can-do-what’ application policy. In the cloud-native space, microservice architectures and containers are reshaping the way that enterprises build and deploy applications. They function, in a word, differently than traditional monolithic applications.