Do you know where your users are going on the Internet? Do you know what they’re doing on the public Internet? How are you protecting your enterprise and your users from their cloud activities? These simple questions belie complex problems that can keep security and compliance practitioners up at night. One of the related challenges that organizations face today is controlling access to corporate and private file sharing applications such as Google Drive, OneDrive, and Dropbox.

Software testing is notoriously hard. Search Google for CVEs caused by basic CRLF (newline character) issues and you’ll see thousands of entries. Humanity has been able to put a man on the moon, but it hasn’t yet found a proper way to handle line endings in text files. It’s those subtle corner cases that have a strong tendency of being overlooked by programmers.

Kubernetes is a tool used by many developers and DevOps administrators to deploy and manage containerized applications, and it has become a default tool for container orchestration in many organizations.

If you are an application developer or security analyst, you likely spend a lot of time thinking about your customers’ security. IT operations teams have found many ways to help secure login portals by implementing dual authentication and Single-Sign-On (SSO) portals. Many IT organizations have learned to use SSO and Two Factor Authentication (2FA) to help secure their codebase and employee data. This method is great, assuming that all users are compliant with 2FA.

Zero trust is everyone’s favourite topic at the moment. But underneath its appealing phrasing lies a significant amount of market confusion over exactly what it is. Allow me to bust some myths.

No matter how advanced your Security Operations Center (SOC) is, pre-built Playbook Packs from Splunk can augment your analysts with automation that scales with your organization’s maturity. SplunkⓇ Enterprise Security (ES) users can achieve this scalable automation by using a pre-built Risk Notable Playbook Pack in Splunk SOAR.

The UK’s first cybersecurity strategy was launched in 2009 and outlined that whatever the shape of the cybersecurity mission, it made no sense to silo it away from other aspects of national security. To be effective, it had to be able to take advantage of high-grade intelligence and other security capabilities. The strategy outlined how the country needed to invest more in getting the public and private partnership really working.

A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and cybersecurity professionals respond without correcting, even, on occasion, offering bad advice.

To stay ahead of malicious attacks, developers and security teams must have a way to identify, prioritize, fix, and monitor vulnerabilities, a process known as vulnerability remediation. When it comes to detection, organizations can use a variety of application security testing (AST) tools to identify vulnerabilities in software applications and other systems.