Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

A Real-World Look at AWS Best Practices: Logging

Best practices for securing an AWS environment have been well-documented and generally accepted, such as AWS’s guidance. However, organizations may still find it challenging on how to begin applying this guidance to their specific environments. In this blog series, we’ll analyze anonymized data from Netskope customers that include security settings of 650,000 entities from 1,143 AWS accounts across several hundred organizations.

Application Security Testing Evolution and How a Software Bill of Materials Can Help

Early in my career, I developed web applications. At the time there were practically no frameworks or libraries to help. I was coding with Java using raw servlets and JSPs – very primitive by today's standards. There was no OWASP Top 10 and writing secure code was not something we paid much attention to.

US Government tells firms not to give in to ransomware demands

The US Government has underlined once again that it continues to strongly discourage organisations hit by ransomware from giving in to extortion demands. In an updated advisory, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has called upon businesses not to pay ransoms, and to focus on cybersecurity measures that can prevent or mitigate ransomware attacks.

What is Zero Trust?

Zero Trust is a security model — a strategy for protecting an organization’s IT assets, including data, services and applications. The Zero Trust model is built upon research more than a decade ago by analysts at Forrester, and it is now recommended by many security experts and vendors, including Microsoft. Zero Trust is a security architecture model that requires no implicit trust to be given in any quarter.

Where does cybersecurity fit in 2022 budget priorities?

As tech budgets start to return to a pre-pandemic state, it will be interesting to see where priorities have shifted to over the past year and a half – especially when it comes to cybersecurity. We’ve taken a look at a few major industry reports to give you an idea of shifting plans, and where cybersecurity sits as a priority in 2022 budgets.

Have scraper bots outstayed their welcome on real estate listing sites?

Real estate is just one of many industries that was forced to quickly adapt to an increasingly online-first world in the wake of the COVID-19 pandemic. Virtual viewings are now the norm, and real estate businesses are scrambling to keep up with how their competitors have changed approach. When looking for a property to buy or rent, we are now likely to search online and look through online listings in the first instance.

How to get the most from dark web monitoring

A robust dark web monitoring programme ensures organisations have the ability to keep track of hidden risks and prevent any data losses from escalating into major events. In this blog post, we outline how dark web monitoring works, how to maximise its value and what to look for in an outsourced dark web monitoring service.

Application security testing is important-now can you quickly use the results?

Multiple AppSec tools lead to many results. Let Code Dx centralize your AppSec management to help you make sense of your data. Most organizations have more than one application—some large enterprises have hundreds or thousands of applications in development and production. Each application is constantly updated to fix security issues, improve performance, and meet new customer demands, and an essential part of the update process is to test the application for security issues.

Initial Access Brokers: Fueling the Ransomware Threat - The Monitor, Issue 17

Kroll has observed an uptick in actors offering network access on the dark web, particularly in the wake of recent disruptions to the ransomware-as-a-service (RAAS) ecosphere such as the ban on ransomware discussions in notorious underground criminal forums.

Steps to a Successful ISO 27001 Risk Assessment Procedure

ISO/IEC 27001 is an international set of standards that provide the requirements to set up an Information Security Management System (ISMS). Implementing ISO 27001 enables organizations to better manage and secure their information assets, including intellectual property, financials, employee details, customer data, and information entrusted by third parties. Furthermore, companies can prove that they are less vulnerable to IT security incidents or data breaches by achieving ISO compliance.