Bridging the gap between Security, Compliance and DevOps teams can be a challenging cultural shift to address. DevOps teams are eager to get software out faster and more efficiently, yet security best practices, like policy-as-code, need to be integrated from the outset to streamline the development process in this new cloud-native world.

As Uncle Ben once said, “With great power comes great responsibility.” This is also true of the Kubernetes API. It is very powerful, and you can build amazing things on top of it, but it comes with a price—a malicious user can also use the API to do bad things. Enter Kubernetes RBAC (role based access control), which enables you to use the API in a controlled manner by granting only required privileges needed, following least privilege principle.

After a year full of unknowns and new normals, knowledge is power. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of cyber threat intelligence (CTI). The 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI.

Netskope is proud to have contributed once again to Verizon’s annual Mobile Security Index —one of the most influential reports in the industry for evaluating mobile security trends. This report is based on a survey of hundreds of professionals responsible for buying, managing, and securing mobile and IoT devices.

Intel 471 researchers have identified a new malicious document builder, dubbed “EtterSilent,” leveraged by various threat actor groups. One of the build options is a weaponized Microsoft Office document (maldoc) that uses malicious macros to download and execute an externally hosted payload. The maldocs pose as templates for DocuSign, a cloud-based electronic signature service.

Where were you when you first heard about the SolarWinds breach? It’s not unusual for information security professionals to learn about a breach. Keeping track of the news is part of the job. The SolarWinds attack, however, was different for two primary reasons. First, it reached the level of mainstream news. The majority of breaches stay mostly in the industry press.

Organizations are recognizing that data security compliance is a foundational element of any successful business. The demand for compliance officers, IT security professionals and data protection officers is growing; spending on compliance programs is increasing; and businesses are treating compliance as a key part of their overall strategy. Some compliance teams are still struggling to secure the resources and personnel needed to build a robust and proactive compliance program.

Financial services are big targets for cybercrime. As the world shifts from physical to online, credit unions are doubling down on web applications to improve access and ensure vital financial services for their members. But with that comes greater security risks. In this benchmark study, we analyze the Top US Credit Unions with our attack surface analysis tool to highlight security weaknesses they should watch out for.

By the end of 2020, Microsoft 365 was used by more than one million companies worldwide. And for good reason. With the move to remote work, applications like Word and Excel, Teams, OneDrive and SharePoint, provided businesses with a familiar, easy to access, and easy to use productivity suite – all available in the cloud.

Traditionally, when selecting a bot management solution, businesses have chosen a multi-purpose security bundle bolted on to a content delivery network (CDN), typically a product such as an Akamai or CloudFlare CDN. While bolt-on bot solutions have their benefits, they lack the comprehensive feature set needed to combat the ever-growing bot threat.