The manufacturing industry faces increasing scrutiny from regulatory agencies. As cybercriminals increasing target SCADA system weaknesses, an organization’s cybersecurity posture becomes more important to its ability to protect data and obtain important contracts. Starting with a security-first approach to cybersecurity often protects data, but to meet compliance requirements, the organization need to document the effectiveness of its internal controls.

In our previous blog, we analyzed how it is possible to map malware threats using the MITRE ATT&CK™ framework. In this blog, we will test the USM Anywhere platform against red team techniques and adversary simulations. We performed this analysis as part of our continuous efforts to improve the platform’s detection effectiveness.

In the rapidly evolving world of Kubernetes security & compliance, DevOps and DevSecOps teams are detecting security challenges and compliance issues later in the development & deployment cycles. We are excited to share new features and updates that help DevOps and DevSecOps teams detect issues and ensure compliance throughout the development cycle.

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years. Within a year, the tone had changed.

Open Source projects can be a great asset, or they can be a curse – it’s all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some things to consider.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An bumper crop this week of news items of note, had to seriously prune them down to a manageable number which is a shame.

The simplest explanation is that the page takes a value and then creates a redirect to it. If /red.php?url=https://example.com created a redirect to https://example.com that would be a typical Open Redirect-vulnerability.

Here at Devo’s Cambridge, MA office, we’ve been steeped in news of national sports league playoffs for several weeks. The games are great, even with the stress and uncertainty of overtime, but it’s gotten me thinking about the professional hockey and basketball players, and how they’ve become as successful as they are.

Insider Threats come in many different shapes and forms and can be a frustrating problem to diagnose. Adding to the problem is the fact that even the most reliable and seemingly harmless employees can change in an instant and pose a threat. Protecting your company against these sometimes-unpredictable actors requires an understanding of the various profiles that exist and their motivations.

Since financial services industry collects, stores, and transmits sensitive non-public informationinformatino, malicious actors continue to target it. As the financial services industry embraces digital transformation, it opens itself up to new risks. Cloud infrastructures act as a primary target, leading to new risks arising from the new technologies. Emerging risks facing the financial services industry require continuous monitoring to retain a robust cybersecurity posture.