In our previous blog, we analyzed how it is possible to map malware threats using the MITRE ATT&CK™ framework. In this blog, we will test the USM Anywhere platform against red team techniques and adversary simulations. We performed this analysis as part of our continuous efforts to improve the platform’s detection effectiveness.

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years. Within a year, the tone had changed.

In the rapidly evolving world of Kubernetes security & compliance, DevOps and DevSecOps teams are detecting security challenges and compliance issues later in the development & deployment cycles. We are excited to share new features and updates that help DevOps and DevSecOps teams detect issues and ensure compliance throughout the development cycle.

Open Source projects can be a great asset, or they can be a curse – it’s all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some things to consider.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An bumper crop this week of news items of note, had to seriously prune them down to a manageable number which is a shame.

Here at Devo’s Cambridge, MA office, we’ve been steeped in news of national sports league playoffs for several weeks. The games are great, even with the stress and uncertainty of overtime, but it’s gotten me thinking about the professional hockey and basketball players, and how they’ve become as successful as they are.

Since financial services industry collects, stores, and transmits sensitive non-public informationinformatino, malicious actors continue to target it. As the financial services industry embraces digital transformation, it opens itself up to new risks. Cloud infrastructures act as a primary target, leading to new risks arising from the new technologies. Emerging risks facing the financial services industry require continuous monitoring to retain a robust cybersecurity posture.

Insider Threats come in many different shapes and forms and can be a frustrating problem to diagnose. Adding to the problem is the fact that even the most reliable and seemingly harmless employees can change in an instant and pose a threat. Protecting your company against these sometimes-unpredictable actors requires an understanding of the various profiles that exist and their motivations.

The simplest explanation is that the page takes a value and then creates a redirect to it. If /red.php?url=https://example.com created a redirect to https://example.com that would be a typical Open Redirect-vulnerability.

It was only a few years back that cloud technology was in its infancy and used only by tech-savvy, forward-thinking organisations. Today, it is commonplace. More businesses than ever are making use of cloud services in one form another. And recent statistics suggest that cloud adoption has reached 88 percent. It seems that businesses now rely on the technology for day-to-day operations.