Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Detectify security updates for 18 April

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

Why RBAC is not Enough for Kubernetes Security

Kubernetes isn’t (just) fun and games anymore. It’s being rolled out for production; it’s mission-critical; and all the security and compliance rules and regulations of the old world need to somehow be retrofitted onto Kubernetes. Unfortunately, the old tools for access control like RBAC simply aren’t up to the challenge.

Best Practices with AWS GuardDuty for Security and Compliance

Cloud networks are popular targets for cybercriminals and organizations will inevitably face them. If you’ve ever administered a network of any type, you know that DDoS (distributed denial of service) attack attempts are really frequent, and there’s loads of malware out there too.

Devo recognized in new Intelligent Application & Service Monitoring report

Forrester Research has released The Forrester Wave™: Intelligent Application & Service Monitoring, Q2 2019 report and I am excited to share that Devo has been identified as a Strong Performer. Devo’s recognition as a Strong Performer is, in our opinion, a great validation of our data-first approach.

Workflow Automation For Compliance

The time-consuming, administratively burdensome compliance process is riddled with potential human errors that can lead to violations. As securing data increasingly relies on proving controls’ effectiveness, the compliance becomes more stressful for everyone in the organization. However, building compliance workflow can streamline the process leading to a more cost effect and auditable outcome.

Siegeware and BAS attacks, an emerging threat

As technological solutions to cybercrime become increasingly advanced, able to preempt attacks and weed out vulnerabilities before they’re widely known, attackers also become more adept at cloaking their presence and concealing their intent. The targets of attacks also change with the times.

NIST SP 800-190 application container security with Sysdig Secure

In September 2017, the National Institute of Standards and Technology (NIST) released Special Publication (SP) 800-190, Application Container Security Guide. NIST SP 800-190 explains the security concerns associated with container technologies and recommendations for the image details and container runtime security. It provides prescriptive details for various sections including image, registry, orchestrator, container and host OS countermeasures.

Establishing Information Security in Project Management

A person recently asked me if it was possible to implement ISO 27001 using a specific project management software product. They used the tool in the past to define project plans and make project reviews. While I told them this is entirely possible, the truth is one can implement ISO 27001 even without a project plan or any specific tools. But should they?

Risk Mitigation Strategies

It is rightly said that “Prevention Is Better Than Cure.” This maxim can also be applied in information technology in terms of IT risks. Risk mitigation is a process whereby an enterprise takes some proactive measures or use some strategies to mitigate or eliminate risks altogether in order to prevent or reduce damage to the organization. The following sections gain an insight into some popular risk mitigation strategies organizations are looking for in 2019.

Security is Simple as 1, 2, 3

Keeping an organization’s IT assets secure in this day and age is a challenge. The sands of the information security landscape are constantly shifting, and it can be difficult for practitioners to find solid footing; to identify those initiatives that will net the greatest return on security spend. Each day seems to bring another emerging concern in the threat landscape.