Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Five Easy Steps to Keep on Your Organization's DevOps Security Checklist

The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction”; it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a single, simple rule: lock the door.

What is Risk Exception

A business wants to hire a vendor. However, this vendor does not meet policy standards and has requested an exception. The question you face is whether or not to approve or deny that exception request. What’s good for business sometimes comes with added risk. In fact, many incidents are the direct result of a policy violation. For risk management, and business needs, maybe the answer isn’t a simple yay or nay but a more nuanced approach.

The past, present & future of threat hunting

Threat hunting is a regularly-occurring activity in any high-performance SOC. But for less savvy organizations, it’s a must-have activity that can mean the difference between a malicious hack or a normal, uneventful day. With the stakes so high, it’s time to look at the history of threat hunting, what it looks like today, and the future of threat hunting – particularly as adversaries become more advanced every day.

Understanding the California Privacy Law Requirements

Another year, another privacy law on the horizon. In 2018, the big push for compliance with the European Union General Data Protection Regulation (GDPR). In 2019, companies are reeling from the new law governing data protection passed by ballot initiative. The California Consumer Privacy Act (CCPA) intends to place on companies who collect California residents’ personal information. But the question remains, in the morass of regulatory writing, “What is the CCPA?

What is Machine Learning?

Over the last century, our technology devices have gone from being clunky systems that require tons of human interaction, to modern machines that seem to have a mind of their own. Our phones can do things like autocomplete sentences before we finish typing, suggest purchases based on sites we’ve visited in the past, and even predict our schedules on any given day based on our prior habits. This is all possible due to the growth of artificial intelligence and machine learning.

Economy of hacking: how do hackers make money?

80% of all human endeavour is committed to making money, with the remaining 20% spent finding interesting ways to spend it. These are figures that I’ve just made up, but I said it in the Bulletproof office, and everyone nodded, which either means it speaks a certain truth or, once again, everyone is doing their best to ignore me. With this in mind, it’s fair to say people tend not to put a lot of effort into something unless they know they’re going to be financially rewarded for it.

UpGuard's new navigation: CyberRisk is evolving

UpGuard CyberRisk enables organizations to control and monitor third-party vendor risk in real-time and improve their security posture. Since we launched CyberRisk, our team has been speaking to users and evolved the platform into two new modules, BreachSight and VendorRisk. Combined with a redesigned user experience, UpGuard is easier to use than ever.

Top 6 Container Security Lessons from Deploying Kubernetes and Red Hat OpenShift

We recently had the opportunity to share the lessons we have learned about container security from deploying Kubernetes and OpenShift in the field. If you don’t have time to watch the full recording of our conversation, here are a few highlights.