At CrowdStrike, we believe that rigorous, independent testing is a vital part of the security ecosystem. It provides customers with transparency and insight into the critical capabilities required to stop today’s sophisticated threats. That’s why I’m excited to share the results of Round 4 of the MITRE Engenuity ATT&CK Enterprise Evaluation: The CrowdStrike Falcon platform stops breaches with 100% prevention, comprehensive visibility and actionable alerts.

Red teaming is the practice of asking a trusted group of individuals to launch an attack on your software or your organization so that you can test how your defenses will hold up in a real-world situation. Any organization reliant on software – including banks, healthcare providers, government institutions, or logistics companies – is potentially vulnerable to cyberattacks, such as ransomware or data exfiltration.

Rapid and constantly-evolving software development cycles have increased the need for reliable and fast infrastructure changes. Thus manually carrying out infrastructure changes has become an unscalable process – which is what Infrastructure as Code (IaC) tools are here to solve. They enable teams to codify their infrastructure configurations and integrate them directly into their CI/CD pipelines.

An RCE vulnerability affecting Spring Core’s JDK 9 and later has become a trending topic in cybersecurity networks during the past couple days. This discovery, compared by some to the Log4Shell vulnerability, generated a lot of confusion and even got mistook with a different vulnerability affecting Spring Cloud, which got a CVE assigned the same day, and even linked them to completely unrelated commits on Spring Core’s GitHub.

Vulnerabilities found in application platforms and third-party libraries have drawn growing attention to application security in the last few years, putting pressure on DevOps teams to detect and resolve vulnerabilities in their Software Development Life Cycle (SDLC). Take the NVD (National Vulnerability Database), which tracks and records all significant vulnerabilities published and disclosed by software vendors.

In the midst of a growing global cyberthreat landscape, the Australian and US governments this week announced plans to increase spend to bolster federal cybersecurity. The Australian federal government’s newly released 2022-23 federal Budget has dedicated AU$9.9 billion to support cybersecurity and intelligence capabilities under a program called Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers (REDSPICE).

In business and life, getting the timing and the team right is half the battle.

Encryption has come a long, long way over the last few years. Something once reserved only for militaries and governments, encryption has been made super accessible and has become standard practice in the tech industry. Whether it’s texts, photos, or word docs - it can, and should, be encrypted. Put simply, encryption scrambles any file sent or stored online into unreadable nonsense that can only be translated (or decrypted) by a user with a key.