Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Inherent Risk vs. Residual Risk (Quick Explanation)

Inherent risks include all risks that are present without any security controls. Residual risks are the risks that remain after security controls are implemented. Residual risks are inevitable. Even with an abundance of security controls, vestiges of residual risks will remain that could expose your sensitive data to cyber attacks.This is because the proliferation of digital transformation expands the digital landscape, creating more attack vectors.

A Fifth of IT Decision-Makers Not Confident in Their OT System Security, Reveals Survey

Attacks against operational technology (OT) and industrial control systems (ICS) grew dramatically in the past few years. Indeed, a 2020 report found that digital attacks against those two kinds of assets increased by over 2000% between 2018 and 2020. Many of those attacks involved vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems and other ICS hardware components or password spraying techniques.

King & Wood Mallesons CISO relies on Elastic to "spot and identify" security threats

King & Wood Mallesons (KWM) is among the world’s most innovative law firms and is represented by 2,400 lawyers in 28 locations across the globe. The international law firm, based in Australia, helps clients flourish in Asian markets by helping them understand and navigate local challenges and by delivering solutions that provide clients with a competitive advantage.

Devo Insights on the White House Cybersecurity Executive Order

The recent executive order calling for immediate improvements in the federal government’s cybersecurity is impressive. I give the Biden Administration a lot of credit for publicly admitting there are significant problems and weaknesses in the federal government’s IT and cybersecurity infrastructure and practices. The order also includes some key points that are significant for Devo and our customers.

Uncovered: Little-known scalper tactics beyond bots

Scalpers are becoming increasingly sophisticated, not just in their use of advanced bots, but also in less obvious ways to get a hold of their desired goods. Here at Netacea we are dedicated to preventing fraud by monitoring, identifying and stopping malicious bots in their tracks. We are so steadfast in this goal that we have even created a MITRE ATT&CK style framework that defines automated attack kill chains – NetBLADE (Netacea Business Logic Attack Definition).

Seeker and Red Hat: Security and speed come together

Security and speed in software development are not mutually exclusive. Red Hat, the open source software giant, and the Synopsys Software Integrity Group are joining forces to prove it. Synopsys is bringing Seeker®, its automated interactive application security testing (IAST) tool, to Red Hat application runtimes like JBoss EAP, OpenJDK, and WebSphere with OpenShift Container Platform to secure a variety of software applications.

What Is NIST?

NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce, and is one of the oldest physical science laboratories in the United States. As a non-regulatory government agency, NIST was originally founded to enable greater industrial competitiveness in the United States. Its focus stems from the mantra, “One cannot manage what is not measured.

Types of Cryptography Attacks

Cryptography is an essential act of hiding information in transit to ensure that only the receiver can view it. IT experts achieve this by encoding information before sending out and decoding it on the receiver's end. Using an algorithm, IT experts can encrypt information using either symmetric or asymmetric encryption. However, like any other computer system, attackers can launch attacks on cryptosystems.

Snyk takes on responsibility for Node.js ecosystem vulnerability disclosure program

As announced last week by our good friends at the Node.js Foundation, Snyk has agreed to take over from the amazing Node.js ecosystem vulnerability disclosure program. As a company that’s been part of this program from a very early stage — and has been inspired by it to create our own multi-ecosystem disclosure program — it is a great honor to have been entrusted with this responsibility, and we thank the Node.js Foundation sincerely for their trust in this matter.