It wasn’t a very long time ago when cloud computing was a niche field that only the most advanced organizations were dabbling with. Now the cloud is very much the mainstream, and it is rare to find a business that uses IT that doesn’t rely on it for a part of their infrastructure. But if you are going to add cloud services to your company, you will need to choose between the private cloud and the public cloud.
A proper container security strategy involves evaluating all components in the system.
As organizations seek to evolve their risk management strategies to drive stronger compliance programs, they increasingly seek to automate their compliance documentation. In cybersecurity, however, traditional data collection methods fail since cybercriminals continuously evolve their threat methodologies.
The NIST Cybersecurity Framework (CSF) has only been around for four years and while developed for critical infrastructure, resulting from Executive Order 13636, it has been widely adopted across both private and public sectors and organizational sizes. It is used inside of the US government, with 20 states using it (at last count).
Stockholm, Sweden & Boston, MA – Detectify, a Swedish domain and web application security company, is launching its US operations in Boston, Massachussets. The company achieved 3x revenue growth in 2018 and the launch of the Boston office will further accelerate growth in the US market.
Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4.
I have been on the receiving end of many vendor security assessments from customers and prospects. Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send out.
Return on investment: is it worth the money? That is the central question both government and industry in deciding on any procurement. Demonstrating ROI on cybersecurity products is notoriously difficult and is one of the underlying reasons for the poor state of our nation’s cybersecurity posture.
Endpoint detection and response solutions – EDR as it’s more commonly known – act as enterprise surveillance and thus deliver a rich dataset to security professionals. But as with all advances in security, this rich data wasn’t always available in a speedy and cost-effective way. Yet, as a security professional in today’s always-on world, one of your key responsibilities is to efficiently leverage incoming data from every endpoint across your organization.
