Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

How Employee Monitoring Keeps Clinical Trial Data Secure

Clinical trials are a crucial step in developing new life sciences products such as drugs and medical devices. All tests – whether with large or small groups of people – require medical and personal information from patients upfront, and then proceed to collect data throughout the process. Ultimately, research companies are responsible for large sets of sensitive data and securing that information should be a top priority.

Improving Threat Detection through Managed Security Service Providers (MSSPs)

Cybersecurity is a growing concern as breaches continue to increase in frequency and make headline news. Unfortunately, due to time and other constraints, many smaller businesses postpone the complicated task of risk management, only to eventually succumb to the devastating ramifications of a cyberattack. While the security solutions themselves appear complicated, the ability to mitigate risk is within reach of all.

Alert Fatigue Is a Big Cybersecurity Problem

Alarms and alerts surround us every day. From the moment our clocks wake us up in the morning, we rely on alarms for many things. But what happens when those alarms and alerts malfunction? What does it do to us and how does that affect our day to day life? Recall the Dallas Emergency Alert Malfunction. As it turns out, getting tired of these alarms can prove dangerous to cybersecurity.

Multi-Cloud Security Best Practices Guide

A multi-cloud network is a cloud network that consists of more than one cloud services provider. A straightforward type of multi-cloud network involves multiple infrastructure as a service (IaaS) vendors. For example, you could have some of your cloud network’s servers and physical network provided by Amazon Web Services (AWS), but you’ve integrated that with your servers and physical networking that’s provided by Microsoft Azure.

HTTPS and Chrome's Security Push

Last month, Google Chrome started marking all non-HTTPS sites as not secure. The main reason for this is because all non-HTTPS sites are insecure, so there is some logic to it. It was part of a plan announced way back in 2016 that sought to improve security across the Net. The first stage of this was to mark all HTTP sites that collect passwords or credit card details (and the like) as being insecure.

Back to the Future: Stick to the Fundamentals for DevOps Security

In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I’ve also been spending time working with my amazing colleagues here at Tripwire on a really cool new offering for DevOps pipelines – Tripwire for DevOps (learn more here). Spending so much time going back and forth from “back to basics” and “the future of development” had me thinking that securing DevOps is really Back to the Future.

Where are all the cyber security pros?

Despite living in a world where the internet is becoming ever-more fundamental to everyday life, there is currently a world-wide shortage of cyber security professionals who are able to keep it all secure. Within four years this shortage is expected to reach 1.8 million. According to a recent study, only 35% of the enterprises involved felt they were adequately staffed to deal with cyber-attacks. 35% is not a good percentage.

How Can Logs Be Useful?

From performance information to fault and intrusion detection, logs can provide you a lot more things with regard to what is happening on your systems and network along with the timestamps and order of the events. Logs can be invaluable for resource management, instruction detection, and troubleshooting. More importantly, logs can provide an admissible evidence for forensic purposes in the aftermath of an incident. The following sections provide a deep dive into some use-cases of logs.