Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

SecurityScorecard Alternative for Managing Cybersecurity Risk

There are many SecurityScorecard alternatives that offer the same core functionality your organization needs to successfully manage first-party, third-party and fourth-party risk. SecurityScorecard is one of the most well-known security ratings platforms but let's look at an alternative and see how they stack up. These security ratings providers are promising to reduce cybersecurity risk by continuously monitoring the security posture of any company in the world, instantly and non-intrusively.

PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed

Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”. In an email seen by Bleeping Computer, the website warned that exposed personal data could include the following: The email is, unfortunately, somewhat lacking in detail – meaning that concerned customers may have to contact PlanetDrugsDirect via email or telephone to ask questions.

Working remotely: Insights from the Bearer team

Bearer's co-founders Guillaume and Cédric are big advocates for remote work. Both have written about the advantages and challenges in the past on the Bearer Blog, but today I want to share some thoughts from our team on what it's like working for a distributed, fully remote company. A few main trends came up. Some expected, and a few surprising.

13 Security Alerts and Visualizations for VPC Flow Logs

AWS VPC Flow Logs record details about the traffic passing through your application, including requests that were allowed or denied according to your ACL (access control list) rules. It also has information about the IP addresses, and ports for each request, the number of packets, bytes sent, and timestamps for each request. This information brings deep visibility and the ability to improve your security posture over time.

Alien Labs 2019 Analysis of Threat Groups Molerats and APT-C-37

In 2019, several industry analyst reports confused the threat groups Molerats and APT-C-37 due to their similarity, and this has led to some confusion and inaccuracy of attribution. For example, both groups target the Middle East and North Africa region (with a special emphasis on Palestine territories). And, they both approach victims through the use of phishing emails that contain decoy documents (mostly in Arabic) and contain themes concerning the political situation in the area.

Manage the new Edge with Browser Security Plus

Not long ago, Microsoft announced the upcoming launch of its all-new version of the Edge browser that’s built on Chromium. The launch date for the new Chromium-based Edge browser, January 15, 2020, is almost here, and we on the Browser Security Plus team are ready to provide Edge browser management support for all versions. How can Browser Security Plus manage the new Edge?

2019 in Review: From Product-Market Fit to Series A to Company Scale

2019 has been a year of metamorphosis for Gravitational. We started over four years ago as a group of infrastructure engineers who were frustrated with the complexity of cloud application delivery. We wanted cloud apps to be as easy to distribute as desktop software is. It was a big year for our team.

What is a Security Posture and How Can You Evaluate It?

An organization's security posture (or cybersecurity posture) is the collective security status of all software, hardware, services, networks, information, vendors and service providers. Your security posture encompasses information security (InfoSec), data security, network security, penetration testing, security awareness training to prevent social engineering attacks, vendor risk management, vulnerability management, data breach prevention and other security controls.

ISA Global Cybersecurity Alliance: Your Expertise is Needed

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission, provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems. These standards not only address configuration weaknesses to harden systems against vulnerabilities, but they also help address design considerations for the infrastructure used to run industrial equipment.