According to CIS, “Organizations that do not scan for vulnerabilities and proactively address discovered flaws face a significant likelihood of having their computer systems compromised.” While vulnerability management (VM) isn’t new, I’ve seen it evolve a lot over my 22 years in the industry. Here are some big trends: The idea of an asset has changed and grown over the years. Back in the ‘90s, it was a PC or a server.
Normally, when you hear about stocks dropping, it’s due to some scandal or crisis. Market watchers will tell you that a range of elements can affect the value of a publicly traded company and cause stock prices to rise or fall. Consumer confidence is a major factor that influences a company’s reputation and perceived value. What does that have to do with data breaches? A lot more than you might think.
Working from home used to mean an unofficial day off, but it’s becoming an increasingly common way for people to – well, actually work. For these people, pitching up at a coffee shop is not unusual. Lots of people do it. They're no longer the reserve for would-be screenwriters. There are numerous benefits, such as easy access to overpriced coffees and the option to be sociable but with no obligation to actually be so.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For no other reason that I have an annual battle with squirrels during harvesting from my hazel nut trees, that I go with this line: Beware the squirrel!
Early adopter enterprises across verticals such as Retail, Manufacturing, Oil & Gas are looking to incorporate containers and Kubernetes as a way of modernizing their applications. Choosing k8s as a standard ensures that these applications can be deployed these on different data center infrastructures (bare metal/VMware/KVM on OpenStack etc) or on public clouds (AWS/Azure/GCP etc).
When analyzing malware and adversary activity in Windows environments, DLL injection techniques are commonly used, and there are plenty of resources on how to detect these activities. When it comes to Linux, this is less commonly seen in the wild. I recently came across a great blog from TrustedSec that describes a few techniques and tools that can be used to do library injection in Linux.
Due to the sheer scale of challenges cybersecurity threats pose today, an enterprise-level security solution is always necessary for organizations. Is your company facing too many false positives? Are you spending too much time and budget on your corporate cybersecurity posture? Are you worried about vulnerable protocols and misconfigurations? Don’t worry!
The recent Vectra 2019 Spotlight Report on Healthcare indicates that the proliferation of healthcare internet-of-things (IoT) devices, along with a lack of network segmentation, insufficient access controls and reliance on legacy systems, has created an increasing attack surface that can be exploited by cyber criminals determined to steal personally identifiable information (PII) and protected health information (PHI) in addition to disrupt healthcare delivery processes.
The data visualization space is crowded. There are lots of tools, each purporting to be the tool that solves your data woes and leads you to insight via illustrations. But while you may get good-looking graphs, you are probably not seeing the behind-the-scenes pain from IT: analytics dashboards and vertical applications take multiple meetings for gathering requirements, and they discover the direction wasn’t quite right the first time around.
Watch the full video on our site. If you prefer reading, here’s the full transcript Terry Sweeney - Contributing Editor, Dark Reading Sanjay Ramnath - Associate Vice President, Product Marketing, AT&T Cybersecurity Terry Sweeney: Welcome back to the Dark Reading News Desk. We’re here at the RSA Conference in San Francisco.
