Monitoring is an established component of the information security process which goes hand in hand with auditing. Auditing is used to document an organization’s compliance activities. Where monitoring protects the data by responding to threats, Auditing provides proof of a continued compliance effort. By taking a “security-first” approach, companies can use continuous auditing and monitoring to provide evidence of their cybersecurity protections.
In recent months, I have met many people who are interested in working in Cybersecurity. This is wonderful, especially given the amount of available employment opportunities in this field. Like any ambitious person, the people who approach me to ask about getting into the field want to fully immerse themselves in “all things security”. This is admirable, but I often advise them to slow down a bit, and not quit their day job.
By now, many organizations have turned to DevOps as part of their ongoing digital transformations. This process has not been the same for any two companies. Indeed, organizations have embraced DevOps at their own place, and they’ve invested varying levels of time and budget into their nascent deployments.
If you’re doing business in the cloud, odds are you know a thing or two about compliance maintenance. This article highlights The Federal Risk and Authorization Management Program (FedRAMP) and explains how this certification stands out from the rest by not being another just another check here for compliance standard. So, what is FedRAMP?
The healthcare industry is one where the mission is very straightforward – empower people to live with the highest quality of life possible for them. This means keeping lives safe and secure, all while armies of cyber criminals are working diligently to do the opposite.
Throughout my career, I have worked with hundreds of organizations. Regardless of the vertical or size of the organization, I have found that many executives and security professionals feel like the interviewer in the Rickie Fowler commercial when it comes to their organization’s digital security. They don’t know where to start, for instance, nor are they aware of where and how today’s ever-evolving risks and threats affect the respective organization.
Inti was recently speaking at Detectify Hacker School, an event for customers where we have hacker talks and user cases presented to the audience. Afterwards our security researcher, Linus Särud, sat down with him for a hacker-to-hacker interview discussing how he got into bug bounty, his unconventional bug hunting ways and his take on why the European market is an ocean opportunity for bug bounty hunters.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.
If you are familiar with IT security, you must have heard CIA triad: a security model that covers different parts of IT security. Being one member of CIA triad, file integrity refers to the processes and implementations aiming to protect data from unauthorized changes such as cyber attacks. A file’s integrity tells if the file has been altered by unauthorized users after being created, while being stored or retrieved.
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.
