Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Some 90% of security breaches can be avoided by using multi-factor authentication (MFA). Yet most enterprises still rely only on usernames and passwords - and avoid other strong second-factor authentication methods - to make user sign-on both safe and convenient. Our addiction to passwords seems to be a long-standing issue. In order to stay secure, users have to make passwords complicated, only to spend time remembering and then forgetting them, which has resulted in more IT support.

As we previously discussed in the Automating Your Cloud Security Posture Management (CSPM) Response blog post, CSPM is a vital component in any environment leveraging cloud services. Whether you are using a single cloud or are in a multi-cloud scenario, the complexity of these cloud platforms is constantly expanding. Staying on top of new changes in policies and functionality to ensure that you are maintaining a secure environment is daunting - and almost impossible to do without automation. No one has the resources to spend on maintaining a large team of cloud specialists who just audit everything that is in use.

Did you know that a third of all businesses will experience a cyber-attack this year? And that's just the ones that are reported! The fact is, if you're not doing penetration testing on your business, you're at risk. In this blog post, we'll break down what penetration testing is and why it's so important for businesses. We'll also discuss the risks of not having security testing done, and how it can impact your bottom line.

Do you love SecOps in theory, but just can't seem to make it work in practice? Or, maybe you've already implemented a security operations strategy to some degree within your organization, but struggle to make IT operations and security jive as seamlessly as you would like? Either way, there's a good chance that your troubles stem from one or more of the common barriers to SecOps strategies. This article explains why businesses often fail at implementing SecOps successfully and how they can work around the roadblocks.

A Penetration Test commonly consists of assessing; the confidentiality, integrity and availability of an information system, widely known as the CIA triad. There are numerous penetration testing approaches. This can include black-box testing, white-box testing and grey-box testing which all, in turn, provide remediation advice. However, the three types of testing define different approaches the consultant takes during an assessment and all have different benefits and disadvantages.