Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The holiday season brings a shift in how people and businesses operate: Some companies may partially shut down, leaving only a skeleton crew to manage their IT environments, while others head into their busiest time of year. This seasonal change in staffing and business operations, combined with the general holiday distraction, often creates risk and makes organizations more vulnerable to cybercrime.

Read also: Darkode admin gets an 18-month prison sentence, US authorities dismantle the IPStorm botnet, and more.

Validating the security of your organization’s sensitive information at a single point in time with an annual risk assessment can be helpful, but what about the other 364 days of the year? If you have a cloud application and hope to sell your services to federal agencies, point-in-time assessments won’t be enough.

Man Bites Dog: In an unusual twist in cybercrime, the ransomware group BlackCat/ALPHV is manipulating the SEC's new 4-day rule on cyber incident reporting to increase pressure on their victims. This latest maneuver highlights a sophisticated understanding of regulatory impacts in ransomware strategies.

This blog post series offers a gentle introduction to Rego, the policy language from the creators of the Open Policy Agent (OPA) engine. If you’re a beginner and want to get started with writing Rego policy as code, you’re in the right place. In this three-part series, we’ll go over the following: As a reminder, Rego is a declarative query language from the makers of the Open Policy Agent (OPA) framework.

Organizations are transitioning into the cloud at warp speed, but cloud security tooling and training is lagging behind for the already stretched security teams. In an effort to bridge the gap from endpoint to cloud, teams are sometimes repurposing their traditional endpoint detection and response (EDR) and extended detection and response (“XDR) on their servers in a “good enough” approach.

In the age of cloud computing, where more and more virtual hosts and servers are running some flavor of Linux distribution, attackers are continuously finding innovative ways to infiltrate cloud systems and exploit potential vulnerabilities. In fact, 91% of all malware infections were on Linux endpoints, according to a 2023 study by Elastic Security Labs.

The basis of Zero Trust is defining granular controls and authorization policies per application, user, and device. Having a system with a sufficient level of granularity to do this is crucial to meet both regulatory and security requirements.

Regularly reviewing user permissions is important to reduce the risk of data overexposure and breaches. Overpermissioned users pose a significant security risk. Restricting access to only necessary information for individuals to perform their jobs can significantly reduce risk. By conducting regular permissions audits in Microsoft 365 and SharePoint, organizations can ensure that sensitive information access remains appropriate, safe and secure.

We recently released the State of Cloud Security study, where we analyzed the security posture of thousands of organizations using AWS, Azure, and Google Cloud. In particular, we found that: In this post, we provide key recommendations based on these findings, and we explain how you can leverage Datadog Cloud Security Management (CSM) to improve your security posture.