Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

While the phrase sounds like the stuff of textbook jargon, the term "configuration drift" hides an extremely crucial caution. Configuration drift is important because it can lead to compliance drift. Compliance drift means that the state of compliance has changed as a result of a configuration that has been changed, which has caused your system to fall out of compliance.

In this article, we aim to cut through the jargon by outlining how these solutions compare, their potential challenges and their impact on organisations’ security posture.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Akira ransomware, 8base ransomware, and Rorschach (BabLock) ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Generative artificial intelligence (AI) has officially arrived at the enterprise and is poised to disrupt everything from customer-facing applications and services to back-end data and infrastructure to workforce engagement and empowerment. Cyberattackers also stand to benefit: 93% of security decision makers expect AI-enabled threats to affect their organization in 2023, with AI-powered malware cited as the No. 1 concern.

As we approach the end of the federal government fiscal year, it's a good time to review the legislative and policy landscape. Several updates and changes have recently arrived or are already in motion regarding cloud security and data resilience.

As cybersecurity becomes increasingly complex, having a centralized team of experts driving continuous innovation and improvement in their Zero Trust journey is invaluable. A Zero Trust Center of Excellence (CoE) can serve as the hub of expertise, driving the organization's strategy in its focus area, standardizing best practices, fostering innovation, and providing training.

Kubernetes has become the de facto platform for orchestrating containerized applications at scale in today’s IT landscape. Its ability to run on various platforms including on-premises, public cloud, and hybrid has made it an essential tool for many organizations. This is particularly true for companies following a multi-cloud strategy, relying on more than one vendor for their cloud computing needs.

In complex cloud environments where the speed of development is accelerated, managing infrastructure and resource configurations can be an overwhelming task—particularly when certifications and compliance frameworks like PCI, HIPAA, and SOC 2 present a lengthy list of requirements. DevOps and engineering teams need to ship code updates at a rapid pace, making it easy for them to accidentally overlook misconfigurations.

Given the growth of hybrid work models, organizations are becoming increasingly decentralized. Employees operating from diverse locations access business information through various cloud tools and digital devices.

Black Hat USA 2023 showcased advancements in cybersecurity and provided a platform for cutting-edge research. This blog recaps highlights from the event, exploring major trends and examining how they may shape the field in the coming months and years.