Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Hackathons are well known among software development teams for driving innovation and collaboration. So, what if we applied that model to cybersecurity to improve an organization’s application security posture? That would be a dream come true for any CISO and security practitioner — and is exactly what we set out to do at Snyk in February 2023. Check out some of the funniest moments from our panels.

In today's fast-paced and ever-evolving technological landscape, building an effective security program is critical for any organization. I had the privilege of hosting Guy Podjarny, Snyk’s CEO and Co-Founder, on All Aboard, a new podcast produced by ConductorOne.

In honor of May the 4th, we’re featuring a narrative from an Imperial trooper in a faraway galaxy as he reflects on his organization’s worst day and how it could’ve gone differently. Don’t get me wrong. I’m still proud to work for one of the most formidable organizations in the galaxy. But as most of you probably know, we’ve recently hit quite a setback. Our higher-ups decided to build a space station.

T-Mobile is a telecommunications brand used throughout the United States, Poland, the Czech Republic, and Germany. The company provides text messaging services, voice communication, mobile data, and more for millions of customers. T-Mobile has been in business since 1999 and is well-known as a leading communications brand in the United States, and now we're learning the company isn't secure.

Supply Chain Intelligence is an improved method for continuously discovering, monitoring, assessing and mitigating risk introduced to your organization through 3rd party technologies, vendors, and suppliers.

In the past decade, cybersecurity has evolved from something of a niche technical field into a crucial part of every business plan and online code of conduct. Even so, we still see frequent evidence that many organizations are in need of more education about how to respond to a cyber attack. That was evident this April, as we saw the results of several high-profile cyber attacks that may have been worsened by a slow or poorly considered reaction.

Recently, there has been a flurry of announcements claiming to have what we call Runtime Insights, the ability to prioritize vulnerabilities. Here are two examples: I can confirm that this approach works, and it works very well. It substantially decreases the number of vulnerabilities that a team has to manage, sometimes by a factor of 100 or more! How do I know it? Because Sysdig invented this approach.

We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to detect Sliver, above and beyond our HTTP-C2 package’s existing Sliver coverage. In this blog we provide some basics about Sliver and how it works and then dive deep into the techniques we use to detect this popular and powerful tool.

When we began developing CloudCasa, a Software as a Service (SaaS) platform, for protecting Kubernetes applications, we looked at the data protection landscape and focused on areas that we could improve upon and give back to the user community. We wanted to provide them with a quick and efficient way in which they could start protecting this infrastructure with minimal effort, overhead, and most importantly minimal cost.

Security engineering teams spend hours every week tuning their security information and event management (SIEM) systems to ensure that they are effective at detecting security threats and minimizing false positives. Such “tuning tax” is common as customers add new SIEM rules to cope with rapidly changing threat landscape and attacker tactics and as their attack surface evolves through automated changes to their application and infrastructure stacks.