Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At many organizations, the surprise discovery that the widely used Apache log4j open source software has harbored a longtime critical vulnerability was as if Scrooge and the Grinch had teamed up for the biggest holiday heist of all. Incident response teams across the globe have scrambled to remediate thousands, if not millions of applications. “For cybercriminals this is Christmas come early,” explained Theresa Payton, former White House CIO and current CEO of Fortalice Solutions.

No matter how you slice it, the use of containers and Kubernetes continues to swell. And recent high profile vulnerabilities-that-shall-not-be-named have shown us how important container security is for an overall application security program. Protecting your own code, your dependencies, and the containerized services you use are all a must.

With great automation, comes great risk. The advent of infrastructure as code brought about automation for the tedium of deploying, provisioning, and managing resources in public clouds with declarative scripts. However, this automation increased the importance of creating secure IaC scripts or configurations with cloud infrastructure misconfigurations being cited as the biggest area of increased concern (58%) from 2020 to 2021 in the 2021 Snyk Cloud Native Application Security report.

A security operations center (SOC), which includes the people, processes, and technology needed to monitor, detect, analyze, and respond to cyber threats, is the foundation of many businesses’ cybersecurity. A SOC, however, is difficult to manage and maintain, requires significant budget and resources, and comes with many other challenges.

Third-party technology providers can confer huge strategic advantages to a business. It allows each organization to focus on their highest value activities, but there’s a downside; new cyber security risks come with each partnership. Third-party risk is now an integral part of business ecosystems. A solid risk management framework is required to manage risk and keep you and your customers safe.

Cyber security KPI or other Key Performance Indicators are established in different areas of every organisation to track and monitor the progress towards attaining a certain goal or target. Cybersecurity is no exception here, and companies should maintain proper cybersecurity KPIs. There are many blog posts available around this topic but in this article, we have gathered a list of important cybersecurity KPIs that every organisation should consider.

I enjoy being editor and managing this blog so much, I thought I'd share some of the best blogs of 2021. 2022 is right around the corner, but it's also a good time to look back at some 2021 highlights!

Our stated objective is simple: to be the world leader in data services. This is not easy. To be a world leader in anything requires notoriety, reliability, performance and ultimately, dominance. But we have a plan. As we close out 2021, there are certain things to look out for Calligo laying the groundwork for in 2022 …

Ding. That is the sound of the elevator opening on the ground floor of the One WTC building in New York. We’re both there for a meeting. You, as Director of Systems Engineering for a Financial Services provider, are presenting your plans to shore up the hybrid infrastructure used to run the bank’s new crypto-based services. I’m meeting with clients who are trying to rebuild their reputation, and SOC2 certification, after a data breach.

Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”.