At the end of 2020, we hosted a webinar alongside Sisense’s Chief Security & Trust Officer, Ty Sbano titled Securing Best of Breed SaaS applications in 2021. The discussion focused on reviewing the most important security trends of last year and how that should inform security programs this year. As 2021 continues to progress, these are the 4 trends and lessons we think are worth keeping in mind.
At Nightfall, we believe in the power of learning from those who have done it before. That’s why we created CISO Insider — a podcast interview series that features CISOs and security executives with a broad set of backgrounds, from hyper-growth startups to established enterprises. Through these interviews, we’ll learn how industry experts overcame obstacles, navigated their infosec careers, and created an impact in their organizations.
Security information and event management (SIEM) systems are centralized logging platforms that enable security teams to analyze event data in real time for early detection of targeted cyber attacks and data breaches. A SIEM is used as a tool to collect, store, investigate, and report on log data for threat detection, incident response, forensics, and regulatory compliance.
The MITRE ATT&CK framework is a global curated knowledge base of adversary tactics and techniques. This post delves into the history of the ATT&CK framework and provides insights into why every SOC team can benefit from using it to develop threat models and methodologies to protect their organization.
The recent news of a cyberattack on a water treatment plant carried out by a remote perpetrator came as a shock to organizations around the world. Earlier this month, an unauthorized threat actor had remotely accessed the plant’s control systems via TeamViewer and used it to increase the amount of sodium hydroxide (lye) in water to dangerously higher levels.
In today’s threat landscape, it’s no longer if an incident will happen, it’s when. Defending your organization and having a plan for what to do if an incident occurs is more critical than ever. And frankly, the benefits of having an incident response plan are quantifiable. Ponemon’s Cost of a Data Breach Report compared organizations boasting robust security Incident Response (IR) capabilities with those that do not.
The webhook feature of the Kubernetes API offers a powerful mechanism to extend the modules that comprise the Kubernetes API servers with custom code for authentication, authorization and admission control.
At Snyk, we strongly believe in empowering developers to take ownership of security. Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.
