Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Blogs

Separating Hype from Reality in HRM

Human risk management (HRM) has become a more established category in recent years. This development signals a crucial shift towards enabling security teams to accurately quantify and manage workplace risks. With the rise of HRM, a variety of new technologies have also emerged on the market. However, how do you navigate the sea of buzzwords and shiny promises to pick the solution that's right for you?

The NIS2 Directive is Here. What Happens Next?

The Network and Information Security (NIS2) Directive’s deadline of October 17th has officially passed. Yet despite this deadline – and the strict penalties in place for non-compliance – nearly 66% of businesses operating in Europe have likely not implemented the necessary compliance controls (Veeam Software). Additionally, the majority of EU member states have yet to officially codify NIS2 standards into their national laws.

Fireblocks Automation: Revolutionizing Digital Asset Operations

When we first announced our plans to build Fireblocks Automation in April 2024, we set out to tackle a seemingly mundane yet crucial challenge for our customers. Our goal was to mitigate the manual, repetitive, time-consuming, and error-prone blockchain payment and crypto trading operations that were hindering businesses from easily scaling their operations as they expanded across geographies and add new product offerings.

Understanding, detecting, and fixing buffer overflows: a critical software security threat

Buffer overflows are one of the oldest and most dangerous vulnerabilities in software security. A heap buffer overflow was the second most exploited vulnerability in 2023. Over the years, it has enabled countless attacks, often with severe consequences, such as Cloudbleed in 2017. Despite advances in security practices, buffer overflows continue to pose significant risks, especially in software written in low-level languages like C and C++.

Cryptographic Hardware vs. Software Encryption: Which is Better Security Solution?

This is a common practice of enhancing information security where a specific piece of hardware built to perform such tasks is used to encrypt and decrypt data. While software encryption is platform-dependent and depends on the CPU and memory of the system on which it is installed, hardware encryption typically works in parallel with dedicated components such as HSMs, SEDs, or TPMs.

Mobile Threat Defense: Safeguarding Your Data on the Go

Smart devices are everywhere — and one common cybersecurity myth is that security teams don’t need to worry about sensitive data stored on them. However, in a landscape where 75% of organizations have experienced phishing attacks against their employees, a robust security posture that includes coverage of your employees' personal tech is a must.

How to Use a Risk-Based Vulnerability Management Model to Secure Mobile Dev

The typical workplace of the information age is no longer an office cubicle with a desktop PC. It’s an airplane seat, a comfy cafe chair, and a kitchen table — and it may not even have a company-issued device at its center. Research shows the productivity gains made possible by the growth of bring-your-own-device (BYOD) policies. Yet empowering employees to do their best work wherever they are and with whatever devices they have at their disposal also comes with risks.

How to Achieve HHS Requirements and Avoid HIPAA-related Lawsuits on Your Website

Healthcare organizations today face an imminent threat to securing private health information (PHI) on their websites. For this reason, HHS has released requirements to help organizations and patients stay protected. Non-compliance can result in HIPAA violations leading to costly lawsuits. Most healthcare companies use tracking technologies for marketing and analytics. Sometimes these trackers, cookies, and pixels collect and share more health information than is necessary, leading to privacy breaches.

Elevating Views of Risk: Holistic Application Risk Management with Snyk

As apps become more complex and development speeds up with DevOps, cloud-native tech, and AI, having a comprehensive approach to managing application risk is more important than ever. Traditional methods just aren’t cutting it anymore. Security teams are overwhelmed by vulnerabilities, and developers aren’t getting the guidance they need on what to focus on first. This gap between security and development is leaving apps more vulnerable.