Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Balancing act: Sumo Logic vs. Splunk in the high-wire world of modern security

Trying to stay ahead in cybersecurity can feel a bit like juggling gas-powered chainsaws while riding a unicycle across a tightrope—dangerous, noisy, and not for the faint of heart. Thankfully, security information and event management (SIEM) tools are your safety harness—keeping you steady, secure, and just far enough from the edge that you’re not plunging headfirst into the abyss of breached data, regulatory fines, and sleepless nights.

EP 10 - A new identity crisis: governance in the AI age

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation. Listeners will learn.

What Is an Advanced Persistent Threat (APT)?

If the term “cyber threat” alone is enough to make any company nervous, imagine a sophisticated cyberattack designed not only to infiltrate but to remain hidden within a network for extended periods. These threats are real, but they can also be countered. Let us introduce you to the infamous APTs or advanced persistent threats.

Tackling Technical Debt to Secure and Streamline Federal Networks

In today’s dynamic threat landscape, technical debt isn’t just a budgeting headache—it’s a growing national security risk. According to McKinsey, technical debt consumes up to 20% of engineering and DevOps capacity across large enterprises. For U.S. federal agencies—defense and civilian alike—the cost of carrying outdated, unsupported infrastructure goes far beyond inefficiency.

Trustwave SpiderLabs Goes Inside the AI Cyber Arms Race

While all manner of legitimate organizations are attempting to understand how to best and safely use artificial intelligence to improve productivity, the Trustwave SpiderLabs' Technology Deep Dive: AI Cyber Arms Race takes a forward-looking view at how adversaries are gaining experience and capability in their ability to turn AI against us.

How Fidelis Deception Strengthens Network Detection and Response

Network Detection and Response systems excel at monitoring network traffic and identifying patterns, but they face inherent challenges with sophisticated threats that mimic legitimate behavior. Fidelis Deception addresses these NDR limitations by creating definitive detection points that eliminate ambiguity in threat identification.

Secrets Scanning: A Critical Practice for Protecting Sensitive Data in Code

With the rise of CI/CD pipelines, cloud-native development, and globally distributed teams, sensitive credentials like API keys, tokens, and database passwords often slip into source code. Sometimes accidentally, sometimes under pressure to deploy fast. This is not a rare mishap. A recent study found that 34% of API security incidents involve sensitive data exposure. And according to Cyble, over 1.5 million.env files containing secrets have been discovered in publicly accessible environments.

How to Reduce IoT Risk with Policy-Based Identity Automation

Policy-based identity management transforms security administration from individual device and user management to comprehensive policy frameworks that automatically govern identity lifecycle, access controls, and security enforcement across entire IoT ecosystems. The key elements of policy-based identity management include defining user roles, managing user access, implementing identity governance, and leveraging role based access control to ensure appropriate access and compliance.

The 'no nonsense' list of security acronyms

You're probably here because you’re inundated (and fed-up!) with the number of acronyms around security tools, platforms, and processes. Every software provider wants to differentiate themselves in a crowded space with new capabilities, leaving developers and security pros exhausted.‍ So here’s our no nonsense list of security acronyms to help you figure out what’s what.