Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In case you missed it, Netskope was once again named a Leader in the Gartner Magic Quadrant for Security Service Edge (SSE), placed highest in Ability to Execute and furthest in Completeness of Vision. 2024 is the third year in a row that Netskope has been named a Leader in this important Magic Quadrant and the second year to be placed Highest in Execution and Furthest in Vision.

Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. The campaigns are likely the work of different attackers since they use two very different techniques. One campaign (similar to the previously disclosed Azorult campaign) uses HTML smuggling, a detection evasion technique often used for downloading malware, to hide the phishing content from network inspection.

Mergers and acquisitions often sound amazing to the Board, but they can become an operational nightmare for the infrastructure, networking, and security teams. In recent years, I’ve worked with a fair few highly acquisitive organisations and so I have seen firsthand that the practical steps to onboard new users can become hugely challenging–especially when the two organisations are running different technologies.

Microsoft has recently highlighted the abuse of the remote support tool Quick Assist in sophisticated social engineering attacks leading to ransomware infections. This blog post summarizes the threat and recommends a mitigation strategy for Netskope customers.

The “I&O Perspectives” blog series features interviews with industry visionaries and experts with roles in product management, consulting, engineering and more. Our goal is to present different viewpoints and predictions on how organizations’ networking, infrastructure and operations (I&O) are impacted by the current threat landscape, existing networking and cybersecurity tools, as well as implications for the future of SASE.

The current situation with legacy on-premises security defenses trying to support a hybrid work environment and zero trust principles is challenging for companies. Complications can include poor user experience, complexity of disjointed solutions, high cost of operations, and increased security risks with potential data exposure. Simple allow and deny controls lack an understanding of transactional risk to adapt policy controls and provide real-time coaching to users.

Every year there’s quite a bit happening at the RSA Conference and no matter how hard you try, it can be difficult to take it all in. Between a sprawling showfloor with hundreds of vendors vying for attention, speaking sessions with experts from across the industry, private meetings with customers and prospects, plus social events in the evening, it’s understandable that you can come away with a bit of sensory overload.

As 2024 continues forward, Australia and New Zealand’s critical infrastructure sectors face significant cybersecurity challenges. Critical infrastructure (CI) sectors–encompassing energy, healthcare, transportation, water, and communication–are at a pivotal moment in their evolution. The rapid digitisation of these sectors brings not only unprecedented efficiency and connectivity but also a significantly expanded attack surface.

Those working in the UK public sector have seen significant upheaval over the last decade thanks to a combination of the long-term efforts to relocate civil servants outside London and, in recent years, the swift adoption of hybrid work practices necessitated during the pandemic. As a result, networks have expanded, the number of devices and endpoints to protect has grown considerably and potential vulnerabilities for attackers to target have increased.

SaaS applications have fundamentally transformed business operations by enabling on-demand user access to services and data via the internet from anywhere. Yet, despite countless benefits, SaaS in the enterprise is fraught with cybersecurity challenges.