Indicators of compromise are the red flags of the information security world. These helpful warnings allow trained professionals to recognize when a system may be under attack or if the attack has already taken place, providing a way to respond to protect information from extraction. There are many indicators of compromise, depending on the type of threat.
Recently, Facebook announced a new initiative aimed at protecting how its users’ data is managed across its platforms: the Data Protection Assessment. The assessment consists of a questionnaire for apps that access advanced permissions and specifically focuses on how developers protect, share and use platform data.
When businesses think about maintaining cybersecurity, the first thing that comes to mind is often endpoint and network security. However, web application security is becoming increasingly important. There have been numerous high-profile attacks on web applications in recent years; in 2020, for instance, the Twitter accounts of famous people were compromised as part of a bitcoin scam.
It’s no surprise that cloud adoption continues to be a major force impacting organizations today. A 2020 McKinsey survey indicated that many organizations saw several years worth of digital transformation take place in 2020. An IDG survey, which we referenced in our Securing Best of Breed SaaS Applications webinar, suggested that 95% of organizations expect to be partly or fully in the cloud by the end of 2021, with almost half the applications used by their workforce being SaaS or open source.
Historically, processing claims, forms, and legal documents was an expensive and time-consuming affair that took place over fax and mail. DocuSign is one of the oldest companies in the electronic document processing space. Founded in 2004, the company has helped millions of users sign and validate documents online.
Security teams that work in highly regulated industries or build solutions for consumers must adhere to compliance controls and regimes required for their business. One of the most important compliance requirements for many companies is the SOC 2 audit. The SOC 2 audit provides detailed information and quality assurance about essential security factors such as the confidentiality of data under your organization’s stewardship, privacy controls, and many other standards.
Microsoft Teams, and subsequently Microsoft, likely need no introduction. The popular collaboration tool launched in 2016, providing organizations with a powerful way to communicate and share information within the Microsoft ecosystem. Tools like Teams have only become more important post-COVID with teams being hybrid, decentralized, and distributed.
Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.
The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries.
Infosec leaders have a lot of corners to cover in their cybersecurity strategy. When crafting the tactics and onboarding the platforms that will protect sensitive information, the checklist of requirements could be missing a very important vector for attack, compliance risk or data loss: application logs.
