Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Fix now: High risk vulnerabilities at large, July 2020 part 3

In the world of CVEs, we have seen a few interesting ones released in the last couple of weeks since our last risk based vulnerability management blog, including the recent big news SIGRed. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.

New Redscan FOI report reveals the state of cyber security across UK universities

In March 2020, Redscan sent Freedom of Information (FOI) requests to 134 universities across the UK. The aim was to understand more about the frequency of data breaches in the sector and some of the steps institutions are taking to prevent them. The focus on universities was due to the integral role these organisations play in conducting world-changing research and shaping the skills and knowledge of the workforce. The results of the FOI request are available to download in a short report.

How to Comply with the Sarbanes-Oxley (SOX) Act

Compliance with the Sarbanes-Oxley Act of 2002 is a legally mandated must for all U.S. public companies and some other entities, as well. But meeting the requirements of this important law can be incredibly difficult. Preparing for a SOX compliance audit requires so much work that companies often designate entire teams full-time to the task. The law is that complex.

5 Essential workflows for secure DevOps

Focusing on these five essential workflows for secure DevOps will help you get started implementing monitoring, security, and compliance for containers and Kubernetes. You might be starting to adopt DevOps and find that it dramatically simplifies deploying applications in containers and Kubernetes. However, you probably also found that it adds a new set of complexities for managing, securing, and troubleshooting applications.

Sysdig cuts onboarding for container and Kubernetes visibility and security to 5 minutes

Today, we are excited to announce a faster onboarding for Kubernetes visibility and security. With the SaaS-first approach and new enhancements to the Sysdig Secure DevOps Platform, you can get results after just a five-minute setup. This release includes a new guided onboarding process, out-of-the-box dashboards as part of curated essential workflows, and a new Sysdig Essentials tier. 5 minutes to onboard secure DevOps - YouTube An error occurred.

Using Good Cyber Practices to Frame your Personal Cyber Narrative

Someone in my Twitter timeline wrote a post that resonated with me. Instead of advocating the idea of our firms mandating what we can and cannot do in our homes as working from home (WFH) standards, she said how gracious it was for us to let the firms into our home environments where we had already made investments in how and where we wanted to work in our personal space. So much of what we do daily in our personal ecosphere requires authentication.

Quantitative Risk Analysis: Annual Loss Expectancy

Risk assessment is an essential component of risk management. It enables you to determine potential hazards that may negatively affect specific projects or result from certain decisions. This article explains how to calculate your cybersecurity risk using the concept of annual loss expectancy: There are two types of risk analysis — quantitative and qualitative: Both forms of risk analysis are valuable tools in risk management.

Protect your Elasticsearch deployments against attacks like "meow bot" - for free

The issue of unsecured databases is growing. In 2019, 17 percent of all data breaches were caused by human error — twice as many as just a year before. And the IBM/Ponemon 2019 report found that the estimated probability of a company having repeated data breaches within two years grew by 31 percent between 2014 and 2019. Why is this happening?