Today’s episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you’re already here, so maybe just stick around?
Automated incident response can help security teams identify and respond to cyber threats faster. When a breach happens, delays equal costs. Today, a cyber attack happens every 39 seconds, and the global average total cost of a data breach is the highest it’s been in 17 years. In this environment, a low response time is crucial to reducing cyber risk.
Our previous research on CVE exploitability in the top DockerHub images discovered that 78% of the reported CVEs were actually not exploitable. This time, the JFrog Security Research team used JFrog Xray’s Contextual Analysis feature, automatically analyzing the applicability of reported CVEs, to scan OWASP WebGoat – a deliberately insecure application. The results identified that out of 60 CVEs reported with a Critical CVSS score, only 10 are actually applicable.
In all relationships, issues can arise. The key to solving those issues is to have a clear understanding of the issue itself. For instance, when a customer reports an issue it is critical to listen to the customer with patience and empathy so that they feel understood, and to assure them that they will receive assistance promptly. Furthermore, product issues can present themselves in various forms of complexities.
In this episode of the Future of Security Operations podcast, Thomas interviews Andreas Schneider - the Field CISO EMEA at Lacework. Leveraging its data-driven platform and cloud-native application protection solution, Lacework helps organizations make sense of immense amounts of security data with minimal effort.
Earlier, even prior to the digitalization of healthcare records, it was still easier to keep the information secure and private. Records were in the physical form and could be protected in many ways. Now that people can pull up their entire health histories with the press of a few buttons, things are very different. With the information now being stored and processed online, the threat and risk exposures are equally high. So, to address such threats the U.S.
The CrowdStrike 2023 Global Threat Report, among the most trusted and comprehensive research on the modern threat landscape, explores the most significant security events and trends of the previous year, as well as the adversaries driving this activity. The latest edition of the CrowdStrike Global Threat Report comes at a critical time for organizations around the world.
This blog will explain how Falco’s Cloudtrail plugin rules can be aligned with MITRE ATT&CK Framework for Cloud. One important note is that the team at MITRE has developed several different matrices to address the unique risk associated with adversaries in the cloud, in containerized workloads as well as on mobile devices.
The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials. They also attempted to pivot using a Terraform state file to other connected AWS accounts to spread their reach throughout the organization.
