Please introduce yourself and tell us what you do, and what your company does. I’m Kimber Dowsett and I’m a Director at Krebs Stamos Group(KSG). We conduct cybersecurity consultancy engagements for high-profile organizations that may or may not have experienced a high-profile breach or acquisition, or simply want a world-class assessment of their org’s overall security posture.
At the beginning of every startup’s journey, the question plaguing every technical founder and their team is how to build their tech stack. A lot of thought must go into this question because it informs how the startup will adapt to the demands of business growth and any necessary adjustments or pivots of the business. In a recent webinar, we discussed this question in detail with Jim Walker of Cockroach Labs.
After two years of virtual events, the Mend team was beyond excited to gather in San Francisco’s Moscone Center and connect with the tech community face to face. This year’s theme was ‘transformation,’ which couldn’t be more appropriate for us as we unveiled our new company name and integrated application security platform with automated remediation for SCA and SAST.
Security experts around the world are talking about the importance of improving security measures to keep networks safe—and for good reason. We have plenty of examples of how relentless threat actors can be, and we’ve now seen that not even a pandemic can stop or slow down their attacks.
In order to maintain compliance, enforce governance, and build transparency, teams across your organization need deep insight into how their users and automation interact with Datadog. For stakeholders in leadership roles, such as CIOs and CDOs, knowing what actions users took and when is essential for spotting gaps in enablement, budgeting, and reporting, as well as building a modern compliance strategy for the organization as a whole.
While there is an alphabet soup of compliance requirements and security standards frameworks, this post will focus on the two prevalent certifications frequently discussed for SaaS and B2B businesses. Security and compliance qualifications, like SOC 2 and ISO 27001, demonstrate that you apply good practices in your business. They are often classified as "security" and thought of as the technical security of your systems.
Getting a complete overview of the growing attack surface is difficult. Regardless of how security is organised in your organisation, knowing what Internet-facing assets are exposed and if those assets are vulnerable across many different teams is no simple task. This is doubly true for security teams with dozens – or even hundreds! – of dev teams. We’ve now made it possible for customers on the Enterprise Plan to create and manage subteams through the Detectify API.
The new era of remote work launched by COVID has given millions of employees the ability to work on their own terms and spend more time with their families. Unfortunately, remote work also comes with certain security risks, as organizations now need to guard against increased exposure to cybersecurity concerns with little physical oversight. But embracing remote work does not need to mean handing employees’ laptops with sensitive company information and hoping all goes well.
BPF (not eBPF), typically viewed from a defender/sysadmin’s perspective, provides easy access to network packets and the ability to take actions via programs written based on custom filters BEFORE they ever reach a (local) firewall. This same power, according to the PWC report and pending conference talk, was leveraged by a threat actor named Red Menshen, where the attackers have used BPFDoor technique to gain stealthy remote access to compromised devices from at least 2018 to the present.
