Snyk, the leader in developer security, is excited to share that we’ve been named Customers’ Choice in the 2023 Gartner Peer Insights Voice of the Customer for Application Security Testing for a second consecutive year. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding user interest, adoption, and overall experience.

Hybrid operations are becoming an increasingly prevalent part of the business landscape. Certainly, this offers some fantastic opportunities for companies to reduce overhead costs and gain access to international talent. Yet, there are some distinct challenges hybrid workforces face, too.

This month has been full of new feature announcements, as well as various improvements to security team workflows. Read on to learn more about how you can leverage Nightfall's latest offerings.

DMARC, which stands for "Domain-based Message Authentication, Reporting and Conformance," is an email authentication protocol that protects your domain from domain spoofing and impersonation attacks. Implementing a DMARC policy in your domain's DNS records helps to protect your email recipients from spam and malware, while maintaining your domain and brand credibility.

“Shifting left” is the philosophy of pushing security testing as early as possible in the development process. When the idea was first popularized, the only viable tool-based option was to run static analysis during coding, and then perform penetration testing before the application went live. Today “shifting everywhere” means automated, continuous testing throughout the software life cycle.

DevSecOps, or secure DevOps, is the mindset in software development that everyone is responsible for application security. By integrating developers with IT operations and focusing everyone on making better security decisions, development teams can deliver safer software with greater speed and efficiency. In practice, DevSecOps can add some friction and hinder the development process.

In this blog, I’ll share a few NetOps observations of the Black Hat network that I made during my time serving in the Black Hat Network Operations Center (NOC). My hope in doing so is to spark some ideas on how you can use an existing tool like Zeek for a new purpose. These insights were particularly revealing, despite not being linked to any security incidents.

Modern business is synonymous with third-party relationships. Organizations now rely on external providers for critical services and outsource essential responsibilities to improve operational efficiency and cut costs. The benefits of third-party vendors are clear, but so are the risks. The average organization has expanded and digitized its supply chain over the last few years while simultaneously increasing its risk profile and subjecting itself to new levels of risk.

In order to help organizations more effectively secure their cloud environments, we are making changes to our Cloud SIEM product. As of December 4, Datadog has introduced a new offering in Cloud SIEM: Cloud SIEM 15-Months Retention, which automatically stores logs for 15 months after ingestion.

GitHub is a mission-critical software development and version control platform that is used to store proprietary source code and other sensitive data. Monitoring logs generated by activity in your GitHub environment can be useful, as unexpected patterns of behavior could indicate attacker activity or insider threats.