Ending security obstructionism with human-centric security
Traditional cybersecurity practices often work to obstruct users rather than help them. In this article, we explore this phenomenon and ways to refocus on user-centered security.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest News
From on-prem to cloud: Detect lateral movement in hybrid Azure environments
There are several tactics that threat actors can use to access cloud environments, services, and data. A common example is lateral movement, which involves techniques that enable a threat actor to pivot from one host to the next within an environment. This type of activity often uses other tactics, such as initial access and privilege escalation, as part of a larger attack flow.
Reducing False Positives in API Security: Advanced Techniques Using Machine Learning
False positives in API security are a serious problem, often resulting in wasted results and time, missing real threats, alert fatigue, and operational disruption. Fortunately, however, emerging technologies like machine learning (ML) can help organizations minimize false positives and streamline the protection of their APIs. Let's examine how.
Common Pitfalls in SOC 2 Compliance and How to Avoid Them
I'm going to show you how to avoid the most common pitfalls in SOC 2 compliance. You'll be able to streamline your compliance process, ...without the stress of failed audits, endless documentation revisions, or expensive delays that could jeopardize key contracts. Mastering these strategies gives you a competitive edge, allowing you to breeze through the SOC 2 audit while others struggle with costly mistakes and missed deadlines.
The Key Benefits of SOC 2 Compliance
You can secure high-ticket enterprise deals and build customer trust faster than you think - all while safeguarding your business from costly data breaches. We've helped countless SaaS, finance, and healthcare startups achieve SOC 2 compliance and unlock new growth opportunities in record time. If you're a fast-growing company handling sensitive customer data, this is for you. You're missing out on major deals because your security standards aren't aligned with what big clients expect.
Introducing the integration of PAM360 and Network Configuration Manager
According to the 2024 Verizon Data Breach Investigations Report, 83% of breaches involved external actors, with 49% utilizing stolen credentials. This stat highlights the critical need for businesses to effectively manage and secure credentials, particularly those used for network configurations, which form the backbone of any enterprise’s IT infrastructure.
Vanta Introduces EU AI Act Support for the Ethical Development and Use of AI in Europe
Providing European companies with support for local regulations and security best practices including the Digital Operational Resilience Act (DORA) and NIS 2. Accelerating European momentum with product enhancements and London office.
Featured Post
What Security Teams Need to Know About the EU's NIS 2 Directive
The deadline to get compliant with the EU's NIS 2 Directive is here. And this isn't just a minor update from its NIS 1 predecessor-it's a major expansion that carries with it new challenges and obligations. The directive now covers a whopping 300,000 organizations, up from just 20,000 under NIS 1. Sectors like aerospace, public administration, digital services, postal and courier services, and food production are now included. Organizations are classified into "essential" or "important" entities based on size and criticality to the economy.
Protect Your Weakest Link: New Account Linking Capabilities Use AI to Thwart Identity-Based Attacks
As networks become increasingly distributed, user identities are becoming a top adversary target. CrowdStrike’s 2024 Threat Hunting Report and 2024 Global Threat Report state 5 of the top 10 MITRE tactics we observed in 2023 were identity-based, and the CrowdStrike 2023 Threat Hunting Report noted a 583% year-over-year increase in Kerberoasting attacks. These findings illustrate how modern adversaries aren’t breaking in — they’re logging in.
Building a unified identity management strategy using AD, Entra ID and Microsoft 365
We all know identity management and security are critical to hardening cybersecurity ecosystems. We also know that we can make it happen using the many features and functions across Active Directory (AD), Entra ID and Microsoft 365. The challenge is making sure these are deployed in a way that allows them to work seamlessly together, staying aligned even in environments where there’s fluidity and decentralization.