Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Digital risk protection (DRP) is the practice of protecting organizations from cyber threats during digital transformation. Rather than reacting to cyber threats after they're discovered, cybersecurity strategies must shift to a proactive approach to protection. This is the key to supporting ecosystem expansion while mitigating risk.

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

What is a strategy? As defined by Merriam Webster…. ‘a carefully developed plan or method for achieving a goal or the skill in developing and undertaking such a plan or method.’ A cybersecurity strategy is extremely important, but many organizations lack a strategy, or they have not kept their strategy and subsequent roadmap current. A strategy is especially important in this day of digital transformation and for key initiatives like Zero Trust.

The financial industry’s digital transformation is highly reliant on applications, just like the rest of the software development ecosystem. This requires everyone involved to invest in application security management as part of the effort to protect their data and systems.

As part of Styra’s vision for unified authorization, we founded the Open Policy Agent project (OPA) to make policy-based control of the cloud-native stack accessible to everyone. OPA has now grown to become the de facto standard for authorization across the stack, leading to a large part of the community looking for ways to manage the OPA policy-as-code lifecycle.

When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate into your workflow to make sure you’re catching and fixing any issues before they get into production.

Server-Side Request Forgery (SSRF) is an attack that can be used to make your application issue arbitrary HTTP requests. SSRF is used by attackers to proxy requests from services exposed on the internet to un-exposed internal endpoints. SSRF is a hacker reverse proxy. These arbitrary requests often target internal network endpoints to perform anything from reconnaissance to complete account takeover.

Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and compares payment trends to previous years.

With cyber threats rapidly evolving and data volumes expanding exponentially, many organizations are struggling to ensure proper security. Implementing a solid cybersecurity framework (CSF) can help you protect your business. One of the best frameworks comes from the National Institute of Standards and Technology. This guide provides an overview of the NIST CSF, including its principles, benefits and key components.