Nowadays, the security of your applications is just as important as the functionality they provide. Therefore, analyzing your code for security vulnerabilities is a vital part of maintaining the integrity of your applications and protecting your users' data. As developers, we are at the front lines of this battle. It's our responsibility to ensure that the code we write is not just functional and efficient but also secure.

The pressure on security teams has never been greater. With an ever-evolving threat landscape, resource constraints, and now the rapid adoption of artificial intelligence (AI) technologies, Chief Information Security Officers (CISOs) are facing unprecedented challenges. This was one of the clear takeaways from our recent report CISO perspectives: separating the reality of AI from the hype, in which 53 CISOs shared their opinions and experiences of AI’s impact on their security operations.

In 2016, a house in Middle, Ohio, went up in flames. The owner of the home, Ross Compton, claimed he was asleep when the fire broke out, waking just in time to hastily pack a suitcase, smash his bedroom window, and make an escape. However, the very technology keeping Compton alive unraveled his alibi and led to his arrest. Compton had a pacemaker, and the police, suspicious of his account, secured a warrant to access its data.

As outlined in a previous post, OpenTelemetry and Splunk Observability Cloud can provide great visibility when security teams investigate activity in modern environments. In this post, we look at another aspect of this visibility: how you can use traces to see directly into the workings of an application to find a potential threat. Let’s imagine we’re the security analyst, and a message comes across from the Security Operations Center (SOC).

On August 12, 2024, Ivanti announced a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), identified as CVE-2024-7593. Ivanti Virtual Traffic Manager (vTM) is a software-based application delivery controller that manages traffic flow to ensure high performance, availability, and security for web applications.

Whether you've experienced a security breach, are setting up new devices, or simply enhancing your current security practices, this guide provides a step-by-step walkthrough to help you get back online securely. We've got you covered, from setting up your phone and laptop to tweaking essential security settings and securing your apps.

At RSA Conference 2024, Cato Networks introduced Cato CTRL (Cyber Threats Research Lab), which is our cyber threat intelligence (CTI) team. Cato CTRL protects organizations by collecting, analyzing and reporting on external and internal threats, utilizing the data lake underlying the Cato SASE Cloud Platform. For 2024, Cato CTRL is publishing quarterly threat reports that provide an overview of the threat landscape.

No executive wants to be blindsided by risks that should have been reasonably anticipated, especially the CEO, CFO, and board members. In the CISO Desk Reference Guide, Gary Hayslip, Bill Bonney, and I wrote extensively about how CISOs play a critical role in contextualizing digital and cyber risks to the organization’s broader enterprise risk management practices.

In a never-ending effort to do their job and secure their environments, cybersecurity teams often bear the brunt of negative perceptions, labelled as the department of ‘No.’ “No” to admin privileges, “No” to personal devices, and “No” to connecting unapproved technologies. These repeated denials, although done with the best intentions, can stifle innovation and create frustration within organizations. This perception needs to change.

In our increasingly interconnected world, the specter of cybercrime looms larger than ever, casting a shadow over people, businesses, and governments alike. Among the slew of cyber threats bombarding entities daily, phishing attacks are a particularly pernicious menace. With each day, bad actors hone their techniques, leveraging the latest tools and psychological tactics to craft sophisticated phishing campaigns that are clever enough to defy all but the closest scrutiny.