Note: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright’s blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company’s software applications.

In this episode of Trust Issues, David welcomes back Shay Nahari, VP of CyberArk Red Team Services, to discuss the topic of secure browsing and session-based threats. They delve into the dangers of cookie theft, the expanding attack surface, and the importance of identity security. Shay explains how cookies sit post-authentication and how attackers can bypass the entire authentication process by stealing them.

In the rapidly evolving AI landscape, the principle of least privilege is a crucial security and compliance consideration. Least privilege dictates that any entity—user or system—should have only the minimum level of access permissions necessary to perform its intended functions. This principle is especially vital when it comes to AI models, as it applies to both the training and inference phases.

In celebration of its 10th anniversary, the National Institute of Standards and Technology (NIST) has finally updated its cybersecurity framework, now known as the NIST Cybersecurity Framework 2.0. This isn’t a minor facelift. It's a substantial revamp further improving what's already regarded as the gold standard of cyber risk management frameworks. To learn about the key changes in NIST CSF 2.0, and how they could impact your cybersecurity posture improvement efforts, read on.

The European Union’s Network and Information Systems Directive 2 (NIS2) is a big deal for improving the EU’s cybersecurity stance. Kicked off in January 2023—with a compliance deadline of October 18, 2024—the Directive is designed to beef up cyber defences across key sectors.

Trustwave was named a Major Player in the IDC MarketScape: Worldwide Cybersecurity Consulting Services 2024 Vendor Assessment (doc # US50463223, March 2024). The report noted “The acquisition by MC2 Security Fund — the private equity fund of internationally recognized security advisory firm The Chertoff Group — successfully closed in January 2024.

In recent years, there's only been a handful of data breaches within public companies that could be considered financially "material." These breaches include those often pointed to as examples in cybersecurity presentations: the 2013 Target breach, the 2017 Equifax breach, the 2019 Capital One breach, and most recently, the Colonial Pipeline incident.

Major shifts in application development are creating new and significant security risks. Continuous integration/continuous delivery (CI/CD) pipelines and technology advances like automation and AI mean the development process is now so complicated and fast-moving that corporations, DevOps directors, and security groups struggle to understand and manage it, let alone defend it from assaults.

What’s good for business is often bad for security. That’s the inescapable conclusion of the 1Password State of Enterprise Security Report this year.

One of the critical challenges for organizations today is securing their data. Organizations must incur the cost associated with proper design, development, and maintenance of systems and their appropriate safeguarding and monitoring. One way to reduce and optimize these costs is to choose tools that operate in a Software-as-a-Service model. Choosing tools in such a model helps shift some of the responsibilities and costs to the vendor.