Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A default Kubernetes cluster isn't safe by default. You have secrets in plain text, open and unencrypted pod to pod communication, insecure access, and much more to tighten down. In this video, we'll discuss 5 strategies to better secure your Kubernetes cluster from the outset.

CI/CD combines the practices of continuous integration (CI) and Continuous Delivery (CD) to allow DevOps teams to deliver code updates frequently, reliably, and quickly. CI/CD emphasizes automation throughout the development lifecycle (Buid, Test, Deploy). By replacing the manual efforts of traditional development, code releases can happen more frequently, and with less bugs and security vulnerabilities. At CrowdStrike, we focus on integrating security into the CI/CD pipeline. As part of the functionality of CrowdStrike’s Falcon Cloud Workload Protection (CWP), customers have the ability to create verified image policies to ensure that only approved images are allowed to progress through the CI/CD pipeline and run in their hosts or Kubernetes clusters.

In this video, learn the mission of Project Pyrsia, how it aids in securing the #softwaresupplychain and why it matters—from project partners at JFrog, DeployHub, and Oracle!

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge about network surveillance. The group also discussed the possibility of Twitter implementing end-to-end encrypted messaging on the platform.

Response and recovery plans are crucial to reduce the severity and time of security incidents. But many organizations aren’t sure where to start in building their plans. Here are three tips for building a better recovery plan. Subscribe to our channel to get more useful content to help you protect your organization.

Datadog Cloud Security Management provides security context for your observability data to help you quickly identify threats and misconfigurations across your infrastructure. In this demo, we show you how Cloud Security Management allows you to remediate threats, collaborate with other teams, and declare incidents for further investigation, giving you complete cloud-native application protection.

This week on the podcast we dive into the world of attack surface management. We discuss what your attack surface is made up of including some areas you may not have thought of and then cover the best ways to reduce and ultimately protect it. The 443 Security Simplified is a weekly podcast that gets inside the minds of leading white-hat hackers and security researchers, covering the latest cybersecurity headlines and trends.

In this video, we look through research by CyberNews and other independent researchers that exposes the huge problem of publicly accessible.git directories hosted on web servers. These folders contain all the metadata from a git repository including all the history, commit data and remote host information. These can contain lots of sensitive information that hackers can use to exploit your website and are often very sensitive. We look in detail at what.git directories are, what sensitive information they contain and how they become accidentally public.

Here are 3 trends contributing to global cyber insecurity: Today, you have digitization of information, the proliferation of OT and IoT devices, web 3, etc., leading to more vulnerabilities. There are also third-party risks that lead to 70% of breaches. We could be doing a great job protecting our company. But then we may send a document to a law firm that gets hacked, and all of a sudden, our sensitive information is out in the open.

Richard Cassidy talks about data breaches in organizations and that some organizations already have your personal data. These organizations can launch campaigns that can affect core belief systems. Richard Cassidy has been consulting businesses on cybersecurity strategies and programs for more than two decades. During his career Richard has been heavily engaged in the design and implementation of infrastructure and cyber security solutions, helping organisations in evolving security, compliance, risk management, data assurance, automation, orchestration and breach response practices.