Supply chain security issues are not exactly new. High-profile attacks, like SolarWinds in 2020, were a big wake-up call for many people because they brought home just how far-reaching and destructive these attacks could be. The threat from supply chain partners remains one of the most significant risks to security beaches. The SANS 2023 Attack and Threat Report found that 40% of breaches in 2022 occurred through supply chain partners.

1Password is a password manager that helps organizations reduce the use of weak and reused credentials across their teams. Because your organization uses 1Password to store highly sensitive information, including passwords, access keys, and secret tokens, monitoring logs generated by activity in your 1Password environment can be useful, as unexpected patterns of behavior could indicate malicious activity by attackers.

Cloudflare’s SASE is a zero trust network-as-a-service platform that dynamically connects users to enterprise resources, with identity-based security controls delivered close to users, wherever they are. Cloudflare spans more than 300 cities in over 100 countries, resulting in latencies under 50 milliseconds for 95 percent of the internet-connected population globally.

First things first, ChatGPT is awesome! It can help you work more efficiently — from summarizing a 10,000-word document to providing a list of differentiations between competing products, as well as many other tasks.

In the aftermath of supply chain breaches against SolarWinds and Codecov, organizations are focused on protecting their software from malicious tampering and compromise. Addressing the complexity of software development and potential security exposures has been top of mind. The complexity goes beyond traditional application security as the software supply chain encompasses and spans across different services, organizations, roles, and responsibilities.

While perhaps new to AI researchers, supply chain attacks are nothing new to the world of cybersecurity. For those in the know, it has been best practice to verify the source and authenticity of downloads, package repositories, and containers. But human nature usually wins. As developers, our desire to move quickly to improve ease of use for users and customers can cause us to delay efforts to validate the software supply chain until we are forced to by our peers in compliance or security organizations.

As attackers get more creative in their malicious tradecraft, cloud security teams must be able to keep up with detections that provide adequate coverage against the diverse threats to their cloud environments. Threat emulation enables cloud security teams to leverage their understanding of threat actor behaviors as a feedback loop for developing cloud-based detections and validating their resilience.

Elastic 8.9 introduces the generative AI sidekick, enhanced rule tuning, new lateral detection capabilities, and more! These new features provide security practitioners with advanced detection and analytics, easy to access information, more ways to customize your security investigations, and additional deployment options.