Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For Star Trek fans, space may be the final frontier, but in security, discovering Application Programming Interfaces (APIs) could be the technology equivalent. In the iconic episode “The Trouble with Tribbles,” the legendary starship Enterprise discovers a space station that becomes overwhelmed by little fluffy, purring, rapidly reproducing creatures called “tribbles.” In a modern IT department, APIs can be viewed as the digital tribble overwhelming security teams.

How US federal agencies can better meet advanced event logging requirements For the past four years or so, US federal agencies have been working to comply with the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents.

As cyber threats targeting critical infrastructure continue to evolve, the energy sector remains a prime target for malicious actors. Protecting the electric grid requires a strong regulatory framework and robust cybersecurity monitoring practices. In the United States, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) play key roles in safeguarding the power system against cyber risks.

Managing configurations in a complex environment can be like playing a game of digital Jenga. Turning off one port to protect an application can undermine the service of a connected device. Writing an overly conservative firewall configuration can prevent remote workforce members from accessing an application that’s critical to getting their work done.

The Cybersecurity Maturity Model Certification (CMMC) is a framework established by the US Department of Defense (DoD) to ensure that organizations handling Controlled Unclassified Information (CUI) implement robust cybersecurity measures. As CMMC becomes a key requirement for defense contractors, higher education institutions engaged in research or contracts with the DoD must also comply with its standards.

The cybersecurity industry is facing a new challenge: AI-generated attacks. With the rapid advancement of generative AI, cybercriminals now have access to sophisticated tools that enable them to craft highly targeted attacks with minimal technical expertise. Unlike traditional attack methods that require deep programming knowledge, AI-driven attacks allow even non-technical malicious actors to create malware, exploit scripts, and launch phishing campaigns with ease.

No, but it’s fundamentally changing them. Generative AI (GenAI) is quickly becoming an essential part of everyday security workflows. So … is it a partner or competitor? The wide-ranging implementation of GenAI technologies into virtually every aspect of the security stack has, on the whole, helped security teams work more efficiently to mitigate threats.