Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve entered Week #3 of National Supply Chain Integrity Month, an initiative that CISA and other government agencies started to highlight the importance of securing our nation’s most critical systems and ensuring they stay resilient. For Weeks #1 and #2, I wrote about maturing your third-party risk management program and securing the small business supply chain.

Fourth-party risk management is the process of identifying, assessing, and mitigating the cybersecurity risks posed by the vendors of your third-party vendors (your vendor’s vendors). With digital transformation compressing the boundaries between IT ecosystems, any of your vendors could be transformed from trusted suppliers to critical data breach attack vectors if they’re compromised.

When you buy a new house, you shouldn’t have to worry that everyone in the city can unlock your front door with a universal key before you change the lock. You also shouldn’t have to walk around the house with a screwdriver and tighten the window locks and back door so that intruders can’t pry them open.

SOAR (Security Orchestration, Automation and Response) refers to the combination of three different technologies: security orchestration and automation, security incident response platforms (SIRP) and threat intelligence platforms (TIP). SOAR technologies allow organisations to collect and aggregate vast amounts of security data and alerts from a multitude of sources.

If you prioritize long-term security and success, you should be analyzing your applications from the inside out. Enter Static Application Security Testing (SAST), a proactive method of identifying and addressing security vulnerabilities in an application’s source code before deployment.

This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. PCI DSS requires that an “entity” have up to date cardholder data (CHD) flow and networking diagrams to show the networks that CHD travels over.

The terms unified and integrated are often used interchangeably in the software world. However, security leaders must understand the differences between deeply unified and API-based integrated platforms within an organization and how they can significantly impact everything from cost to efficiency. First, it is essential to define the terms.

One of the guiding principles for organisations, whether they are major corporations or small firms, is to ensure compliance. Enforcing compliance helps organisations to adhere to fraud prevention guidelines, identify rule infractions, and shield a corporation from unwarranted penalties and legal action. PAN verification is one such crucial process before onboarding consumers, clients, and third parties in order to remain compliant and within the law.

Containers and microservices have changed the game: They allow organizations to ship apps faster and make better use of hardware. They encourage modular software design. And containers help teams embrace the cloud-native paradigms of scalability, mobility, and resilience. It’s safe to say that containers have shaken things up.

We’re pleased to share that Salt has extended the capabilities of our powerful AI algorithms, further strengthening the threat detection and API discovery abilities of the Salt Security API Protection Platform. (Check out today’s announcement.) Here at Salt, we always look forward to the RSA Conference, but this year we are doubly excited to attend and showcase these new advanced capabilities! Salt invests significant resources into the continued innovation of our API security platform.