Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Signs of Phishing: Protecting Yourself During the Holidays

I recently wrote about phishing around the holidays and while I was working on the piece, I noticed a couple of friends posting recent emails on Facebook. I thought it might be fun to dig a bit deeper into those emails and look at the telltale signs that indicate these are phishing attempts.

The Chicken & Egg Secret Protection Problem in Micro-services

Alice keeps all her passwords in an Excel file on her desktop. However, she was told it is a very bad practice, since Eve can easily get access to the computer, read the file,and access Alice passwords and accounts. To enhance her security, Alice got a password protection software, KeePass, and she now saves all her passwords safely there – except for her KeePass password, which Alice keeps in an Excel file on her desktop. ‍Good news for Eve...

Is Your Company Suffering from Supplier Stockholm Syndrome?

That phrase came to me many years ago when working on a multi-million pound IT outsourcing deal. We were up to our necks in the finer points of platform-wide and stack-deep security, and I realised we were fighting amongst ourselves more than challenging the final competing vendors. This infighting was partly due to the large amount of IT staff in the room likely to transfer to the winning team and partly due to the view of security controls as a bolt-on extra.

60% of Canadians Fear Falling Victim to Fraud this Holiday Season, Scotiabank Survey Reveals

How likely is it to fall victim to fraud? As far as I’m aware, I personally have not purchased from a fraudulent site, but I have had my card details stolen in the past. Additionally, I remember years ago that while attempting to find a flat, I found a ‘rental company’ who turned out to be one person attempting to rent out flat 13 that due to superstition didn’t actually exist.

Featured Post

Project Management And Using a Risk Assessment Matrix

According to studies published over the last decade, over 90% of new businesses fold before they even go to market or reach their fifth anniversary. The failure rate has become so prevalent that some entrepreneurs have taken it to be normal. However, nothing about failure, especially where money is involved, is normal. Is it possible to reduce failure rates in the startup world with today's business intelligence tools? The answer would be a resounding "yes" if we look at it from a risk management perspective. Risk management involves identifying problems before they occur and preparing for them.

Top Cloud Security Resources: Certifications, Events and Social Media

Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security posture within yourself and/or your team.

Enforcing Network Security Policies with GitOps - Part 1

“How do I enable GitOps for my network security policies?” This is a common question we hear from security teams. Getting started with Kubernetes is relatively simple, but moving production workloads to Kubernetes requires alignment from all stakeholders – developers, platform engineering, network engineering, and security. Most security teams already have a high-level security blueprint for their data centers.

Logs Are Back-and Other Takeaways from AWS re:Invent

This month Devo exhibited at the AWS re:Invent conference in Las Vegas. I asked a few Devo colleagues who attended the show for their insights about what they heard and saw. Among the many visitors to the Devo booth there were a lot of similar questions about log management and related topics. “There were many log vendors at the show, so people wanted to hear what makes Devo unique,” said Seema Sheth-Voss, vice president, product marketing, for Devo.

Cybersecurity Audit Checklist

Today’s network and data security environments are complex and diverse. There are hundreds of pieces to a security system and all of those pieces need to be looked at individually and as a whole to make sure they are not only working properly for your organization, but also safe and not posing a security threat to your company and your data or the data of your customers.

What are Indicators of Compromise (IOCs)?

Indicators of compromise (IOCs) are pieces of forensic data, such as system log entries, system files or network traffic that identify potentially malicious activity on a system or network. Digital forensics security analysts and information security professionals use indicators of compromise to detect data breaches, malware infections and other security incidents.