Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Authentication as a baseline security control is essential for organizations to know who and what is accessing corporate resources and assets. The Cybersecurity and Infrastructure Security Agency (CISA) states that authentication is the process of verifying that a user’s identity is genuine.

‍ NIST Special Publication 800-171 (NIST SP 800-171 or NIST 800-171) is a set of security controls within the NIST Cybersecurity Framework that establishes baseline security standards for federal government organizations. NIST SP 800-171 is mandatory for all non-government organizations operating with federal information systems.

Cyber VRM is the practice of identifying, assessing, and remediating the cybersecurity risks of third-party vendors. This involves combining objective, quantifiable data sources like security ratings and data leak detection with subjective qualitative data sources like security questionnaires and other security evidence to get a complete view of your third-party vendors’ security posture. A Cyber VRM solution facilitates this practice.

As we move further into 2022, the world of web application testing is changing. We are seeing new challenges and opportunities as businesses become more reliant on online applications. In this blog post, we will discuss the latest trends in web application testing and how you can prepare your business for the future.

Our CFO cybersecurity survey has shown that Chief Financial Officers are highly confident in their companies’ abilities to ward off cyber security incidents, despite being somewhat unaware of the cyber vulnerabilities their business faces. Almost 87% of the surveyed executives expressed this confidence, yet 61% of them had suffered at least three significant cyber incidents in the previous 18 months.

Cloud computing has created the most profound shift in information technology in recent memory. Leveraging cloud technology, companies can build, deploy, and scale their applications faster than ever. But the adoption of cloud native tools and processes also brings new security challenges. Between complex cloud infrastructure and the expansion of cloud-based services, malicious actors have access to a bigger attack surface than they did even a few years ago.

As cyberattacks become more sophisticated and frequent, developers and security teams often become overextended in their efforts to protect their software and applications. In an article for Security, Daniel Elkabes, Mend’s vulnerability research team leader, highlights what cybersecurity leaders should invest in now to help set up their teams for the future.

Anyone who has watched the Lockpicking Lawyer realizes that certain locks promoted as the latest-and-greatest aren’t necessarily the most reliable devices for securing physical assets. Like many other security professionals, he seeks to educate consumers and manufacturers on defects in devices and how to improve their security. It reminds me of a quote by Deviant Ollam (security auditor and penetration testing consultant): "Security is achieved through openness.

One of the benefits of a secure access service edge (SASE) framework is that organizations can dramatically simplify the implementation of security services without having to go through constant network redesigns and appliance operating system updates.