Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

How to set up two-factor authentication (2FA) on Linux or Windows Server with Ekran System

In this video, you’ll learn how to set up two-factor authentication on your servers using Ekran System’s two-factor authentication tool. This tool uses an industry-recognized format that combines two authentication factors: knowledge of user credentials and possession of a verified mobile device.

Privileged Access Management Issues? Enter Tripwire Password Manager

So, you have 2000 network devices in your environment and everyone is telling you that you have to rotate all 2000 device passwords every 30, 60 or 90 days (at a minimum) — who has time for that?! How are you going to manage this? The task seems monumental and time-consuming! If nothing is done, then your security/compliance posture will worsen due to reusing passwords that are easy to remember across assets. In addition, passwords could become stale and give adversaries more time to crack them.

Cloud Services: Your Rocket Ship Control Board

The move to the cloud — in many ways — is a return to the early days of computing. When I took my first computer class in 1978, we used an IBM 360 system time share. We rented out time on a remote system — sent our jobs over a modem to a computer at a university — and got back the results of the program run. Today, we’re using the cloud, which is just a fancy version of the old time-share systems.

Unpatched Vulnerabilities Caused Breaches in 27% of Orgs, Finds Study

In May 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking. The report listed the most prominent hacking variety and vector combinations, with “vulnerability exploitation” making the top three.

Cyber Security Trends in the Financial Sector

Financial gain is one of the most common motivations behind cyber-attacks, making the financial sector an attractive target for cyber criminals. Recently, it was reported that companies in finance lost nearly $20 billion due to cyber-attacks and breaches. Furthermore, it was reported that financial companies get attacked 2500x more than a typical business for a total of over one billion attack attempts in a single year. These attacks don’t just target financial institutions.

The Cloud SIEM market is validated by Sumo Logic, Microsoft, Google, and AWS

“Computers are bicycles for the mind,” said Steve Jobs once. Security Information and Event Management (SIEM) is biking uphill. Picture this: You cycle hard against the incline and ensure the bike holds up, all the while watching out for incoming traffic in blind turns. The worst part? The bike grinds to a halt when you stop pedaling. You simply can't coast on the steep hill of security operations.

Complexity as the Enemy of Security

In an ideal scenario, security would be baked into the development process from the very beginning. Security teams would primarily exist to verify that best practices have been followed at every step in the process. In practice, security is an enormous challenge for most organizations. This challenge is compounded by the increasingly complex and fast-paced nature of modern service-oriented architectures, such as Kubernetes.