Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Privileged access management (PAM) solutions have been around in various forms for decades now. Whether you want a password vault, session management, reduced privilege or a combination of privileged management workflows, there’s been no shortage of vendors to choose from. So why does the thought of PAM still make admins shudder? Surely, it should be enjoyable to have a PAM solution humming along, reducing your organization’s risk while you, the admin, focus on your other duties.

Congratulations to the Kubespray team on the release of 2.17! This release brings support for two of the newer features in Calico: support for the eBPF data plane, and also for WireGuard encryption. Let’s dive into configuring Kubespray to enable these new features.

For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed experienced CISCO Victor Kritakis, of Epignosis. As the head of the company’s information security policy, he is responsible for penetration testing and vulnerability assessments, staff cybersecurity training, administration of the bug bounty program, as well as maintaining the ISO 27001 certification standards.

For today’s remote workforce, security professionals need technical security awareness education distinct from the rest of the company’s “don’t click a phishing link” training. Security analysts know how to recognize phishing emails and set secure passwords. However, where does that leave them when it comes to security awareness month?

As organizations migrate to the cloud and adopt more “as-a-Service” technologies, identity and access have become the perimeter. Remote workforces mean that limiting access according to the principle of least privilege is a fundamental security control. As part of securing applications and networks, organizations need to focus on users with privileged access because they pose greater insider and credential theft risks.

The impact of Data Exfiltration, which is the act of copying or transferring data from a computer or server without authorization, has increased over the years and it can be difficult to detect because data is transferred regularly for normal business purposes. If not monitored accurately, company data can be stolen without anyone being aware. Companies in every industry, no matter the size, have sensitive data that must remain private (e.g. PHI, PII, PCI).

For many cybersecurity professionals, October’s annual "cybersecurity awareness month" is met with scorn and ire, or mocked on social media for likes and hearts. Meanwhile they forget that, outside the small percentage of humanity that exist in our cybersecurity bubble, there are an enormous number of people that can and do benefit from the additional outreach, engagement, and focus that Cybersecurity Awareness Month brings.