The identification of every user making a request to a given system is vital to ensuring that action is only taken by, and information only returned to, those who need it. This happens in two steps: first, the requester is identified (authenticated), and then that identity is used to determine which parts of the application they are allowed to access.

When you think about how to automate processes within the IT industry, your mind probably goes first to tools. After all, the past decade has witnessed an explosion of tools from across the industry that promise to make it easy to automate virtually every aspect of IT operations — from low-code development solutions that automate coding, to release automation tools for applications, to automated monitoring and security platforms.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Kostya Ostrovsky , a Software Architect at Torq based in our Tel Aviv office. Kostya is one of the first employees at Torq.

If you haven’t heard the news, Splunk Phantom is now Splunk SOAR – available both on-prem and in the cloud. What does this mean to you? You can deploy SOAR in the way that best supports your business needs. No matter what deployment you choose, you can automate from anywhere, and truly “SOAR your own way!” Hot on the heels of our cloud release is another exciting announcement: Splunk SOAR’s new Visual Playbook Editor.

If you’re a developer who lives and breathes code all day, you probably don’t mind having to write complex configuration files to set up an automation tool or configure a management policy. But the fact is that many of the stakeholders who stand to benefit from security automation are not developers.

In an age when attackers create over a million phishing sites each month, and phishing serves as a beachhead for 95 percent of all attacks against enterprise networks, how can businesses respond? Part of the answer lies in educating users to recognize and report phishing, of course. But user education only goes so far – particularly because the same statistics cited above show that, on average, only 3 percent of users will report phishing emails.

Manual security testing services and automated AppSec tools have their place in DevOps. Knowing which to use will make your security efforts more effective. AppSec tools that can quickly identify secrets or sensitive data accidentally (or intentionally) inserted in source code are crucial in automatically scanning millions of lines of code to find critical security issues.