Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Better Detections and Cloud Coverage with Splunk Enterprise Security 6.4

Security teams are in a difficult position: they continue wrestling with persistent problems, such as overwhelming alert volumes and staff shortages, while confronting new ones driven by the abrupt shift to remote work. For instance, attaining real-time, deep visibility into cloud environments may have been on SOC roadmaps before 2020, but the capability is now a pressing need.

Going Beyond Insider Threats: How to Balance Post-COVID Cybersecurity with Productivity Data for Remote Employees

For many organizations, the past several years have been defined by an unending pursuit of data privacy and cybersecurity. Prompted by a daunting threat landscape, new regulatory standards and increasingly onerous consequences, companies invested millions in securing their digital infrastructure as an all-in attempt to meet the moment.

5 questions every higher-ed security leader should ask

In the day and age of COVID-19 we have witnessed a transformation of the way we work. If I were asked before March of 2020 how long it would take to make the progress in digital and security transformation that we as a society have made in the last 9 months, I would have guessed at least 5 years. The rate of adoption in the face of the pandemic has been unprecedented. Nowhere have the changes required to make remote working come on faster than with education.

SASE and the Forces Shaping Digital Transformation Part 3: Government and Industry Regulations, and Global Social and Economic Forces

Regulatory authorities are still trying to catch up with cloud computing let alone the revolution that business digitalization is causing as there is no longer a data center to audit or a firewall log to review.

Nature vs. Nurture Tip 1: Use DAST With SAST

When conducting research for this year’s State of Software Security report, we looked at how “nature” and “nurture” contribute to the time it takes to close out a security flaw. For the “nature” side, we looked at attributes that we cannot change, like application size or age. For “nurture,” we looked at application attributes we can change, like security scan frequency and cadence.

Adventures in MQTT Part II: Identifying MQTT Brokers in the Wild

The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more.

Which DLP Tasks to Automate - and Which to Do Manually

Just this week, the news broke that a poorly-secured AWS server exposed over 10 million hotel reservation logs from Cloud Hospitality websites, putting the information of millions of guests at risk. As of June 2020, more than 3.2 million consumer records have been exposed in the ten biggest data breaches this year. Organizations in virtually every industry struggle to get data loss prevention (DLP) right due to one big misconception about this important cybersecurity practice.

Bad Bots 101 - Credential Stuffing

In our webinar Bad Bots 101: Credential Stuffing Action, we discuss why these attacks are so difficult for businesses to detect and stop. In today’s blog, we cover some of the salient points explored in the webinar by Netacea’s Head of eCommerce Tom Platt, including the common techniques used by sophisticated bad bots to evade traditional methods of detection.

Automotive threat analysis and risk assessment method

The TARA method provides risk evaluation, assessment, treatment, and planning for identified risks. Learn how to apply this method to the ISO SAE 21434 standard. In our earlier blog posts we covered the ISO SAE 21434 standard, including the organizational cyber security plan as well as the cyber security assurance levels in depth. We will now look at the impact calculation and detailed threat analysis and risk assessment (TARA) coverage within this new standard.