Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Weekly Cyber Security News 21/02/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Extortion methods have been pretty consistent the past couple of years, but a new one popped up this week which seems to be focused on the online small business owner. I wonder how this one will pan out.

Pre-RSA Twitter Poll: 3 Interesting Observations on SOC, SIEM and Cloud

In advance of the RSA Conference 2020, we wanted to get a pulse of attendees’ perceptions on a few topics, specifically challenges facing modern SOCs (security operations centers) and the value they are getting from technologies such as analytics, automation, and their SIEM tools. To get this, we fielded a series of questions to the Twitter-verse and received nearly 17,000 votes! After going through the results, we found a few interesting things…

What is DLP?

This video briefly explains what data loss prevention is and which steps are crucial to establish a DLP process in your organization. Your confidential, regulated or business-critical data is constantly at risk of being lost. For example, it could be leaked from an unsecure location, or it might be sent to the wrong recipient in an email. To prevent critical information from leaving your organization, you need data loss prevention (DLP).

Workforce Management Software

Workforce management, often shortened to simply WFM, is about managing staff schedules and services within companies. Workforce management software incorporates most software that focuses on managing and simplifying the process of scheduling staff work hours as well as managing their work and productivity. Managing large amounts of staff members turns into a massive task for human resources teams if they have to do everything manually.

The Power of Splunk Security Essentials + Accedian Skylight Powered Security

As new technologies emerge, end-to-end application stacks continue to grow, and connected devices become more omnipresent in everyday lives, our society will only become more intrinsically connected across multiple touchpoints. It’s even estimated that in the US alone, there will be roughly 200 billion IoT devices by the end of 2020.

Is the cybersecurity skills gap real?

An independent guest blogger wrote this blog. If you do a web search for “cybersecurity skills gap,” you’ll get many, many pages of results. It’s certainly a hot topic in our industry. And it’s a matter that security practitioners and human resources people often disagree on. But before I get further into the matter, it would help to know what it is we’re talking about when we use the phrase “cybersecurity skills gap.”

Image scanning for CircleCI

In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities before they reach production environments and fix them faster while the developer still has the context.

SIEM Yara Rules

The tongue-in-cheek named malware detection tool, Yet Another Recursive Acronym (YARA) is described as “the pattern-matching Swiss Army knife for malware researchers (and everyone else)”. The Sumo Logic Cloud SIEM Enterprise platform is one of the first SIEM solutions to incorporate it as a built-in feature. This gives blue teamers an additional layer of detection built into the SIEM.

What are the OWASP Top Ten?

The OWASP Top 10 is a regularly-updated report outlining the top 10 list of security concerns for web application security. The report is put together by a team of security experts around the world. OWASP refers to the Top 10 as an 'awareness document' and they recommend all companies incorporate the report's findings into the cybersecurity processes.