Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Where are all the cyber security pros?

Despite living in a world where the internet is becoming ever-more fundamental to everyday life, there is currently a world-wide shortage of cyber security professionals who are able to keep it all secure. Within four years this shortage is expected to reach 1.8 million. According to a recent study, only 35% of the enterprises involved felt they were adequately staffed to deal with cyber-attacks. 35% is not a good percentage.

In-house v. Cloud-based Log Management

Data generated by various devices connected in a network and operations being carried out on them is called as log data and we have already discussed why log management is important, considering the exponentially increasing number of attacks and their sophistication. Further, in the last blog post, we dealt with questions that you must your cloud-based log management service provider.

How Can Logs Be Useful?

From performance information to fault and intrusion detection, logs can provide you a lot more things with regard to what is happening on your systems and network along with the timestamps and order of the events. Logs can be invaluable for resource management, instruction detection, and troubleshooting. More importantly, logs can provide an admissible evidence for forensic purposes in the aftermath of an incident. The following sections provide a deep dive into some use-cases of logs.

Data Security Requirements for Federal Contractors

Federal contractors are private entities that fulfill governmental needs. As such, they are trusted with sensitive, private federal information which makes them obvious targets for cyber attacks. The government has recently ramped up data security requirements for federal contractors, demanding more software, hardware and accountability from them.

Bypassing and exploiting Bucket Upload Policies and Signed URLs

TL;DR Bucket upload policies are a convenient way to upload data to a bucket directly from the client. Going through the rules in upload policies and the logic related to some file-access scenarios we show how full bucket object listings were exposed with the ability to also modify or delete existing files in the bucket.

Application Discovery and Inventory with ImmuniWeb

ImmuniWeb® Discovery is a part of the ImmuniWeb Application Security Testing Platform. Leveraging big data and a non-intrusive OSINT reconnaissance technology, it quickly builds a comprehensive list of your external web and mobile apps for actionable inventory, continuous monitoring, risk and compliance management.

ImmuniWeb AI Application Security Testing Platform Overview

ImmuniWeb® Platform is The Turnkey Service for Application Security Testing. ImmuniWeb® Platform leverages Machine Learning and AI for intelligent automation and acceleration of Application Security Testing (AST). Complemented by scalable and cost-effective manual testing, it detects the most sophisticated vulnerabilities and comes with a zero false-positives SLA.

ITIL, the Change Management Process and Tripwire Enterprise

When I speak with clients about their approach to managing their IT services, many organisations mention ITIL practices as a cornerstone to their approach. This is hardly surprising since the ITIL framework describes a sensible methodology for IT management, looking at the use of technology through the lens of what the business needs.