Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Redscan Labs releases Zerologon detection tool

Zerologon (CVE-2020-1472) is a critical vulnerability in the Windows Server Netlogon process authentication process. Following our recent Security Advisory, immediate patching of the vulnerability is strongly advised. To help determine whether your organisation has been compromised as a result of an attacker exploiting the vulnerability (even prior to a patch being installed), Redscan Labs has developed a Zerologon detection tool.

Can SAST tools improve developer productivity?

Organizations are increasingly agile today, producing and deploying software applications faster than ever before. But this requires all the elements in the software development life cycle (SDLC) to work together cohesively. Security practices in the SDLC become especially important, given that more than half of security flaws result from preventable coding mistakes. Ensuring that developers are on board with security practices is even more critical to improve the process efficiency.

Best Practices: Onboarding Jfrog Xray

JFrog Xray is a Software Composition Analysis tool (SCA) which is tightly integrated with JFrog Artifactory to ensure security and compliance governance for the organization binaries throughout the SDLC. This video provides best practices learned from customers for successfully deploying JFrog Xray into your organization and performing a real Shift-Left. It will focus on two keys to success, 1. involving R&D and 2. starting small and working in cycles.

Advanced Active Directory attacks: Simulating domain controller behavior

There was a time when cyberattacks on identity and authentication infrastructures [like Active Directory (AD)] were immensely challenging to perform. A lot of forethought had to be put into devising a plan for the careful execution of attacks, and advanced technical knowledge of domains and networks was a requisite. Over time, with the advent of open-source pen testing tools, the knowledge gap and the complexities involved to carry out a full-scale cyberattack have narrowed drastically.

Zero Trust Architecture explained

With the increase in frequency, sophistication, and cost of cyberattacks, the global focus on cybersecurity is at an all-time high. However, the goalposts for those tasked with protecting businesses have shifted. Hackers have a growing number of ways they can compromise a business and are frequently looking to move laterally within an organization, using credentialed (and often elevated) access.

AWS threat detection using CloudTrail and Sysdig Secure

Implementing AWS threat detection with Sysdig Secure takes just a few minutes. Discover how to improve the security of your cloud infrastructure using AWS CloudTrail and Sysdig Cloud Connector. With the rise of microservices and DevOps practices, a new level of dangerous actors threatens the cloud environment that governs all of your infrastructure. A malicious or inattentive cloud API request could have a sizable impact on availability, performance, and last but not least, billing.

Securing and Monitoring AWS Container Services

Developers, operations, and security teams must work together to address key workflows to secure and monitor containers, Kubernetes and cloud services across the entire cloud-native lifecycle. By addressing mage scanning, runtime security, and compliance, along with monitoring for Kubernetes, container, applications, and cloud services you can automate protection and performance management to accelerate cloud adoption.