Making a Business Case for the Right SIEM
Let’s admit it — switching to a new SIEM can be tough. And expensive. But even when it isn’t tough or expensive, it’s always scary.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Apple protected App Store users from $1.5 billion fraud last year
Apple says that it protected many millions of users from being defrauded to the tune of nearly $1.5 billion dollars in the last year, by policing its official App Store. According to a newly published report by Apple, over 1.6 million risky and untrustworthy apps and app updates were stopped in their tracks due to the company’s fraud prevention analysis.
The Modern CISO Role Needs to Evolve. Here's Why.
The role of information security in modern enterprises is evolving like never before. Security will need to improve third-party oversight as organizations increasingly depend on outsourcing models for scale flexibility, efficiency, and cost savings. It will also need to do a better job of balancing security requirements (e.g., regulatory compliance, risk management) against business objectives (e.g., user experience, network performance, reducing costs).
Enabling Self-Service Recovery in a Multi-Tenant Kubernetes Environment with CloudCasa and Capsule
At KubeCon Europe 2022, we held a virtual booth office hour session with our new partner Clastix. In this video, Dario Tranchitella, the lead architect for Capsule by Clastix discusses and demonstrates how the combination of Capsule and CloudCasa provides easy self-service backup and recovery in a multi-tenant Kubernetes environment.
Spotlight on Technology - Governance, Risk & Compliance
Today we are talking all things GRC with Megan Brown at LogicGate, including why it's essential to have a robust GRC tool in a modern security stack. GRC is extremely useful for compliance framework management and maintaining compliance - it can be used effectively to supply a historical database of known risks, issues and security measures that can be used to continuously improve security intelligence. Join Megan and Razorthorn MD James Rees to find out how a good GRC tool can save you both time and money, while efficiently improving your security and compliance.
How Malicious NPM Packages Make Your Apps Vulnerable
Zbyszek Tenerowicz (a.k.a. ZB) teaches us how we can be susceptible to malicious packages as developers. We also see demos on the possibilities of what a malicious package can do such as modify code, package.json publish scripts and more. You're sure to learn something new in this session and level up your Developer security skills. This was a recorded livestream titled "My NPM Package Will Eat Your Lunch".
Atlassian Vulnerability CVE-2022-26134
Over the past weekend, on June 2, Atlassian published a security advisory regarding a zero-day vulnerability in all versions of the Confluence Server and Data Center that is already being exploited in the wild. The critical severity vulnerability has received the ID of CVE-2022-26134 and a threat actor can exploit this vulnerability in order to perform unauthenticated remote code execution (RCE).
Niall Heffernan: How to empower your security operations team to focus on higher value strategic work
In our sixth episode of the Future of Security Operations podcast, Thomas speaks with Niall Heffernan, Head of Security at Cygnvs, a former Senior Manager of Information Security at Informatica, and a Lecturer for BSc, HDIP, PGDip, and MSc students studying in the Cybersecurity courses at the National College of Ireland.
Safer together: Snyk and CISPA collaborate for the greater good
Great things happen when the academic world and the software industry work together! Today, we’d like to share a story about our recent collaboration with the CISPA Helmholtz Center for Information Security, a big science institution in Germany. Back in January, Cris Staicu Ph.D. (Tenure-Track Faculty, CISPA), contacted us about his research on NodeJS and JavaScript.
Zero Trust Network Access (ZTNA) - Cloud Security Solutions from Lookout
Lookout ZTNA is a cloud-native security solution that addresses the challenges of the modern-day remote workforce by granting access only to specific applications rather than an entire network. This limits lateral movement when a threat occurs and allows for secure collaboration across teams.