Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

tripwire

Streamlining the Cybersecurity Maturity Model Certification (CMMC)

Feb 1, 2024 By Bob Covello In Tripwire
Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171, which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what constitutes CUI, the simple way to think of it is to apply the broadest terms of privacy to any information that relates to any government relationship with a company.
Read Post
sysdig

Detecting 'Leaky Vessels' Exploitation in Docker and Kubernetes

Feb 1, 2024 By Michael Clark In Sysdig
On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker. For Kubernetes, the vulnerabilities are specific to the runc CRI. Successful exploitation allows an attacker to escape the container and gain access to the host operating system. To exploit these vulnerabilities, an attacker will need to control the Dockerfile when the containers are built.
Read Post
Forescout

Why should OT Companies follow NIS2: Safeguarding Critical Infrastructure in a Digitally Connected Era

Feb 1, 2024 By Eduard Serkowitsch In Forescout
The digital transformation of industrial landscapes has brought unprecedented advancements in efficiency and productivity for Operational Technology (OT) companies. But this surge in connectivity exposes critical infrastructure to heightened cybersecurity risks, such as: To address these risks, OT companies should adhere to the guidelines in the European Union’s Directive on Security of Network and Information Systems (NIS2).
Read Post
elastic

Introducing the Elastic Trust Center!

Feb 1, 2024 By Abby Zumstein In Elastic
Your one-stop shop for transparent cloud security information Elastic® knows that security and compliance requirements are mandatory for regulated and non-regulated customers alike. We strongly believe in providing clear and transparent information to earn your trust in Elastic as an organization and in the services we provide. Our Trust Center is a public one-stop shop for information on security, compliance, privacy, and resiliency for Elastic and the Elastic Cloud.
Read Post
cato networks

Busting the App Count Myth

Feb 1, 2024 By Avishay Zawoznik In Cato Networks
Many security vendors offer automated detection of cloud applications and services, classifying them into categories and exposing attributes such as security risk, compliance, company status etc. Users can then apply different security measures, including setting firewall, CASB and DLP policies, based on the apps categories and attributes. It makes sense to conclude that the more apps are classified, the merrier. However, such a conclusion must be taken with a grain of salt.
Read Post

DevSecOps Security Best Practices

Feb 1, 2024 By JFrog In JFrog
Carmine Acanfora, Solutions Architect at JFrog in the EMEA region, leads this security best practices webinar. In this webinar, we discuss the advanced features of the JFrog Advanced Security solution, now available in self-hosted mode. We will take the time to address your questions, particularly on topics crucial for all developers, such as: Don't miss this opportunity to explore JFrog's latest security solution and learn how to accelerate and secure your software supply chain with the first DevOps-oriented security solution on the market.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.