Technology

How does AWS IAM role, STS and Identity Pool work with each other.

Jun 23, 2021 By Shuo Yang In Teleport

We talked about IAM in the past 3 posts, identities in IAM, manage users privilege as an IT person and control privilege boundaries. We also talked about how applications use AWS Cognito Identity Pool to get AWS temporary credentials to access AWS resources in early posts of “What I wish I could have learned before starting using AWS Cognito” and “Authentication and authorization with AWS Amplify under the hood”.

Read Post

Teleport

Read more about How does AWS IAM role, STS and Identity Pool work with each other.

Amazon RDS Restore Guide

Jun 23, 2021 By CloudCasa

When you need to do a restore, you may not be having a good day and you are likely to be in a hurry. The CloudCasa team has your back! We've put together this quick restore guide to help make the process as easy for you as possible.

Get Guide

CloudCasa

Read more about Amazon RDS Restore Guide

Glaring Gap in Open Source Security: Veracode Finds 80 percent of Libraries Used in Software Are Never Updated

Jun 22, 2021 By Veracode In Veracode

Despite inherent risks of open source code, good software security posture still lacking. 69 percent of fixes are minor and won't break functionality of even the most complex software applications.

Read Post

Veracode

Read more about Glaring Gap in Open Source Security: Veracode Finds 80 percent of Libraries Used in Software Are Never Updated

Voice-Activated Device Privacy: What You Need to Know

Jun 22, 2021 By Lilie Matia In Tripwire

When it comes to evaluating technology in the home, there seems to be no shortage of new devices and shiny gadgets, mainly part of the Internet of Things (IoT), to discuss. Unfortunately, there seems to be no shortage of security issues to consider regarding these same devices, either.

Read Post

Tripwire

Read more about Voice-Activated Device Privacy: What You Need to Know

The SASE Solution to Network and Security's Complicated Relationship Status

Jun 22, 2021 By Bob Gilbert In Netskope

If our friends Security and Networking were on Facebook, they would probably both list their relationship status as “It’s Complicated.” Sometimes everything’s great, but now and then things can get a little weird, unclear, or uncomfortable. At many organizations, there has traditionally been a barrier between the security and networking teams. Each team has its own objectives — and at times, those objectives can be at cross-purposes.

Read Post

Netskope

Read more about The SASE Solution to Network and Security's Complicated Relationship Status

Detecting and Investigating Threats in Splunk Security Analytics for AWS

Jun 22, 2021 By Splunk In Splunk

Splunk Security Analytics for AWS’s pre-built, AWS-specific detections and dashboards allow you to easily visualize your AWS environment and centralize your security analysis and investigations. We’ll walk through some of the offering’s key dashboards and detections in this video, as well as the investigation interface.

View Video

Splunk

Read more about Detecting and Investigating Threats in Splunk Security Analytics for AWS

The Top 5 Vendor-Neutral Cloud Security Certifications of 2021

Jun 22, 2021 By David Bisson In Tripwire

Most organizations have already begun their shift to the cloud. In its Cloud Computing Survey 2020, for instance, International Data Group (IDG) found that 81% of respondents had at least one workload or segment of their computing infrastructure in the cloud. That percentage could grow by the end of the year, as IDG found that 32% of total IT budgets will go to cloud computing—up from 30% in 2018.

Read Post

Tripwire

Read more about The Top 5 Vendor-Neutral Cloud Security Certifications of 2021

Introducing the World's First Modern Cloud-Based SecOps Platform: Splunk Security Cloud

Jun 22, 2021 By Jane Wong In Splunk

To say that the past year presented its fair share of cybersecurity challenges to the InfoSec community would be a drastic understatement. The rapid migration to remote work at scale left 80% of CIOs unprepared, and SecOps teams struggled to confront the evolving threat landscape with disparate toolkits and skill sets. Not to mention that as more organizations shifted to hybrid and multi-cloud environments at scale, cloud complexity (and cloud-based threats) skyrocketed.

Read Post

Splunk

Read more about Introducing the World's First Modern Cloud-Based SecOps Platform: Splunk Security Cloud

Announcing State of Software Security v11: Open Source Edition

Jun 22, 2021 By Suzanne Ciccone In Veracode

Today, we published the open source edition of our annual State of Software Security report. Solely focused on the security of open source libraries, the report includes analysis of 13 million scans of more than 86,000 repositories, containing more than 301,000 unique libraries. In last year’s open source edition report, we looked at a snapshot of open source library use and security.

Read Post

Veracode

Read more about Announcing State of Software Security v11: Open Source Edition

How data poisoning is used to trick fraud detection algorithms on ecommerce sites

Jun 21, 2021 By Theodoros Karasavvas In AT&T Cybersecurity

Artificial intelligence (AI) and machine learning (ML) systems have become the norm for using client data to provide recommendations to customers. As more people are working from home and conducting business online, it is imperative that fraud detection software is used to protect user information. But these protective systems also utilize ML to automate the process and understand when a potential attack is taking place.

Read Post