Technology

Over-Privileged Service Accounts Create Escalation of Privileges and Lateral Movement in Google Cloud

Dec 2, 2021 By Jenko Hwong In Netskope

In this blog, we’ve analyzed data from Netskope customers that include security settings of over 1 million entities in 156,737 Google Cloud (GCP) projects across hundreds of organizations (see Dataset and Methodology for more details on the dataset). We will specifically look at the configuration of service accounts, see what’s commonly occurring in the real world, and analyze how multiple security misconfigurations can lead to escalation of privileges and lateral movement.

Read Post

Netskope

Read more about Over-Privileged Service Accounts Create Escalation of Privileges and Lateral Movement in Google Cloud

Using Teleport to Secure SSH and Kubernetes Access

Dec 2, 2021 By Teleport In Teleport

Open Security Summit Nov 12, 2021. Using Teleport to Secure SSH and Kubernetes Access. By Sakshyam Shah Teleport is a Certificate Authority and an Access Plane for your infrastructure.

View Video

Teleport

Read more about Using Teleport to Secure SSH and Kubernetes Access

Why authorization and authentication are important to API security - and why they're not enough

Dec 2, 2021 By David Bisson In AT&T Cybersecurity

The number of machine identities for which organizations are responsible has “exploded” in recent years, according to Security Boulevard. These machine identities include devices and workloads. But they also include application programming interfaces (APIs). Organizations use APIs to connect the data and functionality of their applications to those managed by third-party developers, business partners, and other entities, per IBM.

Read Post

AT&T Cybersecurity

Read more about Why authorization and authentication are important to API security - and why they're not enough

Microsec.ai Partners with Broadcom's Symantec Data Loss Prevention Solution to Deliver Runtime Data Protection for Multi-cloud IaaS Environments

Dec 1, 2021 By Microsec.ai

Continuous monitoring and control over data storage, access, and east-west network traffic with data loss prevention protects against data breach in cloud-native applications.

Read Post

Read more about Microsec.ai Partners with Broadcom's Symantec Data Loss Prevention Solution to Deliver Runtime Data Protection for Multi-cloud IaaS Environments

How to Pass a FedRAMP Audit for SaaS Providers: Part 1

Dec 1, 2021 By Allen Vailliencourt In Teleport

You work at a SaaS provider, and now you need to pass a FedRAMP audit. If that describes you, read on. This post will tell you (almost) everything you need to know about how to pass a FedRAMP Audit. For the rest, reach out to us. We will put you in touch with one of our Solution Engineers like me who have helped some of the largest SaaS providers in the world pass their FedRAMP audit prior or after IPOing. It’s what we do.

Read Post

Teleport

Read more about How to Pass a FedRAMP Audit for SaaS Providers: Part 1

The "Just Because" of Zero Trust | OptivCon 2021 Interview

Dec 1, 2021 By Lookout In Lookout

How does Lookout define Zero Trust? The concept of Zero Trust architecture has evolved. The last two years supercharged its evolution as collaboration has forced data to go wherever it’s needed and, as a result, you’ve lost the visibility you once relied on to secure your infrastructure. Lookout Chief Marketing Officer Mike Banic speaks with Senior Manager of Security Solutions Hank Schless on how Zero Trust has evolved, the current context around it, and ways to approach the concept in a way that helps it feel more achievable.

View Video

Lookout

Read more about The "Just Because" of Zero Trust | OptivCon 2021 Interview

Phishing operators abuse bank APIs to improve phishing TTPs

Dec 1, 2021 By Cyberint In Cyberint

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

Read Post

Cyberint

Read more about Phishing operators abuse bank APIs to improve phishing TTPs

Reducing Risks from IoT Devices in an Increasingly Connected World

Dec 1, 2021 By Forescout

With a staggering majority of devices - expected to reach more than 75 billion by 2025 - connected to vast networks and the internet, reducing cyber risk becomes a critical focal point for the age of IoT.

Get EBook

Forescout

Read more about Reducing Risks from IoT Devices in an Increasingly Connected World

Creating a Cloud Security Stack for AWS Control Tower

Nov 30, 2021 By Andy Horwitz In Netskope

Co-authored by Andy Horwitz and Yuri Duchovny Today, Netskope released a new cloud security solution to help AWS customers provide consistent security across all their AWS accounts leveraging AWS Control Tower. Many AWS Customers follow the multi-account framework as a best practice to isolate teams and workloads on the cloud. Often this may introduce overhead in terms of policy configuration and management.

Read Post

Netskope

Read more about Creating a Cloud Security Stack for AWS Control Tower

Charts - Bar Charts

Nov 30, 2021 By Netskope In Netskope

Netskope Advanced Analytics: Learn how to build and customize bar charts. Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, Netskope is fast everywhere, data-centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.

View Video