In 2020, cyber criminals used cloud applications, the cover of a pandemic, and a newly embraced work-from-home culture to serve up ransomware, steal data, and disrupt how companies do business. The year is over, but the challenges and risks remain. How do we prevent these criminals from injecting chaos into our hybrid work environments? As […]
Security starts before detection and response, but many organizations focus there first. Mature security teams understand the importance of identification and protection. Establishing good cyber hygiene and taking proactive measures to secure themselves against the ever-increasing threat landscape is a critical first step in a holistic security program. How should organizations build a holistic security […]
The Biden Administration’s Cyber Executive Order includes a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components that make up software components. It is a critical and necessary first measure for protecting the software supply chain, but is it enough?One of the biggest challenges to supply chain transparency […]
Preventing breaches begins with understanding and protecting your attack surface. For most enterprises, their attack surface is huge. To help wrangle it, security professionals have struggled for years to use tools such as network mapper (nmap) or vulnerability scanners to discover and test the security of internet-exposed assets; these typically present a path of least […]
Application security has become a complex, distributed problem. During the days of waterfall development and monolithic applications, application security was pretty straight forward – statically scan your source code, dynamically test your business logic, and deploy a web application firewall to protect layer 7 traffic. But with agile development, DevOps processes, and containerized applications, application […]
The introduction of containers and micro-service architectures have changed the way we develop, deploy, and run our applications. Not only has this changed application development, but it’s also created some visibility challenges for application security. Move those applications to the cloud and we only amplify those challenges. How do we architect our cloud services and […]
Although Linux is still a fraction of the market share of Microsoft Windows and Mac OS X, its growth continues to accelerate. Linux will continue to grow at compounded annual growth rate (CAGR) of 19.2% through 2027. Some of the primary factors for this growth include: Cloud computing infrastructure, Containerization of applications, and Microsoft’s support […]
There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]
The Solarwinds Orion SUNBURST attack has been in the news for weeks. We’re starting to get great details into the actual attack, especially after FireEye released the initial set of indicators of compromise. But the question I want answered is why didn’t anyone discover this attack before the breach. What defenses are we missing to […]
Last fall we discussed what security data do I really need to collect and analyze. We know we don’t need it all, but this was only the sensor part of the discussion. Now that we have that data identified and those sensors in place, what brain do I need to collect and analyze it? There […]