Collaborate Disseminate
There are stark differences between how to manage security policies for on-premises network environments and those that are 100% cloud-based. But many companies continue to struggle with those differences and have experienced plenty of pain as a resul… Continue reading The Unique Challenges of Companies Born in the Cloud
Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. Accord… Continue reading Decrypt As If Your Security Depends on It
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in unde… Continue reading DevSecOps Scanning Challenges & Tips
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proof… Continue reading It Should Be ‘Cybersecurity Culture Month’
Developers want to write good code. Secure code. Tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much… Continue reading The Power of Developer-First Security
Enterprises that integrate security testing into their CI/CD pipeline fix 91.4 percent of new issues, according to a progress report from ShiftLeft. Recent software supply chain attacks illustrate the growing risks businesses, their partners, and cust… Continue reading Building a More Secure AppDev Process
Applications are critical for doing business. They are also the weakest links in many an organization’s security chain. Many APIs continue to expose the personally identifiable information of customers, employees and contractors. As OWASP (Open Web Ap… Continue reading Web App and API Security Needs to Be Modernized: Here’s How
For many enterprises, incident response is an exercise in chaos. Security teams scramble to figure out how a data breach happened and crash into brick walls as they try to collect information from different departments that are often siloed from every… Continue reading How The Best Defense Gets Better: Part 2
A look at five RaaS kits and how each is marketed and priced Continue reading 5 ransomware as a service (RaaS) kits – SophosLabs investigates
Android malware is on the march, with ransomware an increasing threat Continue reading 2018 Malware Forecast: the onward march of Android malware