Collaborate Disseminate
The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed interest by organizations to reevaluate their supply chain security posture, lest t… Continue reading 3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
The Mitre Corporation has released the ninth version of its ATT&CK knowledge base of adversary tactics and techniques, which now also includes a newly created ATT&CK matrix for containers. Source: MITRE MITRE ATT&CK v9 ATT&CK covers… Continue reading MITRE ATT&CK v9 is out and includes ATT&CK for Containers
As the COVID-19 pandemic took over the world, more and more businesses rushed to the cloud without taking into consideration the security issues that could result from rapid deployment. There is no doubt that moving to the cloud has a wealth of benefi… Continue reading Best Practices for Securing Modern Applications
Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your […]
The post How to Design and Roll Out a Threat Model for Cloud Security appeared first on Security Intelligence.
Continue reading How to Design and Roll Out a Threat Model for Cloud Security
Today’s cloud security requires a new way of looking at threat models. Making a threat model can support your security teams before problems start. It helps them develop a strategy for handling existing risks, instead of detecting incidents at a later stage. Let’s walk through how to create a threat model that works for your […]
The post How to Design and Roll Out a Threat Model for Cloud Security appeared first on Security Intelligence.
Continue reading How to Design and Roll Out a Threat Model for Cloud Security
Our small company needs to store sensitive data in the cloud. We are debating VPS’s or rented bare-metal servers due to cost. Our threat model includes malicious sysadmins working at the hosting provider and this is what we are focusing on… Continue reading Are hosted bare-metal servers more secure than VPS against unauthorized disclosure?
Secure software development requires a ‘shift left’ — paying attention to security and privacy early in the life cycle. Threat modeling is a very useful activity for achieving this goal, but for a variety of reasons, organizations struggle to introduce it. Last year, a group of industry and academy experts got together with the goal […]
The post Using the Threat Modeling Manifesto to Get Your Team Going appeared first on Security Intelligence.
Continue reading Using the Threat Modeling Manifesto to Get Your Team Going
I’am using the Mitre ATT&CK CTI for ICS and I need to get all the assets
shown in this page
How can I get them through their TAXII server?
Here is a little snippet of code interacting with the CTI.
from taxii2client.v20 import Server, … Continue reading Mitre ATT&CK for ICS: how to get the list of assets?
In the last decade the role of the chief information security officer (CISO) has evolved considerably. Not long ago, the CISO was considered a part of the IT team and their main focus was on building firewalls, implementing antivirus and keeping spam … Continue reading How CISOs Limit Downtime Without Impacting Security
Threat modeling is one of the most essential, and misunderstood, component of the software development lifecycle. It identifies potential threats and vulnerabilities early on in the process, mitigating the risk of attacks, and reduces the overall cost… Continue reading Defining Threat Modeling and Its Role in the SDLC