End-to-end protection for containers in production is required to avoid the steep operational and reputational costs of data breaches. As news of container attacks and fresh vulnerabilities continues to prove, short cuts (or incomplete security strategies) aren’t going to work. Runtime container security means vetting all activities within the container application environment, from analysis of container and host activity to monitoring the protocols and payloads of network connections. Containers running in production environments actively fulfill … More
Recent research revealed that blockchain is set to become ubiquitous by 2025, entering mainstream business and underpinning supply chains worldwide. This technology is set to provide greater transparency, traceability and immutability, allowing people and organizations to share data without having to be concerned about security. However, blockchain is only as strong as its weakest link. Despite the hails surrounding blockchain’s immutable security, there are still risks surrounding it that organizations must be aware of – … More
Can you believe it is June already? Summer is rapidly approaching, but it’s been slow to warm up our temperatures here in the US. I can’t say the same thing about the temperature in our security community – things have been hot! The first months of 2019 have seen a record number of vulnerabilities reported and the latest, BlueKeep associated with CVE-2019-0708, has set the forums and security advisory lists on fire. The May updates … More
The post June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets appeared first on Help Net Security.
Skydivers know that there is a risk their parachute won’t open. Police officers know their daily jobs come with the inherent risk of danger. And private equity firms know there is a risk they won’t realize the expected return on investment in any given deal thesis – but even with that understanding, and the standard due diligence a firm will perform prior to a deal, hidden IT risks may lie within an investment company. These … More
The post Is your private equity firm exposed to these hidden IT risks? appeared first on Help Net Security.
In my previous post, we set up the foundation for a risk quantification program. Many organizations have begun this part of their security strategy and are learning how to approach this challenge, which has plagued the security industry for years. In this part, we talk about how a winning security metrics strategy aligns with the business’ goals and objectives and lay out the framework to develop the metrics strategy. Security metrics are business metrics A … More
The post Structural integrity: Quantifying risk with security measurement appeared first on Help Net Security.
The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in Apache Struts was exploited. The reality is enterprises are supporting an ever-growing number of applications, both commercial and homegrown which has created many challenges in maintaining proper security patches for even the most critical applications. That same challenge becomes even more difficult when you consider legacy enterprise applications that are … More
Historically, security teams and tools have used IP addresses to define their targets and scopes. But in a world where applications and networks are increasingly cloud-hosted or integrated with third-party services, IP addresses alone aren’t enough to ensure coverage. Modern perimeters are dynamic and constantly changing, which can lead organizations to have an inaccurate picture of their risk simply by failing to properly catalog what Internet facing assets they have. Testing against a stale set … More
The post Is your perimeter inventory leaving you exposed? Why it’s time to switch from IP to DNS appeared first on Help Net Security.
Identity is the foundation of security, so a robust automated identity and access management (IAM) system is by far the best way to keep your company’s information safe. It’s also a great way to increase efficiency and save money. It’s no wonder so many businesses are adopting IAM systems. The global market value of identity and access management systems has grown from $4.5 billion in 2012 to $7.1 billion in 2018. By 2021, it is … More
No need to belabour the point. We all know that trying to defend the network perimeter is a bit futile in today’s mobile and cloud first world. So, the obvious question – what’s next? Vendors are quick to come to your aid with their latest, next generation, virtualized, machine learning and AI based security platform. Industry analysts on the other hand are proposing various security frameworks and approaches for reducing risk. Whether it’s Gartner with … More
The post On the path to Zero Trust security: Time to get started appeared first on Help Net Security.
It’s tough being a cybersecurity analyst these days. Over the last few years we have been repeatedly reminded of the challenge they are now facing, primarily through the steady stream of high-profile data breaches that have hit the headlines. In the last month alone Microsoft has been in the news after suffering a breach that enabled hackers to access customer email accounts, while a breach at beleaguered social giant Facebook was believed to have left … More
The post How can we give cybersecurity analysts a helping hand? appeared first on Help Net Security.