Achieving comprehensive security for the products delivered and deployed by organizations is becoming more difficult, due to a variety of factors. A key one is the growing volume, variety and complexity of software and connected devices in use. Another is the overwhelming risk of inherited software supply chain exposures. The result: Companies struggle every day to provide software with optimal security and protection against malicious activities, takeovers, data theft, and commercial sabotage.

Security is a constant concern for businesses large and small, public and private. Data breaches and software supply chain attacks are occurring more and more frequently. A growing gap in the cybersecurity workforce is hampering security efforts in every type of organization. And with the average cost of a data breach currently at $4.24 million, leaders have significant motivation to look for new and innovative ways to mitigate cybersecurity risk in their organizations.

Cyber security and physical security grew up at different times and in different neighborhoods. In fact, long before digital transformation was even a concept, physical security had staked out its corporate territory and was on the job protecting the company’s people, buildings, and other assets. Then, as the business world grew increasingly more reliant on information technology, digital security started flexing its muscles on its own turf.

Digital workplace solutions have played a huge role in streamlining the shift to remote work. It has improved the employee experience and organizational productivity and made work-from-home almost as smooth as in-office work. While it has certainly made work life easier for both employees and managers alike, from a cybersecurity standpoint, having a single integrated interface with all the data from the organization in one place leaves the company vulnerable.

Typically, an infrastructure is made up of numerous critical services which should not be exposed to everyone. In this blog by Uzziah, learn how Cloudflare Access enables you to protect internal services that you’d rather not expose to everyone.

The Forge team at Puppet has been hard at work for the past few months building out a malware scanning framework in order to help folks be more proactive about their security posture. Now, to be clear, this doesn't replace your own security mitigations. You should still audit untrusted code. You should still run your own virus protections. There are many layers in a robust security profile, and this is only one of them.

Making security an intrinsic part of a DevOps pipeline is a “must-have” for organizations looking to secure their applications earlier in the development process. The combination of JFrog Artifactory and JFrog Xray enables organizations to build security into all phases of their software development lifecycle, so they can proactively detect and mitigate open source software (OSS) security vulnerabilities and license compliance issues that impact their software.

In the current digital world, businesses should ensure that they protect cardholders’ data at all costs. As such, any business that stores, processes, or transmits cardholder data or any other sensitive information should comply with the latest Payment Card Industry Data Security Standards released in 2018. However, this can be overwhelming for most decision-makers. Below is a guide on how you can achieve PCI DSS compliance for your cloud operations.

Recently, I started to read the invaluable book Software Engineering at Google. It’s a great book by Google, describing their engineering practices across many different domains. One of the first chapters discusses the matter of making a “scalable impact,” which I find very interesting, and something that I believe has been overlooked by many organizations.

Public cloud infrastructures and microservices are pushing the limits of resources and service delivery beyond what was imaginable until very recently. In order to keep up with the demand, network infrastructures and network technologies had to evolve as well. Software-defined networking (SDN) is the pinnacle of advancement in cloud networking; by using SDN, developers can now deliver an optimized, flexible networking experience that can adapt to the growing demands of their clients.

The more prominent and complex Kubernetes deployments become, the more important it is to define strict access controls and tighter security. In this blog, Kasun has explained how RBAC can be implemented in Kubernetes clusters to restrict user permissions to relevant resources only.

It’s no secret that cyber attacks are on the rise. Not only are they becoming more frequent, but the malicious actors who mount these attacks are constantly improving their skills and evolving the tools in their arsenals. Protecting your organization is challenging at best; especially since we measure the return on investment for cybersecurity as ‘preventing losses’ instead of ‘increasing revenue.’

Software providers everywhere are under attack by cyber threat actors. Whether it’s a ransomware, the latest zero-day exploit, or a highly sophisticated, well-resourced, and persistent supply chain like SUNBURST, our entire industry faces an increasingly treacherous threat landscape, and nearly every news day brings with it another wave of announcements and urgent system updates to be made.

JFrog Artifactory and JFrog Xray recently underwent a rigorous hardening process to earn accreditation for inclusion in the U.S. Department of Defense’s Iron Bank, a centralized repository of digitally-signed and hardened container images. In this blog post, we’re pulling back the curtain on the process, in order to share our insights and lessons learned with our customers and with the DevOps community at large.

Defending against security threats is a full-time job. The question is: Whose job is it? Our cybersecurity landscape is in constant flux, with more users having increased access to corporate data, assets, APIs, and other entry points into the organization.

In this blog, we will cover the various requirements you need to meet to achieve NIST 800-53 compliance, as well as how Sysdig Secure can help you continuously validate NIST 800-53 requirements for containers and Kubernetes. NIST 800-53 rev4 is deprecated since 23 September 2021 Read about the differences between versions down below →

As software applications grow in scale and complexity, the surface areas for security vulnerabilities and exploits grow with it. Modern development practices include large amounts of code reuse. First, in the form of language-specific standard libraries such as the C++ STL, the Golang standard library, and Microsoft.NET. Second, in the form of open-source libraries found on places like Github. Much of this code is built using other libraries, introducing a web of dependencies into modern software.

Internet-facing applications are some of the most targeted workloads by threat actors. Securing this type of application is a must in order to protect your network, but this task is more complex in Kubernetes than in traditional environments, and it poses some challenges. Not only are threats magnified in a Kubernetes environment, but internet-facing applications in Kubernetes are also more vulnerable than their counterparts in traditional environments.

Stop what you’re doing and make your passwords more secure! How, you ask? Read on to find out. It’s become very anecdotal when we speak about passwords for our online accounts and why these might matter. We all take this very lightly and assume that no one can guess or work out what our passwords are and thus we think no one will be able to access our most sensitive information be it online bank accounts, Amazon accounts, or your emails. We are wrong.

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues.

As you scale microservices adoption in your organization, the chances are high that you are managing multiple clusters, different environments, teams, providers, and different applications, each with its own set of requirements. As complexity increases, the question is: How do you scale policies without scaling complexity and the risk of your applications getting exposed?

Chatbots and Virtual Assistants (VAs) are becoming increasingly popular as businesses accommodate the diverse needs of the digital industry. These tools give companies, no matter how small, the ability to answer their audiences, provide assistance, and solve problems, driving traffic during off-hours and with minimal staff. As a result, chatbots are one of the most effective features you can add to your website. And yet, chatbots present a risk.

If you know someone who actually likes managing work across projects, we’d love to meet this mythical being. Because we can’t imagine who enjoys hand-sifting through digital piles of notifications, prioritizing issues, then tracking down the right developer to assign the issue to. And once you’re done with that detective work, your engineer-of-the-hour may not even have access to the right tools to resolve the issue. Who’s got time for all this org chart spelunking?

Why do APIs require authentication in the first place? Users don't always need keys for read-only APIs. However, most commercial APIs require permission via API keys or other ways. Users might make an unlimited number of API calls without needing to register if your API had no security. Allowing limitless requests would make it impossible to develop a business structure for your API. Furthermore, without authentication, it would be difficult to link requests to individual user data.

This post will highlight and explain the importance of a pluggable data plane. But in order to do so, we first need an analogy. It’s time to talk about a brick garden wall! Imagine you have been asked to repair a brick garden wall, because one brick has cracked through in the summer sun. You have the equipment you need, so the size of the job will depend to a great extent on how easily the brick can be removed from the wall without interfering with all the ones around it. Good luck.

As most MSPs know, small- and medium-sized businesses are the most likely targets for cyberattacks. They lack many of the resources and infrastructure of their larger counterparts and a single cyberattack can be devastating. Analyzing and remediating vulnerabilities is an essential part of any security program. But current vulnerability management processes spit out long lists of instances that may or may not need remediation.

You may know that PagerDuty has over 600 integrations that add a wide variety of functionality to the core platform and workflows. Some integrations provide upstream data sources like metrics and monitoring. Some are for downstream capabilities like reporting. And some interesting integrations help you in the moment when you are responding to an incident. Teleport provides secure access to applications, cloud infrastructure, databases, and Kubernetes environments without getting in your way.

For our latest specialist interview in our series speaking to technology leaders from around the world, we’ve welcomed Charles Denyer. Charles is an Austin-based cybersecurity and national security expert who has worked with hundreds of US and international organizations. He is a founding member and senior partner in two consulting and compliance firms.

“What happened?” If you’ve never uttered those words, this blog isn’t for you. For those of us in cybersecurity, this pint-sized phrase triggers memories of unforeseen security incidents and long email threads with the CISO. What happened to those security patches? Why didn’t we prevent that intrusion? Organizations tend to lean towards protecting their borders and less towards understanding the importance of overall security hygiene.

Government agencies and some regulated industries have adopted standards (such as NIST SP 800-157) for issuing smart cards, based on the user’s validated and confirmed identity. The smart cards have digital certificates such as an authentication certification, a signing certificate, and an encryption private key (certificate). Often the smart cards also act as human recognizable identity validation cards and contain the user’s picture (for a guard to validate at a door or gate).

In the latest instalment of our interviews speaking to leaders throughout the world of tech, we’ve welcomed Lia Edwards. Lia leads the consultancy side of Threat Protect’s service offering having operated as CIO for several multinational corporations, including Fresnel before co-founding Threat Protect, where she provides consultancy and support on compliance and audit projects, working with clients such as KPMG among others.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Leen Neuman, a Front End Engineer at Torq, based in our Tel Aviv office.

An infamous cyberattack in late 2020 made SolarWinds a household name in the tech industry after it was discovered to be at the center of a supply-chain attack on its Orion network management tool. That attack allowed state-sponsored actors to push a malicious update to nearly 18,000 customers, including U.S. government agencies and about 100 large private enterprises.

Within the initial blog in this series, we discussed ransomware attacks and their remediation on Android mobile devices. Part 2 addresses potential ransomware exploits and their remediation on iOS, iPadOS mobile devices and macOS desktops.

Should all incidents be treated the same? Seems like a simple question, but the answer can have big implications. Think about an employee who contacts the service desk, complaining they can’t log onto their email. If the issue is due to a ‘stale’ password, dropped connection or configuration issue after an update for the email server, then the impact on the organization can be quantified to the lost productivity for the impacted employee or employees.

Cyberthreats including malware, viruses, and other security hazards are constantly evolving and becoming more dangerous and harder to detect. This makes it quite difficult to keep your data and information protected nowadays. Unless you are sure that you are absolutely protected, which is wishful thinking, you remain at risk of attacks by the latest strains of malware and security threats.

The #LifeatTorq Team Spotlight is a Q&A series dedicated to the talented and generally kick-ass team that form the foundation of our growing company. Today we are spotlighting Ori Seri, an R&D team leader at Torq, based in our Tel Aviv office. Tell us a bit about your career path before Torq. Ori: I was an officer in an Israeli Defense Forces (IDF) Intelligence unit early on. Then I worked at a startup called Nuweba, where I began as an engineer, and later led an R&D team there.

We are excited to announce Calico Enterprise 3.9, which provides faster and simpler live troubleshooting using Dynamic Packet Capture for organizations while meeting regulatory and compliance requirements to access the underlying data. The release makes application-level observability resource-efficient, less security intrusive, and easier to manage. It also includes pod-to-pod encryption with Microsoft AKS and AWS EKS with AWS CNI.

JFrog Security research teams are constantly looking for new and previously unknown vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a potentially critical vulnerability in HAProxy, a widely used open-source load balancer proxy server that is particularly suited for very high traffic web sites and used by many leading companies.

The times when it was enough to install an antivirus to protect yourself from hackers are long gone. We actually don’t hear much about viruses anymore. However, nowadays, there are many different, more internet-based threats. And unfortunately, you don’t need to be a million-dollar company to become a target of an attack. Hackers these days use automated scanners that search for vulnerable machines all over the internet. One such modern threat is a traffic analysis attack.

Security testing is a key component of software quality. A program may meet functionality and performance requirements, but that does not guarantee security. In this blog post I will present different security testing methods and provide a few tips for conducting a more secure code review. But first, let’s understand what software security is intended for.

Security is a top-of-mind topic for software companies, especially those that have experienced security breaches. Companies must secure data to avoid nefarious attacks and meet standards such as HIPAA and GDPR. Audit logs record the actions of all agents against your Elasticsearch resources. Companies can use audit logs to track activity throughout their platform to ensure usage is valid and log when events are blocked.

Cloud monitoring and observability can involve all kinds of stakeholders. From DevOps engineers, to site reliability engineers, to Software Engineers, there are many reasons today’s technical roles would want to see exactly what is happening in production, and why specific events are happening. However, does that mean you’d want everyone in the company to access all of the data?

One of the foundations of GitOps is the usage of Git as the source of truth for the whole system. While most people are familiar with the practice of storing the application source code in version control, GitOps dictates that you should also store all the other parts of your application, such as configuration, kubernetes manifests, db scripts, cluster definitions, etc. But what about secrets? How can you use secrets with GitOps?

A May 2021 executive order mandated that federal government agencies invest in both technology and personnel to centralize and streamline access to cybersecurity data, accelerate migration to secure cloud architectures, and advance toward a zero-trust architecture. A zero-trust architecture doesn’t refer to a predefined, out-of-the-box network security solution. It’s a strategy based on an agency’s cybersecurity plan that contains a collection of zero-trust concepts.

With the advent of cybercrime in recent years, tracking malicious online activities has become imperative for protecting operations in national security, public safety, law and government enforcement along with protecting private citizens. Consequently, the field of computer forensics is growing, now that legal entities and law enforcement has realized the value IT professionals can deliver.

The ultimate success of any security monitoring platform depends largely on two fundamental requirements – its ability to accurately and efficiently surface threats and its level of integration with adjacent systems. In the world of SIEM, this is perhaps more relevant than any other element of contemporary IT security infrastructure.

The cybersecurity state of affairs can be described as too complex today. There is an enormous number of threats endangering sensitive data for the average IT team to cope with. Threats ranging from exposure of physical assets stored in an office, to “social engineering” attacks resulting in unauthorized access, or even threats that exploit obscure software vulnerabilities.