There are plenty of IT horror stories out there that show just how catastrophic cyberattacks can be for businesses. In addition, the amount of cyberattacks that occur is increasing year by year. Internet users worldwide saw approximately 52 million data breaches during the second quarter of 2022, as shown by Statista’s 2022 cybercrime review. To fight these cyberattacks and protect their businesses, organizations have adopted the zero trust model.

Hello, and welcome to the April edition of the changelog. The weather is finally starting to stabilize and resembles one rather than all the seasons. Parks are full of colors and goslings, and at Kosli we’re as busy as ever, so let’s get right into it.

If you’re part of a software engineering team in digital health, medtech, medical devices, Software as a Medical Device (SaMD), etc. you have to comply with regulatory standards. And one of the biggest challenges engineering leads have in this sector is figuring out what they have to do to achieve software delivery compliance.

Nine. Million. Dollars. Well, $9.44 million to be exact for your average data breach according to the latest report from IBM, Cost of a Data Breach Report 2022. From 2017 to 2022, that number has only continued increasing from $7.35 million, an almost 30% increase in just five years. For a small company, a security breach can be the difference between staying open or closing the business. And for a Fortune 500 enterprise, that cost will be more severe.

Security awareness is at an all time high. Companies need the right tools to support innovation while building digital trust that users demand. Learn how Cisco Secure Application can help solve this challenge. Security awareness skyrockets with every breach. In response, users are doubling down on vetting the trustworthiness of companies before transacting.

Kubernetes is a highly popular and widely used container orchestration platform designed to deploy and manage containerized applications at a scale, with strong horizontal scaling capabilities that can support up to 5,000 nodes; the only limit in adding nodes to your cluster is your budget. However, its vertical scaling is restricted by its default configurations, with a cap of 110 pods per node.

Have you ever had to debug an environment and found it hard to understand exactly what had changed? In the worst case scenarios you have to figure this out during high-pressure situations, like when an outage or regression has happened. Digging through platform logs and cloud consoles is a real nightmare, and it’s often futile because the information has disappeared.

On behalf of the Canonical confidential computing team, I am happy to announce the limited preview of Ubuntu Confidential VMs with Intel TDX on Microsoft Azure. As part of the DCev5-series and ECesv5-series VMs, they’re available for you to try today! This exciting development is an important milestone in Ubuntu’s journey to power the confidential public cloud of the future.

We’re excited to announce an expanded partnership with CrowdStrike and introduce CrowdStream, a powerful new native platform capability that enables customers to seamlessly connect any data source to the CrowdStrike Falcon platform.

This year, organizations around the world are focused on strengthening their endpoint security, especially since the average cost of data breaches is rising significantly. IBM’s data breach report confirms that the average global cost of a data breach is 4.35 million, and the U.S. average cost is 9.44 million. Endpoint security is a part of a cybersecurity program that prevents threats and attacks from damaging an IT environment.

Blob storage is a cloud-based service offered by various cloud providers, designed to store vast amounts of unstructured data such as images, videos, documents, and other types of files. It is highly scalable, cost-effective, and durable, making it an ideal choice for organizations that need to store and manage large data sets for applications like websites, mobile apps, and data analytics.

Businesses have a growing number of endpoints in their IT environments. Endpoints give end users tools to increase their productivity, get quick access to information they need, and connect with other fellow end users. However, there are risks that come with having these devices, such as cyberattacks and losing money due to endpoint maintenance issues.

President Joe Biden signed the Strengthening American Cybersecurity Act into law in March of 2022. The Act consists of various regulations, but it’s the security incident reporting requirements that are creating a stir in the IT community. Currently, the reporting requirements are focused on critical infrastructure, but there is a great deal of potential that entities in various industries could ultimately be subject to these requirements.

Your code base is growing more and more by the minute alongside the apps your business uses and develops. To give some context, the Linux Foundation Report estimated that “Free and Open Source Software (FOSS) constitutes 70-90% of any given piece of modern software solutions”. This means that 70-90% of your final software possibly depends on OSS.

The EO 14028 regarding supply chain security and the need to generate a Software Bill of Materials feels closer to more and more organizations. It might feel like a threat - and that’s a fair feeling. The whole topic of Billing of Materials is not new, but it is a relatively recent trend for software.

A data-driven approach to cybersecurity provides the situational awareness to see what’s happening with our infrastructure, but this approach also requires people to interact with the data. That’s how we bring meaning to the data and make those decisions that, as yet, computers can’t make for us. In this post, Phil Gervasi unpacks what it means to have a data-driven approach to cybersecurity.

Although the terms “patch management” and “vulnerability management” are often used interchangeably, they are not the same process. Patch management and vulneradbility management are two processes that go hand-in-hand towards supporting a secure, efficient, and up-to-date IT infrastructure. Compare patch management vs. vulnerability management and see why both are essential for a secure IT environment.

Hello, and welcome to the March edition of the changelog. Spring is on her way, days are now longer than nights (at least in the northern hemisphere where me and my Kosli colleagues reside) and new Kosli features are popping up like snowdrops. We have the latest release of the CLI and a bunch of other stuff to share with you, so let’s get right into it.

A quick look at headlines emanating from this year’s sold out KubeCon + CloudNativeCon Europe underlines the fact that Kubernetes security has risen to the fore among practitioners and vendors alike. As is typically the case with our favorite technologies, we’ve reached that point where people are determined to ensure security measures aren’t “tacked on after the fact” as related to the wildly-popular container orchestration system.

As version 4.0.4, we are excited to announce the capability of Cribl’s webhook to write to any destinations and APIs that requires OAuth including Microsoft Sentinel. Cribl has long supported OAuth in many destinations through native integrations but with the enhanced Webhook we can now write to any destination that require OAuth authentication.

To provide proper visibility into the health and status of your systems, observability tools require access to the internal and external services you’re using, and Sensu is no different. In the past, this could mean exposing sensitive authentication credentials like usernames and passwords with local environment variables or even by including the secret information in your monitoring configuration.

Endpoints are the doorways to your organization’s data, resources, and other critical information. Unfortunately, cybercriminals are well-aware of these “doorways,” and often use endpoints as entryways for their cyberattacks. Today, the average enterprise uses and manages around 135,000 devices, and this number continues to grow every year. This means that organizations, now more than ever, need to protect their vulnerable endpoints.

Microsoft Azure Key Vault is a cloud-based service designed to help organizations securely store and manage sensitive information such as encryption keys, secrets, and certificates. As more organizations migrate to cloud services, ensuring the security of sensitive data and applications is crucial. In this comprehensive guide, we will discuss Azure Key Vault with a focus on securing Blob Storage, providing how-to guides and best practices.

Today we’re excited to announce the InfluxDB add-on for Ockam Orchestrator. Through the use of the add-on, customers that are using InfluxDB Cloud can use Ockam to improve their security posture by automatically granting uniquely identifiable, least privilege, time-limited credentials for any client that needs to connect to InfluxDB Cloud.

The 5 Biggest Threats: You may have found your business is relying on mobile devices more and more. The computing power of phones and tablets can now equal that of your average desktop computer, but their portability makes them far more useful in a remote working environment. With the number of online communications options available to mobile devices, making a call on a mobile phone is almost an afterthought – but with a cloud business phone system, it is an option that is supported.

With every new device, application and website that your users and employees have to log in to, they have to create a new password. It’s no wonder then that they find this overwhelming. So, what do they do? They create a password that is easy to remember — something like “123456” or perhaps their birth date. Then, to keep it simple, they use the same password over and over again. On top of that, they opt for their browsers and devices to remember these passwords.

By 2030, experts predict that there will be over 40 million connected devices worldwide. These “devices” are a variety of endpoints, such as laptops, smartphones, computers, and more. Businesses and organizations around the world rely on these endpoints to complete tasks, communicate, and access information. In this overview, we’ll go over the different types of endpoint devices and how they affect an IT environment.

Why do we want to eliminate trust? Isn’t trust a good thing that we should foster and grow? And shouldn’t computing platforms trust their end-users, and vice versa? The short answer is no. And I would argue that the very goal of system security has always been to reduce trust.

Endpoint (or device) hardening is the concept of reinforcing security at the device level. Because securing endpoints is fundamental to every other security action you take, it’s important to invest as much as you can into endpoint hardening. According to research conducted by Ponemon with Keeper Security, 81% of businesses experiencing an attack in 2020 were faced with some form of malware. Other forms of attack also included credential theft, compromised/stolen devices, and account takeover.

Having a list of software that is allowed to be installed on a host is a strategy to prevent and fix security gaps and maintain compliance with operational guidelines. This zero-trust methodology ensures that only explicitly permitted applications are allowed to be present on a host unlike package block-listing which enumerates an explicit list of software that is not allowed to be present. In fact, with a software allow-list, you are essentially block-listing everything except the software you allow.

Seeing your website flagged as deceptive by Google or other search engines is enough to spoil anyone's day. You've spent long hours creating a site, only for users to be informed that it is a cybersecurity risk. But what can you do? Should you scrap the whole thing and start again? Today we'll explore why your website has been flagged as deceptive. We'll also look at what you can do to overcome the issue.

In this live stream, CDW’s Brenden Morgenthaler and I discuss a foundational issue with many security programs — having the right data to detect issues and make fast decisions. Data drives every facet of security, so bad or incomplete data weakens your overall program. Watch the video or continue reading below to learn about these issues and the strategies we use to solve security’s data problem.

The shortcoming of traditional SIEM implementations can be traced back to big data analytics challenges. Fast analysis requires centralizing huge amounts of security event data in one place. As a result, many strained SIEM deployments can feel heavy, require hours of configuration, and return slow queries. Logz.io Cloud SIEM was designed as a scalable, low-maintenance, and reliable alternative. As a result, getting started isn’t particularly hard.

If you’re in need of new SIEM tooling, it can be more complicated than ever to separate what’s real and what’s spin. Yes, Logz.io is a SIEM vendor. But we have people in our organization with years of cybersecurity experience, and they wanted to share thoughts on how best to address the current market. Our own Matt Hines and Eric Thomas recently hosted a webinar running through what to look out for titled: Keep it SIEM-ple: Debunking Vendor Nonsense. Watch the replay below.

In today’s world, the fitness of compliance and risk professionals is being tested like never before. Like the surfers who founded ServiceNow, we must find ways to get ahead of each new wave of federal and global regulations and ride as gracefully as we can—or wipe out. The key is to be proactive rather than reactive. No matter the regulation or resources at one’s disposal, the basic principles of establishing a strong compliance practice cannot be ignored.