Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Introduction to SBOMs - What is it and do I need one? - Cloudsmith's Unpacked Conference 2023

Software Bill of Materials (SBOM) are new and exciting, but what do they actually do and do you REALLY need one? If you read any security news lately, it seems like everyone is talking about how an SBOM can solve whatever problem they have, and they are years into their SBOM journey. But many of us don’t even know what they are.

Real World Strategies for Securing the Software Supply Chain - Cloudsmith's Unpacked Conference 2023

While "secure software supply chain" can feel like a buzzword, the past 18 months have shown companies, open-source communities, and vendors making significant progress toward making it a reality. In this panel discussion, real-world practitioners will share their insights and experiences in securing the software supply chain. The panelists will cover a range of topics, from best practices in vulnerability management, risk assessment of open-source dependencies, and generating authenticated provenance, to the challenges of integrating security into the DevOps workflow. They will provide actionable strategies for improving security while maintaining development speed, and share real-world examples of how their organizations have successfully secured their software supply chains.

Why Scammers Want Your Information and How to Protect Yourself Online

In the digital age, where our lives are interlinked with technology, protecting ourselves from online threats has become the prime concern. Scammers are constantly evolving their tactics to exploit unsuspecting individuals for their personal information, which can lead to identity theft, financial loss, and other detrimental consequences. Understanding why scammers want your information and adopting effective protective measures to combat it can help safeguard your online presence. This article explores the motives behind scammers' actions and provides practical tips to enhance your online security.

The Evils of Data Debt

In this livestream, Jackie McGuire and I discuss the harmful effects of data debt on observability and security teams. Data debt is a pervasive problem that increases costs and produces poor results across observability and security. Simply put — garbage in equals garbage out. We delve into what data debt is and some long term solutions. You can also subscribe to Cribl’s podcast to listen on the go!

Applying Zero Trust to Data Centre Networks

Zero trust isn’t an approach that can be delivered by buying a single product that claims to provide it. Instead, it is an approach that needs to be understood and implemented in complementary ways across an organization’s IT systems. We recently hosted a webinar titled Applying Zero Trust to Data Centre Networks to provide guidance on how organizations can use zero trust to enhance the security of their IT systems. The webinar details are below, after a summary of the topics covered.

The 8 Best Practices for Reducing Your Organization's Attack Surface

Increases in attack surface size lead to increased cybersecurity risk. Thus, logically, decreases in attack surface size lead to decreased cybersecurity risk. While some attack surface management solutions offer remediation capabilities that aid in this effort, remediation is reactive. As with all things related to security and risk management, being proactive is preferred. The good news is that ASM solutions aren't the only weapons security teams have in the attack surface fight.

How Implementing Risk-Based Patch Management Prioritizes Active Exploits

Resistance to change is always present, especially if you think the processes you have in place are efficient and effective. Many organizations feel this way about their software management procedures until they have a security breach or incident and are left wondering where they went wrong. The reality is that most patch management programs are built on assumptions and recommendations, rather than facts about actively exploited vulnerabilities. Risk-based patch management is the answer to this issue.

Data security at scale: How IT modernization impacts cybersecurity and data access for the U.S. Department of Defense

As more and more of the public sector enact large-scale digital transformation initiatives, government organizations must find new ways to manage massive amounts of data securely while maintaining compliance. With new mandates from the Biden administration to enhance cybersecurity best practices in both the private and public sectors, organizations like the Department of Defense (DoD) face new challenges to their data management and communication practices.

The Definitive Guide to IT Risk Management

IT Risk Management ensures all IT risks are properly spotted and dealt with in an efficient and safe manner. It can protect your environment and its users from internal and external threats and help your organization meet its Governance, Risk, and Compliance (GRC) obligations. If you’re searching for reliable and proficient ways to keep your workplace protected, you’re in the right place. In this article we will explore the full scope of Risk Management and the benefits that come with it.

Top 5 cloud security risks

Cloud security is a constant concern and tends to revolve around common themes - how do you give intended users access to the data and systems their clearance allows, while maintaining a good user experience; and how do you keep unintended users or malicious bots out? In the entanglement of systems, services, and applications that make up a modern IT infrastructure, this is a lot harder to balance in practice than it is on paper.