Operations | Monitoring | ITSM | DevOps | Cloud

What is Amazon Inspector? Monitoring and Alerting with Amazon Inspector

Amazon Inspector is an automated security assessment service that scans AWS workloads for vulnerabilities, misconfigurations, unintended network exposure and compliance risks, helping organizations enhance cloud security, detect threats, and meet regulatory requirements (such as ISO/IEC 27001, HIPAA, NIS 2 and SOC 2 Type 2) in real time. Amazon Inspector discovers and scans Amazon EC2 instances, container images in Amazon ECR (Elastic Container Registry), and Lambda functions.

Robocalls Aren't Going Away - But the FCC Is Taking Aim at a Big Vulnerability

If you've ever received a call that looked like it was from your bank or, worse, a family member, but turned out to be a scam, you're not alone. These spoofed calls continue to be a huge headache, not just for everyday people but for businesses, phone carriers, and regulators too. The good news? The FCC is stepping up again. Last week, the Federal Communications Commission released a new Notice of Proposed Rulemaking (NPRM) to close a serious gap in our defense against robocalls: non-IP networks.

How to Monitor PowerShell Activity and Detect PowerShell Exploitation Vulnerabilities

Why should you monitor PowerShell?…. PowerShell is a powerful automation tool, however its capabilities also make it a prime target for exploitation by cyber attackers. Implementing a robust, automated PowerShell monitoring solution is now essential to detect and prevent exploitation attacks before they compromise your systems. PowerShell is a powerful scripting tool that can automate tasks and manage systems, but its flexibility also makes it a target for abuse.

OWASP CI/CD Part 3: Dependency Chain Abuse

As more teams rely on public repositories in their software supply chain, the dependency chain has become both a critical foundation and a potential blind spot. Dependency chain abuse is not new, but a growing list of attack vectors - like typosquatting, dependency confusion, and now slopsquatting - means security leaders need to respond quickly as attackers adopt new techniques.

Part 2: Solving the Top 10 Problems with Vulnerability Management

Once again, we're back with all the answers. Traditional vulnerability management comes with many pitfalls, and we're counting down the solutions to all the problems you might be running into. Ivanti's Chris Goettl and Robert Waters break down the back five on our list: a periodic approach to remediation, poor prioritization, lack of business context, overreliance on patch management, and poor metrics and reporting.

Is Your Attack Surface Growing Faster Than Your Security?

In today's digital-first business environment, the race to adopt new technologies often outpaces the strategies to secure them. From cloud services to remote work tools, organizations are rapidly expanding their digital presence. However, with every new tool, platform, or endpoint comes a new potential vulnerability. This expanding "attack surface" can leave businesses exposed, especially if they don't actively monitor and manage it.

OWASP CI/CD Top 10: Inadequate IAM

In the race to ship software faster, many teams have turned to automation, decentralised tools, and powerful pipelines. But lurking under the surface of these streamlined processes is a growing and often invisible Identity and Access Management (IAM) threat vector. — a core vulnerability in modern CI/CD security.

Vulnerability Remediation: Automate VR Workflows with Puppet

Secure and resilient infrastructure is non-negotiable. Puppet Enterprise Advanced automates critical tasks like patching, configuration management, and compliance, strengthening your security posture and bridging the gap between security and operations. Deploy essential updates quickly, minimizing threats and maximizing efficiency.