What is Zero Trust? Despite what some may think, Zero Trust is not just a marketing buzzword that cybersecurity vendors love to trot out in their pitch decks. Zero Trust is a security framework requiring all users, whether in or outside the organization's network, [...]
As technology continues to evolve, so does the need to secure it. A well-run machine identity authentication protocol ensures that machines or devices have the appropriate access to resources, while also providing the DevOps team visibility and control over their activities. All businesses are [...]
DevSecOps has become both a best practice and a challenge in the world of software development and security. It offers a combination of the agility of DevOps with the security mindset of InfoSec. By integrating security into the development process, organizations can ensure that [...]
The cybersecurity space is crowded with vendors who make big claims about their solutions. "What" the products deliver are generally the same -- improve an organization's security posture, minimize vulnerability to cyber threats. But what is most interesting to us (and more complicated to [...]
The world can feel especially fraught with uncertainty and danger right now, and in fact, cyber risks top worldwide concerns in 2022. There were many high-profile breaches in 2021, and ransomware came on with a vengeance, targeting many small and medium businesses, underlining the importance [...]
This Tech Republic article details new critical vulnerabilities uncovered by researchers at Claroty’s Team82, who were motivated to do their research based on the inexorable migration to the cloud for central management of industrial control systems (ICS) and other Operational Technology (OT), i.e., the things [...]
Convenience will beat security if given the chance. Users compromise security with work-arounds for security practices that are inconvenient. We design systems that are reliant on our functional definition of a trusted user. All too frequently we have invited a trusted user into our network [...]
In a May 20 podcast hosted by The Cipher Brief, The Atlantic Council Cyber Statecraft Initiative discussed the Solarwinds/Sunburst attack that has shone a spotlight on supply chain vulnerabilities, and is covered in the Council’s recent report titled "Broken Trust: Lessons from Sunburst." A characteristic [...]
Today network protection means intrusion and malware detection from inside the network after the attacker has penetrated the boundary of your system. This is a nightmare scenario. It means that -- assuming you detect the intruders -- the adversary is already inside your network. Adversaries [...]
