Reactive vs. Proactive Security: Which Is Better?
As networks and technology rapidly evolve, many organizations face the challenges of expanding their attack surface. A truly successful approach to dealing with these challenges involves multiple layers of protection that encompass networks, devices, data and people. And to add more fuel to issues brought on by technology and security sprawl growth, malicious actors are constantly working on new techniques, tools and methods to execute attacks on organizations’ data.
Shadow IT and Its Security Risks - Managing the Unseen
Cloud computing is beneficial. Many organizations already know this and are reaping the benefits cloud adoption has brought them: reduced IT costs, scalability, collaboration efficiency and, above all else, flexibility in accessing storage and software to meet their needs. Users can now more easily engage services and solutions that will make their everyday jobs easier.
Cyber Extortion: Definition, Examples and Prevention
In 2020, Travelex—the world’s largest currency dealer at the time—was caught in the middle of a public and devastating cyber extortion campaign. Attackers exploited a vulnerability in the Pulse Connect Secure VPN (which had a patch available) to extract data, for which they demanded payment of a $6 million ransom in exchange for its release.
Risks of Expired SSL Certificates
SSL certificates have become an integral part of today’s internet. Allowing the encryption of traffic between host and client has opened up multiple opportunities for services to be accessed from anywhere, further expanding the scope of possibilities the internet has to offer.
Top 10 Cloud Migration Mistakes and How to Avoid Them
Organizations are rushing to move their applications and data to the cloud as cloud adoption rates keep soaring year after year. Whatever the industry or size of an organization, it’s apparent that everyone is moving to the cloud.
Top 10 Cloud Security Threats and How to Mitigate Them
One thing’s for sure: cloud adoption is going mainstream. It’s grown increasingly obvious that cloud computing has continuously transformed the way organizations of all sizes access, store and share data, thanks to its many benefits of rapid deployment, flexibility, low costs and scalability. But its interconnectedness and many other advantages aren’t the only things cloud computing has brought along with it—security challenges are emerging in today’s cloud era.
Attack Surface Monitoring: Definition, Benefits and Best Practices
The firewall, IDSs, EDR platforms and proxies are your first line of defence. They’re the locks to your entire network, and your scanners are the security cameras that allow you to see what goes on inside. And while these security controls traditionally help to achieve a decent security posture, the threat landscape is rapidly and constantly changing—along with your attack surface.
Top 5 Tips for Securing Your Dev & Test Environments, and Why You Should
In his seminal work, The Mythical Man-Month, Frederick Brooks Jr. tells us that software development is homologous to a tar pit where many efforts flounder regardless of the appealing nature of the task or the relative tractability of the underlying physical medium. In what he calls one of the “woes of the craft”, the author goes on to explain that the pervasive optimism among programmers regarding the conception of a software project is rarely maintained after we take into account the set of complex interdependencies commensurate with others’ skills and objectives.
Infrastructure as Code: Is It as Secure as It Seems?
Alongside the rise of public clouds, managing the infrastructure of private clouds has never been easier. Tools like Terraform are available, but increasing dependence on them means it’s necessary to understand the security implications they present. After all, your entire infrastructure is dependent on, and accessible through, such a configuration—it’s essentially infrastructure as code, or “IAC”, passed through a tool like Terraform.
Attack Surface Management: You Can’t Secure What You Can’t See
A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility.