Security is more important than ever. Cybersecurity has been a problem from the start of IT and it will be till the end. It all started with endpoint and network security, but today, we are also facing with cloudsecurity and managing employees to incorporate good security practices.
All these new technologies that help us innovate also helps cybercriminals and state sponsored hackers to get new tools they can use to get access to our systems, and in a worst case scenario, access to our most valuable data and business secrets. Also, with new legislation in place like GDPR, you need to make sure everything is secure, otherwise you just don’t lose your reputation, but you can also be fined by the government. Protecting IT-environments is more important than ever.
Your first line of defense is usually endpoint protection. The devices your employees work with need to be protected against ransomware and other malware which can bring lots and lots of trouble. This nowadays the most basic form of protection and many of the bigger vendors and suites can help you achieve this.
Network security is a bit more advanced, where you can manage which traffic goes across your network. You can also connect different networks together with e.g. SD-WAN. So, you can run protection software and share data between multiple locations. The trend we see in network protection on the datacenter side is to lock down the traffic by only allowing known, benevolent traffic sources. Regarding office networking, we see new initiatives like ZScaler coming up, where you tunnel all your staff over the network of ZScaler so they can analyse the traffic and block patterns that they marked as malicious. Especially for companies with employees that travel a lot, this is a smart solution.
Many thought that bringing workloads to the cloud would reduce their responsibility of doing security. It is now clear that this is not the case. Most cloud vendors practice the “shared responsibility” approach. This means that big hyperscalers can offer a first line of defense against well known threats and port scanners. For the more sophisticated attacks that are directly pointed at your servers, you need to have your protection in place.
Security firm LogRhythm recently presented Axon, a cloud-based SecOps platform. The platform should give security professionals insight into cloud-based and on-premises log sources. According to LogRhythm, the solution helps security professionals solve and counter security problems and challeng... Read more
2 years ago
Google provided an update on the development of Manifest V3, the first-next version of the platform that powers extensions on Google Chrome. If everything goes according to plan, users and developers will be transitioned to Manifest V3 in January 2023. "Years in the making, Manifest V3 is more ... Read more
2 years ago
Most incident response professionals seek help for mental health problems, according to a new report from IBM Security. More than half experience stress and anxiety in their daily lives. The Cybersecurity Awareness Month kicked off on October 1. Over the course of the month, EU and US security a... Read more
2 years ago
Microsoft confirms that cybercriminals are exploiting two zero-day vulnerabilities in Exchange Server 2013, 2016 and 2019. The vulnerabilities allow cybercriminals to conduct remote code execution attacks. The bugs were discovered by GTSC. The security company published a mitigation guide. The ... Read more
2 years ago
Zscaler announced the acquisition of ShiftRight. The startup's software helps organizations manage the responsibility and accountability of security teams. An important asset, Zscaler says, because many companies don't know which departments are responsible for which security measures. ShiftRig... Read more
2 years ago
Telecom industry association GSMA launched a collaboration with IBM and Vodafone to integrate post-quantum encryption into the telecom industry. The trio will become part of the GSMA Post-Quantum Telco Network Taskforce. The partners aim to develop policies, guidelines and workflows for post-qua... Read more
2 years ago
A recent analysis from security firm Arctic Wolf indicates a considerable increase in Business Email Compromise (BEC) attacks in the first half of 2022. According to data analysis and observations from Arctic Wolf's incident response department Tetra Defense, BEC attacks currently account for m... Read more
2 years ago
Researchers discovered a never-before-seen cross-platform malware variant that infected various Linux and Windows systems, including tiny office routers, FreeBSD machines and huge business servers. Black Lotus Labs, the research branch of security firm Lumen, named the malware 'Chaos', a term th... Read more
2 years ago
A never-before-seen attack method allows cybercriminals to infiltrate VMware ESXi hypervisors. A report from security firm Mandiant reveals that the technique was used by an unknown threat actor to attack organizations in the wild. VMware ESXi is one of the world's most widely used hypervisors.... Read more
2 years ago
Auth0, an authentication service provider and Okta subsidiary, has reported a security incident impacting several of its code repositories. Over 2,000 business clients from 30 countries utilize Auth0's authentication technology to verify over 42 million daily logins. Notable clients include AM... Read more
2 years ago
