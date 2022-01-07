ContributorsPublishersAdvertisers
What differentiates successful security operations?

By Andrew Saluke
 3 days ago

We have been fortunate to partner with customers who have built successful security operations programs and teams. These groups have recruited highly skilled professionals and demonstrate value for their organizations. They navigate common security challenges – as well as challenges distinct to specific organizations or industries. But not...

Enterprise API Security: Why Enterprises Need A Proactive Approach

Enterprise API security is a top priority for any business using api and digital transformation solutions. Public cloud adoption and modern application architectures are causing API usage to surge, which in turn has created cascading security issues. For the past several years, the industry’s primary focus has been to protect...
COMPUTERS
Cybersecurity & information security resources I used in 2021

2021 was a year of learning and productivity, and 2022 will be no different. I have improved my Twitter thread that focused on cybersecurity learning resources. This list includes virtual labs, hands-on training, and the potential to earn certificates. This thread includes free & paid resources. TryHackMe (@RealTryHackMe) TryHackMe provides...
COMPUTERS
This is the Year to Create a Cybersecurity Culture

Many of the cybersecurity predictions for 2022 are, well, predictable. Ransomware will continue to wreak havoc across different industries. Watch for attacks against critical infrastructure. Deep fakes will be used to spread disinformation in the upcoming midterm elections. And expect to hear a lot more about the metaverse and criminal activity.
ECONOMY
Ericom Software Reports Record Sales and ARR Growth in 2021

“You can’t win a game if you don’t score any points”. The world lost a great one with the passing of John Madden over the holidays. After watching a tribute to him with my family, the quote above stuck with me. So many of his sayings were simple yet had depth upon reflection, and this one is just as meaningful off the playing field, for life in general as well as for business.
TECHNOLOGY
Tracking Adversaries in AWS using Anomaly Detection, Part 2

The first part of this series explored minimizing the impact of a breach by identifying malicious actors’ anomalous behavior and taking action. In part two, we will go through the cyber “kill chain” with Pacu and explain how to use automated analysis to detect anomalous behavior. While...
SOFTWARE
Is Your Supply Chain Secure?

In 2021, there were a number of major supply chain attacks that crippled multiple companies. Think back to the Kaseya attack in July, or, even before that, the SolarWinds attack that came to light in December 2020. In October 2021, Broward Health in Florida was compromised through a third-party supply chain vulnerability.
FLORIDA STATE
Master Your Craft and Avoid Security Tool Sprawl

Teenage me wanted a Gibson Les Paul to perform the grunge music that was flourishing at the time, but I spent more time installing beta software on my PCs and causing mayhem on IRC than learning how to play. My nephew, on the other hand, spent time learning the basics and has become a great player. The lesson is clear: buying something won’t automatically imbue the owner with expertise. The same holds true when you purchase cybersecurity technology.
SOFTWARE
Economy
Can We Lighten the Cybersecurity Load for Heavy Industries?

One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the industry has been, where it is going, and some of the progress being made to secure critical infrastructure.
TECHNOLOGY
Securing Onboarding and Offboarding in the Cloud

One of the most fundamental challenges of securing the identity-defined perimeter is efficiently managing and securing the cloud identity life cycle. This priority comes into sharpest focus with offboarding users—or, more accurately, the failure of so many organizations to revoke standing access privileges to DevOps environments and other sensitive IT resources.
COMPUTERS
Code Dx wins CybersecAsia award for Best in Application Development Security

Code Dx was recognized for its leadership in application security development. Learn how Code Dx helps to build trust in your software. Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best in Application Development Security. This achievement underscores Code Dx’s leadership as an application security orchestration and correlation (ASOC) solution, providing organizations with a way to centralize and automate the most labor-intensive parts of software security—risk assessment, triage, and remediation.
COMPUTERS
Analyst Notes – Big Funding for PlainID, iProov and Xage – Blockchain for Access Control

A few items that have popped into The Cyber Hut inboxes over the past couple weeks relating to funding and vendor news. PlainID announced in December they had received a Series C investment round topping $75 million. This was lead by Insight Partners. PlainID are a leading authorization platform player that was founded in 2014. This Series C takes their total funding to $96 million. Israeli based with LinkedIn listing over 70 employees, they focus upon a policy based access control model with centralised management and distributed enforcement. They list use cases across retail, healthcare and financial services and see a world with authorization being decoupled from the protected applications and the identity provider infrastructure that can provide authentication context into the downstream authorization platform. Drivers such as zero trust architecture, consent management, partner ecosystems and PII are all emerging and requiring authorization to be succesul.
ECONOMY
The workplace has changed. So should your building security strategy.

There’s no denying that the meaning of “workplace” has changed in every way possible. Now, working from anywhere is no longer a concept, but a reality. We’ve seen that there’s no single answer that works for every organization on how to define the workplace, whether they move to permanent remote work, bring employees back full time, or institute a hybrid, flexible model where employees can work in both the office and remotely. Each approach is unique to each individual organization, based on their own business needs and view on how best to attract and retain talent in today’s climate.
JOBS
Finite State Adds Binary Analysis to Catch Zero-Days

Finite State this week has added a binary analysis capability that enables device manufacturers to more easily identify zero-day vulnerabilities in software. Jeff Martin, vice president of product for Finite State, said this latest addition to the company’s risk analysis platform can quickly assess third-party components for zero-day vulnerabilities and other known common vulnerabilities and exposures (CVEs).
SOFTWARE
HackerNoon

What Tech Companies Should Watch Out for When Scaling Operations

Building a food delivery fleet of hundreds of robots is like teaching math to third graders. Their ability to learn and interact with their surroundings emotionally is a work in progress, but the sky is the limit. If carried out well, growth and success are very likely. Since starting in 2017, we’ve been scaling robotic technology to create smart cities while demonstrating to the general public and investors the extraordinary potential of the latest technological advances. Not only was company culture and automation important, but setting boundaries and acknowledging the difficulties of the competitive tech space are key to success. Most importantly, some of the most progressive companies deliberately take on employees with track records reflecting both failure and success as failing is an essential part of growth. So if your fintech launch doesn’t go to plan or SaaS doesn’t gain traction, however painful it may be to let go and move on, you’re not alone. Almost 60% of startups pivot by changing their business plan. With plans to grow tenfold next year and expand our team, this is what I’ve learned about scaling operations.
TECHNOLOGY
securitymagazine.com

Mobile security in 2022: What to expect & how to prepare

This past year was one of the most fruitful years in terms of cyberattacks. In fact, the number of data breaches through September of 2021 exceeded the total number of successful cyberattacks by 17% compared to 2020. Having that in mind, security leaders have the responsibility to look back at...
CELL PHONES
How to Enable DICE and TPM for Optimal Security

By 2030, more than 24 billion Internet of Things (IoT) devices will have entered our cities, workplaces and homes, according to Transforma Insights. For years, I have been working to make sure that these devices have a healthy immune system so that they can defend against malicious attacks. This begins with a root of trust. Without it, there is no way to determine the security of the system and every component around it. This opens the door for potential vulnerabilities. With every vertical market responsible for creating safe and secure devices-from smart home devices to satellite networks-there are building blocks that need to be assembled in the design and development stages of these devices. IT developers face many challenges when striving towards this, but there are some key lessons they can follow to be successful.
SOFTWARE
2021 Cybersecurity Wrap-up and Trends for 2022

As 2021 wraps up, we’re taking stock of the year from our cybersecurity point of view. After a tumultuous 2020, this year continued to be a roller coaster of new workplace conditions, disruptive cyberattacks and optimism in government action. Below we list our top 3 trends and hacks that...
TECHNOLOGY
How Is The Cloud Revolutionizing the Media Industry?

As with all industries, the COVID-19 pandemic has had a major impact on the media industry, creating significant challenges for media companies’ supply chains and operations. For example, during shelter-in-place limitations, media houses had to suspend production and post-production activities. The outcome? A significant dent in the telecasting of new programs. Furthermore, COVID-19’s major impact on many industries created a domino effect that’s put premium ad inventory in danger, bringing about a hit to media organizations’ incomes.
TECHNOLOGY
8 AppSec Metrics You Should Be Monitoring

We take a look at 3 important AppSec tools and 8 metrics you should track over time. What is not monitored is not measured. Application Security today is an increasingly data-driven practice that benchmarks success on measurable improvements in code quality and code security. But which metrics are the right ones and what do they mean? This post will cover metrics you should be monitoring for application security and why they matter.
SOFTWARE

