Threatpost

JANUARY 24, 2019

A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.

Architecture 72

Architecture Risk DNS InfoSec 72

Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? In theory, clients and providers should proactively identify, evaluate and address information risks relating to or arising from professional services in order to avoid, reduce or limit the damage arising from such incidents.

Risk 72

Risk Energy and Utilities Computers and Electronics Telecommunications 72

Herjavec Group

MAY 17, 2021

Herjavec Group supports the Assessment, Design, Deployment, and Management of your IAM solutions through a comprehensive offering including Strategic Workshops, Advisory Services, Architecture & Implementation, and Managed IAM. Quickly detect risks and amend access entitlement issues associated with privileged users. Learn more?

InfoSec 52

InfoSec Marketing Technology B2C 52

CyberSecurity Insiders

JUNE 16, 2023

Cloud Security is often implemented with dedicated secure access service edge (SASE) architectures, including cloud access security brokers (CASBs). However, sensitive data is transmitted freely across internal and external APIs, increasing the risk of accidental or malicious exposure of different sensitive data types.

Risk 131

Risk Firewall Data breaches InfoSec 131

Security Boulevard

JULY 28, 2021

Meanwhile, a constant stream of new data exacerbates the privacy, productivity, and latency risks already slowing them down. . With 90% of the data risk surface in pre-production, it’s all too easy for an insecure dataset to slide out, so data must be made safe before it is copied to non-production environments.

Banking 142

Banking Marketing Digital transformation Risk 142

The Falcon's View

JANUARY 3, 2019

Consider, if you will, that fundamentally we in infosec want people to make better decisions. That's right, it's infosec. From a functional perspective, this means a few very specific things for infosec: 1) We must continue to work in a collaborative and consultative manner with everyone else in the organization.

InfoSec 40

InfoSec Engineering Digital transformation CISO 40

Security Boulevard

FEBRUARY 27, 2023

Our imaginary supermarket architecture consists of: A main supermarket store. So, if we apply this to our analogy, we could class this data as low risk. However, would you react the same way if a single piece of low-risk data is affected (i.e. The core of our analogy will be comparing supermarket stock to a business’s data.

InfoSec 52

InfoSec Cybersecurity Risk Technology 52

SC Magazine

JULY 13, 2021

Today’s columnist, Deborah Watson of Proofpoint, says with so much work conducted via virtual meetings, risk has increased and businesses have to pay more attention to an insider threat management program. Think of Insider Threat Management Programs (ITMPs) as a holistic focus on managing the risks that insiders pose to your corporate assets.

Risk 91

Risk InfoSec Media Technology 91

Notice Bored

JANUARY 9, 2021

In risk terms, the probability of Y2k incidents approached 100% certain and the personal or societal impacts could have been catastrophic under various credible scenarios - if (again) the Y2k monster wasn't slain before the new year's fireworks went off. Go ahead, show me the associated risk profiles and documented security architectures.

Internet 52

Internet Internet Risk InfoSec 52

Security Boulevard

JULY 13, 2023

Permalink The post BSides Knoxville 2023 – Sara Anstey – Educating Your Guesses: How To Quantify Risk and Uncertainty appeared first on Security Boulevard. Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel.

Education 75

Education Risk Architecture CISO 75

SecureWorld News

SEPTEMBER 7, 2023

The panel will tackle topics and questions, including: The potential risks quantum computing poses to current cryptographic methods. When will these risks come to fruition, and who are the main threat actors? Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr.

Encryption 112

Encryption Technology Risk Architecture 112

Security Boulevard

FEBRUARY 14, 2025

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) called buffer overflow vulnerabilities unforgivable defects that put national and economic security at risk.

Banking 64

Banking Cybercrime Cybersecurity Ransomware 64

eSecurity Planet

DECEMBER 20, 2023

Attack surface management aims to automate the process of discovering, assessing, and prioritizing vulnerabilities and third-party, digital supply chain, and cloud risks. It addresses both internal and external (EASM) risks. CAASM (cyber asset ASM) and DRPS (digital risk protection) are also related terms and elements of ASM.

Software 115

Software Risk Architecture Internet 115

Herjavec Group

APRIL 26, 2021

Third-party risk is a hot topic in the world of cybersecurity. The recent SolarWinds breach was a tough reminder that technological advancement will always carry inherent risks. former CEO of RSA Security) for a virtual fireside chat last week to chat about third-party risk. I joined Art Coviello, board member at SecZetta Inc.

Risk 52

Risk Government InfoSec Cybersecurity 52

Cisco Security

NOVEMBER 2, 2022

To top it off, Duo is connected to our SIEM and our InfoSec team is able to review detailed logs and setup alerts to be able to keep everything secure.” Duo’s Passwordless Architecture. This significantly improves the user experience and mitigates the risk of stolen credentials and man-in-the-middle (MiTM) attacks.

Authentication 145

Authentication Passwords Phishing Mobile 145

SC Magazine

FEBRUARY 8, 2021

He referenced an insurer’s role in designing pressure relief valves for the steam engines powering Philadelphia in the 1800s: “They said if you wanted to have insurance, you have to have this piece of architecture on your system.” In so doing, “they drove security or solutions to avoid large insurance claims.”. billion in premium.

Insurance 126

Insurance Cybersecurity Cyber Insurance Government 126

Herjavec Group

MARCH 24, 2022

Internet-facing architecture that is being ASV scanned has grown more complex over the last years with the implementation of HTTPS load balancers, web application firewalls, deep packet inspection capable intrusion detection/prevention (IDS/IPS) systems, and next-gen firewalls. Ensure that all of the above that do remain in web page *.html

Architecture 98

Architecture Firewall Penetration Testing eCommerce 98

CyberSecurity Insiders

FEBRUARY 3, 2022

It includes integration of Glyptodon Enterprise into Keeper Security’s zero-trust and zero-knowledge security and encryption architecture, resulting in a highly-secure, agentless remote access platform, without the need of a virtual private network (VPN). “In Keeper is SOC-2, FIPS 140-2 and ISO 27001 Certified.

Password Management 80

Password Management Passwords Encryption Data breaches 80

Notice Bored

JULY 21, 2022

The customer is apparently seeking guidance on integrating infosec into the development process, which begs the question "Which development process?". Reducing the problem to its fundamentals, there is a desire to end up with software/systems that are 'adequately secure', meaning no unacceptable information risks remain.

Software 72

Software Risk InfoSec Security Awareness 72

McAfee

DECEMBER 4, 2020

Cloud Risk & Adoption Report: Work-from-Home Edition. Now in beta with a target launch date of Q1, 2021, we built CNAPP to provide InfoSec teams broad visibility into their cloud native applications. The launch enables security teams to swiftly address security gaps in their architecture and easily improve security posture.

Cyber threats 94

Cyber threats InfoSec Big data Architecture 94

SC Magazine

MAY 1, 2021

Cedric Leighton is founder and president of Cedric Leighton Associates, a strategic risk and leadership management consultancy. Since founding Cedric Leighton Associates, he has become an internationally known strategic risk expert. Leighton is also a founding partner of CYFORIX, specializing in the field of cyber risk.

Computers and Electronics 126

Computers and Electronics Technology Education Information Security 126

SecureWorld News

MAY 16, 2023

Brennan is speaking at SecureWorld Chicago on June 8, tackling the topic of "I Can See Clearly Now, the Threats Are Gone: The State of InfoSec and Threat Intelligence Today." Mike Parkin, Senior Technical Engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, is a fan of the collaborative.

Cybersecurity 97

Cybersecurity Insurance Cyber Risk CISO 97

SecureWorld News

OCTOBER 19, 2023

Increased risk of cyberattacks The rising cost of living can lead to an increase in cybercrime, as people become more desperate to make money. Economic effects, including inflationary pressures, have had a broad impact across the InfoSec landscape," Smeaton said. Does this tool integrate with our existing architecture (e.g.,

Cybersecurity 102

Cybersecurity CISO Education Phishing 102

Cisco Security

JANUARY 28, 2021

When boiled down to its essence, InfoSec is all about risk mitigation, and risk is based on probability and impact. By integrating both Cisco and third-party technologies, Cisco SecureX ensures that it will fit in with the journey and vision for your security program. How can SecureX help you?

Technology 123

Technology InfoSec Antivirus Architecture 123

The Falcon's View

AUGUST 6, 2018

However, listing out specific technologies can become cumbersome, plus it doesn't necessarily lend itself well to thinking about security architecture and strategy. Risk Management. Risk Management. Risk management is not your starting point. Applications. -

InfoSec 40

InfoSec Risk Architecture Security Awareness 40

Herjavec Group

SEPTEMBER 23, 2021

Start with assessing your current program capabilities and identifying your greatest risks. Fortify areas that are most at risk. Developing a cybersecurity strategy that balances risk mitigation and user experience is key. Tools that mitigate risk while not being a barrier for the end-user.

Cybersecurity 97

Cybersecurity Penetration Testing Digital transformation Risk 97

Notice Bored

MARCH 10, 2021

Cyber Strategy Risk-driven Security and Resiliency Authors: Carol A. Siegel and Mark Sweeney Publisher: Auerbach/CRC Press ISBN: 978-0-367-45817-1 Price: ~ US$100 + shipping from Amazon Outline This book lays out a systematic process for developing corporate strategy in the area of cyber (meaning IT) security and resilience.

Architecture 56

Architecture Risk InfoSec Government 56

McAfee

JULY 7, 2020

McAfee Unified Cloud is a framework for implementing a Secure Access Service Edge (SASE) architecture and a safe way to accelerate digital transformation with cloud services, enable cloud and internet access from any device, and allow ultimate workforce productivity. We have deployed the solution to 100K+ endpoint devices with minimum issues.

Digital transformation 68

Digital transformation InfoSec Architecture Marketing 68

SecureWorld News

MAY 31, 2024

Cloud Solution Architect: While not purely cybersecurity, this role is heavily focused on cloud security in addition to architecture. That's why cybersecurity professionals are constantly reading, attending conferences like SecureWorld, and learning about the latest threats and risk remediation techniques."

Artificial Intelligence 108

Artificial Intelligence Cybersecurity Engineering Technology 108

Notice Bored

MARCH 14, 2022

ISO 22301 is an excellent reference here, enabling organisations to identify, rationally evaluate and sensibly treat both high probability x low impact and low probability x high impact information risks (the orange zone on probability impact graphics), not just the obvious double-highs (the reds and flashing crimsons!).

Risk 66

Risk Information Security Surveillance Architecture 66

Security Boulevard

JUNE 6, 2022

Today we’ve been honored with the “Next Generation in API Security” award in the 2022 Global InfoSec Awards from Cyber Defense Magazine (CDM). Salt delivers this rich API context through its unique and patented, cloud-scale big data architecture that leverages AI and ML algorithms to gain the most insights into API behaviors.

Big data 52

Big data InfoSec Architecture Education 52

SecureWorld News

JUNE 20, 2024

At the CISO level, politics and limited budget often prevent proper risk reduction, with the CISO standing alone to shoulder the blame for a breach. Having automation to assess the risks on 100% of transactions helps to reduce the fear of the unknown caused by only doing sample testing."

CISO 124

CISO Cybersecurity Technology Digital transformation 124

Thales Cloud Protection & Licensing

JANUARY 7, 2022

Many analysts think of this tech as a subdomain of Zero Trust architecture – the initial but not the only building block of the whole concept. Is it possible to build an architecture in which the same rules apply to all users, or is the emergence of privileged accounts inevitable? Do Zero Trust systems match the advertised concept?

Architecture 71

Architecture Technology Software Marketing 71

Notice Bored

AUGUST 5, 2022

Generally, though, the risk management and security arrangements quietly support and enable the business from the inside, as it were, rather than being exposed externally - unless they fail anyway! including security-relevant aspects ( e.g. being a trusted partner). Security Response : the example metrics suggest the classical (outdated!)

CISO 63

CISO Risk Artificial Intelligence Marketing 63

Lenny Zeltser

MAY 1, 2017

There is an increasingly-acute need for infosec designs that account for attacks that incorporate unknown, previously-unseen components. By using the “zero-day” as an adjective and clarifying which word it’s describing, you can help companies devise the right security architecture. Avoid the Ambiguity, Save the World.

Malware 68

Malware Software Cyber Attacks InfoSec 68

Security Boulevard

JUNE 15, 2022

Risks associated with SSH keys (orphaned keys, duplicate keys, etc.). Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices.”. Venafi Confidential SSH Risk Assessment. Key sprawl.

Risk 52

Risk Architecture Digital transformation InfoSec 52

Cisco Security

AUGUST 26, 2021

We constantly see new threats, and threat vectors, come and go; which puts a tremendous strain on the InfoSec teams that have to protect organizations and businesses from these threats. CyberArk reduces VPN risk with MFA enforcement on any VPN client that supports RADIUS; including Cisco Secure Firewall. Read more here.

Technology 145

Technology Firewall VPN Authentication 145