DevOps is about more than continuous delivery. Prasanna Singaraju, Chief of Engineering and Technology at Qentelli, explains how AI can help fill in the potential gaps to improve application quality and delivery speed as well as user satisfaction.
This article introduces the concept of a Software Defined Perimeter (SDP) as a progressive security model. Don Boxley, co-founder and CEO of DH2i, explains how an SDP overcomes today’s most prevalent data security challenges – especially as cloud adoption continues to soar – while presenting numerous, previously unattainable benefits.
To address the rising tide of data breaches, social network providers have enhanced their built-in security and have focused primarily on improving multi-factor authentication processes. To better understand what varying platforms offer, Ehud Amiri, senior director for product management at OneLogin, looks at how the leading social media sites are protecting their users.
With security often seen as an obstacle in the path of innovation, adhering to project delivery deadlines and staying agile, it can be something of a dirty word in the software industry. Pieter Danhieux, CEO of Secure Code Warrior, explains how to engage developers to code securely, bridge the gap between the development and security functions of the business, and strive for a higher build standard of software.
When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.
Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.
99% of successful attacks involve vulnerabilities that have been known to cybersecurity professionals for at least one year. Nollaig Heffernan describes the issues that exist today with applying software patches, primarily at the application layer, and advises on how to mange the patching effort and where priorities should lie for organizations.
We kicked off 2017 with a lot of excitement around a nasty set of SMB vulnerabilities which led to the devastatingly successful WannaCry and NotPetya attacks, and 2018 started off with a similar level of excitement concerning the Spectre and Meltdown vulnerabilities. Ivanti’s Chris Goettl discusses which trends have surfaced and what to watch for during the rest of the year.
RiskIQ surveyed 1,691 security leaders from multiple verticals in the U.S. and U.K. about the current digital threat landscape. The results show that relentless, Internet-scale threat campaigns are near-universal pain points – and CISOs are afraid that their security teams are ill-equipped to stop them.
While Mac users like to believe that their systems are secure, the truth is that Macs really aren't more secure than Windows PCs; it's a myth that Apple computers are inherently more secure and don't get malware. Here are several things that Mac users can do to improve their security.
Despite the advances in technology, there’s still a very human element to whether a company embraces security practices. This article examines the impact that organizational culture has on a company's ability to adopt a security-driven mindset and offers some pragmatic tips on overcoming oft-encountered challenges.
Organizations are implementing stricter mandates for what kind of platforms and mobile features employees can use on both personal and corporate-owned devices, prompting a dramatic increase in the rise of "shadow IT" like unauthorized messaging apps. By bringing messaging apps out of the shadows and into the mainstream, organizations can reduce the risk of both outside and inside threats to the enterprise.
Citizen development – when non-programmers create useful software solutions – is excellent for driving business productivity.It lets employees that own business problems to own – and build – business solutions. Unlike with software written by a company’s IT developers or outside contractors, citizen development involves a minimum of red tape and funding, gets directly to the heart of what the employee was trying to accomplish, and can make lots of people happy. If it’s done right.
When technology evolves faster than our ability to make sure there's a viable level of safety, how do we educate businesses and the layperson on best practices for IoT security? In this part 2 InfoSec Life article, Phil Agcaoili, CISO, shares his views on the need to raise InfoSec awareness in society while striving for (and embracing) diversity in cybersecurity.
2016 saw a record setting number of cyberattacks, resulting in the most records stolen in the seventeen years that breaches have been tracked. When you can’t secure the network any longer, what do you do? Shifting to a runtime protection approach will require a bit of retooling, but the end-result will be—finally—slowing the attacks that threaten every organization, every day.
The new Facebook Messenger "live location" feature comes in handy when coordinating plans with friends, as it lets users share their real-time location on a map within a private/group message. But what kind of security vulnerabilities are consumers voluntarily opening themselves up to?
After attending AppSec California this past January, Arleena Faith learned some interesting lessons that she wanted to share with other Software Developers and professionals in the Software Security field. The topics included in this Experts Corner range from insights on scaling a Software Security Initiative to automating Security Testing within the pipeline.
There is an overarching theme driving these security breaches: ineffective adherence to secure design principles. Expert Ted Harrington explores the world of secure design principles (and anti-principles) as a means to build resilient systems.
Security researchers at the CWI institute in Amsterdam working together with a team from Google found a practical way to compromise the SHA-1 hash algorithm. The goal of this post on ITSPmagazine is to explain the impact of this finding and what can be done to mitigate the risk.
Would you feel comfortable hiring a hacker? Caroline Wong, CISSP and VP of Security Strategy at Cobalt, discusses the benefits and risks to using the power of the people – crowdsourced application security programs – at this OWASP AppSec session.
Since 76% of data breaches are from stolen login information. Jack Bicer, CEO of Sekur Me, says that eliminating passwords and using instant, automatic 2-factor authentication will eliminate fraudulent activities.
At this year’s AppSec California conference – a yearly event for InfoSec professionals, developers, pentesters, and QA and testing professionals – the Women in Security panel was among the most highly attended, a very clear indication that this topic resonates strongly with both women and men.
Good Bots. Bad Bots. Can you tell those apart from the ‘normal’ traffic generated by the humans using your network? Sean Martin works with the team at Distil Networks to identify 10 ways to spot bad bots on your network?
When it comes to the creation of this market, it all boils down to supply and demand. Jeremiah Grossman is nudging the supply along - letting people get a taste of it - and hopefully the market will soon start demanding it. In this article, Sean Martin explores the cyber guarantee portion of the topic and the ability to create a new market from scratch.
For many years Dinah Davis was afraid to speak up about bullying and discrimination. In the Equal Respect article, Dinah shares her experience of overcoming these issues to become a successful businesswoman in the field of cybersecurity.