CIO

AUGUST 25, 2022

As organizations shape the contours of a secure edge-to-cloud strategy, it’s important to align with partners that prioritize both cybersecurity and risk management, with clear boundaries of shared responsibility. Best Practices for Security Success. Include the enterprise risk management team.

Software Review 290

Software Review Cloud Development Team Review Data 290

CIO

MARCH 8, 2023

As organizations shape the contours of a secure edge-to-cloud strategy, it’s important to align with partners that prioritize both cybersecurity and risk management, with clear boundaries of shared responsibility. Best Practices for Security Success Drill down into the details. Include the enterprise risk management team.

Software Review 238

Software Review Development Team Review Systems Review Data Center 238

Tenable

JULY 12, 2023

CVE-2023-3595, CVE-2023-3596: Rockwell Automation ControlLogix Vulnerabilities Disclosed Rockwell Automation issues advisory for multiple vulnerabilities, including a critical flaw that could lead to disruption or destruction of critical infrastructure processes.

Knowledge Base 98

Knowledge Base Network Transportation Industry 98

CIO

DECEMBER 22, 2023

After marked increase in cloud adoption through the pandemic, enterprises are facing new challenges, namely around the security, maintenance, and management of cloud infrastructure. Cloud systems administrator Cloud systems administrators are charged with overseeing the general maintenance and management of cloud infrastructure.

Cloud 325

Cloud Company Disaster Recovery Software Engineering 325

Tenable

FEBRUARY 20, 2024

As an organization grows its usage of containers, managing them becomes more complex. A common response is to adopt Kubernetes for container orchestration. And should your organization host its Kubernetes deployments or instead choose a managed option? But how do you properly secure your Kubernetes clusters?

Organization 69

Organization Load Balancer Scalability Resources 69

Prisma Clud

DECEMBER 2, 2022

Join Bar Schwarts and Cameron Hyde from Palo Alto Networks, along with Wei Dong, Global Head Of Unified Vulnerability Management at Michaels, to learn about: Recent trends and challenges with IAM across multicloud environments. Cloud identity security best practices from Palo Alto Networks. We need to be risk-driven.

Cloud 98

Cloud Network AWS Compliance 98

Tenable

MARCH 19, 2024

From cloud-managed services like Amazon EKS, Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE) to on-premises and privately networked clusters, the variety of environments is vast. As a CNAPP solution, it analyzes all components of the cloud infrastructure for misconfigurations, vulnerabilities and permissions risk.

Innovation 66

Innovation Cloud Policies AWS 66

Tenable

OCTOBER 7, 2022

On October 7, public reports began to circulate that Fortinet communicated directly with customers about a critical vulnerability in its FortiOS and FortiProxy products. This vulnerability, CVE-2022-40684, has been patched, but Fortinet has not released a full advisory yet via its Product Security Incident Response Team. . Background.

Authentication 100

Authentication Systems Administration Policies Internet 100

Dzone - DevOps

MAY 24, 2023

Kubernetes is an open-source container orchestration platform that has revolutionized the way applications are deployed and managed. With Kubernetes, developers can easily deploy and manage containerized applications at scale and in a consistent and predictable manner.

Tools 75

Tools Compliance Open Source Applications 75

Lacework

SEPTEMBER 19, 2022

In a previous blog post , we shared best practices and tips about building a container image pipeline to prevent vulnerabilities from reaching production. But many users of containerized applications have to deal with a number of vulnerabilities that already exist in active containers running in production.

Compliance 98

Compliance Report Examples System 98

Tenable

SEPTEMBER 12, 2023

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761) Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild. of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 27.9%. It was assigned a CVSSv3 score of 6.2

LAN 119

LAN Windows 3D Azure 119

Prisma Clud

DECEMBER 1, 2022

Software supply chains are only as strong as their weakest link, and Continuous Integration/Continuous Delivery (CI/CD) pipelines are the latest attack vectors left vulnerable by unassuming DevOps teams. And the best way to do that is with a well-oiled CI/CD pipeline. CI/CD and the Software Supply Chain.

Weak Development Team 91

Weak Development Team Software Review Software Open Source 91

Tenable

NOVEMBER 15, 2023

The Red Hat Vulnerability Scanner Certification for Tenable Nessus represents our commitment to continue providing customers with visibility into their Red Hat Enterprise Linux systems. Tenable is proud to announce that it has received the Red Hat Vulnerability Scanner Certification. The journey can be summarized in two parts.

Linux 70

Linux Testing Meeting Study 70

Dzone - DevOps

FEBRUARY 17, 2023

Security is one of the key challenges in Kubernetes because of its configuration complexity and vulnerability. Managed container services like Google Kubernetes Engine (GKE) provide many protection features but don’t take all related responsibilities off your plate.

Strategy 73

Strategy Network Engineering 73

Tenable

OCTOBER 10, 2023

Microsoft addresses 103 CVEs including two vulnerabilities that were exploited in the wild. We omitted CVE-2023-44487 from our counts as this vulnerability was reported to MITRE and not Microsoft and does not exclusively affect Microsoft products.

Windows 115

Windows Software Review Azure Systems Review 115

Ivanti

JUNE 20, 2023

While some attack surface management solutions offer remediation capabilities that aid in this effort, remediation is reactive. As with all things related to security and risk management, being proactive is preferred. Similarly, many of the best practices in this post can help you reduce multiple types of attack surfaces.

Software Review 92

Software Review Policies Weak Development Team Technical Review 92

Tenable

SEPTEMBER 15, 2023

Check out a new Google paper with tips and best practices. By bringing together a diverse group of stakeholders, we aim to foster a culture of collaboration and innovation in addressing the most critical security challenges facing open source software for the public good,” OpenSSF General Manager Omkhar Arasaratnam said in a statement.

Open Source 113

Open Source Systems Review System Software Review 113

Tenable

APRIL 19, 2024

1 - Multinational cyber agencies issue best practices for secure AI deployment Looking for best practices on how to securely deploy artificial intelligence (AI) systems? Researchers are discovering newer, subtler ways of maliciously manipulating LLMs, unearthing more complex vulnerabilities in these systems.

Artificial Inteligence 73

Artificial Inteligence Trends Technical Advisors Analysis 73

Tenable

DECEMBER 6, 2022

Tenable CIO Patricia Grant and CSO Robert Huber share insights and best practices to help IT and cybersecurity leaders and their teams weather the next cyber crisis of Log4j proportions. and “Are we ready for the next Log4j-like vulnerability?”. Communicate and collaborate — constantly and enthusiastically.

Policies 97

Policies Software Exercises Organization 97

The Crazy Programmer

FEBRUARY 3, 2024

Custom healthcare software caters to the unique needs and workflows of a medical practice, hospital, laboratory, or other healthcare organization. Intuitive clinical software with built-in best practice alerts and templates enhances patient encounters, diagnosis, treatment planning, referrals, and care transitions across the continuum.

Healthcare 130

Healthcare Software Off-The-Shelf Compliance 130

Prisma Clud

JUNE 13, 2023

All software supply chain attacks share a core trait: they allow a threat actor to break into an organization’s IT estate by exploiting software vulnerabilities created by entities other than the organization. What’s more, every business is vulnerable to software supply chain attacks. What Is a Software Supply Chain?

Software 59

Software Open Source How To Infrastructure 59

Prisma Clud

SEPTEMBER 21, 2023

In this blog post, we delve into Zero Trust and the best practices that exemplify it in cloud environments. Beyond the Perimeter As organizations moved to the cloud, the need to secure their data and applications led them to implement multiple security solutions, often without fully considering the integration and management aspects.

Cloud 105

Cloud Network Policies Machine Learning 105

Tenable

OCTOBER 4, 2023

Here, in part two, we explore the requirement that applicants adopt key cybersecurity best practices and consult the Cybersecurity and Infrastructure Security Agency (CISA) Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program.

Systems Review 59

Systems Review Technical Review Infrastructure Meeting 59

CIO

MARCH 9, 2023

There needs to be strong alignment amongst all the stakeholders ranging from the software developer, the product manager, line of business all the way to the quality engineer. These best practices coupled with a sound design thinking approach can help enhance customer experience and as a result improve loyalty.

Weak Development Team 246

Weak Development Team Technical Review Software Review Open Source 246

AWS Machine Learning - AI

JANUARY 26, 2024

Many customers are looking for guidance on how to manage security, privacy, and compliance as they develop generative AI applications. Understanding and addressing LLM vulnerabilities, threats, and risks during the design and architecture phases helps teams focus on maximizing the economic and productivity benefits generative AI can bring.

Artificial Inteligence 120

Artificial Inteligence Generative AI Security Applications 120

Lacework

FEBRUARY 13, 2024

cloud security posture management [CSPM] vendors), we believe that risks alone provide an incomplete picture. In security, time is your biggest enemy, as it takes 241 days 1 on average to detect and contain a breach but just 5 hours for an attacker to exfiltrate data. What best practices does the CISA joint guide recommend?

Security 109

Security Artificial Inteligence Systems Review Machine Learning 109

Datavail

JANUARY 13, 2022

Containers are a popular software development option, but what are the security implications of using them? When you’re working with applications that have stringent security requirements, such as those dealing with sensitive data, you need to know exactly how strong container security is. Ease of Management. Greater Agility.

Technical Review 58

Technical Review Software Review Microservices Systems Review 58

d2iq

JANUARY 5, 2023

DevSecOps–short for development, security, and operations–is a trending practice that introduces security testing, triage, and risk mitigation as early as possible in the software development lifecycle, rather than bolting on security in the final stages. This was manageable when software updates were released every few months or even years.

Engineering 81

Engineering Software Review DevOps Compliance 81

Kaseya

FEBRUARY 22, 2022

In 2020, Ryuk Ransomware operators shut down Universal Health Services by exploiting the zerologon vulnerability to gain control of domain controllers. In mid-2021, cybercriminals exploited an old, unpatched memory corruption vulnerability in Microsoft Office that allowed them to remotely execute code on vulnerable devices.

Policies 109

Policies Software Review Systems Review Development Team Review 109

Tenable

OCTOBER 4, 2023

Below, we provide more details on how the Tenable One Exposure Management Platform can help agencies meet the requirements of Objective 2. Tenable is uniquely positioned to help SLTTs meet this objective through the Tenable One Exposure Management Platform. Sub-objective How Tenable helps 2.1.1:

Programming 64

Programming Meeting How To Government 64

d2iq

MAY 2, 2023

Securing a Kubernetes environment presents new challenges to organizations that are transitioning from traditional IT infrastructures to container management solutions in the cloud. Although highly effective, air-gapping is not a widespread practice and is used mainly to protect an organization’s most sensitive data.

Survey 69

Survey Cloud Internet Agile 69

Linux Academy

MARCH 2, 2020

Using containers makes life simple. Containers are amazing and helpful tools, benefitting our machines that make the world a better place, but that is only part of the picture. With just that much power, we need a way to control it, to manage it. Kubernetes is an OpenSource system of tools that manages containers.

Policies 159

Policies Systems Review Network Microservices 159

Prisma Clud

JUNE 1, 2023

To avoid accidentally leaking secrets into your GitHub repositories, it’s important to adopt complete secrets security, beginning with the adoption of best practices. We’ll then walk through some best practices to get you started with secrets security.

Software Review 98

Software Review How To Systems Review Cloud 98

Prisma Clud

NOVEMBER 8, 2022

Container-based application deployment is at its peak, as is the popularity of orchestration platforms like Kubernetes that form the underlying infrastructure for containerized applications. We cannot talk about securing container-based applications without talking about DevSecOps. Immutability.

Technical Review 98

Technical Review Technology Software Review Infrastructure 98

Tenable

DECEMBER 8, 2022

At the root of many of the DevSecOps challenges highlighted in the SANS report is the increasingly hybrid, multi-cloud nature of organizations’ IT environments, where applications are “more than ever” being hosted on-premises and in multiple cloud platforms using virtual machines, containers and serverless functions. Developer buy-in.

Survey 98

Survey Cloud Software Review Serverless 98

Tenable

APRIL 12, 2024

And the NSA is sharing best practices for data security. Microsoft’s lackadaisical security practices and negligent approach to disclosure have national security implications, and should alarm their commercial clients, which don’t necessarily have the voice or get the attention that the U.S. And much more!

Generative AI 116

Generative AI Malware Trends Government 116

CircleCI

AUGUST 4, 2022

The software supply chain refers to anything that touches or influences applications during development, production, and deployment — including developers, dependencies, network interfaces, and DevOps practices. Then, it looks at some best practices when code signing your applications. What is code signing?

Software Review 98

Software Review SDLC Malware Authentication 98