In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Since its announcement in May, the DoD kicked-off a “listening tour” to solicit feedback from the Defense Industrial Base sector, according to the CMMC website.

The answer depends on where you desire to control apps and to what depth of policy controls are required. Next generation firewalls (NGFW) long ago recognized apps in allow or deny policy controls for user identity, content type, and app identity. URL categories in secure web gateways (SWG) were too broad to delineate specific apps and use cases, plus an associated app risk profile.

Serverless frameworks have become the next big thing in application development, allowing companies to release new features and functionality while focusing on innovation, rather than managing servers and machines. With that, new types of risks and attacks are emerging. Serverless frameworks are definitely not less secure by default, in fact, the opposite is true.

One of the most common reasons for system failures is changes to the underlying infrastructure. Amazon CloudTrail does a great job of recording when actions are taken but a lot of organizations don’t take advantage of it. FireHydrant now includes this data, giving you visibility into changes to your infrastructure while you’re investigating an incident.

Smart, risk-minded organizations, when considering how to ensure the continuity of their business, hope for the best but prepare for the worst.

Logs have been around since the advent of computers and have probably not changed all too much since. What has changed, however, are the applications and systems generating them. Modern architectures — i.e. software and the infrastructure they are deployed on, have undergone vast changes over the past decade or so with the move to cloud computing and distributed environments.

Cyber defence intelligence has been one of the most popular topics of discussion within the IT circles. What is it? Why is it important? Should you invest in it? We sought answers to all these questions in our article. What is Cyber Defence Intelligence?

Given a surge in digital threats like ransomware, it is no surprise that the field of information security is booming. Cybersecurity Ventures estimates that there will be 3.5 million job openings across the industry by 2021. Around that same time, the digital economy research firm forecasted that global digital security spending would exceed one trillion dollars.

Mattermost is a state-of-the-art, highly scalable open source messaging platform for secure team collaboration. Kubernetes is a robust open source container management platform that runs on any land-based or cloud infrastructure and automates the installation, configuration, and maintenance of diverse, highly distributed systems. It sounds like Mattermost and Kubernetes are made for each other. And it’s getting even better.

Pierre Bouchard has more than 20 years of experience applying effective engineering solutions for the most complex problems at companies including JP Morgan Chase, BNY Mellon and Wells Fargo. In our first innovator spotlight, we asked him to share his unique perspective on how to drive innovation, motivate engineers and promote accountability throughout the organization. Consider yourself a true innovator? Reach out for a chance to be featured as a part of our Innovator Series.

New research shows that vulnerabilities are becoming increasingly more common in our connected devices. As 'smart' Internet-connected devices become more prevalent, so does the potential attack surface for cyber-attacks. While it's truly impossible for any Internet-connected device to be 100% secure from exploitation, manufacturers are not even doing the bare minimum to secure these devices by neglecting to include security by design into the development stage.

There are two main modes for collecting data about your systems and software: the first is by collecting data from within the application itself, often called white-box monitoring, and the second is by querying the system from the outside and collecting data about the response.