Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

How to Build Processes and Reports While Protecting Data for GDPR

Privacy and data protection remain essential priorities for companies of all types and sizes. More organizations realize they are accountable for any personal information they store, even with a justifiable business reason. While regulations like GDPR technically cover the personal data of European residents, it is wise to treat all customer data with the same level of responsibility.

Software supply chain security: How to audit a security bill of material (SBOM)

A security bill of material (SBOM) is an inventory of the entire building components of a software application. These components include open source libraries, dependencies, commercial components, licenses, patch status, version information, upgrades available, CVEs, etc. Having an SBOM of a codebase or piece of software provides deep visibility into core components that help quickly identify and mitigate the security and licensing risks associated with the software supply chain.

Trust Me - I'm a SASE Solution

As we get ready to wish the term SASE a happy 4th birthday, it seems odd that there is still a great deal of confusion in the market about what SASE really is and how it relates to a ‘Zero Trust’ architecture. For many, SASE is a framework for secure network design; for others, it’s seen more as an architectural approach to delivering Zero Trust. So why do we have this confusion when Gartner defined SASE back in 2019?

Your PKI infrastructure is worthless if ...

A common mistake IT organizations make, is having a well-designed Public Key Infrastructure (PKI), but at the same time having client devices, such as monitoring agents for your Citrix NetScalers, which accept to set up any encrypted connection, to any device, no matter what certificate they are presenting. In this case, you basically allow connections to be made to devices you do not know whether they can be trusted. This makes you vulnerable for 'spoofing'.

Tigera 2023 predictions: Cloud native security and the shifting landscape in 2023

Cloud computing and the use of cloud native architectures enable unparalleled performance, flexibility, and velocity. The speed of innovation has driven significant advancements across industries, but as digitalization continues pushing applications and services to the cloud, bad actors’ intrusion techniques have also become more sophisticated.

11 Best SSL Certificate Monitoring Tools in 2023

Without an active SSL certificate, user contact with the website is no longer secured, making it possible for any malicious entity to access private user information. Users are unlikely to return to the website after viewing a security notice, though. The simplest way to monitor the expiration of your site certificates is to use an efficient, automatic SSL certificate expiry monitoring solution.

Lessons from the CircleCI Security Incident

In some respects, security and reliability are competing priorities. Security controls may reduce reliability, and responding to security incidents may require mission-critical systems to be paused or shut down until they're secure. The recent security incident involving CircleCI, however, shows that it's not always necessary to choose between prioritizing security or reliability.

CircleCI Breach: How to Rotate All Stored Secrets ASAP

Yesterday, CircleCI, a Continuous Integration/Continuous Delivery (CI/CD) service, notified the world it had been breached via a critical advisory from its CTO. As a major software delivery pipeline service, CircleCI users store myriad credentials for various services in CircleCI’s “Secrets Store” infrastructure.