Application security today needs to “shift left” into the realm of the developer and be just as automated, iterative, and fast as the development process. Yet most developers don’t have the training or tools needed to prevent and remediate security flaws, and most security teams don’t have the bandwidth to...
Enterprises can enhance cloud security by taking several steps, including adopting the secure access service edge, or SASE, concept and using a proxy firewall, says Nick Savvides of Forcepoint.
Organizations in the APAC region are not immune to the impact of the SolarWinds supply chain hack, so it's essential that they reassess their risk management practices and audit their suppliers, two security experts stress.
Identifying and fixing security gaps in a cloud architecture may not appear very different from doing the same for on-premises environments. But there are a variety of nuanced differences that can be easy to overlook. If you fail to appreciate and account for them, these misconfigurations can cause security blind...
Cloud security trends like “shift-left security” and “DevSecOps” refer to new strategies and paradigms that help organizations keep workloads secure in the age of cloud-based, scale-out, constantly changing applications and infrastructure.
Many in IT, security, and development probably understand what these...
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
Organizations are using DevOps and Agile practices, coding in containers
and microservices, and adopting Kubernetes at a record pace to help
manage all these components. Even five years ago, the level of agility,
speed, and flexibility the cloud-native stack enables was but a dream.
Since Google first introduced...
To enhance organizations' security postures in the year ahead, CISOs must strengthen authentication processes, increase the use of network segmentation tools and deploy effective threat intelligence capabilities, two CISOs recommend.
In the wake of the SolarWinds breach, NIST's Ron Ross has turned his attention to systems security engineering - and the reality that the adversaries are exploiting it to their advantage better than the defenders are. This disparity, Ross says, has to change.
The latest edition of the ISMG Security Report features an analysis of what we know so far about the impact of the SolarWinds supply chain hack and how to respond.
For some, 'observability' is just a hollow rebranding of 'monitoring', for others it's monitoring on steroids. But what if we told you observability is the new way to find out why - not just if - your distributed system or application isn't working as expected? Today we see that traditional monitoring approaches can...
Building a cyber-resilient enterprise requires several key steps, including wider use of analytics, addressing security earlier in software development and improving the search for indicators of compromises, according to a panel of experts.
Waterfall, Agile, DevOps... it seems that every few years, a new methodology is born for optimum software creation within an organization. While these processes all have their strengths and weaknesses, the streamlining (and, er, previously absent red tape) they bring can feel like somewhat of a hindrance to the main...
The working life of a software security professional is many things: challenging, exciting, unpredictable... but rarely is it easy. And in most organizations, they can be siloed, working separately from operations teams and the developers tasked with creating new applications. It can make for a rather chilly reception...
Adopting a "security by design" approach and weaving it into the digital transformation road map helps organizations defend against cyberthreats, says Reem AlShammari, CISO at Kuwait Oil Co., who also advocates threat information sharing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.