Sicurezza

Cities Are Under Attack. Here’s Why.

Pubblicato il

Greenville, North Carolina. Imperial County, California. Stuart, Florida. Cincinnati, Ohio. These are just a handful of cities and counties across the U.S. that have experienced crippling cyber attacks in recent months. In 2019, local governments across the country have become the focus of attacks and face a growing threat of cyber attacks and escalating ransom […]

Sicurezza

Eliminating Excessive Permissions

Pubblicato il

Excessive permissions are the #1 threat to workloads hosted on the public cloud. As organizations migrate their computing resources to public cloud environments, they lose visibility and control over their assets. In order to accelerate the speed of business, extensive permissions are frequently granted to users who shouldn’t have them, which creates a major security […]

Sicurezza

How to (Securely) Share Certificates with Your Cloud Security Provider

Pubblicato il

Businesses today know they must handle sensitive data with extra care. But evolving cyber threats combined with regulatory demands can lead executives to hold their proverbial security cards close to their chest. For example, they may be reluctant to share encryption keys and certificates with a third party (i.e., cloud service providers), fearing data theft, […]

Sicurezza

Managing Security Risks in the Cloud

Pubblicato il

Often, I find that only a handful of organizations have a complete understanding of where they stand in today’s threat landscape. That’s a problem. If your organization does not have the ability to identify its assets, threats, and vulnerabilities accurately, you’re going to have a bad time. A lack of visibility prevents both IT and […]

Sicurezza

Does your cloud-access security broker support IPv6? It should.

Pubblicato il

Cloud access security brokers (CASB) insert security between enterprises and their cloud services by providing visibility and access control, but IPv6 could be causing a dangerous blind spot. That’s because CASBs might not support IPv6, which could be in wide corporate use even in enterprises that choose IPv4 as their preferred protocol. [ Related: What […]

Sicurezza

Anatomy of a Cloud-Native Data Breach

Pubblicato il

Migrating computing resources to cloud environments opens up new attack surfaces previously unknown in the world of premise-based data centers. As a result, cloud-native data breaches frequently have different characteristics and follow a different progression than physical data breaches. Here is a real-life example of a cloud-native data breach, how it evolved and how it […]

Sicurezza

Security Pros and Perils of Serverless Architecture

Pubblicato il

Serverless architectures are revolutionizing the way organizations procure and use enterprise technology. This cloud computing model can drive cost-efficiencies, increase agility and enable organizations to focus on the essential aspects of software development. While serverless architecture offers some security advantages, trusting that a cloud provider has security fully covered can be risky. That’s why it’s […]

Sicurezza

Are Your DevOps Your Biggest Security Risks?

Pubblicato il

We have all heard the horror tales: a negligent (or uniformed) developer inadvertently exposes AWS API keys online, only for hackers to find those keys, penetrate the account and cause massive damage. But how common, in practice, are these breaches? Are they a legitimate threat, or just an urban legend for sleep-deprived IT staff? And […]

Sicurezza

How blockchain will manage networks

Pubblicato il

Ethernet networking technology is flawed, say some engineers. The problem is it doesn’t have any inherent security built in to it. Ethernet also hard to manage because it’s centralized. It’s out-of-date, and it needs revamping, researchers say. One attempt to address the issue is the Marconi protocol, which is a strategy to shift network and […]

Sicurezza

Mitigating Cloud Attacks With Configuration Hardening

Pubblicato il

For attackers, misconfigurations in the public cloud can be exploited for a number of reasons. Typical attack scenarios include several kill chain steps, such as reconnaissance, lateral movement, privilege escalation, data acquisition, persistence and data exfiltration. These steps might be fully or partially utilized by an attacker over dozens of days until the ultimate objective is achieved and the […]