Articles about Security

The number of use cases for Kubernetes is expanding as an increasing number of enterprises across a wide array of industries are adopting it as their platform of choice. However, this also expands the enterprise attack surface and business risk as a result.

We spoke to William, Morgan CEO of Buoyant, about how CISOs are coming face-to-face with the insecurity that can arise from managing Kubernetes platforms. They are beginning to see the risks that can unfold as well as how a service mesh can support a security stack.

Continue reading →

Password management firm LastPass has issued an update about a security breach that was first revealed back in August. The news is not good; the data breach is significantly worse than initial reports suggested.

LastPass says that its investigations into the incident now show that the hackers were able to obtain customer vault data. The company points out that these vaults are home to both encrypted and unencrypted data, and tries to play down the significance of a threat actor gaining access to unencrypted data.

Continue reading →

The past couple of years have seen a boom in eCommerce as more people have worked -- and shopped -- from home.

But as the industry's profile has grown so has the risk of cyberattacks. What’s also been thrown into sharp focus is that delivery systems sometimes don't live up to the buying experience. So how will the eCommerce sector address these things in 2023? Here's what some industry experts think.

Continue reading →

It’s fair to say over the last year cybersecurity has become one of the hottest topics to discuss. We have seen the issue affect every possible area of life from healthcare and energy to multinational corporations, and even conflicts such as the Russia/Ukraine War.

As a result, cybersecurity (in some shape or form) is in the minds of nearly all major stakeholders, board members and leadership teams across the world. Research by IDC highlighted that European IT security spending will surpass $66 billion in 2026.

Continue reading →

New research from Deepwatch shows 78 percent of security professionals expect breach and incident reporting requirements to create more work for their teams, and 77 percent expect increased work arising from privacy requirements.

The SecOps pulse survey shows digital transformation initiatives and regulatory requirements are the top two cost drivers expected for next year.

Continue reading →

Over the past couple of years enterprise security teams have faced a number of challenges, not least the shift to more remote and hybrid working.

This has driven forward plans to adopt automation and technologies like zero trust. So, what changes can we expect to see as we move forward into 2023?

Continue reading →

Compared to many industries, cybersecurity operates in a highly adversarial environment, with organizations investing huge levels of time, money and resources into defeating a range of determined threat actors. If that weren't enough, security teams are pitted against highly motivated, well-organized criminal and nation-state groups who constantly shift tactics to gain the upper hand.

The result is that security teams are frequently inundated with alerts, false positives and negatives, which nevertheless, they are compelled to address rather than being allowed to concentrate on proactively securing their networks.

Continue reading →

New research published in November revealed that the severity of inbound cyberthreats increased during holiday months.

The findings, from our Barracuda XDR team' Global Security Operations Center, suggest that cyberattackers may take advantage of IT security professionals being away from the workplace to launch more complex, higher risk attacks -- possibly in the hope that understaffed security departments are less likely to be monitoring the network for threats or equipped to deal with any crisis.

Continue reading →

As the network as we know it has changed and adversaries are finding success with new attack routes that exploit gaps in defenses.

As enterprise security undergoes a major shift we need to change the way we think about this complex 'atomized network'. We spoke to Martin Roesch, CEO of Netography, to find out about the challenges this presents and how to address them.

Continue reading →

Quantum computing holds the promise of much faster processing speeds but is still widely viewed as still being some way in the future as a commercial proposition. It could boost machine learning and AI, and unlock the power of unstructured data.

Of course quantum also comes with security challenges thanks to its potential to crack passwords and break encryption. Here's what industry experts expect to see happening in the quantum world in 2023.

Continue reading →

A Microsoft security researcher has unearthed a security vulnerability in macOS which has been named Achilles.

Tracked as CVE-2022-42821, Jonathan Bar Or found that the flaw could be used to bypass the Gatekeeper security feature of macOS in order to execute malicious apps. Apple has now fixed the vulnerability in Big Sur, Monterey and Ventura versions of macOS.

Continue reading →

Viewing security as a modern data challenge is something different from simply recognizing the crucial role of data. IT security has always been about gathering, analyzing and acting on data. But modern cloud data challenges are about handling ever increasing amounts of disparate, differently-structured and unstructured data, from a changing mix of dynamic sources. 

The challenge is not about battling to handle data overload. But rather, rethinking the underlying data technologies you use at the core of your security platform, so that as more data floods in, it makes your security tighter and more effective. 

Continue reading →

As more and more of our computing moves to the cloud, protecting information and apps throws up a new set of challenges for enterprises.

We spoke to Ratan Tiperneni, president and CEO of cloud-native app protection specialist Tigera, to find out more about the security implications of going cloud native and how to deal with them.

Continue reading →

Modern corporations are fully dependent on their IT infrastructure for their daily operations. Securing an IT infrastructure can be a daunting task. Fortunately, there are common best practices that have found success for some of the biggest companies in the world. These best practices share common traits that can be duplicated to match almost any environment.

 Before we begin, let’s examine the past failures of many security professionals. As security managers, we must understand that the most secure environments, regardless of the sophistication of your tools or the talent of your staff, will eventually be compromised by the weakest link in your controls. So how do we manage these weak links? Let’s start by identifying them.

Continue reading →

Google has announced that businesses can now apply to try out client-side encryption for Gmail on the web.

Now available in beta for a selection of Workspace users, the feature is one that was promised some time ago. Google says that the new encryption option means that "sensitive data in the email body and attachments are indecipherable to Google servers", but there will be disappointment that the security and privacy feature is not available for everyone.

Continue reading →