Articles about Security

The move to the cloud has meant the days of external exposure being defined by the set of IP ranges in your firewall are gone. Today's attack surface is made up of many internet-facing assets with exposure being controlled at the domain level.

This means web applications have fast become an attractive target for attackers, particularly unknown and forgotten assets -- which are plentiful in modern environments. So how can businesses defend themselves?

Continue reading →

The reputation of LastPass has taken quite a battering over the past year, with the handling of security incidents doing nothing to improve things. Just last week the company gave an update about a security breach that took place back in August, revealing that it had been more serious than first suggested.

But now the updated announcement from LastPass has been ripped to shreds by security experts with one denouncing it as being "full of omissions, half-truths and outright lies".

Continue reading →

Although the death of the password has been predicted for many years, older technology still clings on when it comes to verifying identities.

But that's changing, particularly with the massive growth in the numbers of machine IDs. Here is what some industry experts think we'll see from the identity world in 2023.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →

The demands of modern business IT environments can often lead to friction between developers and security teams which can hamper the successful rollout of cloud security.

Developers want to deliver features as fast as possible and security teams want things to be as secure as possible, so there is constant conflict of interest. We spoke to David Hendri, CTO and co-founder of cloud security startup Solvo, to discover how to rebuild the trust between developers and security by creating a common language.

Continue reading →

In the dynamic world of Managed Service Providers (MSPs), it has become quite evident that the time has come for next generation Data Security Solutions, and that such a solution should be added to your technology stack.

For some time and becoming ever more frequent today, organizations and MSPs are facing major data security challenges that are likely to increase exponentially over the coming decade.

Continue reading →

The managed services market is bringing more and more providers into the mix, as an increasing number of organizations decide it makes fiscal and operational sense to outsource key functions, even those which traditionally have been considered especially critical, such as certain information security-oriented tasks. Perhaps the fastest-growing segment of service providers in this space is MDR -- managed detection and response.

The MDR concept is relatively young in the service provider space. MDR offerings are typically designed to augment your SOC (security operations center) function by providing detective and reactive tools and expertise. In some cases, it may even replace your tier one, or triage-level, security analysts, who are focused on reviewing and confirming the sometimes overwhelming flood of incoming security alerts.

Continue reading →

The number of use cases for Kubernetes is expanding as an increasing number of enterprises across a wide array of industries are adopting it as their platform of choice. However, this also expands the enterprise attack surface and business risk as a result.

We spoke to William, Morgan CEO of Buoyant, about how CISOs are coming face-to-face with the insecurity that can arise from managing Kubernetes platforms. They are beginning to see the risks that can unfold as well as how a service mesh can support a security stack.

Continue reading →

Password management firm LastPass has issued an update about a security breach that was first revealed back in August. The news is not good; the data breach is significantly worse than initial reports suggested.

LastPass says that its investigations into the incident now show that the hackers were able to obtain customer vault data. The company points out that these vaults are home to both encrypted and unencrypted data, and tries to play down the significance of a threat actor gaining access to unencrypted data.

Continue reading →

The past couple of years have seen a boom in eCommerce as more people have worked -- and shopped -- from home.

But as the industry's profile has grown so has the risk of cyberattacks. What’s also been thrown into sharp focus is that delivery systems sometimes don't live up to the buying experience. So how will the eCommerce sector address these things in 2023? Here's what some industry experts think.

Continue reading →

It’s fair to say over the last year cybersecurity has become one of the hottest topics to discuss. We have seen the issue affect every possible area of life from healthcare and energy to multinational corporations, and even conflicts such as the Russia/Ukraine War.

As a result, cybersecurity (in some shape or form) is in the minds of nearly all major stakeholders, board members and leadership teams across the world. Research by IDC highlighted that European IT security spending will surpass $66 billion in 2026.

Continue reading →

New research from Deepwatch shows 78 percent of security professionals expect breach and incident reporting requirements to create more work for their teams, and 77 percent expect increased work arising from privacy requirements.

The SecOps pulse survey shows digital transformation initiatives and regulatory requirements are the top two cost drivers expected for next year.

Continue reading →

Over the past couple of years enterprise security teams have faced a number of challenges, not least the shift to more remote and hybrid working.

This has driven forward plans to adopt automation and technologies like zero trust. So, what changes can we expect to see as we move forward into 2023?

Continue reading →

Compared to many industries, cybersecurity operates in a highly adversarial environment, with organizations investing huge levels of time, money and resources into defeating a range of determined threat actors. If that weren't enough, security teams are pitted against highly motivated, well-organized criminal and nation-state groups who constantly shift tactics to gain the upper hand.

The result is that security teams are frequently inundated with alerts, false positives and negatives, which nevertheless, they are compelled to address rather than being allowed to concentrate on proactively securing their networks.

Continue reading →

New research published in November revealed that the severity of inbound cyberthreats increased during holiday months.

The findings, from our Barracuda XDR team' Global Security Operations Center, suggest that cyberattackers may take advantage of IT security professionals being away from the workplace to launch more complex, higher risk attacks -- possibly in the hope that understaffed security departments are less likely to be monitoring the network for threats or equipped to deal with any crisis.

Continue reading →