This edition of the ISMG Security Report features an analysis initiatives unveiled by the Biden administration to enhance supply chain and critical infrastructure security and address the cybersecurity skills gap. Also featured: LockBit 2.0 ransomware rep 'tells all'; misconfigured Microsoft Power Apps.
The Biden administration unveiled a package of supply chain and critical infrastructure security initiatives following a meeting at the White House with tech executives and others. Companies such as Google and Microsoft also promised billions in spending on cybersecurity over the next several years.
DevOps-driven adoption of new
technologies and processes
may mean security is an afterthought
and can expose new
gaps in security coverage and
Download this whitepaper which provides an overview of what DevSecOps is and how organizations can adopt its
practices in conjunction with technologies...
Kubernetes-native security is based on a single principle: security is implemented most effectively
when it is aligned with the system that is responsible for managing all of an organization’s containerized
Download this whitepaper which explores the six characteristics a security platform must...
The rapid adoption of open source projects can introduce vulnerabilities in standard
Kubernetes environments. OpenShift Container Platform supports these projects, allowing users to
gain open source advantages with a managed product’s stability and security. Red Hat OpenShift
offerings include five managed and...
The latest edition of the ISMG Security Report features an analysis of ransomware gang REvil’s threat to release stolen Apple device blueprints unless it receives a massive payoff. Also featured: discussions of the importance of a “shift left” strategy and efforts to secure cryptocurrencies.
With more and more companies moving to DevOps, that statistic is likely to grow due to the increased demand for more applications faster meaning more chance for error. The good news is that these application vulnerabilities are extremely preventable through on-demand focused interactive lessons to learn how to code...
Like virtually all enterprises in 2020, Akamai had to pivot thousands of employees to remote
work in a matter of days. All while supporting a massive surge in platform traffic. And while
criminals sought to exploit any vulnerability these upheavals might expose.
This new report
shows you how our own products...
Dr. Chenxi Wang, industry thought leader and analyst, examined the Return on Investment that organizations may realize by using Cobalt’s Pen Testing as a Service (PTaaS) platform. This study took a detailed look at the benefits and costs of deploying Cobalt’s services in comparison with using traditional...
When software is everywhere, everything becomes an attack surface.
The root cause of many successful cyberattacks lies primarily in vulnerable software itself. The real question that needs to be asked is, “Can the industry do a better job of writing more-secure code, making software applications nearly...
DevSecOps is in its “awkward teenage years,” says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.
In an interview with Information Security Media Group’s Tom Field, Rose...
Watch this episode of the "On The Road to DevSecOps" series to learn from a group of DevOps experts on why AppSec Awareness and Training matters and how to give your developers secure coding education that works.
Software is at the center of it all, placing increased pressure on developers, security managers, and DevOps leaders to develop applications faster. However, this need for speed comes at a price, and security can be seen as a blocker and not an enabler. Watch this webinar to understand why it's time to prioritize your...
It’s time to build security in from the start of the SDLC to better manage,
measure, and address risk, empower development teams, and
guarantee secure software delivery at the speed of DevOps.
While financial service organizations are under constant attack from adversaries, there
are specific steps they can...
Large and dynamic company like Playtech are looking to integrate secure coding education directly into the tools their developers
Daniel Liber, Head of Information Security at Playtech states " as a company that has hundreds of developers, located in more than 15 different sites and developing in...