Data Protection | Breaking Cybersecurity News | The Hacker News

In cybersecurity, the old adage "trust but verify" emphasizes that granting trust should always be accompanied by oversight. Yet, with software-as-a-service (SaaS), organizations often stop at the "trust" part and never get around to the "verify." SaaS environments in 2025 run on implicit trust. Once a user or app is authenticated and given access, it's largely trusted indefinitely. Tokens issued to third-party apps rarely expire, integrations often get more permissions than they truly need, and automations execute with minimal human oversight. We talk about Zero Trust principles, but in practice, many SaaS platforms grant one-time approval and then assume all is well thereafter. The result is a growing security gap, where credentials and connections are implicitly trusted far beyond what's safe, creating fertile ground for breaches and abuse. Implicit Trust in the SaaS Ecosystem Every SaaS integration or API token represents an implicit trust relationship between your organizatio...

AI SOC Agents are going through a hype cycle. If we're going by Gartner's Hype Cycle for Security Operations, 2025 , this technology is still an "Innovation Trigger", but it's at the cusp of "Peak of Inflated Expectations". Every vendor claims their solution will revolutionize security operations. Every conference features another keynote promising autonomous defense. And every CISO is being asked whether AI will replace their security team. At Redis, implementing AI in the SOC has been more of a measured journey. The model is more of a hybrid SOC, so there's a combination of external service providers as well as internal resources. In this case, Prophet Security is currently proving themselves alongside a more traditional MDR provider.  But let's take a step back.  The Tipping Point for AI Adoption within the SOC Considering an AI solution for Redis' SOC came down to the confluence of three drivers.  On an individual level, there was more value from AI tools an...

Artificial Intelligence (AI) has served as a great resource for cyber defenders by enabling real-time detection and response through advanced pattern recognition and predictive analysis that traditional methods weren't able to achieve. However, AI has recently become a dangerous and widely available enabler for attackers to leverage. CISOs now face adversaries who easily scale large-scale cyberattacks like spear-phishing and polymorphic malware at machine speed.  This article examines the rising AI-driven cyberthreat landscape and presents the browser, the enterprises' new endpoint, as the most strategic control plane for defense. By adopting a Secure Enterprise Browser (SEB) into the security stack, enterprises can reduce their attack surface, contain incidents at scale, and future-proof themselves against these advanced attacks.  Why Traditional Defenses Struggle Against AI  Most organizations have robust defense in place against cyberattacks, such as firewalls, EDR...

Salesforce Is Mission-Critical, but That Doesn't Mean It's Protected At the beating heart of customer operations, the scope of Salesforce goes well and beyond traditional customer relationship management (CRM) systems. As a system of records, a sales engine, a service dashboard, and a repository for years of business-critical insight, deals flow through it continuously. Strategies depend on it. Customer relationships live or die by what they contain.  Yet, despite this, a dangerous misconception persists: "It's in the cloud, so it must be safe." Unfortunately, this assumption is as costly as it is common.  Here's the reality. Salesforce operates under a shared responsibility model , meaning your cloud provider — in this case, Salesforce — is responsible for platform uptime, infrastructure integrity, and security of the cloud. But you, the customer, are responsible for its actual content (your data, your metadata, and your configurations). So, while Salesforce protects th...

Data Resilience is No Longer Optional Even in 2025, over half of all businesses suffer devastating data loss from ransomware attacks, configuration errors, or system crashes — yet only 15% of enterprises treat SaaS data backup as a strategic priority. While that number is projected to surge to 75% by 2028 , many organizations today overlook this critical component and risk falling dangerously behind or worse.  Data protection is more than an IT issue, and it takes more than your standard backup solution to reconcile this problem. As threats evolve rapidly, data protection is now an essential strategic priority. Businesses must respond by building resilient, cloud-native backup strategies that ensure data stays protected, available, and uncompromised, no matter the circumstances. Breaking Free from Legacy Constraints with SaaS-Driven Flexibility The modern enterprise landscape has transformed. Hybrid and multi-cloud environments have overcome their once-trendy labels, having b...

For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches. Often, these gaps stem not from a lack of tools—if such a thing exists in security—but from incomplete visibility and integration across those tools. By aggregating and analyzing data from multiple systems, security leaders can gain a more robust picture of their IT inventory and subsequently, their security posture. The challenge with disparate security tools It's not unusual for enterprises to deploy a wide array of security tools. The average organization uses roughly 10 security tools, covering everything from endpoint management to identity and access control. These tools, however, often operate in silos, creating fragmented and occasionally contradictory reports. Let's look at a practical example. Conside...

Hackers are constantly scanning your network, often spotting vulnerabilities before you do. They're looking for misconfigurations, exposed assets, and weak points that could lead to a breach—are you seeing what they see? Every activity or interaction that your organization does online – website, social media accounts, cloud services, third-party integrations, and more – contributes to its digital footprint. This digital footprint is information attackers use to find your weaknesses and attempt to exploit them.  What if you could anticipate how hackers plan to exploit your vulnerabilities before they strike? Imagine identifying the weaknesses most enticing to an attacker—before they become exploited. Attack Surface Management (ASM) solutions help organizations continuously identify, monitor and manage aspects of public-facing IT assets, including those that may be forgotten. ASM is the tool in the battle of visibility – either you see your weaknesses first, or attackers will show ...

Coined in 2010 by Forrester Research , the term "zero trust" has long been hijacked by security vendors eager to take advantage of the hype that surrounds the concept. Today, it's so overused and misused that many see it as a meaningless buzzword—but that's far from the truth. In fact, its widespread misappropriation demonstrates the power of zero trust security. Why else would countless vendors try to capitalize on it? As they say, imitation is the sincerest form of flattery. Zero trust is not a mere label. Rather, zero trust is an architecture—though you'll also hear of a zero trust methodology, framework, paradigm, and infrastructure—and it's based on the idea of zero implicit trust, meaning no one should be trusted by default. The key zero trust principle of least-privileged access says a user should be given access only to a specific IT resource the user is authorized to access, at the moment that user needs it, and nothing more. Hence the zero trust maxim,...

The rapid adoption of SaaS solutions, accelerated by trends such as remote work, cloud computing, big data, and Generative AI (GenAI) has brought significant benefits to organizations. However, this transformation also introduces new attack surfaces and unique challenges for security teams, who must now consider how they can secure the intricate web of SaaS usage across their organization.  Today, the SaaS security landscape is characterized by several key themes and issues: Credential Theft and Stuffing: This trend is fueled by dark web marketplaces where breached credentials are bought, sold, and traded, making it easy for attackers to carry out credential stuffing attacks. Shadow SaaS: The explosion of unauthorized SaaS apps has led to a rise in employees inadvertently exposing sensitive data. Trial or demo accounts are a main source of shadow SaaS.  SaaS Sprawl: In 2023, the average number of SaaS apps used by a business reached 473. Our numbers indicate an increase ...