The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for security

New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021

New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021

July 09, 2021The Hacker News
For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into a raging fire.  Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications like SAP and Salesforce, SaaS applications act as the foundation of the modern enterprise. 2020 created an urgent need for security solutions that mitigate SaaS misconfiguration risks. Recognizing the importance of SaaS security, Gartner named a new category, SaaS Security Posture Management (SSPM), to distinguish solutions that have the capabilities to offer a continuous assessment of security risks arising from a SaaS application's deployment.  To understand how security teams are currently dealing with their SaaS security posture and what their main concerns are, Adaptive Shield, a leading S
Salesforce Release Updates — A Cautionary Tale for Security Teams

Salesforce Release Updates — A Cautionary Tale for Security Teams

August 05, 2021The Hacker News
On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform's capabilities. For example, few people talk about managing the security aspects of  Salesforce Release Updates.  By understanding what Release Updates are, why they pose a security risk, and how security teams can mitigate risk, Salesforce customers can better protect sensitive information. How to ensure the right configurations for your Salesforce security What are Salesforce Release Updates? Since Salesforce does not automatically update its platform, it does not follow the traditional SaaS model. For example, most SaaS platforms have two types of releases, security, and product improvements. Urgent security updates are released as soon as a security vulnerability is known, and product i
Why Application Security Should Be Considered An Enabler For Business

Why Application Security Should Be Considered An Enabler For Business

July 16, 2020The Hacker News
If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler. In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver seat, security stalls the progress by saying NO to many things on the highway. — Is what he says. At that point, my friend Daniel got involved and argued that application security is no longer optional to our business as we rely on apps for our day-to-day activities. And, he added a powerful quote: "Because we've brakes in our cars, we can drive fast" - Robert Garigue Businesses will less likely advance if they don't have security (brakes) to do safely. The car's speed obtains improvement with brakes – the improvements to business are the improvement to th
How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

April 02, 2021The Hacker News
Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios. Employing several security solutions tends to be inevitable for many, especially those that have outgrown their previous network setups. Companies that expand to new branches and even overseas operations have to make use of additional security measures and tools. This use of multiple tools or software often leads to critical issues, though. The management of the many cybersecurity solutions can become too complicated and difficult to handle, especially for organizations with little experience in addressing cyber threats, let alone actual attacks. This can result in confusion and the inabilit
Rethinking Application Security in the API-First Era

Rethinking Application Security in the API-First Era

July 01, 2021The Hacker News
Securing applications it the API-first era can be an uphill battle. As development accelerates, accountability becomes unclear, and getting controls to operate becomes a challenge in itself. It's time that we rethink our application security strategies to reflect new priorities, principles and processes in the API-first era. Securing tomorrow's applications begins with assessing the business risks today. The trends and risks shaping today's applications As the world continues to become more and more interconnected via devices — and the APIs that connect them — individuals are growing accustomed to the frictionless experience that they provide. While this frictionless reality is doubtlessly more user-friendly, i.e., faster and more convenient, it also requires a trade-off. This convenience demands openness, and openness is a risk when it comes to cybersecurity. According to  Sidney Gottesman , Mastercard's SVP for Security Innovation, the above situation leads to one
Contrast Community Edition Empowers Developers to Write Secure Code Faster

Contrast Community Edition Empowers Developers to Write Secure Code Faster

August 12, 2020The Hacker News
As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential to innovate quickly. Yet, nearly three in four developers say that security slows down Agile and DevOps. Neither developers nor security teams are to blame. DevOps speed is held back by a 15-year-old, scan-based application security (AppSec) model designed for the early 2000s. Traditional security tools cannot keep up with today's rapid development pace or modern application portfolio scale. However, sacrificing security for development speed places critical and confidential personal and business information at risk—from financial to healthcare data—and can disrupt operations or even cause outages. Code Scanners Cannot Meet Modern DevOps Legacy AppSec approaches that rely on point-in-time scanning are plagued by development delays and highly inaccurate results. Scans take many hours, if not days—not id
Secure Your SaaS Apps With Security Posture Management Platform

Secure Your SaaS Apps With Security Posture Management Platform

October 05, 2020The Hacker News
As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. SaaS and cloud-based technologies are growing rapidly, offering organizations convenience and constant feature refreshes without the need to install and deploy software on-premises. However, even when referred to as 'a game-changer,' many organizations are still highly concerned by security breaches. Today, organizations have anywhere from 35-to literally hundreds of SaaS applications running. Slack, Office 365, Zoom, Zendesk, Salesforce, Hubspot, etc. These applications are at the core of modern enterprises, to the point where running a business without them would be nearly impossible, with the cost and time-saving benefits they provide enabling growth while conserving resources. SaaS applications are easy to use, scalable, and now, they even come with an impressive array of native security controls to secure sensitive corporate data. How to make the
What are the different roles within cybersecurity?

What are the different roles within cybersecurity?

April 17, 2021The Hacker News
People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of  50 cybersecurity job titles , while CyberSN, a recruiting organization, came up with its own list of  45 cybersecurity job categories . Similarly, OnGig.com, a company that helps firms write their job ads, analyzed 150 cybersecurity job titles and came up with its  own top 30 list . This article is based on research I did with Springboard, one of the  first cybersecurity bootcamps with a job guarantee  and 1:1 mentorship. In particular, CyberSeek.org, a joint industry initiative looking at the cybersecurity job market, offers an  interactive list  of not only the various positions within cybersecurity but offers you a career path showing how you can get promoted. The complicated part is that these titles and roles
Build Your 2021 Cybersecurity Plan With This Free PPT Template

Build Your 2021 Cybersecurity Plan With This Free PPT Template

November 11, 2020The Hacker News
The end of the year is coming, and it's time for security decision-makers to make plans for 2021 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced. The Definitive 2021 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an off-the-shelf tool to clearly and easily present their plans and insights to management. While many security decision-makers have the tools and expertise to build their case technologically, effectively communicating their conclusions to the organization's management is a different challenge. Management doesn't think in terms of malware, identity compromise, or zero-day exploits, but in terms of monetary loss and gain: Would investment A in a security product reduce the likelihood of cyberattack derived downtime? Would outsourcing a certain security functionality to a service
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.