#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for security | Breaking Cybersecurity News | The Hacker News

Perfecting the Defense-in-Depth Strategy with Automation

Perfecting the Defense-in-Depth Strategy with Automation

Jan 26, 2024 Cyber Threat Intelligence
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security controls.  However, the evolving cyber threat landscape can challenge even the most fortified defenses. Despite the widespread adoption of the Defense-in-Depth strategy, cyber threats persist. Fortunately, the Defense-in-Depth strategy can be augmented using Breach and Attack Simulation (BAS), an automated tool that assesses and improves every security control in each layer. Defense-in-Depth: False Sense of Security with Layers Also known as multi-layered defense, the defense-in-depth strategy has been widely adopted by organizations since the early 2000s. It's based on the assumption that a
Optimizing Network Security with SolarWinds Firewall Security Manager (FSM)

Optimizing Network Security with SolarWinds Firewall Security Manager (FSM)

Apr 11, 2014
Firewalls are the front-line soldiers, who sit strategically at the edge of your network and defend it from various security threats. Firewalls require constant maintenance and management to ensure that they are accurately configured for optimal security, continuous compliance, and high performance. Manual firewall configuration and change management is a time-consuming, error-prone, and headache-fraught task, especially in today's increasingly complex and dynamic networks and, for organizations dealing with dozens, or very commonly, hundreds of individual firewalls, routers and other network security devices, manual configuration and ongoing ACL changes can quickly become a management nightmare. If not managed correctly, organizations can find themselves exposed to dangerous cyber threats and compliance risks, which can lead to costly repercussions. The key to keeping up with ever-changing and ever-growing firewall rule-sets is automation.By automating firewall configu
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Chris Hoff, HacKid.org Leads UNITED Security Summit Award Winners

Chris Hoff, HacKid.org Leads UNITED Security Summit Award Winners

Sep 20, 2011
Chris Hoff, HacKid.org Leads UNITED Security Summit Award Winners Awards Recognize Outstanding Contributions to Propel the Information Security Industry Forward to Meet Future Challenges San Francisco, CA at the UNITED Security Summit – September 20, 2011 –  The first annual  UNITED Security Summit  included an awards ceremony at the official event party, held at Vessel, San Francisco last night. The UNITED Security Summit Awards focus on recognizing the contributions of individuals and organizations that are propelling the information security industry forward, building the level of preparedness in the face of the changing threat landscape.  Winners at the ceremony were recognized specifically for innovation, collaboration, investment in the future or in the industry in general, and leadership. "As a co-sponsor of the UNITED Security Summit awards and participant in the judging process, it's exciting to see how innovative and collaborative companies in the security industry are,"
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
14 Kubernetes and Cloud Security Challenges and How to Solve Them

14 Kubernetes and Cloud Security Challenges and How to Solve Them

Apr 21, 2023 Kubernetes / Cloud Security
Recently, Andrew Martin, founder and CEO of ControlPlane, released a report entitled Cloud Native and Kubernetes Security Predictions 2023. These predictions underscore the rapidly evolving landscape of Kubernetes and cloud security, emphasizing the need for organizations to stay informed and adopt comprehensive security solutions to protect their digital assets. In response,  Uptycs , the first unified CNAPP and XDR platform, released a whitepaper, " 14 Kubernetes and Cloud Security Predictions for 2023 and How Uptycs Meets Them Head-On " addressing the most pressing challenges and trends in Kubernetes and cloud security for 2023. Uptycs explains how their unified CNAPP and XDR solution is designed to tackle these emerging challenges head-on.  Read on for key takeaways from the whitepaper and learn how Uptycs helps modern organizations successfully navigate the evolving landscape of Kubernetes and cloud security.  14 Kubernetes and Cloud Security Predictions for 2023 C
How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

Apr 03, 2021
Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable for different scenarios. Employing several security solutions tends to be inevitable for many, especially those that have outgrown their previous network setups. Companies that expand to new branches and even overseas operations have to make use of additional security measures and tools. This use of multiple tools or software often leads to critical issues, though. The management of the many cybersecurity solutions can become too complicated and difficult to handle, especially for organizations with little experience in addressing cyber threats, let alone actual attacks. This can result in confusion and the inabilit
What is Data Security Posture Management (DSPM)?

What is Data Security Posture Management (DSPM)?

Aug 01, 2023 Data Security / DSPM
Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent  security posture  for your cloud data. For the sake of this example, your data is in production, it's protected behind a firewall, it's not publicly accessible, and your IAM controls have limited access properly. Now along comes a developer and replicates that data into a lower environment. What happens to that fine security posture you've built?  Well, it's gone - and now the data is only protected by the security posture in that lower environment. So if that environment is exposed or improperly secured - so is all that sensitive data you've been trying to protect. Security postures just don't travel with their data . Data Security Posture Management ( DSPM ) was crea
Startup Security Tactics: Friction Surveys

Startup Security Tactics: Friction Surveys

Jun 21, 2023 Cybersecurity
When we do quarterly  planning , my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta's information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I'm going to focus on number three: reducing friction. Declaring your intentions There is value in making "reducing friction" an explicit goal of your security program. It sets the right tone with your counterparts across the organization, and is one step toward building a positive security culture. The first time I presented those outcomes in a company-wide forum, I received a Slack message from a senior leader who had just joined the company: "fantastic to hear about the security's teams focus on removing invisible security controls. Excellent philosophy for the security team [...] its just awesome too many security teams vi
Rethinking Application Security in the API-First Era

Rethinking Application Security in the API-First Era

Jul 01, 2021
Securing applications it the API-first era can be an uphill battle. As development accelerates, accountability becomes unclear, and getting controls to operate becomes a challenge in itself. It's time that we rethink our application security strategies to reflect new priorities, principles and processes in the API-first era. Securing tomorrow's applications begins with assessing the business risks today. The trends and risks shaping today's applications As the world continues to become more and more interconnected via devices — and the APIs that connect them — individuals are growing accustomed to the frictionless experience that they provide. While this frictionless reality is doubtlessly more user-friendly, i.e., faster and more convenient, it also requires a trade-off. This convenience demands openness, and openness is a risk when it comes to cybersecurity. According to  Sidney Gottesman , Mastercard's SVP for Security Innovation, the above situation leads to one
Webinar with Guest Forrester: Browser Security New Approaches

Webinar with Guest Forrester: Browser Security New Approaches

May 25, 2023 Browser Security / Tech
In today's digital landscape, browser security has become an increasingly pressing issue, making it essential for organizations to be aware of the latest threats to browser security. That's why the Browser Security platform LayerX is hosting  a webinar  featuring guest speaker Paddy Harrington, a senior analyst at Forrester and the lead author of Forrester's browser security report "Securing The Browser In The World Of Anywhere Work ". During this webinar, Harrington will join LayerX CEO, to discuss the emergence of the browser security category, the browser security risk and threat landscape, and why addressing browser security can wait no longer. The webinar will also cover browser security solutions, explaining their pros, cons, and differences, and how organizations can work more securely in the browser. Additionally, the session will focus on using browser security solutions as a cost-saver for security teams. Participants will also get an exclusive opport
The Annual Report: 2024 Plans and Priorities for SaaS Security

The Annual Report: 2024 Plans and Priorities for SaaS Security

Jun 05, 2023 SaaS Security / Cyber Threat
Over 55% of security executives report that they have experienced a SaaS security incident in the past two years — ranging from data leaks and data breaches to SaaS ransomware and malicious apps (as seen in figures 1 and 2). Figure 1. How many organizations have experienced a SaaS security incident within the past two years The  SaaS Security Survey Report: Plans and Priorities for 2024 , developed by CSA in conjunction with Adaptive Shield, dives into these SaaS security incidents and more. This report shares the perspective of over 1,000 CISOs and other security professionals and shines a light on SaaS risks, existing threats, and the way organizations are preparing for 2024.  Click here to download the full report . SaaS Security Incidents Are on the Rise Anecdotally, it was clear that SaaS security incidents increased over the last year. More headlines and stories covered SaaS breaches and data leaks than ever before. However, this report provides a stunning context to those
Cybersecurity Resources