Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.

The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better. Sysmon gives you awareness of what’s going on in your endpoints.

We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a true cultural movement towards DevOps wasn’t established by having a small dedicated team of DevOps specialists.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. In a move that has perplexed the #infosec community a major player has gone AWOL. Are they gone for good or just coming up with something new?

The National Institute of Standards and Technology (NIST) is part of the US Department of Commerce and was founded in 1901. NIST was originally established to help the U.S. industry become more competitive with economic rivals and peers, such as the UK and Germany. NIST prioritizes developing measurements, metrics, and standards for technology used in different industries.

Infosec leaders have a lot of corners to cover in their cybersecurity strategy. When crafting the tactics and onboarding the platforms that will protect sensitive information, the checklist of requirements could be missing a very important vector for attack, compliance risk or data loss: application logs.

Data warehouses power your data analysis and business intelligence operations so you can level up your knowledge and progress toward bigger business goals. Like any key component of your tech stack, using data warehouses effectively also requires care and caution — especially when uploading and sharing sensitive information.

For the first time in its 30-year history, the 2021 RSA Conference was a virtual-only event, and not in its usual time during the spring. But, with 20,000 registrants joining for the various sessions, it was a testament to this year’s conference theme of resilience.

Supply chains are an essential part of today’s on-demand economy. However, they also expand your ecosystem, increasing the threat surface that you need to secure. While compliance assessments document vendor controls and enable you to manage third-party risk, responding to and completing them takes time. These delays can make your procurement team feel like you’re trying to disqualify their vendor.

Continuing on the successful webinar journey, last week Appknox hosted a webinar on "Secure Coding Practices to Prevent Vulnerabilities in SDLC." Focusing on secure coding best practices, our experts busted several myths and misconceptions regarding mobile app security in the webinar and highlighted several client-side misconfigurations which generally go unnoticed by the app developers.