I recently had the pleasure of appearing on the Davood for Thought podcast. The host, Davood Ghods, is Vice President of Government Solutions at Direct Technology, so it was both enlightening and enjoyable to share insights with him. We discussed how we as an industry need to pursue innovation to solve real-world problems, as opposed to pursuing innovation for the sake of innovation.
In the business of security, linking performance metrics to strategy has become an accepted best practice. If strategy is the blueprint for building a security operations center (SOC), metrics are the raw materials. But there is a catch: a security organization can easily lose sight of its strategy and instead focus strictly on the metrics that are meant to represent it.
I’m not big on acronyms or buzzwords. Like many executives, my eyes glaze over when I’m being prospected with an alphabet soup of technology terms I supposedly “need” to care about. So why, then, does the title of this article include Security Service Edge (SSE), Secure Access Service Edge (SASE), and Zero Trust? Despite our justified disdain for acronyms, the ideas behind these terms hold genuine importance for business leaders.
Microsoft Word, Excel, PowerPoint, and other Office document formats are popular among attackers, who abuse them to infect their victims with ransomware, infostealers, backdoors, and other malware. In this article, we look at the anatomy of a recent Office document attack from the victim’s perspective, highlight the most common types of Office document attacks seen today, and suggest strategies to reduce your risk of becoming the latest victim.
The transition to the cloud has changed everything! It has upended where apps are hosted, as well as the movement of enterprises’ most valuable digital assets and sensitive data. Access has been redefined and firewall-based perimeters are a thing of the past. Now special considerations are required for users working from everywhere—on both managed and unmanaged devices—as well as address the ever-growing Internet of Things (IoT).
Considering the forensic-level attention to data residency that was paid in the early days of cloud, it’s interesting how little regard is now given to the matter. Explaining the many pitfalls of certain data residency challenges to fellow CISOs (and key stakeholders) and why real-time visualisations of data flow matter, is often an interesting exercise.
Netskope Academy is pleased to introduce the Netskope Cloud Security Certification program. This new program provides an opportunity for customers, partners, and employees to validate their skills and be recognized for their knowledge of the Netskope Security Cloud platform, as well as general cloud security technologies. The program is launching with two levels of high-stakes, third-party proctored certifications, with more to follow.
Since the beginning of 2022, the unfolding geopolitical conflict between Russia and Ukraine has resulted in the discovery of new malware families and related cyberattacks. In January 2022, a new malware named WhisperGate was found corrupting disks and wiping files in Ukrainian organizations. In February 2022, another destructive malware was found in hundreds of computers in Ukraine, named HermeticWiper, along with IsaacWiper and HermeticWizard.
