Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

sysdig

Fuzzing and Bypassing the AWS WAF

Jan 9, 2024 By Miguel Hernández In Sysdig
The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity. In this blog post, we will analyze one of the most commonly used Web Application Firewalls, the AWS WAF, and explain ways that allowed it to be bypassed.
Read Post
cyberark

Securing High-Risk Access with Reimagined PAM Controls: A Customer Story

Jan 9, 2024 By Barak Feldman In CyberArk

My team and I were on a call with a customer who saw a critical need to secure access to his company’s cloud service provider (CSP) containers. Our conversation comes to mind often, because it reflects the fast-evolving nature of privileged access and what it takes to secure it in today’s complex IT environment. As we spoke, the customer stood out to me as a forward-thinking leader. His job: protect and enable an enterprise that is no stranger to the cloud.

Read Post

Tokenization: Replacing Data Values One Token at a Time

Jan 9, 2024 By Protegrity In Protegrity
What is tokenization? This method revolutionized the modern way we protect data. In today’s age, InfoSec teams can deploy keyless and reversible methods with tokens, which replace sensitive Personal Identifiable Information (PII) and store this information in both vaulted and vaultess token look-up tables. When the data is needed, it can be re-identified and accessed by the right parties, ensuring sensitive information remains protected. Watch above to learn more about this revolutionary data protection method.
View Video

Anonymization: Safeguarding Sensitive Information - Permanently

Jan 9, 2024 By Protegrity In Protegrity
What is anonymization? InfoSec teams can utilize anonymization to irreversibly scramble sensitive data values, thereby protecting an individual’s private information. If the sensitive information can no longer be linked to an individual, businesses have a better chance of saving on audits, complying with regulatory requirements, and scaling their ability to compete – all leading to revenue increases for your bottom line.
View Video

Data De-Identification: The Foundation of Data Protection

Jan 9, 2024 By Protegrity In Protegrity
De-identifying data is what every data protection method is designed to do, making it the basis of effective cybersecurity. Common data fields that are de-identified by businesses would include names, birth dates, addresses and zip codes, National ID, and Social Security Numbers. By obfuscating sensitive data values through reversible and irreversible methods, your customers and patients can rest easy knowing their data can only be viewed by authorized parties.
View Video

Pseudonymization: Replacing Sensitive PII Values to Better Protect Your Data

Jan 9, 2024 By Protegrity In Protegrity
What is pseudonymization? It’s one of many data protection methods that allow businesses to improve their sensitive data protection across systems by replacing values with pseudonyms. Learn more about this crucial data protection method and learn more about utilizing this method to boost your business’s cyber security posture.
View Video
Trustwave

Trustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)

Jan 9, 2024 By Trustwave In Trustwave
After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.
Read Post
tigera

Calico Egress Gateway: How to provide a stable public network identity for EKS workloads to securely connect with approved SaaS

Jan 9, 2024 By Jonathan Sabo In Tigera

Many organizations have adopted IP address allowlisting for their corporate cloud applications as an added layer of security. Many sanctioned cloud applications and web services enforce access restrictions based on the source IP address of incoming traffic. To establish a connection with these remote SaaS services, your traffic must originate from a particular IP address that is pre-registered. Any traffic originating from different IP addresses will be denied access by these remote applications.

Read Post
vanta

How to use AWS and Vanta for identity and access management

Jan 9, 2024 By Vanta In Vanta

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.