The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

Security testing 101

In the current threat landscape, cyberattacks have become the norm. According to Accenture’s “State of Cybersecurity Resilience 2021” report, there was a 31% increase in attacks per company, 206 to 270 year over year, from 2020 to 2021. In the first few months of 2022, the notorious digital extortion group Lapsus$ went on a hacking… Continue reading Security testing 101

8 common cloud misconfiguration types (and how to avoid them)

Cloud misconfiguration refers to any errors, glitches, or gaps in the cloud environment that could pose a risk to valuable information and assets. It occurs when the cloud-based system is not correctly configured by the organization, leading to cyber exposures, security breaches, insider threats, or external hackers. These cloud-threat actors exploit vulnerabilities to gain access… Continue reading 8 common cloud misconfiguration types (and how to avoid them)

Secure coding practices: the developer’s guide to security

Cyber risk is a major concern in any modern organization, with cyberattacks affecting even the biggest tech companies. Teams need to be better equipped to counter that risk and need to pull together in the direction of reducing it. For developers, that means secure coding – working from the outset to apply cyber security best… Continue reading Secure coding practices: the developer’s guide to security

Prioritizing cloud security threats: what you need to know

As enterprises across the globe continue to leverage cloud technologies in order to improve business efficiency, cloud service providers (CSPs) looking to gain a competitive edge are expanding their offerings to meet this demand. In order to keep up with the market and ever-changing customer requirements, CSPs must accelerate their development efforts. But in many… Continue reading Prioritizing cloud security threats: what you need to know

How to integrate risk-based security with your cloud-native infrastructure

Cloud-native infrastructures take advantage of all cloud computing has to offer: distributed architecture, scalability, flexibility, and the ability to abstract multiple layers of infrastructure—allowing it to be defined in code. Relying on automation, this code-based configuration approach offers numerous benefits: Easy-to-manage infrastructure Ability to turn features on and off as needed Greater accuracy Improved speed… Continue reading How to integrate risk-based security with your cloud-native infrastructure

How to reduce security debt – part 2

In our last blog, we covered security tech debt, how it happens, and how to reduce it. Here, we’ll go into how you and your organization can remain on top of your tech debt, improve cyber hygiene and ultimately mitigate your risk. What to do once you’ve paid your security tech debt Once your security… Continue reading How to reduce security debt – part 2

How to reduce security debt – part 1

In the world of software development, “tech debt” refers to accrued costs and long-term consequences of prioritizing speed over software quality. This can involve taking shortcuts by using poor coding techniques, ignoring outdated modules, or using software architecture that doesn’t meet industry standards. This, however, creates additional work later on (maintaining the software, upgrading the… Continue reading How to reduce security debt – part 1

9 AWS Security Tools You Should Know About

AWS is one of the most popular cloud service providers among enterprises and SMBs for hosting mission-critical workloads. Like Azure and GCP, AWS follows a shared responsibility model for security in the cloud: As the cloud service provider, AWS manages and owns security of the platform, while customers are responsible for all application, infrastructure, and… Continue reading 9 AWS Security Tools You Should Know About

5 Azure Security Tools You Should Know About

As an increasing number of organizations adopt cloud as the target platform for their business critical workloads, securing these workloads has become a top priority. Establishing a well-defined risk management strategy that covers the entire stack—infrastructure, the application layer, and cloud-specific security controls—is the first step in improving your company’s cyber hygiene. If you are… Continue reading 5 Azure Security Tools You Should Know About

5 GCP Security Tools You Should Know About (July 2022 update)

Whether your organization was born in the cloud or is aiming to modernize its IT landscape through cloud adoption, having a well-defined and comprehensive cloud security program is crucial. Managing security in the cloud calls for different strategies than managing security in networks or applications surfaces, and requires a paradigm shift due to the constantly… Continue reading 5 GCP Security Tools You Should Know About (July 2022 update)