Security Boulevard

Newark, New Jersey, United States, 16th September 2025, CyberNewsWire

The post 3 Weeks Left Until the Start of the OpenSSL Conference 2025 appeared first on Security Boulevard.

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow

The post Shai-Hulud: A Persistent Secret Leaking Campaign appeared first on Security Boulevard.

CrowdStrike at its Fal.Con event today expanded its effort to embed artificial intelligence (AI) agents into security operations center (SOC) workflows and while simultaneously extending its ability to secure AI applications by acquiring Pangea for $260 million. Additionally, CrowdStrike also revealed the Fall 2025 update to its core platform adds a graph capability to track..

The post CrowdStrike Extends AI Security Ambitions Beyond Operations to Include Workloads appeared first on Security Boulevard.

JLR vs. SLH: Jaguar Land Rover woes worse than previously thought.

The post Jaguar Land Rover Admits to Longer Shutdown as Childish Hackers Troll Carmaker appeared first on Security Boulevard.

Artificial Intelligence (AI) and Machine Learning (ML) continue to reshape software development at an unprecedented pace. Platforms like Hugging Face make millions of pre-trained models easily accessible, enabling faster innovation and powerful new applications.

The post Managing AI Risks in the Modern Software Supply Chain appeared first on Security Boulevard.

Creators, Authors and Presenters: d3dbot, DDoS Community

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

The post DEF CON 33: DDOS Community appeared first on Security Boulevard.

An Internal Developer Platform (IDP) is a foundational concept in modern software engineering. It acts as a bridge between developers and the underlying infrastructure, tools, and processes needed to build, deploy, and manage software efficiently.

The post What is an Internal Developer Platform (IDP)? appeared first on Security Boulevard.

Discover how passwordless authentication protects patient data, boosts compliance, and streamlines workflows in modern healthcare systems.

The post Passwordless Authentication in Healthcare: Protecting Patient Data appeared first on Security Boulevard.

Google’s search engine results pages now require JavaScript, effectively “hiding” the listings from organic rank trackers, artificial intelligence models, and o

The post The Impact of Google’s JavaScript SERPs and AI Search on eCommerce Businesses appeared first on Security Boulevard.

Improve Your Cyber Resilience with Data Security Platformization
madhav
Tue, 09/16/2025 - 05:14

Data Security

Lynne Murray | Director of Product Marketing for Data Security
More About This Author >

Today’s organizations are drowning in the growth of many different cybersecurity tools—an unintended consequence of trying to keep up with an evolving threat landscape. Security tool sprawl has become the norm, when separate tools for each type of security task are cobbled together over time in an attempt to defend expanding networks. But now, could this fragmented approach be doing more harm than good?

According to a recent study conducted by IBM Institute of Business Value, organizations juggle an average of 83 different security solutions from 29 vendors. It’s unnecessary convolution and risk. More tools equal more threats; every integration is a potential point of entry for bad actors.

Source: IBM Institute of Business Value

A patchwork of disconnected point solutions creates dangerous vulnerabilities—many of them complete blind spots. In these environments, it’s not a matter of “if” a cyber event will happen, but "when." This creates a ripe environment for bad actors and Gen AI attacks to leapfrog existing defense systems.

What Does this Mean for Data-centric Security?

For these reasons, Omdia’s 2024 Decision Maker Survey shows that 82% of respondents changed their overall approach to data security in the past 12 months. Omdia’s research reveals that these changes involve addressing siloed tools and vendor consolidation.

Organizations using different tools throughout the organization to detect and contain threats are much less effective due to:

• Longer detection and response times
• Increased costs and operational strain
• Inconsistent policies and enforcement
• Greater potential for error and misconfiguration
• Poor audit and compliance readiness

As attacks grow faster and more sophisticated, relying on siloed, overlapping tools only increases risk. The operational burden is skyrocketing for organizations managing dozens of disparate interfaces, alerts, and reports.

Data Security Platformization: A Smarter Strategy

“Organizations are recognizing that relying exclusively on native cloud-based or legacy on-premises data protection systems, which are often siloed and lack the integration needed for rapid workflow processing is inadequate for defending against today’s advanced threat landscape,” according to Adam Strange, Principal Analyst, Omdia Research.

Instead, organizations can resolve the risk associated with tool sprawl with a data security platform. By consolidating fragmented tools into a single, unified ecosystem, a data security platform simplifies operations, strengthens protection, and improves visibility.

Per the Omdia report, the top reasons for moving towards a data security platform are:

• The need for scalability and flexibility (43%)
• Improvements in the total cost of ownership (40%)
• Better-centralized management (40%)
• The need to reduce complexity (37%)

Simplify, Clarify, and Strengthen

Fundamentally, security tool sprawl creates complexity, making it difficult to integrate and manage a multitude of tools effectively. In turn, this hinders cyber threat detection and mitigation, weakening an organization’s defenses.

In contrast, data security platformization embodies a “less is more” approach, establishing a streamlined, efficient platform using fewer components and providing centralized management and unified visibility across different attack vectors.

In data security, simplicity provides clarity. By reducing complexity, a data security platform creates a more defensible and more resilient cyber posture.

Easing the Security Talent Crunch

Complexity also impacts security teams. The gap in the global cybersecurity workforce is massive and growing, estimated in 2024 at 4 million professionals and increasing 19% year-over-year. Security tool sprawl increases the strain on these resources.

While executives are looking at specific spending areas of cybersecurity, Omdia’s research shows data security as one of the leading areas for investment in 2025. 73% of executives are expecting an estimated 15% increase in available budgets to fund new projects, a large proportion of which will be involving larger-scale platforms or integrated, multi-functional propositions.

A data security platform provides much-needed relief to overburdened security personnel who are in short supply, requiring fewer resources and less time for security operations and compliance controls.

Built for Scale: Flexibility and Agility

The data security landscape is constantly evolving, mandating a robust, future-forward solution. As such, the need for scalability and flexibility is the top reason for organizations’ adopting a data security platform.

Data protection must be scalable and future-ready, and fragmented controls cannot meet the needs of modern, hybrid infrastructure. An estimated 94% of all companies worldwide use cloud computing in their operations, making hybrid infrastructures the new and pervasive reality.

Omdia considers a data security platform critical to gaining visibility and control over data security, particularly in cloud environments. Control capabilities must be unified and strengthened for flexibility, scalability, and agility, seamlessly extending across on-premises and cloud environments.

Consistent Policies and Compliance

Data security platforms also help resources and organizations by unifying protection policies and enforcement across dissimilar controls. As such, platforms safeguard against errors and misconfiguration, making them a critical requirement for effective risk mitigation.

The 2025 Thales Data Threat Report found that policies and compliance matter greatly. A majority, 78%, of enterprises that failed audits had a breach history, versus just 21% of those that passed compliance.

Additionally, data security platforms serve organizations using hundreds of data stores and cloud repositories to reduce data breaches, data risks, and compliance incidents.

Why Data Security Platformization is a Strategic Imperative

Data security platforms secure data end-to-end across both on-premises and cloud-based data repositories. In data security, there is little room for error, misalignment, and misconfiguration--characteristics inherent in disparate security tools. A unified data security platform offers comprehensive insights into the “who, what, when, where, how, and should” aspects of data security, closing gaps that attackers exploit.

A data security platform combines critical functions such as data discovery and classification, policy definition and enforcement, key management, encryption, and tokenization and masking. This enables the aggregation of data protection requirements of an organization into a single solution and addresses gaps in both traditional data security approaches left by perimeter security and native data security approaches.

Future data protection lies in platformization, and real-world use cases consistently demonstrate its significant advantage over the prevalent alternative, security tool sprawl. It’s time. Organizations must adopt a unified, consistent, and wider-reaching approach to data security, ultimately enhancing organizational well-being.

Related Resources

Read the white paper: Future Proofing Your Data Security

Get your copy: Thales 2025 Data Threat Report

Learn more about: Thales Data Security Platform

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/data-security/data-security-platformization-cyber-resilience"
},
"headline": "Strengthen Cyber Resilience with Data Security Platformization",
"description": "Learn how data security platformization reduces tool sprawl, strengthens cyber defenses, simplifies compliance, and builds resilience across hybrid environments.",
"image": "",
"author": {
"@type": "Person",
"name": "Lynne Murray",
"url": "https://cpl.thalesgroup.com/blog/author/lmurray"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-09-15",
"dateModified": "2025-09-15"
} studio THALES BLOG Improve Your Cyber Resilience with Data Security Platformization

How platformization transforms fragmented security tools into a strategic strength

The post Improve Your Cyber Resilience with Data Security Platformization appeared first on Security Boulevard.

In conversations about operating system security, “compliance” tends to dominate. But for those of us responsible for keeping infrastructure secure—whether facing STIG implementations, CIS benchmark requirements, or FedRAMP assessments—we know the truth: compliance is the baseline, not the goal. Throughout my career, I have been involved in the security space—serving on governing boards for OSS..

The post Why Security-Minded Teams Are Turning to Hardened Linux Distributions appeared first on Security Boulevard.

Are You Leveraging the Power of Enhanced NHIDR in Your Operations? You are undoubtedly aware of the critical role that advanced data protection methodologies play in fortifying our digital operations. But have you harnessed the full potential of Enhanced Non-Human Identity Discovery and Remediation (NHIDR) in your operations? It’s easy to overlook the importance of […]

The post Empower Your Operations with Enhanced NHIDR appeared first on Entro.

The post Empower Your Operations with Enhanced NHIDR appeared first on Security Boulevard.

Are Cost-Effective NHI Solutions a Reality? Cybersecurity constantly presents new challenges, particularly to organizations operating in a cloud environment. With companies grapple with managing Non-Human Identities (NHIs) and their associated secrets, the cost implication remains a significant concern. It begs the question: are there cost-effective NHI solutions that can realistically fit into various budget restrictions? […]

The post Cost-Effective NHI Solutions That Fit Your Budget appeared first on Entro.

The post Cost-Effective NHI Solutions That Fit Your Budget appeared first on Security Boulevard.

Let’s tackle the age old question: can new technology fix broken or missing processes?

And then let’s add: does AI and AI agents change the answer you would give?

Gemini illustration based on this blog

This is the question which I recently debated with some friends, with a few AIs and with myself. The context was of course within cybersecurity, but I suspect some lessons apply more broadly.

Starting point: given all my experience in information security first and then cybersecurity (ha!), my default answer is “NO, technology cannot fix process failures.” It is my “head” answer (observation based on past data) but it also matches my “gut” answer (intuition based on my “lived” experiences).

But is this a correct answer in 2025?

Let’s have a debate.

Position: No New Technology Can Ever Fix a Broken/Missing Process

Technology implements a process; it is always the servant to the process as a leader. This may not be factually true, but reality largely behaves like that.

People who automated a bad process ended up with a bad, automated process rather than an improvement. Sometimes they ended in a worse place. The tool faithfully and beautifully executes the underlying brokenness.

If your incident response process is a chaotic mess, buying a SOAR platform will just help you execute your chaotic mess at machine speed. You’ll send the wrong alerts to the wrong people, isolate the wrong machines, and create tickets in the wrong systems — all with breathtaking efficiency. The technology faithfully automates the underlying broken logic.

Many people who bought tools that support your implementation of a process without having said process ended up with tools sitting on the shelf (SIEM, SOAR, IT GRC, CSPM, etc).

Some tools are designed to optimize a process and make it run faster, such as IT GRC for risk management. These tools largely do nothing if there is nothing to speed up or optimize.

People who purchased tools for which they were not ready in terms of process maturity — for example, tools that support threat hunting when they are barely logging — have found the tools unused and not delivering value (example).

Also, a broken process is rarely a technical problem. It’s a people, culture, and political problem. It’s about siloed teams that don’t communicate, a lack of accountability, and a culture of “that’s not my job.” No GRC platform, no matter how slick, can fix a business unit that refuses to own its security risks. Technology does not solve human problems. A broken process is often a symptom of a dysfunctional culture. The tool becomes a digital monument to a human-centric failure (good one, Gemini!).

Sometimes a tool is purchased to improve the process, but the old process wins: the most common outcome of a new technology purchase is not process transformation, but forcing the new tool to mimic the old, broken workflow. For example, buying a cutting-edge SIEM with AI and then using it for basic log searches and daily PDF reports, just like the old log management tool it replaced. “Process is gravity” strikes again!

Cherry on top: when the new tool — shackled by a broken process and a toxic culture — fails to deliver miracles, the organization blames … the tool (“The SIEM is generating too many false positives!”).

Position: New Technology May Improve a Broken Process or Replace a Missing Process

There are definite examples where a manual process and a tool-supported process are dramatically different. You can say that the manual process was impossible, but tools enabled a new process. This is a reality.

You simply cannot implement certain modern technologies without changing your process. For example, trying to secure a CI/CD pipeline with a Change Advisory Board that meets once a month is laughably impossible. Adopting DevSecOps tools forces you to embed security checks directly into the pipeline, thus shattering the old, slow process.

Perhaps technology can create a new operational reality, and the process has no choice but to adapt or be completely bypassed and ignored? The old way becomes untenable.

Outdated processes often survive because their brokenness is hidden. A new, superior technology can shine a harsh light on the inefficiencies. When a CSPM tool shows you have thousands of critical misconfigurations that your manual audit process missed for years, it provides the undeniable evidence — and political capital — needed to kill the old process and build a better, automated one (but humans change the process in this example, not the tools…)

There’s another case where tools shortcut the steps of a process, for example, where you have to do five things manually, and now you can do two and the tool does the rest. The tool essentially transforms a process.

A great process might be too complex for a junior analyst to follow. A new technology, like a well-designed SOAR platform with good playbooks (or AI SOC with dynamic ones), can encapsulate that best-practice process. The technology becomes the vessel for the best-practice process, transforming excellence from an artisanal craft into a reliable, industrialized output (thanks again, Gemini!)

A good example is again security in CI/CD pipelines. Sometimes there is an elaborate process to achieve outcome X, but a dramatically improved tool can just give you X right away without the need for a process. In this sense, the tool replaces the process. So?

Conclusion

Upon reviewing the arguments, I am still voting “no” on whether technology can fix a broken/missing process. Ultimately, the process emerges victorious. Let me be clear: this is often a tragic, Pyrrhic victory, but it’s a victory nonetheless.

Process is gravity. Technology is an engine trying to achieve escape velocity. While a powerful engine can break free, gravity is relentless, constant, and it never gets tired. The moment the engine sputters — the project champion leaves, the budget gets cut, attention shifts to the next crisis — gravity pulls the shiny new technology right back down into the orbit of the old, comfortable way of doing things.

Also inertia is the strongest force at many (most?) large organizations: An organization at rest will stay at rest. A broken process, for all its flaws, is a known quantity. People have built their habits, their little silos or vast empires, and their workarounds on top of it. A new tool requires effort, learning, and changing behavior. In a fight between “doing something new” and “doing what I did yesterday,” the latter wins and wins often.

The Role of AI and AI Agents

The new question now is whether AI, and specifically AI agents, can put its “mechanical finger on the scale” and change the balance toward tools delivering the process.

I think the answer here is really interesting. For the impatient ones: In theory, agents can replace a process because you can ask an agent to plan a process, execute it, and then stick to it.

In theory.

What is real here? Do AI agents and agentic AI fundamentally change this balance, strengthening the “YES” side? Do they strengthen it enough for it to actually happen? In a battle of agentic AI vs organizational inertia, who wins?

So, while a traditional tool automates a task within a human-defined process, an AI agent can — in theory — create, refine and then automate the entire process, including the reasoning and decision-making. This is the crucial difference. An agent doesn’t just follow the old path; its entire purpose is to analyze the terrain and find the absolute fastest way to the destination, even if that means blazing a new trail.

“Automating Stupidity” risk — in theory — decreases as the AI can check for these risks and include them in process design: A simple script will automate a bad process without question. An AI agent, however, can be designed to reason about its goal. If you give it a goal that seems illogical or counterproductive based on its training, it can flag it or ask for clarification. The risk shifts from automating a bad process to the agent learning the wrong lessons or having a badly defined goal.

“Paving the Cow Path” risk almost disappears: An AI agent is often designed for optimization. Forcing it to follow a clunky, inefficient, human-centric workflow is like trying to make a self-driving car obey the whims of a backseat driver who only trusts backroads. The agent will constantly try to find and use the most efficient path, which is almost always through an API, not a series of manual approvals.

However, 2 new risks stand in the way of answering “YES, with AI agents, a technology CAN fix broken and non-existing process”

1. Capability — whatever we say above is theory, will it work in a (messy, legacy-infested) real world?
2. Trust — assuming the above happens (it does work!), will people trust it?

While AI agents have — in theory — the raw power to obliterate old processes and build-then-automate the new ones, they may mess up given wrong and incomplete data (common in “layered cake” legacy environments) and they introduce a new, far more potent, human-centric obstacle: trust.

Anyhow, ask me again in 2 years?

Vaguely related blogs:

• “Get an Untrusted Security Advisor! Have Fun, Reduce Fail!”

The post The Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It? appeared first on Security Boulevard.

Creators, Authors and Presenters: d3dbot, Ch0wn35

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Ch0wn35 appeared first on Security Boulevard.

Explore 20 essential developer tools for coding, collaboration, and project management in 2025. Find practical solutions to elevate your workflow and boost success.

The post 20 Most Popular Developer Tools in 2025 appeared first on Security Boulevard.

The bad actors behind the Scattered Lapsus$ Hunters threat group say they are shutting down operations and retiring, but cybersecurity pros say law enforcement pressure is a key reason for the decision and that the hackers will likely form new cybercrime operations.

The post Threat Group Scattered Lapsus$ Hunters Says It’s Shutting Down appeared first on Security Boulevard.

🚀 Developers: Boost user signups by 90% with Google One Tap Login! This complete 2025 guide covers implementation, security considerations, and 5 powerful alternatives including WebAuthn passkeys. Real code examples + decision framework included. Perfect for B2B SaaS and modern web apps.

The post The Complete Guide to Google One Tap Login: Everything Developers Need to Know appeared first on Security Boulevard.

Creators, Authors and Presenters: Silk

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: DEFCON AIxCC Lacrosse Team appeared first on Security Boulevard.

At DjangoCon US 2025, speakers emphasized seasoned tech over hype, featuring secure GitOps workflows, simpler frontend alternatives, and sustainable open-source models.

The post DjangoCon US 2025: Security, Simplicity, and Community appeared first on Security Boulevard.