Security Boulevard

Xi whiz: Versa Networks criticized for swerving the blame.

The post China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target appeared first on Security Boulevard.

The CISO Global Pen Testing Team Earlier this month, a group of our intrepid pen testers from our Readiness & Resilience team at CISO Global ventured into the heart of the hacking world at DEFCON 32 in Las Vegas. This annual pilgrimage to the mecca of cybersecurity (and more importantly, hacking) is more than just […]

The post Badge Life: The CISO Team Takes on DEF CON appeared first on CISO Global.

The post Badge Life: The CISO Team Takes on DEF CON appeared first on Security Boulevard.

As we continue our Summer School blog series, let's focus on a vital aspect of modern application security: the relationship between API posture governance, API security, and the constantly changing regulatory compliance landscape.

In today's interconnected world, where APIs are crucial for digital interactions, organizations are challenged with securing their APIs while complying with complex regulations designed to protect sensitive data and critical infrastructure.

The Rise of API-Centric Regulations

Industries in healthcare, finance, retail, and manufacturing are experiencing a significant increase in regulations that directly affect the management and security of APIs. Non-compliance with these regulations can result in severe penalties, highlighting the importance of implementing strong API governance and security measures:

• HIPAA: The Health Insurance Portability and Accountability Act mandates stringent safeguards for Protected Health Information (PHI), encompassing PHI's secure transmission and storage via APIs. Any unauthorized access or breach of PHI through APIs could result in substantial fines and reputational damage, underscoring the necessity for strong API posture governance and security measures to ensure compliance.
• GDPR: The General Data Protection Regulation imposes strict requirements for the handling of personal data, including data accessed or transmitted through APIs. Organizations face hefty fines for non-compliance, highlighting the importance of API posture governance to maintain a clear inventory of APIs handling personal data and ensure robust security controls are in place to protect it.
• PCI DSS: The Payment Card Industry Data Security Standard sets forth comprehensive security controls for protecting cardholder data, extending to APIs that process or store such data. Any compromise of cardholder data can lead to financial losses, legal repercussions, and brand damage. API posture governance and security are vital in ensuring compliance with PCI DSS and safeguarding sensitive payment information.

The Crucial Role of API Posture Governance

API posture governance enables organizations to set and uphold consistent security policies throughout their entire API ecosystem. This proactive approach guarantees that APIs comply with regulatory mandates, industry best practices, and internal security standards. Key benefits of API posture governance include:

• Enhanced Visibility: Gain a comprehensive understanding of all APIs, their endpoints, and associated vulnerabilities.
• Risk Mitigation: Identify and address potential security risks before they lead to breaches or regulatory non-compliance.
• Streamlined Compliance: Automate the enforcement of security policies to facilitate compliance with relevant regulations.

API Security: The Cornerstone of Compliance

Robust API security is essential for safeguarding sensitive data and mitigating the risk of unauthorized access, data leaks, and cyberattacks. Critical components of API security include:

• Authentication and Authorization: Implement robust mechanisms to verify the identity of API endpoints and control their access to specific resources.
• Data Encryption: Protect data in transit and at rest using strong encryption algorithms.
• Threat Detection and Response: Deploy advanced security solutions to detect and respond to potential threats in real time.

Conclusion

In today's highly regulated digital environment, it's crucial for organizations to prioritize robust API governance and security. These practices are essential for safeguarding sensitive data, maintaining customer trust, and ensuring overall business resilience. At Salt Security, as a leading API security provider, we offer a comprehensive AI-infused platform that addresses API governance and security requirements. With advanced features such as panoramic discovery, full lifecycle governance, and AI-powered threat defense, Salt equips organizations to confidently navigate regulatory requirements and strengthen their defenses against evolving threats.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Mastering API Compliance in a Regulated World appeared first on Security Boulevard.

Reading Time: 4 min Discover how automation has revolutionized email security. Learn about the benefits of AI, threat intelligence, and tools like PowerDMARC in safeguarding your inbox from phishing, spam, and malware.

The post The Role of Automation in Protecting Email Systems appeared first on Security Boulevard.

Discover the key differences between SOC 2 and SAS 70, and learn why SOC 2 is the modern standard for ensuring data security and compliance.

The post SOC 2 vs. SAS 70: A Comprehensive Comparison appeared first on Scytale.

The post SOC 2 vs. SAS 70: A Comprehensive Comparison appeared first on Security Boulevard.

Welcome to our deep dive into the world of Kubernetes, where we share some of the top lessons our site reliability engineers (SREs) have learned from years of managing this complex yet essential cloud-native technology. During a recent Kubernetes Clinic webinar, SRE Brian Bensky joined me, and we talked through our extensive experience managing K8s for clients, helping clients go beyond just running clusters to using Kubernetes as a platform that enables you to run applications successfully. Let’s walk through these lessons learned to help anyone navigating Kubernetes.

The post Top 10 Lessons Learned from Managing Kubernetes from the Trenches appeared first on Security Boulevard.

The recent standardization of first three post-quantum cryptography (PQC) encryption and digital signature algorithms by the U.S. National Institute of Standards and Technology (NIST) has officially kicked off the race to PQC readiness. In its PQC press release, NIST cites predictions that within the next decade, a cryptographically-relevant quantum computer (CRQC) capable of running Shor’s […]

The post Quantum Computing and the Risk to Classical Cryptography appeared first on Security Boulevard.

Azul announced Java Hero Awards for 17 organizations and individuals who have achieved innovative world-class results with Java.

The post We Celebrate Our Customers’ Successes with Java appeared first on Azul | Better Java Performance, Superior Java Support.

The post We Celebrate Our Customers’ Successes with Java appeared first on Security Boulevard.

The Oregon Zoo's recent data breach serves as a stark reminder of the urgent need for robust cybersecurity measures in today's digital landscape. With over 117,000 payment card details potentially compromised, this incident underscores the vulnerabilities that organizations face when it comes to eSkimming (client-side) attacks and PCI DSS compliance.

The post Oregon Zoo Data Breach Exposes Payment Card Information appeared first on Source Defense.

The post Oregon Zoo Data Breach Exposes Payment Card Information appeared first on Security Boulevard.

Broadcom today at the VMware Explore 2024 conference extended its VMware vDefend portfolio to include generative artificial intelligence (AI) capabilities in addition to extending its software-defined edge computing portfolio to provide deeper integrations with networking and security platforms that its VMware business unit provides.

The post Broadcom Extends VMware Cybersecurity Portfolio appeared first on Security Boulevard.

  Applications are typically tested and guaranteed to function on specific Linux distributions, but may work on others as well. Kernel versions, libraries, and system calls are key factors affecting binary compatibility between distributions. Differences in the operating system’s ABI (Application Binary Interface) are also a frequent source of compatibility problems. Binary compatibility is an […]

The post What is binary compatibility, and what does it mean for Linux distributions? appeared first on TuxCare.

The post What is binary compatibility, and what does it mean for Linux distributions? appeared first on Security Boulevard.

As a part of the Microsoft security update, the tech giant had released several fixes to address 90 critical security flaws. Reports claim that 10 of them have zero day vulnerabilities and 6 out of these 10 have fallen prey to threat actor attempts for exploitation. In this article, we’ll cover these fixes and the […]

The post Microsoft Security Update: 90 Critical Vulnerabilities Fixed appeared first on TuxCare.

The post Microsoft Security Update: 90 Critical Vulnerabilities Fixed appeared first on Security Boulevard.

Choosing the correct cybersecurity service provider is critical for any business in today’s digital world. Rather than selecting a vendor, due diligence is required to secure your data, systems, and networks. To help you make your choice, here are the top 7 questions to ask cybersecurity service providers: 1. What is your experience in handling […]

The post Top 7 Questions to Ask Cybersecurity Service Providers first appeared on StrongBox IT.

The post Top 7 Questions to Ask Cybersecurity Service Providers appeared first on Security Boulevard.

In a recent conversation with Evan Kirstel on the What’s Up with Tech? podcast, Axio CEO Scott Kannry discussed the intersection of cybersecurity and risk management, highlighting the unique approach

Read More

The post Scott Kannry on the What’s Up with Tech? Podcast appeared first on Axio.

The post Scott Kannry on the What’s Up with Tech? Podcast appeared first on Security Boulevard.

Somebody asked me this profound question that (a) I feel needs an answer and that (b) I’ve never answered in the past:

If you run a SOC (or an equivalent D&R team), what things should you require (demand, request, ask, beg … depending on the balance of corporate power) of other teams? Dall-E via Copilot image gen, steampunk

Think of this not as SOC FAQs, but SOC FMDs — Frequently Made Demands…

To frame this a but, this is not about executive sponsorship (you should always “request” executive support, otherwise some efforts are not even worth starting, frankly), or other SOC success “pre-requisites.” This is about the key ongoing “asks” SOC makes of other teams and departments so that it has a chance of being successful with its mission over time.

So when asked this question, my ex-analyst mind went and produced a 3 pillar framework:

1. Assets information
2. Useful signals delivery
3. Triage partnership

Let’s review these three.

Assets Information

If a SOC is tasked with detection and response, they better know the lay of the land that they are defending. “Defender’s Advantage” and all that. If you don’t know the terrain better than the attacker, you already lost.

There is of course a lot of nuance to it, but at some basic level, there should be a way for a team deploying anything to report this to SOC for coverage, and for a SOC to ask a team for their list of assets to be monitored for threats. Assets here may mean servers (hey, the 1990s are NOT reality over, joking aside), cloud assets, SaaS services, applications, etc (it would also be handy for ZT efforts).

Summary: if your mission is to protect assets, ask for the list of assets (sorry, this came out very Capt Obvious, but this is in fact missed in some cases)

Useful Signals Delivery

You should ask for logs! Duh, is that you, Captain Obvious, again? Well, you should ask for specific logs relevant to your mission, you should ask for compliance with a sensible logging policy, and to cover custom applications, you should ask for compliance with a sensible (this means: short!) log standard.

Don’t just ask for “logs”, ask for logs and other telemetry you can use given the tools, process and people you have. Ask for relevant context data too. If you need EDR deployed, ask. If you need to sniff traffic because EDR cannot go there, ask for NDR.

If you need logging enabled, ask for types you need (logging policy, short and sweet). If you need them delivered, ask for access to supported log pipelines or mechanisms. If they need to develop logs for custom applications, offer a log standard, then ask for compliance with it (log standard must be short and thus implementable by unmotivated developers…)

Don’t fall victim to “application is deployed, app owner never provides logs, app owner assumes that SOC will detect any threat” syndrome (this is real, please don’t laugh!). If you cannot get the logs, ask for Plan B (you do have a Plan B?).

Basic Plan B examples may include: I really want EDR here, but I can’t have it; I can then ask for logs + NDR to mitigate the visibility gap. Another: I really want logs from this application, but can’t have it. I can get OS logs, would it help? Yes, but only if I get these events, and also get logs from another system that this one connects to.

Triage Partnership

You have assets, you have signals … what do you do with all this? Well, to be very fair to many solid SOC teams, sometimes the answer is “not a whole lot” or “who the hell knows.” Unless… unless the team that runs the system (IT, DevOps, etc) and/or the team that owns the system (business, etc) helps figure out what the thing is saying via those logs.

This means you do need to ask for alert triage help. Yes, I know, I know: many SOCs are not used to this, and prefer to ad hoc it for those “rare” cases where they need help. My favorite example where ad hoc does NOT work well is DLP alerts. Back in my analyst days, there was a lively debate among the analysts covering DLP about who should own DLP, security or business (!). In that vision, even if security owns DLP, business has to play an equal role otherwise “X emailed Y about Z” and “X uploaded Y to Z” alerts destroy the SOC due to its lack of capability to understand whether this is apocalyptic, merely bad, or perfectly normal, just rare.

Distributed alert response is a thing at some elite D&R teams (famous example, more current example). But even if SOC owns triage, it needs to ask for help. This is needed even more for data related alerts (What is this data and how valuable is it? Can it go out that way?) and application security alerts (What is the app threat model? Can the app do that? Should it?). As a side note, there is probably another blog here about how to plan appsec to D&R collaboration…

Anything BIG I missed? Anything else you as a SOC leader demanded from other units and departments?

Related blogs:

• Baby ASO: A Minimal Viable Transformation for Your SOC
• Learn Modern SOC and D&R Practices Using Autonomic Security Operations (ASO) Principles
• EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution
• EP180 SOC Crossroads: Optimization vs Transformation — Two Paths for Security Operations Center
• EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond!

Not a SOC FAQ! This is SOC FMD! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Not a SOC FAQ! This is SOC FMD! appeared first on Security Boulevard.

Frances Haugen, who famously blew the whistle on Facebook and its susceptibility to manipulation, has renewed concerns over the social-networking company. This time, she’s laser-focused on misinformation during the 2024 presidential election. “We are in a new, very nebulous era where we need to think more holistically and creatively” in defending cyberdefenses, Haugen said in..

The post Facebook Whistleblower Fears Election Abuse appeared first on Security Boulevard.

According to "Voice of a Threat Hunter 2024" Security teams need to keep evolving their strategies to protect their organizations against...

The post How Security Teams are Strengthening Their Threat Hunting appeared first on Security Boulevard.

New and updated coverage for Windows Downdate Attacks, Quick Share Vulnerability Exploit, MagicRAT, and More

The post Windows Downdate Attacks, Quick Share Vulnerability Exploit, and More: Hacker’s Playbook Threat Coverage Round-up: August 2024 appeared first on SafeBreach.

The post Windows Downdate Attacks, Quick Share Vulnerability Exploit, and More: Hacker’s Playbook Threat Coverage Round-up: August 2024 appeared first on Security Boulevard.

Authors/Presenters:Qingkai Shi, Xiangzhe Xu, Xiangyu Zhang

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Extracting Protocol Format As State Machine Via Controlled Static Loop Analysis appeared first on Security Boulevard.

The post How fernao magellan Customized 140 Automation Use Cases appeared first on AI-enhanced Security Automation.

The post How fernao magellan Customized 140 Automation Use Cases appeared first on Security Boulevard.