With the continued focus in our space on the movement from MSP to MSSP, it’s crucial to remember that products alone don’t necessarily make you an MSSP. For smaller customers, although you might be able to provide a range of security solutions (like EDR and backup) and compliment these with an RMM to provide insight and control over end user devices, this is not enough to call yourself an MSSP.

Logz.io recently obtained the Amazon Web Services (AWS) Security Competency for our Cloud SIEM. We are thrilled to support the re-launch of the AWS Security Competency, as clearly the only way to combat today’s cybersecurity challenges is to modernize your analytics platform to respond to today’s evolving threat landscape.

Spot by NetApp is excited to announce that Spot Security is now generally available. Delivering continuous, automated security, Spot Security analyzes, detects, and prioritizes threats to surface the most critical risks and anomalies, while providing prioritized recommendations, guided remediation, and compliance.

GitHub is one of the most popular source control platforms available. It relies on Git concepts, and millions of developers use it. GitHub Actions embrace all aspects of what source control needs, such as branching, pull requests, feature flags, and versioning. It also integrates nicely into third-party continuous integration and continuous development (CI/CD) pipelines or deployment tools like Azure DevOps, Jenkins, GitLab, and Octopus Deploy.

Consumers expect their personal information to be safe in your hands as they use your apps, services, and stores. Even in-person retailers collect customer data for loyalty programs, shopping history, and more. In addition, regulators and auditors — and while we’re at it, let’s add investors, board members, and partners to the list of people who expect all customer data to be secure at all times.

Discovering security threats is good and well. But, in many cases, simply knowing that a threat may exist is not enough. Instead, you also need threat intelligence enrichment. Threat enrichment plays a critical role in helping to evaluate and contextualize threats, root out false positives and gain the insights necessary to mitigate risks as efficiently and quickly as possible.

The Software Development Lifecycle (SDLC) framework defines the entire process required to plan, design, build, release, maintain and update software applications, including the final stages of replacing and decommissioning an application when needed. A Secure SDLC (SSDC) builds on this process, integrating security at all stages of the lifecycle. When migrating to DevSecOps (collaboration between Development, Security, and Operations teams), teams typically implement an SSDLC.

While working on the integration of CFEngine Build into Mission Portal we came to the point where we needed to start executing separate tools from our recently added daemon - cf-reactor. Although it may seem like nothing special, knowing a bit about the process creation and program execution specifics (and having to fight some really hard to solve bugs in the past) we spent a lot of time and effort on this step.

For just about any organization, there’s a balance that has to be struck between absolute security and absolute convenience. Seemingly, every new innovation that increases convenience also introduces new risks. On the other hand, every safeguard instituted can also create complexity, delays, or in some other way diminish the user experience. Either way, businesses are exposed, whether to the catastrophic consequences of breaches, or of an erosion of user productivity and customer retention.

According to the 2021 Cost of Data Breach report, the average attack “dwell time”—the period between an attacker’s breach of an organization’s network and the point at which the organization finds out about it—is 287 days. During this time, the attacker can stealthily look to gather valuable information to steal or compromise data, incurring huge costs for affected companies.