Defending against security threats is a full-time job. The question is: Whose job is it? Our cybersecurity landscape is in constant flux, with more users having increased access to corporate data, assets, APIs, and other entry points into the organization.

In this blog, we will cover the various requirements you need to meet to achieve NIST 800-53 compliance, as well as how Sysdig Secure can help you continuously validate NIST 800-53 requirements for containers and Kubernetes. NIST 800-53 rev4 is deprecated since 23 September 2021 Read about the differences between versions down below →

As software applications grow in scale and complexity, the surface areas for security vulnerabilities and exploits grow with it. Modern development practices include large amounts of code reuse. First, in the form of language-specific standard libraries such as the C++ STL, the Golang standard library, and Microsoft.NET. Second, in the form of open-source libraries found on places like Github. Much of this code is built using other libraries, introducing a web of dependencies into modern software.

Internet-facing applications are some of the most targeted workloads by threat actors. Securing this type of application is a must in order to protect your network, but this task is more complex in Kubernetes than in traditional environments, and it poses some challenges. Not only are threats magnified in a Kubernetes environment, but internet-facing applications in Kubernetes are also more vulnerable than their counterparts in traditional environments.

Stop what you’re doing and make your passwords more secure! How, you ask? Read on to find out. It’s become very anecdotal when we speak about passwords for our online accounts and why these might matter. We all take this very lightly and assume that no one can guess or work out what our passwords are and thus we think no one will be able to access our most sensitive information be it online bank accounts, Amazon accounts, or your emails. We are wrong.

To release reasonably secure products, vendors must integrate software security processes throughout all stages of the software development lifecycle. That would include product architecture and design; implementation and verification; deployment and monitoring in the field; and back again to design to address the changing threat landscape, market needs, and product issues.

As you scale microservices adoption in your organization, the chances are high that you are managing multiple clusters, different environments, teams, providers, and different applications, each with its own set of requirements. As complexity increases, the question is: How do you scale policies without scaling complexity and the risk of your applications getting exposed?

Chatbots and Virtual Assistants (VAs) are becoming increasingly popular as businesses accommodate the diverse needs of the digital industry. These tools give companies, no matter how small, the ability to answer their audiences, provide assistance, and solve problems, driving traffic during off-hours and with minimal staff. As a result, chatbots are one of the most effective features you can add to your website. And yet, chatbots present a risk.

If you know someone who actually likes managing work across projects, we’d love to meet this mythical being. Because we can’t imagine who enjoys hand-sifting through digital piles of notifications, prioritizing issues, then tracking down the right developer to assign the issue to. And once you’re done with that detective work, your engineer-of-the-hour may not even have access to the right tools to resolve the issue. Who’s got time for all this org chart spelunking?

Why do APIs require authentication in the first place? Users don't always need keys for read-only APIs. However, most commercial APIs require permission via API keys or other ways. Users might make an unlimited number of API calls without needing to register if your API had no security. Allowing limitless requests would make it impossible to develop a business structure for your API. Furthermore, without authentication, it would be difficult to link requests to individual user data.