Way back in the early days of the Internet, having an antivirus was the end-all-be-all of cybersecurity. These were admittedly wilder times but in a way, only a few bad actors had the tools and knowledge to threaten and breach corporate IT infrastructures. Times have changed and thanks to the dissemination of information and widespread accessibility to more hacking technology, cyber-attacks have become a very real and tangible menace with potentially devastating consequences.

Moving workloads to the cloud has many benefits, and one that is often overlooked is the opportunity to modernize your network. In a traditional “perimeter-based” architecture, users and devices are authenticated and authorized on a device-by-device basis when connecting remotely via VPN.

The software bill of materials, often referred to as an SBoM or BOM, has gained a tremendous amount of popularity in the past year and a half. It’s mentioned in the US White House’s 14028 Executive Order and is referenced in innumerable secure software supply chain articles. While the SBoM has been around for many years, awareness and adoption seems to be hitting an inflection point.

On May 27, 2022, an interesting Microsoft Word doc was uploaded to VirusTotal by an independent security research team called nao_sec. The Word doc contains built-in code that calls an HTML file from a remote source that in-turn executes more (malicious) code and Microsoft Defender for Endpoint misses detection. Two days later, May 29, Kevin Beaumont publishes an article describing the behavior of this Word doc, and deems this a new 0-day vulnerability in Office/Windows products.

At Tigera, we strive to innovate at every opportunity thrown at us and deliver what you need! We have listened to what users ask and today we are excited to announce the early preview of Calico Enterprise 3.14. From new capabilities to product supportability and extending partnerships with our trusted partners, let’s take a look at some of the new features in this release.

Security can certainly be a broad brush topic. As a software engineer, you design and build to the best of your ability. In delivery methodologies of years gone by, sometimes security can be viewed as an afterthought e.g running security testing last before deploying. Today with the DevSecOps movement, one more set of concerns moves left towards the developer which is now security.

This blog is the second in a four-part series about how Puppet can help government agencies meet compliance and security requirements. Read the first post here. Zero Trust is a strategy created to combat system intrusions through a “never trust, always verify” model. DevSecOps is a collaborative software development strategy that integrates development, security, and operations practices into a continuously evolving lifecycle.

Right now, much of the security world is focused on the RSA conference in San Francisco, California. The Torq team has been preparing for the event for months—and we’re thrilled that we finally get a chance to talk about Torq in person with other security professionals.

It is critical that access to any configuration changes or management actions made to monitoring platforms are logged and traceably audited. In this article, I will help you learn how to discover the auditing capabilities in IT monitoring tools. You will learn how to audit and manage the monitoring platform itself and make sure that it is being used appropriately.