The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.
Today is day one of the RSA Security Conference in San Francisco, where thousands of security professionals from around the world come together to share new ideas, discuss global security vulnerabilities, and explore the latest technologies in the security industry.
As new technologies emerge, end-to-end application stacks continue to grow, and connected devices become more omnipresent in everyday lives, our society will only become more intrinsically connected across multiple touchpoints. It’s even estimated that in the US alone, there will be roughly 200 billion IoT devices by the end of 2020.
In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities before they reach production environments and fix them faster while the developer still has the context.
This blog post is one in an occasional series about how we at Elastic embrace our own technology. The Elastic InfoSec team is responsible for securing Elastic and responding to threats. We use our products everywhere we can — and for more than just logs. By harnessing the power and breadth of capabilities of the Elastic Stack, we are working on tracking risk and performance metrics, threat intelligence, our control framework, and control conformance information within Elastic.
This is the third and final post of a three-part series on understanding kernel extension frameworks for Mac systems. In part 1, we reviewed the existing kernel extension frameworks and the information that these frameworks can provide. In part 2 we covered techniques that could be used in kernel to gather even more details on system events. In this post, we will go into the new EndpointSecurity and SystemExtensions frameworks.
On January 31st, 2020, the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD A&S) published V1.0 of the Cybersecurity Maturity Model Certification (CMMC). The CMMC builds on DFARS both in terms of required practices and by establishing “trust, but verify” relationships with DoD contractors.