Operations | Monitoring | ITSM | DevOps | Cloud

The landscape of modern authentication and authorization in IT systems has evolved significantly over the years. Initially, systems relied on basic password-based mechanisms, which gradually gave way to more sophisticated methods as security demands escalated. The advent of digital certificates and biometric verification marked a significant leap, offering enhanced security.

To better protect its residents, organizations, and institutions, the European Union (EU) has strengthened its stance on cybersecurity with the introduction of NIS2 —the newly upgraded Network and Information Security Directive. This legislative framework is a response to the evolving cyber threats that show no sign of abating. In this article, we demystify NIS2 and share how it’s being used to establish a strong, unified cybersecurity framework across the EU.

CitrixBleed, or CVE-2023-4966, is now an infamous security vulnerability affecting Citrix NetScaler that allows attackers to hijack user sessions by stealing session authentication tokens. Unfortunately, it has affected many NetScaler customers including Xfinity, which lost data for 36 million customers as a result of CitrixBleed. There is no way to protect against CitrixBleed by configuring the NetScaler WAF to detect and block it.

Picture this: It’s 2 p.m. and you’re sipping on coffee, happily chugging away at your daily routine work. The security team shoots you a message saying the latest pentest or security scan found an issue that needs quick remediation. On the surface, that’s not a problem and can be considered somewhat routine, given the pace of new CVEs coming out. But what if you look at your tooling and find it lacking when you start remediating the issue?

Vigilance and awareness are critical for compliance and cybersecurity maturity. If board members are not familiar with the key indicators of success for maintaining a resilient business and meeting compliance requirements, they are not fulfilling all their responsibilities. Board members need to understand the principles of their duties to alleviate potential exposure to cyber risk and other outage causing events that could harm the organization’s revenue, and reputation.

With notable advancements in Artificial Intelligence (AI) within cybersecurity, the prospect of a fully automated Security Operations Center (SOC) driven by AI is no longer a distant notion. This paradigm shift not only promises accelerated incident response times and a limited blast radius but also transforms the perception of cybersecurity from a deterrent to that of an innovation enabler.

As John Lennon once said, another year over…and a new one just begun. As we head into 2024, it’s important to reflect on what we’ve seen and where we need to focus in the year ahead.

While companies tout the importance of user privacy, few put their money where their mouth is – or in our case, actually live and breathe the concept the way we do as a company. From how we think about our Product to the way we implement our Marketing, Sentry’s take on privacy is rooted in three key fundamentals: Don’t make me choose, think like your customer, and build for tomorrow today.