Microsoft Azure Outage Caused by DDoS Attack

Microsoft Azure Outage Caused by DDoS Attack

Microsoft has confirmed the cause of the outage on July 30 was a distributed denial-of-service attack. However, its advisory added that the issue was exacerbated by an “error in the implementation of their defenses” during a mitigation attempt. The Azure cloud services were impacted between approximately 11:45 UTC and 19:43 UTC after being flooded by internet traffic. Redmond security pros say that the Azure Front Door and Azure Content Delivery Network components were “performing below…

Read More

SSL vs TLS: Which Should You Be Using?

SSL vs TLS: Which Should You Be Using?

Secure communication protocols like SSL and TLS are the modern Internet’s foundation. They form an invisible yet essential layer to protect all our online activities from ever-increasing, evolving cyber threats. This article reviews differences, use cases, and best practices for each so you can make an informed decision. What is SSL and TLS? The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols use encryption algorithms to establish a secure connection between two endpoints….

Read More

Achieving Cloud Compliance Throughout Your Migration

Achieving Cloud Compliance Throughout Your Migration

So, where do you start? Your first step should be identifying which security tool will best meet the needs of ever-changing compliance standards and will keep up with your evolving infrastructure. As we discussed in our last article, a security services platform is ideal. Here’s how it can help you with the four compliance challenges we mentioned earlier: Challenge #1: Data transfer ─ Localized protection Unlike point products, a platform can be deployed across multi-…

Read More

Benefits of Cloud Automation

Benefits of Cloud Automation

Benefits of Cloud Automation Workload Security Learn more about how cloud automation can simplify security controls, policies, and scans. By: Andrew Stevens April 18, 2023 Read time:  ( words) Related articles in the Cloud Migration series: Automation is the bedrock to innovation. It allows people to work smarter, not harder. Think of inventions like the dishwasher, laundry machines, and the robotic vacuum. All of these automate chores that are mundane, tedious, and time-consuming. You can…

Read More

How to Avoid LDAP Injection Attacks

How to Avoid LDAP Injection Attacks

Lightweight Directory Access Protocol (LDAP) injections are arguably the most dangerous type of injection attack. The data accessed via LDAP is usually valuable and confidential. LDAP is commonly used in web applications for authentication, authorization, and storing and retrieving confidential data. Users typically utilize this protocol to manage user accounts, organize groups of users within an organization, and synchronize files across multiple systems. Consequently, an attack on LDAP is an assault on the backbone of…

Read More

MLOps Security Best practices

MLOps Security Best practices

You must build, deploy, and maintain machine learning (ML) systems reliably and efficiently. You can do this using the process of MLOps, which is a combination of DevOps, data engineering, and ML techniques. MLOps provides a systematic approach to evaluating and monitoring ML models. MLOps is concerned with the lifecycle management of ML projects. This involves training, deploying, and maintaining machine learning models to ensure efficiency. Security is an essential component of all MLOps lifecycle…

Read More

Attack Vector vs Attack Surface: The Subtle Difference

Attack Vector vs Attack Surface: The Subtle Difference

Cybersecurity discussions about “attack vectors” and “attack surfaces” sometimes use these two terms interchangeably. However, their underlying concepts are actually different, and understanding these differences can provide a better understanding of security nuances, allowing you to improve your organization’s security by differentiating between these terms. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two concepts and establish a more mature security posture. Attack vector…

Read More

Dependency Mapping for DevSecOps

Dependency Mapping for DevSecOps

Dependency Mapping for DevSecOps Today, DevOps teams use a staggering array of interconnected applications and infrastructure systems to build their continuous integration and continuous deployment (CI/CD) pipelines. These components are called dependencies because they depend on each other to enhance the functionality of an application. While dependencies shorten the release cycle and simplify developers’ lives, without proper security in place, these pipelines can be exposed to critical risks. In a worst-case scenario, it can cause…

Read More

TLS Connection Cryptographic Protocol Vulnerabilities

TLS Connection Cryptographic Protocol Vulnerabilities

Why Your TLS Connection May Not be as Secure as You Think The Transport Layer Security (TLS) cryptographic protocol is the backbone of encryption on the Internet. It prevents eavesdropping, tampering, and message forgery between two communicating network endpoints. TLS secures many types of Internet communication, including web browsing, email, instant messaging, and voice over IP (VoIP). However, a misconfiguration in TLS can open the doors to multiple vulnerabilities. This blog post explores the risks…

Read More

Common Cloud-Native Security Misconfigurations & Solutions

Common Cloud-Native Security Misconfigurations & Solutions

Cloud configuration errors are a significant concern for stakeholders invested in modern DevOps processes, thanks to the quantity of cloud-native software used in production environments these days (think of microservices, as well as serverless and containerized workloads such as Kubernetes). Misconfigured cloud environments can result in everything from poor performance, to system downtime, to data breaches. Cloud-native architectures mean the introduction of new attack surfaces. Complex architectures with various network stack components can be involved…

Read More
1 2 3