Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Figure 1 shows that there are 96 packages installed in this image. We can also use Grype, also an increasingly popular tool, to analyze the SBOM generated by Syft to scan the original image for vulnerabilities. The extent of the risk of using Debian-based images is plain to see: The more packages there are, the larger the attack surface becomes. This also results in a bigger disk and bandwidth footprint, which has pushed many developers…

Read More

3 Hybrid Cloud Security Challenges & Solutions

3 Hybrid Cloud Security Challenges & Solutions

The accelerated shift to the cloud was mostly borne out of necessity due to the influx of remote workers and changing customer demands requiring more business agility. According to Forrester, 94% of US enterprise infrastructure decision makers are using at least one type of cloud deployment. While there is a push to be cloud-native, the reality is that most companies will keep their “crown jewels” or critical systems on private clouds or on-prem, while leveraging…

Read More

Metaverse Broadband Infrastructure Security

Metaverse Broadband Infrastructure Security

The term “metaverse” was originally coined by author Neal Stephenson for his 1992 cyberpunk novel Snow Crash to describe a virtual reality (VR) world. Nearly 30 years later, Facebook revitalized the term after rebranding themselves as Meta with the intent to focus research and development efforts on building the metaverse. Since the announcement, Meta has introduced Horizon Worlds; other big-name companies are working on new metaverse-friendly apps. While Gartner predicts that by 2026, people will…

Read More

Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report

Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report

According to our Trend Micro Smart Protection Network (SPN) platform, Emotet detections soared in the first six months of 2022 with 148,701 detections compared to the 13,811 detections in the first half of the previous year. Based on our telemetry, Japan was the country with the highest number of detections. Comparison of Emotet detections Year Count 1H 2021 13,811 1H 2022 148,701 Source: Trend Micro Smart Protection Network Top five countries with Emotet detections Country…

Read More

Cyber Security Managed Services 101

Cyber Security Managed Services 101

MSPs can also perform regular testing of backups and disaster recovery plans to ensure that the most effective processes, procedures, and policies are in place when an attack strikes. Lastly, they can provide ongoing cyber awareness training to address user-specific paths like phishing and poor security hygiene, if contractually obliged. Cyber insurance No longer a nice-to-have, cyber insurance is an absolute must for organizations of any size. Unfortunately, an uptick in ransomware attacks and costly…

Read More

ZTNA vs VPN: Secure Remote Work & Access – SASE Part 2

ZTNA vs VPN: Secure Remote Work & Access – SASE Part 2

ZTNA vs. VPN While VPNs served their purpose in a strictly on-prem world, the accelerated migration to the cloud has revealed its limitations and new technologies are being ushered in. Amongst those, ZTNA is largely considered the evolution of VPN remote access due to several factors: Reducing the attack surfaceVPNs extend the network fabric across multiple differently located sites, which now includes notoriously insecure home offices. This expands the organization’s attack surface by connecting secure…

Read More

4 Cybersecurity Budget Management Tips

4 Cybersecurity Budget Management Tips

It’s never an ‘easy’ day for cybersecurity teams. On one hand, they’re facing the potential concerns related to an economic downturn, especially tech start-ups. And on the other hand, organizations of every size are experiencing a significant cybersecurity skills gap paired with budget cuts despite the fact that there’s more malicious cyber activity than ever, including state-sponsored attacks on US businesses. The good news is that history shows that cybersecurity teams are very unlikely to…

Read More

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets Cloud While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows. By: David Fiser, Alfredo Oliveira August 17, 2022 Read time:  ( words) The use of environment variables is a common practice in the DevOps community as it provides easy access to configuration properties. It comes in handy…

Read More

Protecting S3 from Malware: The Cold Hard Truth

Protecting S3 from Malware: The Cold Hard Truth

Cloud object storage is a core component of any modern application. When files move through your applications, it’s critical to protect your systems and users from malicious files. Trend Micro has provided cloud-native, scalable file protection for our customers since 2020. We’re now starting to see other vendors try to catch up by bringing similar capabilities to the market, but frankly I’m underwhelmed with their offerings. I love the cloud security space because there is…

Read More

What Exposed OPA Servers Can Tell You About Your Applications

What Exposed OPA Servers Can Tell You About Your Applications

With the proper request or token, an attacker could obtain even more information about these services and look for vulnerabilities or other entry points to get into an organization’s systems. We highly recommend that companies currently leveraging OPA as their policy-as-code solution to ensure that they are not unwittingly exposing their APIs and policies online. In certain cases, companies could be using OPA without them realizing it; multiple providers for Kubernetes-managed services rely on OPA for…

Read More
1 8 9 10 11 12 19