Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 months

2020 has been a transitional year, ushering in broad changes in how, and where, we work. Security operations SecOps teams face more significant challenges than ever as they protect the organization in this rapidly changing environment. These teams need a flexible, cost-effective, and efficient...

Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 months

2020 has been a transitional year, ushering in broad changes in how, and where, we work. Security operations SecOps teams face more significant challenges than ever as they protect the organization in this rapidly changing environment. These teams need a flexible, cost-effective, and efficient...

IBM App Connect Enterprise Clickjacking Vulnerability

IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...

Built-in Runtime Security for Containers

Security teams struggle with visibility into behaviors inside their running containers. Qualys is today announcing general availability of Container Runtime Security CRS to provide industry-leading visibility for running containers using an approach that is container-engine agnostic and layered...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Commons Codec Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

Enter the Vault: Authentication Issues in HashiCorp Vault

Posted by Felix Wilhelm, Project Zero Introduction In this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services AWS and Google Cloud Platform GCP. These issues can lead to an authentication bypass in configurations that use the aws and gcp aut...

Rapid7 and Snyk Are on the Run(time) with Expanded SCA Capabilities

Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle SDLC. As modern development teams continue to adopt new technology that helps them accelerate their efforts, security teams are tasked with making sure they...

Top Three Demos at VMworld 2020: Security, Threat Hunting, and Beyond

VMworld 2020 Sept. 29- Oct. 1 is fast approaching. This year, and for the first time ever, VMworld will showcase a new intrinsic security track featuring 50+ sessions on the future of workspace and workload security. Attendees will have the opportunity to participate in hands-on workshops, hunt f...

Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft

Take advantage of the efficiency benefits of Cloud-native SIEM using Azure Sentinel Today, security needs are evolving faster than ever—and the importance of being agile and cost-effective has never been clearer. Security teams need to get more done, faster, with less budget. On-premises security...

How to easily protect any Kubernetes application?

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenge...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in International Components for Unicode ICU for C/C++ Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2...

How to easily protect any Kubernetes application?

The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the advantages of microservices architecture, no other product can compete with Kubernetes as a container orchestrator. Nevertheless, even the best solutions have challenge...

How to Best Secure All Your Cloud Native Environments

Hear from Ian Heritage about the security challenges surrounding weak configurations, container and serverless threats in cloud-native environments, and strategies that help you build secure and ship fast on AWS...

Building Security into Cloud Native Apps with NGINX

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give the...

Building Security into Cloud Native Apps with NGINX

Industries from hospitality to taxis/transportation and food delivery are being disrupted by new age companies like Airbnb, Uber and DoorDash that have a cloud-based software infrastructure as one of their main enablers. Why do all these new companies use cloud and what advantage does it give the...

Broad, Ongoing Cyberattacks Targeting Australia Underscore Need for Behavioral-Based Cybersecurity

On Friday the Australian Federal Government detailed sustained ‘copy-paste’ threats on government and business throughout the country. According to the Government: “‘Copy-paste compromises’ is derived from … heavy use of proof-of-concept exploit code, web shells and other tools copied almost...

Unspecified Vulnerability in Weaveworks Weave Net

Weaveworks Weave Net is a cloud-native networking toolkit from Weaveworks UK. A security vulnerability in Weaveworks Weave Net versions prior to 2.6.3 can be exploited by an attacker to reconfigure a host to redirect some or all of the host's IPv6 traffic to a container under the attacker's contr...

Bringing Intrinsic Security to Containers: VMware Acquires Octarine

UPDATE: On May 27, 2020 VMware officially closed its acquisition of Octarine. The blog post below has been amended to reflect that announcement. Today is a very exciting day for VMware and for our customers as we announce our acquisition of Octarine, whose innovative security platform for...

Bringing Intrinsic Security to Containers: VMware Acquires Octarine

UPDATE: On May 27, 2020 VMware officially closed its acquisition of Octarine. The blog post below has been amended to reflect that announcement. Today is a very exciting day for VMware and for our customers as we announce our acquisition of Octarine, whose innovative security platform for...

Third-Party Tests Rate VMware Carbon Black Cloud as a Leader in Protection, Detection; Platform Delivers 379% ROI for Customers

The biggest endpoint protection question for organizations right now is whether or not to upgrade from legacy approaches to cloud-native platforms with built-in EDR. If you boil this decision down to three key factors stronger protection, clearer visibility, and faster resolution, the choice...