Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••

08/03/2021

Witte Huis geeft aan dat de dreiging nog steeds actueel is ondanks de patches van Microsoft.

Lees het originele artikel hier
Cyber Defense

Washington (Reuters) – Het Witte Huis heeft deze zondag het dringende advies gegeven aan netwerk beheerders om verdere stappen te nemen om te ervoor te zorgen dat hun Microsoft gebaseerde email systemen nog steeds veilig zijn. Daarbij geven ze aan dat ondanks de recente patch nog niet alle kwetsbaarheden opgelost zijn.

Zie onze cyberdefense oplossingen en hoe deze u kunnen helpen een scherp oog op uw organisatie te houden!

Naar cyberdefense
04/03/2021

AP luidt noodklok voor toename in datadiefstal

Lees het originele artikel hier
Cyber Defense

De Autoriteit Persoonsgegevens (AP) ontving in 2020 in totaal 1.173 meldingen over hacks waarbij persoonsgegevens zijn gestolen. Dat is een toename van dertig procent ten opzichte van het jaar ervoor. Daarentegen is het aantal datalekmeldingen afgenomen.

Neem contact op met onze specialisten
04/03/2021

The Impact of DevSecOps in Securing Cloud Native Apps

Lees het originele artikel hier
Software Security

DevSecOps practices enable enterprises to achieve a variety of strategic outcomes. The benefits that pertain to security in particular include: 

  • Identifying security and compliance violations earlier in app development
  • Detecting vulnerabilities and malware proactively
  • Minimizing attack surfaces and exploitable real estate
  • Integrating security into the CI/CD pipeline
  • Providing greater security assurance
  • Tracking metrics that can improve development workflows

 

The state of the art

There is no single framework for DevSecOps. Both the concept and the practice continually evolve to keep pace with the innovations occurring in cloud native app development. This is particularly significant because, as new technologies like containers and serverless become mainstream, organizations need to ensure they assess and adopt new security practices and tools to secure these deployment paradigms. Adopting a DevSecOps posture enables security teams to be proactive against a constantly evolving threat surface.

However, two concepts that help form the core of the DevSecOps process are the development of the modern CI/CD pipeline, and the push to "shift left" by integrating security early into the development pipeline.

This modern cloud native development process comprises four distinct phases: Develop, Distribute, Deploy, and Run. The next few sections show how security can be incorporated into these phases in order to achieve the outcomes outlined earlier.

 

Develop

The Develop phase has emerged as one of the most critical in this modern process. This is due to the fact that cloud native deployments are increasingly defined in all aspects by code, using artifacts such as infrastructure-as-Code (IaC) and Kubernetes or application dependency manifests. However, these new ‘as code’ technologies have exposed a number of threat and attack vectors. A Unit 42 Cloud Threat Report from 2020 found that: 

  • 42% of CloudFormation and Terraform IaC templates are insecure
  • 51% of Docker containers use insecure defaults
  • 24% of hosts contain known vulnerabilities
  • 43% of cloud databases are unencrypted 

As these technologies grow in popularity, it is imperative to inject security in the develop phase to identify security violations and address them early. The security activities to consider in this phase primarily include: 

  • IaC Scanning to detect security misconfigurations
  • SAST to identify security issues in custom code 
  • SCA to gain visibility into licensing models for 3rd party libraries
  • DAST to scan fully deployed applications

 

Please see the state of the arts SAST, DAST, IAST and SCA solutions we have to offer!

For Infrastructure as Code scanning please see: www.kics.io 

Click here to bring your devops to the next level
Load more