This blog is co-authored by Nur Hayat and is part two of a four-part series about DevSecOps. Earlier in this series we covered how Continuous Security Buddy (CSB) for continuous integration/continuous delivery (CI/CD) — CSB for CI/CD — provides an automation framework for holistic, continuous security based on DevSecOps principles. In this blog, let’s take a closer look at … [Read more...] about Third-Party Software Security Scanning – Cisco Blogs
security
Balancing Safety and Security During a Year of Remote Working
I have not been inside an office building for 12 months. A sentence I did not imagine writing anytime soon. Last February, everything changed. And when we pause to reflect, we have to consider that, of the many dramatic impacts to our lives, to society, and the world, in the realm of the professional, one of the most impactful changes has been the fact that many of us no longer … [Read more...] about Balancing Safety and Security During a Year of Remote Working
Simplified Security for a Successful Digital Transformation
Leveraging end-to-end threat protection to prepare for what’s now and what’s next It’s no secret that the world has changed significantly in the past year, probably forever. Even before 2020, companies were under immense pressure to go digital to keep up with increasing demands for ubiquitous connectivity. Recent events have further accelerated that need, with a dramatic … [Read more...] about Simplified Security for a Successful Digital Transformation
2021 Security Outcomes Study: Stress Relief for CISOs
We have heard countless times that, during the COVID-19 pandemic, digital transformation has advanced three years in three months. It is difficult to actually measure this, but the feeling is definitely there. Activities with questionable results in the virtual environment, such as telemedicine and distance learning, which both suffered from socio-economic biases, became an … [Read more...] about 2021 Security Outcomes Study: Stress Relief for CISOs
Are There Really “Quick Wins” for Your Security Program?
We’re always looking for the “quick wins” in security — whether it’s the magic blinky box that you drop into the right place in your network and it stops all the bad stuff (let me know if you find one of those), or the secret incantation that you can perform that doesn’t cost money but adds protection to your armor. The “one weird trick” sometimes leads to clicks; I once got … [Read more...] about Are There Really “Quick Wins” for Your Security Program?
Poor Password Security Led to Recent Water Treatment Facility Hack
New details have emerged about the remote computer intrusion at a Florida water treatment facility last Friday, highlighting a lack of adequate security measures needed to bulletproof critical infrastructure environments. The breach, which occurred last Friday, involved an unsuccessful attempt on the part of an adversary to increase sodium hydroxide dosage in the water supply … [Read more...] about Poor Password Security Led to Recent Water Treatment Facility Hack
Cisco Secure Application: A New Approach to Application Security
It’s no surprise that the events of 2020 drastically changed the IT landscape, as millions of people began working from home, accessing apps from a multitude of devices on public internet and service providers. As organizations embraced hybrid/multi-cloud technologies, vastly expanding the perimeter of IT, they also faced an unprecedented rise in malicious security threats and … [Read more...] about Cisco Secure Application: A New Approach to Application Security
A Framework for Continuous Security
This is part one of a four-part blog series about DevSecOps. Technology is at the core of business today. Maintaining the resiliency of critical data, assets, systems, and the network is mission-critical; crucial to meeting business goals. As a result, development operations (DevOps) professionals must continuously improve the overall resilience —along with the security posture … [Read more...] about A Framework for Continuous Security
3 New Severe Security Vulnerabilities Found In SolarWinds Software
Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion Platform, while a third separate weakness (CVE-2021-25276) … [Read more...] about 3 New Severe Security Vulnerabilities Found In SolarWinds Software
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security … [Read more...] about Google uncovers new iOS security feature Apple quietly added after zero-day attacks