No vendor can sell you an out-of-the-box zero trust architecture, because zero trust (ZT) is more than just products or infrastructure. It’s a philosophy, a mindset, a strategy and a framework.
A zero trust approach means treating any network as compromised and assuming that threats — both external and internal...
Elon Musk lugged a sink into Twitter headquarters to announce his takeover of the social network. But it will take more than a porcelain prop for the richest person in the world to successfully surmount the cybersecurity, legal, disinformation, regulatory and other challenges facing Twitter.
The Department of Homeland Security released a set of cybersecurity practices for critical infrastructure containing basic measures such as requiring multifactor authentication and disabling AutoRun. The word "voluntary" was in heavy rotation during the Thursday rollout.
In Part 3 of a three-part video series, CyberEdBoard member Andrew Abel, a cybersecurity and zero trust consultant, and Chase Cunningham, CSO at Ericom Software, describe the operational and business benefits of creating an identity strategy.
Versa Networks has completed a pre-IPO funding round to build out a cloud security portfolio and bring zero trust functionality to campus and branch settings. The SASE vendor says the $120 million Series E round will allow the company to build or buy technology around SSPM, CSPM and CWPP.
Subhajit Deb was a 22-year-old college graduate in 1999 with a major in hospitality management. He had no idea he would have to deal with technology for work - let alone secure it. Deb now has two decades of experience in information security, business continuity, risk management and data privacy.
The problem of zero-day exploits used by advanced spyware makers such as NSO Group is an urgent problem requiring government intervention, a Google cybersecurity executive told the European Parliament committee investigating member nations' use of the Pegasus spy app.
Artificial intelligence-driven technology purporting to recognize human emotional states "may not work yet, or indeed ever," said U.K. Deputy Information Commissioner Stephen Bonner. The office predicts greater commercial use of behavioral analysis in products over the next two to three years.
Detection tools can potentially overwhelm security operation center analysts with alerts, many of which are false positives, leading to ticket fatigue and missed attacks. Splunk's Jesse Trucks shares how the latest risk-based alerting technology helps SOCs focus on the threats that really matter.
Cloud computing is experiencing accelerated growth. So is the number of remote users and the types of devices. It all adds up to a complex, expanding attack surface with increased cybersecurity risks, and adversaries are constantly thinking of new ways to attack. Now more than ever, SecOps teams need to ensure they're...
As controversy grows around the use of Facebook Pixel code and similar tracking tools that harvest sensitive health and other personal data of consumers, so does the pressure from lawmakers demanding answers from tech vendors about those data collection practices.
An inquiry into European Union countries' use of Pegasus spyware is running into national opposition, said Jeroen Lenaers, head of the investigative committee. Pegasus can invoke national security sensitivities, Lenaers acknowledged, but said the inquiry is concentrated on questions of law.
Apple has issued a slew of security updates amid reports that its iOS devices are being actively exploited via a zero-day vulnerability in the kernel. While Apple hasn't attributed the exploits to any specific group, experts say surveillance malware developers are a likely culprit.
The chief executive of alcohol delivery app Drizly is set to come under a decadelong requirement imposed by the U.S. Federal Trade Commission to ensure whatever company he oversees has an information security program. A hacker stole customer records of 2.5 million individuals from Drizly in 2020.
The U.K. Information Commissioner levied a nearly $5 million fine against Interserve Group Limited for its lack of security protections in the run-up to a 2020 ransomware attack. The firm kept employee data on servers running obsolete versions of Windows and used outdated antivirus software.