Stop Certificate Outages from Increasing in Frequency and Severity brooke.crothers Mon, 08/15/2022 - 16:40 6 views Machine identity management was a mess This company had experienced 27 P1 outages in the year before they deployed Venafi as a Service. That was a 100% increase from the previous one. One of ... Read More

Applying Identity to DevSecOps Processes brooke.crothers Thu, 08/11/2022 - 12:11 5 views Identity Means Secrets You prove identity by validating credentials; secrets are the digital credentials used for that purpose. With the proper validation, you can authenticate a user (human or machine) and authorize them to access privileged services, accounts, ... Read More

Traditional Security Won’t Cut It for Secure Cloud-Native Applications: Here’s Why brooke.crothers Wed, 08/10/2022 - 16:43 9 views The risks of securing cloud-native with traditional security measures Traditional security methods such as firewalls, VPNs, and other perimeter-bound approaches were built for monolithic architectures and have not scaled well with virtualization ... Read More

Study Shows Widespread Abuse of Code Signing Certificates brooke.crothers Thu, 08/04/2022 - 09:43 12 views Malware increasingly mimicking legitimate software A study by VirusTotal, a public malware-scanning service owned by Chronicle, the security services arm of Google Cloud, has released a study that shows the extent to which abuse of ... Read More

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat brooke.crothers Wed, 08/03/2022 - 10:48 17 views Key Findings: CloudSEK* researchers said key findings include: Discovered 3,207 apps were leaking valid consumer key and consumer secret information 230 apps were leaking all four 0Auth authentication credentials and could ... Read More

How to Stop Outages in Your Kubernetes Clusters [Case Study] brooke.crothers Mon, 08/01/2022 - 12:00 8 views InfoSec vs platform development teams First you might discover—unsurprisingly—a lack of synchronicity between your InfoSec and platform development teams. The latter group may have assumed that the machine identity management tools used for ... Read More

Do you know how many cert-manager instances your developers are using? Are they all using the latest stable version? brooke.crothers Wed, 07/27/2022 - 16:18 7 views --How do you manage deployment of cert-manager instances when new releases come out? --How do you view every identity issued from every instance in ... Read More

Why Your Code Signing Policies Are Being Ignored brooke.crothers Mon, 07/25/2022 - 16:03 4 views Lack of governance and control over signing InfoSec teams are charged with securing the company’s information and data, including code signing credentials. They must be able to show that they are effectively achieving this end ... Read More

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation brooke.crothers Thu, 07/21/2022 - 15:03 8 views What SHA-1 history can teach us? Can the cybersecurity industry learn anything from the problems encountered with the move from the deprecated SHA-1 to the stronger and safer SHA-2 hashing algorithm? Since 2005, SHA-1 has been ... Read More

Orchestration and Automation are Critical for Machine Identities brooke.crothers Wed, 07/20/2022 - 15:55 3 views The challenges of identity-based zero trust security Identity—whether human identities or machine identities—has become the new security perimeter and the new foundation of an identity-based Zero Trust approach to security. The concept is simple: every ... Read More