How to Cut Through Vendor Claims & Marketing Hype When Evaluating New Security Tools
As we’ve pointed out in a couple of recent blog posts, Machine Learning (ML) has been billed as a savior for short-staffed security teams — a silver bullet that can single handedly identify and mitigate every security threat automatically. As we usually do with silver bullet solutions, we’ve cautioned readers ... Read More
How to Identify Threats Within Your Docker Containers
Now is a good time to review Threat Stack’s Docker integration in the wake of the recent runc CVE. The headline reporting gets a little hyperbolic, but I still think we should use this as an opportunity to reflect. Containers represent a powerful abstraction for a unit of software. The ... Read More
The Difference Between Security Trick Plays and Security Fundamentals
I like watching great football plays on YouTube, but I especially like watching trick plays where players sell some sort of deception so their opponents take their eyes off the ball. Trick plays make great video clips and can win a football game if deployed at the right moment, but ... Read More
Three Old-School Network Security Tips That (Still!) Work for Modern Infrastructure
The adage “Everything old is new again,” rings true in the cybersecurity industry as much as anywhere else. Some of the best practices from old-school network security still apply to modern virtual server or containerized environments. Even though hackers are becoming increasingly sophisticated with their attacks, applying some of these ... Read More
SLDC, SOC 2, and Other Four Letter Words
Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collateral damage. Secondary objectives can get ignored or even trampled in ... Read More
