Topic: security
Report: Container image vulnerabilities are plenty, but there is room to focus efforts
The need for more mature security practices when using cloud-native technology is clear with 87% of container images having high or critical vulnerabilities, up from 75% last year. Most of them at 71% of those vulnerabilities have a fix available that has not been applied. This data comes from the new 2023 Cloud-Native Security & … continue reading
Venafi has a new tool for securely managing machine identities in Kubernetes environments
The machine identity management company Venafi is working to make it easier for companies to manage their cloud-native machine identities in Kubernetes environments. Today they released TLS Protect for Kubernetes within the Venafi Control Plane. The new tool provides observability features that enable teams to identify security issues and be proactive in fixing those gaps. … continue reading
Security-Compliance convergence offers hope against operational technology threats
Operational technology (OT) environments have increasingly come into the scope of cyberattacks as continuing IT/OT convergence has eroded the boundary between these traditionally segregated domains. Despite the network convergence, the convergence of thinking and understanding of risk as an enterprise-wide issue that transcends organizational boundaries has not kept pace. The threats and the related consequences … continue reading
Tigera announces Calico Security Policy Recommender improvements
Tigera introduced Calico Security Policy Recommender improvements such as security policy recommendations for namespaces, FIPS compliance for use by federal agencies, and new dashboards. The ability to recommend policies at the namespace level along with policies at the pod level enables users to add microsegmentation without worrying about application-level changes. This is useful for customers … continue reading
You can’t scale security and compliance without automation
Lately, I’ve seen more breaches happening from internal errors than from big hacks or network breaches — and unless we step back and figure out how to effectively embed security and compliance and scale them automatically, this trend will continue. There are compound factors at play — infrastructure and DevOps teams are stretched thin from … continue reading
Cohesity announces DataHawk, new Data Security Alliance
Cohesity announced DataHawk, a data security SaaS solution focused on helping companies recover from and prevent cyberattacks as well as a new Data Security Alliance. The alliance will combine solutions from cybersecurity and services companies such as BigID, Cisco, CrowdStrike, CyberArk, Okta, and more with Cohesity’s data security and management expertise. Partners will be able … continue reading
Okta introduces new capabilities to enable enterprise security, productivity, and agility
Okta, an independent identity provider, today announced new innovations to Okta Workforce Identity Cloud at Oktane22. These new capabilities are designed to strengthen the company’s single control plane for managing identity factors spanning enterprise resources and users. Among these innovations are anti-phishing factors across user types and resources as well as unified access management, governance, … continue reading
Dell expands zero trust offerings with identity and endpoint protection
Dell announced new services for Microsoft products that focus on zero trust, including Identity and Endpoint Protection with Microsoft Zero Trust. The new capability aims to help companies achieve zero trust alignment by providing expert guidance, implementation services, adoption and change management strategies. It provides assessments of Active Directory and Azure Active Directory and offers … continue reading
Keyfactor introduces Keyfactor Signum to simplify code signing process
The machine and IoT identity platform Keyfactor today announced the launch of Keyfactor Signum, a new code signing as-a-service platform that simplifies the process developers go through to sign code and containers in a secure way, without affecting productivity. Keyfactor Signum is intended to address the threat of software supply chain attacks that compromise application … continue reading
ITOps Times Open-Source Project of the Week: Wazuh
Wazuh is an open-source security platform for threat prevention, detection, and response that can protect workloads across on-premises, virtualized, containerized, and cloud-based environments. It consists of an endpoint security agent deployed to the monitoring systems and a management server which collects and analyzes data gathered by those agents. It is fully integrated with Elastic Stack, … continue reading
Dell announces new Zero Trust features to help customers prevent security threats
Dell has announced new features and capabilities to help customers prevent, detect, and respond to security threats. First up, it is now offering the ability for customers to disable PC ports before they ship. According to Dell, this will help prevent BIOS settings from being tampered with during shipping. Tamper-evident seals will also be made … continue reading
Tenable announces new exposure management platform
Tenable today announced the release of Tenable One, an Exposure Management Platform to unify discovery and visibility into all assets to assess their exposures and vulnerabilities across an entire attack surface. The platform brings the organization’s entire attack surface (both on-premises and cloud-based) into a single view. It aggregates vulnerability data across the IT infrastructure, … continue reading
