Palo Alto Networks has announced updates to its Prisma Cloud platform with new out-of-band web application and API security (WAAS) features, along with new application visibility capabilities. The vendor said the updates are designed to help organizations monitor and secure web applications without impacting performance. The move comes as businesses continue to expand their use […]
Maximize your cloud security with isolation zones
Keeping your application safe and secure is critical to a successful enterprise. Whether you use cloud-native application architectures or on-premises systems—or anything in between—it’s generally considered that splitting your infrastructure into security zones is a best practice. These zones provide security isolation that keeps your applications and their data safe from outside bad actors. A […]
Only DevSecOps can save the metaverse
Defined as a network of 3D virtual worlds focused on enhancing social connections through conventional personal computing and virtual reality and augmented reality headsets, the metaverse was once a fringe concept that few thought much, if anything, about. But more recently it was thrust into the limelight when Facebook decided to rebrand as Meta, and […]
9 questions you should ask about your cloud security
In order for cybersecurity professionals to gain the knowledge they need to thwart the hackers constantly targeting their cloud infrastructure and applications, they need to think like General George S. Patton (or rather like George C. Scott, the actor who won the Best Actor Oscar for his portrayal of the general in the 1970 film […]
7 ways to avoid a cloud misconfiguration attack
Cloud engineering and security teams need to ask some important questions about the security of their cloud environments, and they must go well beyond whether or not environments are passing compliance audits. Within minutes of your adding a new endpoint to the internet, a potential attacker has scanned it and assessed its exploitability. A single […]
Managing container vulnerability risks: Tools and best practices
Containers are quickly becoming the de facto form of compute and workload deployments in the cloud-native ecosystem. The latest Cloud Native Computing Foundation (CNCF) Cloud Native Survey shows that 96% of organizations are either actively using containers and Kubernetes or are evaluating them. Containers have well-known benefits such as portability, consistency and efficiency, but they […]
Pulumi launches Business Critical edition for enterprise customers
Infrastructure as code specialist Pulumi has tweaked its enterprise pricing tiers by launching a new premium Business Critical version, as it looks to support larger organizations as they modernize their infrastructure provisioning practices. The Business Critical version of Pulumi focuses on advanced security and compliance controls, 24/7 support, help with training and onboarding, the option […]
VMware adds container runtime protection to Carbon Black security portfolio
VMware is entering the race to secure modern, cloud-native environments by adding container runtime protection to its Carbon Black Container security product, which it launched in April 2021. Defending cloud-native environments at runtime is presenting developers and security professionals with a whole new set of security considerations, leading them beyond just hardening a Kubernetes cluster […]
How to protect your Kubernetes infrastructure from the Argo CD vulnerability
Argo CD is a popular open source, continuous delivery (CD) platform for Kubernetes that is used by hundreds of organizations globally. Recently, a serious vulnerability in Argo CD was uncovered by Apiiro, which enables attackers to access sensitive information such as secrets, passwords, and API keys. The vulnerability has been tagged as CVE-2022-24348. The vulnerability […]
4 security concerns for low-code and no-code development
There’s an increased push for what is being dubbed the citizen developer, coupled with the desire to empower application development and creation by non-developers. This is typically facilitated using low-code or no-code frameworks. These frameworks and tools allow non-developers to use a GUI to grab and move components to make business logic friendly applications. Empowering […]