Security News

With the foundational security provided by Red Hat Enterprise Linux(RHEL), the layered products that run on top, such as Red Hat OpenShift, benefit by inheriting the security technologies provided by RHEL. Red Hat has packaged and delivered trusted Linux content for years and now delivers that same trusted content packaged as Linux containers, through the Red Hat Universal Base Image. This allows enterprises to build a security-focused hybrid cloud, manage and control a hybrid cloud with integrated security, and build, deploy, and run security-focused applications on top of a hybrid cloud using DevSecOps practices.

The growing awareness of cloud misconfigurations comes at a time of huge growth in cloud platforms. On one hand, 87 percent said they were fully or mostly in control of their remote working environment, with 51 percent crediting the acceleration of cloud migration as an influence that had improved their security best practice.

The CIS Foundations Benchmarks are a part of the family of cybersecurity standards managed by CIS. CIS Benchmarks are consensus-based, vendor-agnostic secure configuration guidelines for the most commonly used systems and technologies. The CIS Foundations Benchmarks are intended for system and application administrators, security specialists, auditors, help desk, platform deployment, and/or DevOps personnel who plan to develop, deploy, assess, or secure solutions in the cloud.

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!

Firstly, crooks show up fast: occasionally, it takes them days to find newly-started, insecure cloud instances and break in, but Google wrote that discover-break-and-enter times were "As little as 30 minutes." Importantly, in our research, the cloud instances we used weren't the sort of cloud server that a typical company would set up, given that they were never actually named via DNS, advertised, linked to, or used for any real-world purpose.

While there is a time and place for onboarding additional cloud security solutions, it can also be easy to fall prey to the shiny object syndrome surrounding emerging solutions that are created in response to new security threats. Before rushing to invest in a new solution remember that matching additional solutions to emerging threats in a one-to-one game of whack-a-mole is not a sustainable strategy.

After spending five years poring over port scan results, infosec firm Imperva reckons there's about 12,000 vulnerability-containing databases accessible through the internet. The news might prompt responsible database owners to double-check their updates and patching status, given the increasing attractiveness of databases and their contents to criminals and hostile foreign states alike.

Threat Stack announced new alert context functionality to reduce mean-time-to-know within the Threat Stack Cloud Security Platform. Threat Stack's enhanced alert context provides meaningful data that will help guide security leaders' investigations into high severity alerts in real-time.

As cloud adoption accelerates and the scale of cloud environments grows, engineering and security teams say that risks-and the costs of addressing them-are increasing. The survey of 300 cloud pros found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months, and eight out of ten are worried that they're vulnerable to a major data breach related to cloud misconfiguration.

The CloudKnox deal is Microsoft's fourth cybersecurity acquisition over the last 12 months. Last June, Microsoft acquired CyberX to beef up its Azure IOT security capabilities and followed up soon after with a separate deal to buy firmware security security specialist ReFirm Labs.