Security News
A senior Chief Information Security Officer advisor at Cisco has penned a commentary on the state of US cybersecurity frameworks, criticizing current government infosec and advocating for more autonomy for CISOs and a better understanding of the task at hand from those creating policies. "After nearly two decades of federal cybersecurity and risk management as practiced under the rubric of the Federal Information Security Management Act of 2002 and the Federal Information Security Modernization Act of 2014, billions of dollars in appropriated federal cybersecurity funding have not appreciably improved the overall situation," wrote Bruce Brody.
Satori announced the Satori Data Security Policy Engine to streamline and revolutionize data security for large enterprises. This new extension of Satori's DataSecOps platform enables companies to democratize data access and modernize operations for dynamic enterprise data environments using scalable, universal and holistic data security policies.
Microsoft has added support for layered Group Policies, which allow IT admins to control what internal or external devices users can be installed on corporate endpoints across their organization's network. Using these identifiers, an admin can create an 'allow list' of allowed devices that will block all other devices from being installed.
Styra announced new cloud infrastructure support via Terraform, extending Styra Declarative Authorization Service guardrails to storage, network and compute resource configuration in public clouds including AWS, GCP and Azure. "Until now, DevOps and cloud platform teams had to manage authorization, policy and configuration with disparate tools in each of their clouds, in each of their orchestration clusters, and between the microservices that comprise modern apps," said Tim Hinrichs, co-founder and chief technology officer of Styra.
One of the components of an effective current password policy makes use of what is known as a custom dictionary that filters out certain words that are not allowed as passwords in the environment. First, let's consider crafting a custom dictionary for your password policy, including general guidance on how these are created, configured, and how you can easily use custom dictionaries in an active directory environment.
54% of businesses now have a defined policy in place to deal with ransomware attacks - whether this means paying a ransom, relying on insurance policies or refusing to pay at all, according to Databarracks. A ransomware policy may differ 21% have a policy to never pay a ransom.
Fugue announced Regula 1.0, an open source policy engine for infrastructure as code security. Available at GitHub, the tool includes support for common IaC tools such as Terraform and AWS CloudFormation, prebuilt libraries with hundreds of policies that validate AWS, Microsoft Azure, and Google Cloud resources, and new developer tooling to support custom rules development and testing with Open Policy Agent.
When you're implementing a password policy for your AD with GDPR compliance in mind it's a good idea to use a 3-rd party tool to help your password policy reach your entire end-user directory. During a password change in Active Directory, this service will block and notify users if the password they have chosen is found in a list of leaked passwords and provides dynamic feedback for password compliance.
The U.S. Cybersecurity and Infrastructure Security Agency today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy platform. Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch agencies identify and address vulnerabilities in critical systems.
48% of organizations don't have a user verification policy in place for incoming calls to IT service desks, according to Specops Software. The survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy due to security and usability issues.