Security News

Shujinko announced the availability of free automation software to help auditors and their clients streamline SOC 2 audit preparation and readiness. This free solution includes the full capabilities of AuditX for SOC 2, automating evidence collection, mapping and crosswalking, while dramatically streamlining audit workflow and collaboration for compliance certification.

According to a new study, Digital Transformation Needs a More Perfect Union, released Wednesday by secure access service edge provider Netskope, networking and security teams do not work well together, if at all. "The evident divide between networking and security teams has been an issue for some time, but has been even more amplified with the rapid acceleration to remote work," Mike Anderson, chief information and digital officer at Netskope, said in a statement.

As Security Operations Centers mature, they need to tackle some tough challenges with respect to data, systems and people. As Security Operations Centers mature and transition to become detection and response organizations, they need to tackle some tough challenges with respect to data, systems and people.

Organizations have piled security controls upon security controls, and still remain largely blind to the most serious threats they face. Firewalls, vulnerability management and endpoint tools may offer a base layer of protection, but they are inherently weak without an added layer that includes analysis of daily exposures caused by configuration errors, exploitable vulnerabilities, mismanaged credentials and other common points of risk.

If you want to modernize your SOC to focus on detection and response you need to start by capturing the right data. The next challenge is improving data utilization by collaborating with the teams and organizations that make up your entire enterprise, to mitigate risk across your environment.

Many organizations today deal with data that is noisy and unstructured, decentralized without prioritization, and managed with spreadsheets. To gain a comprehensive understanding of the threats you are facing and what you must defend, you need to start by aggregating internal data from across the entire ecosystem - the telemetry, content and data created by each layer in your security architecture, on-premises and in the cloud.

CrowdStrike announced enhancements to the CrowdStrike Falcon platform that significantly improve Security Operations Center efficiency and effectiveness, allowing security teams to focus on critical priorities and fortify their organizations' proactive stance against cyber threats. CrowdStrike customers can accelerate their security operational response with new notification workflows and Real Time Response capabilities within the CrowdStrike Falcon platform, automating full-cycle incident response.

Very Good Security has further cemented its commitment to securing the world's information by empowering organizations to prepare for their first SOC 2 audits completely free with VGS Control. VGS employs a fundamentally different approach to data security and compliance, which drastically improves an organization's ability to seek and maintain SOC 2 compliance using VGS Control.

More organizations are producing and consuming cyber threat intelligence than ever before, and those measuring the effectiveness of their CTI programs is higher than ever - jumping from 4% in 2020 to 38% in 2021, according to the SANS 2021 Cyber Threat Intelligence Survey. A few areas where CTI adoption seems to be lacking are in integration, automation and operationalizing threat intelligence.

CIEM is the next generation of solutions for managing entitlements and permissions for all cloud infrastructure identities and resources and enforcing least privilege policies in the cloud. Zero Trust Access is impossible to achieve unless the enterprise can manage and eliminate over-permissioned identities in their cloud infrastructures effectively.