Cloud security

The cloud offers improved efficiency, flexibility and scalability, but its benefits can be reversed if security isn't top of mind. Read cloud security best practices, including tips on data protection and IaaS, PaaS and SaaS security, as well as cloud-specific tools and services such as CASBs, CWPPs and CSPM.

Top Stories

News 19 Nov 2024
Microsoft to offer hackers millions in Zero Day Quest event

Microsoft launched Zero Day Quest on Tuesday with a preliminary event offering bug bounty researchers rewards with multipliers for select security scenarios. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Nov 2024
MFA required for AWS Organizations member accounts in 2025

AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure. Continue Reading
By
- Alexander Culafi, Senior News Writer

News 15 Mar 2023
Dell launches new security offerings for data protection, MDR

Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats. Continue Reading
By
- Arielle Waldman, News Writer
Tip 16 Feb 2023
Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Opinion 14 Feb 2023
Top takeaways from first CloudNativeSecurityCon

TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 09 Feb 2023
Hypervisor patching struggles exacerbate ESXiArgs attacks

Ransomware hit a high number of unpatched VMware ESXi servers by exploiting two- and three-year-old flaws, which has put hypervisor patching difficulties in the spotlight. Continue Reading
By
- Arielle Waldman, News Writer
Definition 08 Feb 2023
Boomi AtomSphere Platform (Dell Boomi AtomSphere)

Dell Boomi is a Software as a Service (SaaS) integration vendor that provides its AtomSphere technology to a host of industry giants, including Salesforce.com, NetSuite, SuccessFactors and SAP. Continue Reading
By
- Rahul Awati
- Delaney Rebernik, TechTarget
News 06 Feb 2023
Widespread ransomware campaign targets VMware ESXi servers

The attacks exploited a two-year-old heap overflow vulnerability in VMware ESXi. Many questions remain about the scope of the campaign and the threat actor behind it. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 24 Jan 2023
5 ways to enable secure software development in 2023

Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 17 Jan 2023
Microsoft fixes SSRF vulnerabilities found in Azure services

Orca Security, which discovered the Azure flaws, warned enterprises to be aware of SSRF attacks, which can result in a threat actor accessing or modifying sensitive data. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Dec 2022
Play ransomware actors bypass ProxyNotShell mitigations

CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers developed a bypass for ProxyNotShell mitigations. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 08 Dec 2022
Risk & Repeat: Breaking down Rackspace ransomware attack

This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 Dec 2022
Cisco teases new capabilities with SD-WAN update

Cisco SD-WAN 17.10 enhancements give enterprises the option of using security service edge providers Cloudflare and Netskope in secure access service edge deployments. Continue Reading
By
- Mary Reines, News Writer
Tip 06 Dec 2022
How to implement least privilege access in the cloud

More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 06 Dec 2022
Rackspace confirms ransomware attack after Exchange outages

The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Dec 2022
Rackspace 'security incident' causes Exchange Server outages

Rackspace has not said what caused the security incident, but the cloud provider said it proactively disconnected its Hosted Exchange offering as it investigates the matter. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 10 Nov 2022
Secure development focus at KubeCon + CloudNativeCon 2022

The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 02 Nov 2022
Kusto Query Language primer for IT administrators

Administrators who use Microsoft cloud services, such as Microsoft Sentinel and Microsoft 365, can learn how to pull information from those products with KQL queries. Continue Reading
By
- Liam Cleary, SharePlicity
Tip 27 Oct 2022
Types of cloud malware and how to defend against them

Cloud malware isn't going away anytime soon, but organizations have a growing number of tools at their disposal to combat the threat. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 20 Oct 2022
Microsoft confirms data leak caused by misconfiguration

Microsoft criticized SOCRadar's reporting of the data leak, saying the threat intelligence vendor "greatly exaggerated" its claim that 65,000-plus entities had data exposed. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 19 Oct 2022
3 cloud security posture questions CISOs should answer

As cloud adoption continues to accelerate, CISOs must help IT and cybersecurity teams keep pace with evolving cloud markets, especially when it comes to cloud security posture. Continue Reading
By
- Kristopher Carr
News 19 Oct 2022
Azure vulnerability opens door to remote takeover attacks

Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes. Continue Reading
By
- Shaun Nichols
Tip 30 Sep 2022
How to decide on what Office 365 add-on licenses to use

Missing certain functionality and want to supplement your subscription to Office 365 or Microsoft 365? Find out what extras make sense for your organization. Continue Reading
By
- Liam Cleary, SharePlicity
Definition 29 Sep 2022
software-defined perimeter (SDP)

A software-defined perimeter, or SDP, is a security technique that controls access to resources based on identity and forms a virtual boundary around networked resources. Continue Reading
By
- Sharon Shea, Executive Editor
Opinion 21 Sep 2022
Planning the journey from SD-WAN to SASE

Enterprises need integrated security and networking frameworks to manage distributed IT environments and are looking to SD-WAN and security options like SASE to get the job done. Continue Reading
By
- Bob Laliberte, Former Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Opinion 14 Sep 2022
5 ways to improve your cloud security posture

With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why. Continue Reading
By
- Melinda Marks, Practice Director
News 13 Sep 2022
Secureworks reveals Azure Active Directory flaws

Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
By
- Shaun Nichols
Opinion 12 Sep 2022
How data security posture management complements CSPM

Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 01 Sep 2022
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 30 Aug 2022
VMware aims to improve security visibility with new services

Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Aug 2022
Mitiga: Attackers evade Microsoft MFA to lurk inside M365

During an incident response investigation, Mitiga discovered attackers were able to create a second authenticator with no multifactor authentication requirements. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Aug 2022
5 key questions to evaluate cloud detection and response

Consider these five questions before deciding to invest in a specialized cloud detection and response product. Continue Reading
By
- Ed Moyle, Drake Software
Definition 24 Aug 2022
homomorphic encryption

Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 17 Aug 2022
CISA: Threat actors exploiting multiple Zimbra flaws

Cybersecurity vendor Volexity found earlier this month that one flaw, CVE-2022-27925, had compromised more than 1,000 Zimbra Collaboration Suite instances. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 11 Aug 2022
What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
News 10 Aug 2022
Ermetic addresses IAM weaknesses in multi-cloud environments

Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Aug 2022
Amazon CSO Steve Schmidt talks prescriptive security for AWS

In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response. Continue Reading
By
- Arielle Waldman, News Writer
- Rob Wright, Senior News Director
News 03 Aug 2022
Amazon CSO Steve Schmidt preaches fungible resources, MFA

In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
By
- Rob Wright, Senior News Director
- Arielle Waldman, News Writer
News 02 Aug 2022
New Microsoft tools aim to protect expanding attack surface

New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jul 2022
AWS adds Kubernetes security tie-ins amid SecOps tool sprawl

Amazon Detective pulls Kubernetes security data into a broader threat detection and CSPM context as IT pros at large orgs seek integrated multi-cloud security workflows. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 28 Jul 2022
AWS adds anti-malware and PII visibility to storage

New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
By
- Tim McCarthy, News Writer
News 26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022

To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
By
- Arielle Waldman, News Writer
News 26 Jul 2022
CrowdStrike launches cloud threat hunting service

Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 20 Jul 2022
data compliance

Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, malware and other cybersecurity threats. Continue Reading
By
- Paul Kirvan
News 19 Jul 2022
Calamu Protect defends data through sharding, encryption

Calamu Protect 1.2 expands data protection capabilities for its data harbor through multi-tenancy features and support for protecting Microsoft 365 data. Continue Reading
By
- Tim McCarthy, News Writer
Tip 18 Jul 2022
Key factors to achieve data security in cloud computing

Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 14 Jul 2022
3 steps for getting started with security service edge

Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 14 Jul 2022
SecOps vs. CloudSecOps: What does a CloudSecOps team do?

Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 28 Jun 2022
Do you meet all the modern authentication requirements?

Microsoft's push to a more secure method for user authentication and authorization could catch some enterprises flat-footed if IT hasn't done its homework. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
News 28 Jun 2022
Wiz launches open database to track cloud vulnerabilities

Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
By
- Arielle Waldman, News Writer
Tutorial 27 Jun 2022
How to set up Exchange Online modern authentication

Microsoft plans to tighten up security on its hosted email platform to prevent attackers from gaining access to user credentials. Is your organization ready? Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
- Nathan O'Bryan, Planet Technologies
News 24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process

While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Jun 2022
Paige Thompson found guilty in 2019 Capital One data breach

The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 16 Jun 2022
Top cloud security takeaways from RSA 2022

Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG. Continue Reading
By
- Melinda Marks, Practice Director
News 15 Jun 2022
Microsoft takes months to fix critical Azure Synapse bug

Orca Security discovered that inadequate tenant separation in Microsoft's Azure Synapse service could allow a threat actor to steal credentials from thousands of customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 15 Jun 2022
How to evaluate security service edge products

As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction. Continue Reading
By
- Ed Moyle, Drake Software
Tip 14 Jun 2022
3 steps for CDOs to ensure data sovereignty in the cloud

Data sovereignty regulations, combined with a tsunami of data growth and increased cloud usage, have created a perfect storm that chief data officers must manage. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities

Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
By
- Arielle Waldman, News Writer
News 13 Jun 2022
Skyhigh Security CEO, VP talk life after McAfee

Gee Rittenhouse discusses the process of building Skyhigh Security, a new company created by Symphony Technology Group as a rebirth of McAfee's enterprise cloud security portfolio. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Jun 2022
VMware launches 'threat intelligence cloud' Contexa

The Contexa threat intelligence service is integrated into all VMware security products and will be available to all new and existing customers at no additional cost. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 Jun 2022
Hackers ransom 1,200 exposed Elasticsearch databases

An extensive extortion operation didn't need exploits or vulnerabilities to take over more than 1,200 Elasticsearch databases and demand bitcoin payments, according to Secureworks. Continue Reading
By
- Shaun Nichols
Tip 31 May 2022
How to get started with multi-cloud threat hunting

More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk. Continue Reading
By
- Ed Moyle, Drake Software
News 26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers

Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
By
- Shaun Nichols
News 25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks

The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
By
- Arielle Waldman, News Writer
News 18 May 2022
CISA calls out security misconfigurations, common mistakes

Poor security practices and misconfigured controls are allowing threat actors to compromise enterprise networks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 12 May 2022
3 ways to apply security by design in the cloud

Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These three areas are a good place to start. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 10 May 2022
Microsoft modern authentication deadline looms over Exchange

Support for basic authentication will end this year, giving administrators who haven't switched to a newer authentication method little time to prepare for a smooth transition. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
News 05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts

Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
By
- Shaun Nichols
News 05 May 2022
Google cloud misconfiguration poses risk to customers

Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Apr 2022
Is cloud critical infrastructure? Prep now for provider outages

The cloud has quickly become critical infrastructure to many organizations. Learn about the top cloud provider outages, and discover tips on preventing disruption during downtime. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 28 Apr 2022
Lapsus$ targeting SharePoint, VPNs and virtual machines

From social engineering attacks to admin tools, a recent NCC Group report examined the tactics used by Lapsus$ to breach companies like Microsoft, Nvidia and Samsung. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 25 Apr 2022
LemonDuck botnet evades detection in cryptomining attacks

While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Apr 2022
AWS Log4Shell hot patch vulnerable to privilege escalation

Amazon's initial Log4Shell fix had 'severe security issues,' a Palo Alto Networks security researcher said. Amazon released new patches to fix those issues Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 14 Apr 2022
Study attests: Cloud apps, remote users add to data loss

A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic. Continue Reading
By
- Margie Semilof, TechTarget
Tip 14 Apr 2022
The benefits and challenges of managed PKIs

Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 07 Apr 2022
Should companies ask for a SaaS software bill of materials?

Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
By
- Ed Moyle, Drake Software
News 05 Apr 2022
Conti ransomware deployed in IcedID banking Trojan attack

The Conti ransomware gang gained recent notoriety for publicly backing Russia in its invasion of Ukraine. An anonymous researcher then leaked massive amounts of internal Conti data. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 01 Apr 2022
CrowdStrike finds 'logging inaccuracies' in Microsoft 365

CrowdStrike says Microsoft's cloud offering may not be accurately taking logs of user sign-ins, and that could pose a threat to protecting networks and investigating attacks. Continue Reading
By
- Shaun Nichols
News 23 Mar 2022
Lawsuit claims Kronos breach exposed data for 'millions'

A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 22 Mar 2022
STG launches Skyhigh Security from McAfee cloud assets

The new company combines the McAfee Enterprise Security Service Edge portfolio with a name reminiscent of a previous McAfee acquisition: Skyhigh Networks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 21 Mar 2022
2 zero-trust cloud security models emerge as demands shift

Security teams are beefing up enterprise defenses as cloud services become more essential. Zero trust -- tailored to assets, as well as users -- is an integral part of the equation. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 15 Mar 2022
Container vulnerability opens door for supply chain attacks

A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
By
- Shaun Nichols
News 08 Mar 2022
Google to acquire Mandiant for $5.4B

Google's acquisition announcement came less than a year after Mandiant and FireEye split. FireEye was sold to Symphony Technology Group last fall for $1.2 billion. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 23 Feb 2022
Crosswalk cloud compliance to ensure consistency

Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
By
- Diana Kelley, SecurityCurve
News 17 Feb 2022
Snyk enters cloud security market with Fugue acquisition

Analysts say the acquisition of Fugue will give Snyk an opportunity to build a presence in the cloud security market and strengthen its infrastructure-as-code capabilities. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Feb 2022
Cato Networks adds CASB to growing SASE portfolio

Cato Networks has added CASB app visibility and enforcement capabilities to its growing SASE portfolio, and plans to add data loss prevention in the coming months. Continue Reading
By
- Madelaine Millar, TechTarget
Opinion 31 Jan 2022
IaC security options help reduce software development risk

The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 31 Jan 2022
Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 21 Jan 2022
Top cloud security standards and frameworks to consider

Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
By
- Paul Kirvan
Tip 20 Jan 2022
Introduction to automated penetration testing

Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
By
- Andrew Froehlich, West Gate Networks
Definition 19 Jan 2022
Blowfish

Blowfish is a variable-length, symmetric, 64-bit block cipher. Continue Reading
By
- Rahul Awati
Tip 18 Jan 2022
Cloud-native security architecture principles and controls

Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services

Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
By
- Shaun Nichols
Feature 29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021

As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
By
- Isabella Harford, TechTarget
Tip 14 Dec 2021
4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Opinion 09 Dec 2021
Cloud application developers need built-in security

Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk

SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
By
- Shaun Nichols
News 06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers

The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
By
- Shaun Nichols
Tip 06 Dec 2021
How to get started with attack surface reduction

Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
By
- Diana Kelley, SecurityCurve
Definition 02 Dec 2021
Twofish

Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. Continue Reading
By
- Rahul Awati
News 01 Dec 2021
Dell extends Cyber Recovery ransomware protection to AWS

Dell EMC's PowerProtect Cyber Recovery launched in AWS Marketplace, providing customers with a way to isolate their data in AWS-based storage instead of on premises. Continue Reading
By
- Johnny Yu
News 01 Dec 2021
CISA taps CrowdStrike for endpoint security

The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
By
- Shaun Nichols