There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.Digital transformation is driving change in every corner of the security industry. Organizations are evolving and expanding into the cloud rapidly, but their security teams and legacy data centers are holding them back. A skills and resources g

Google Cloud Run is a serverless compute platform that automatically scales your stateless containers. In this post we are going to showcase how to secure the entire lifecycle of your Cloud Run services. Sysdig provides a secure DevOps workflow for Cloud Run Platforms that embeds security, maximizes availability and validates compliance across the ser

CloudSploit has been acquired by Aqua Security for an undisclosed sum.Aqua Security, the leading platform provider for securing container-based, serverless, and cloud native applications, announced the acquisition of security auditing and monitoring tool CloudSploit today. The American company said the addition of CloudSploit will enable them to ex

Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets. Public cloud infrastructure presents security teams with a new invisible management layer, creating new security challenges that demand better understanding. Many organizations don't properly understand the cloud identity and acces

Aviatrix, a California-based provider of cloud networking and security services for enterprises, on Monday announced that it raised $40 million in a Series C funding round.The round, which brings the total raised to date by Aviatrix to over $76 million, was led by CRV, with participation from Formation 8, Ignition Partners and Liberty Global Ventures.Aviatri

Adobe has admitted that some Creative Cloud customer information — 7.5 million records, according to the researchers who stumbled upon the data — was exposed recently due to a misconfiguration.Researcher Bob Diachenko and Comparitech reported last week that they had identified an unprotected Elasticsearch database — the database was accessible without a pass

Researchers have discovered another unsecured Elasticsearch database, this time exposing data on thousands of travelers including US military and government employees.The research team at vpnMentor discovered the online database hosted on AWS infrastructure, on September 13. It belonged to Autoclerk, a reservations management system now owned by hotel chain

Trend Micro has announced the acquisition of Australian start-up Cloud Conformity, in a deal which will see it expand its cloud security portfolio to include mitigations for customer misconfigurations.Following the reported $70m deal, Trend Micro is offering the Cloud Security Posture Management (CSPM) company’s solution immediately to its global custo

Trend Micro on Monday announced the acquisition of cloud security company Cloud Conformity for $70 million.Founded in Australia, Cloud Conformity specializes in cloud security posture management (CSPM) and it provides cloud security, governance and compliance solutions for organizations using AWS, Microsoft Azure and Google Cloud.By acquiring Cloud Conformit

Recent weeks have seen the outing of two new additions to the Duke group's toolset, SeaDuke and CloudDuke. Of these, SeaDuke is a simple trojan made interesting by the fact that it's written in Python. And even more curiously, SeaDuke, with its built-in support for both Windows and Linux, is the first cross-platform malware we have observed from the Duke gro

IntroductionCloud technology is continuing to grow. Amazon Web Services (AWS) and Microsoft Azure are two cloud providers and platforms that are dominating the cloud space, but they are not alone. Other cloud platforms include Google Cloud, IBM Bluemix and Alibaba, and that’s not even all of them.With these multiple options, it may be tough to decide w

For many organizations moving to the cloud, Infrastructure as a Service (IaaS) like AWS EC2, Azure Virtual Machines or Google Compute Engine often forms the backbone of their cloud architecture. These services allow you to create instances of pretty much any operating system almost instantly.Unfortunately, moving your IT infrastructure to the cloud doesn’t r

As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be. But whilst I wasn’t a fan of the me

The calculus for disaster recovery and risk management is changing. Most small businesses within the past decade would often keep many of their critical technology assets locally, perhaps in a server closet, or a centralized data center for multiple offices. They built their own “vault” of applications, databases, email, files, etc., often on a few physical

The cloud has revolutionized the business world. Thanks to this technology, companies can store an ever increasing amount of data without having to invest in additional hardware. What’s more, thanks to cloud storage, employees can access this data no matter where they are. In fact, for many companies, this constant access to data is their main reason for usi