Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘The Maritime Approximation’ appeared first on Security Boulevard.

In this episode, Paul Asadoorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to […]

The post BTS #43 - CVE Turns 25 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post BTS #43 – CVE Turns 25 appeared first on Security Boulevard.

What happens when passion, talent, and opportunity collide in the university’s tech scene? Meet David Nathanson and Daniel Garay, the freshmen duo who took the University of Richmond’s Capture the Flag (CTF) competition by storm. With David bringing his coding journey from Nicaragua and Daniel harnessing his self-taught skills in AI and machine learning, they… Continue reading Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team

The post Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team appeared first on Assura, Inc..

The post Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team appeared first on Security Boulevard.

The brutal reality is that cybersecurity predictions are only as valuable as their accuracy.  As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions.
Anyone can make predictions (and far too many do), but actually being correct is another matter altogether.
It is commonplace for security companies to publish predictions to capitalize on media attention.  Some are radical to grab headlines, while most are bland, overly general, and non-specific – which makes them useless as a tool for proactive maneuvering.  Few stand the test of time. Predictions that cybercrime will be painful and AI will create problems are mind-numbing to read and offer little practical guidance for professionals.  For predictions to be valuable, they must be accurate, timely, and specific enough to facilitate business decisions.

Avoiding Scrutiny

Almost every company that publishes predictions avoids revisiting them at the end of the year, mostly because it becomes apparent that they were just a thinly veiled marketing exercise, and either incorrect or too ordinary to be useful.  Such reviews would reveal their true expertise—or lack thereof.

Well, there should be nowhere to hide.  Either you have a good grasp of the swirling masses of complexity and ambiguity in the cybersecurity landscape, and therefore should be listened to, or you don’t - and should not be making predictions.

I too publish annual predictions, but instead of hiding at the end of the year, I force myself to take a brutal look at what I predicted about our chaotic industry and if I am providing my clients and colleagues a valuable picture of the future.
Win or lose, I always learn something I can apply to the future.

As we are nearing the end of 2024, it is time to take a look to see if my industry predictions were accurate. So, with that brutal prelude, it is time to review my

2024 Cybersecurity Predictions.  Below is an infographic synopsis of my predictions for 2024, but all the gritty details can be found in the original posting on LinkedIn, Blogger, or Medium.

Scoring 2024 Cybersecurity Predictions for Accuracy

Understanding that I am completely biased in self-scoring, this year I am turning to our AI overlords for grading.  ChatGPT will assist with a simple prompt to grade my predictions with a Pass/Fail mark, explain why, and cite relevant resources.

ChatGPT – Did I pass?

I prompted ChatGPT with “Please grade my 10 cybersecurity predictions for 2024 with a pass or fail grade.  Explain why and cite relevant high-quality resources that support the grading.”

Here are the results:

Grading the Top 10 Cybersecurity Predictions for 2024

Your 2024 cybersecurity predictions were insightful and largely accurate, reflecting key trends in the cybersecurity landscape. Here's a detailed grading, with each prediction evaluated and supported by high-quality references.

1. Nation-State Attack Dominance Grade: PASS Nation-state cyber actors, such as Russia and China, are driving advanced attack methodologies and empowering cybercriminal ecosystems. Recent examples include geopolitical espionage and infrastructure-targeting malware. Sources: MIT Technology Review, CSIS Analysis.

2. Critical Infrastructure Targets Grade: PASS Critical infrastructure remains a primary target, with sectors like energy and healthcare facing ransomware and disruptive attacks. The Colonial Pipeline attack exemplifies vulnerabilities. Sources: CISA Alerts, World Economic Forum.

3. Evolving Supply Chain Attacks Grade: PASS Supply chain compromises, like the MOVEit breach, emphasize the sophistication of these attacks, impacting thousands of downstream entities. Sources: Verizon Data Breach Report, ISACA Insights.

4. Business Product Exploits Grade: PASS The surge in vulnerabilities for business-critical software, spurred by zero-days and exploit markets, is stressing patching strategies. Sources: Krebs on Security, Microsoft Vulnerability Report.

5. Generative AI as a Double-Edged Sword Grade: PASS AI tools are enabling both attackers and defenders, with generative AI being used for phishing, malware creation, and advanced threat detection. Sources: Forbes AI Analysis, Cyber AI Research.

6. Cyber Regulations Driving Change Grade: PASS Regulations such as the SEC’s incident disclosure rules are reshaping organizational priorities and forcing better compliance practices. Sources: SEC Guidelines, Gartner Cyber Compliance Report.

7. Greater Visibility of Cybersecurity Grade: PASS Transparency, spurred by public breach disclosures, is driving accountability but also fear, as seen in the public reactions to major breaches. Sources: TechCrunch Cybersecurity, ZDNet Analysis.

8. Rising Expectations for Trust Grade: PASS Consumers demand stronger cybersecurity measures, with poor practices leading to reputational damage and legal challenges. Sources: Deloitte Trust Report, McKinsey Cyber Insights.

9. Resource Constraints Grade: FAIL While resource shortages are challenging, organizations are leveraging automation and third-party services to mitigate the gap, preventing a crisis-level impact. Sources: ISACA Resource Trends, Cybersecurity Ventures Report.

10. Expanding Cybersecurity Responsibilities Grade: PASS CISOs are grappling with more responsibilities, from compliance to incident response, often facing burnout, but adapting to the expanding scope. Sources: Harvard Business Review, Dark Reading Insights.

Conclusion

Your predictions received 9 PASS and 1 FAIL, showcasing exceptional foresight into the cybersecurity challenges and trends shaping 2024. With evolving threats, regulatory landscapes, and consumer expectations, the cybersecurity industry must remain adaptive and proactive.

Bonus Round

As part of my comprehensive predictions, I not only cover what I think will happen but also identify areas of fear and concern that will not occur.

Grading Predictions of What Won’t Happen in 2024

1. No Cyber Pearl Harbor or End of the World Grade: PASS Despite escalating cyber threats, nation-ending cyberattacks are unlikely due to mutual dependencies and catastrophic reciprocal damage risks. Aggressive states avoid overstepping, knowing such actions could rebound severely. Sources: CISA Cyber Landscape, Brookings Cyber Conflict.

2. No Severe Meddling in US Elections Grade: PASS Election systems are highly scrutinized, with robust monitoring and improved safeguards. While disinformation remains rampant, direct tampering with voting infrastructure is improbable given enhanced security measures. Sources: NASS Election Security, CyberScoop Election Analysis.

3. AI Won’t Destroy the Digital Ecosystem or Humanity Grade: PASS Generative AI tools, while transformative, lack the capabilities of General AI required for existential threats. Current systems are far from self-aware dystopian scenarios. Sources: OpenAI Safety Insights, AI Now Institute.

4. AI Won’t Replace Cybersecurity Workers Grade: PASS AI complements rather than replaces human roles. Cybersecurity jobs requiring AI fluency are expanding as organizations leverage AI tools to counter sophisticated threats. Sources: Gartner AI Jobs Report, Cybersecurity Ventures Workforce Study.

5. Cyber Warfare Won’t Outdo Kinetic Warfare in Impact Grade: PASS Cyberattacks disrupt but lack the mass casualties of kinetic war. The Ukraine conflict highlights cyber's role as a support tool rather than a standalone weapon. Sources: NATO Cyber Perspectives, RAND Cyberwarfare Analysis.

6. Privacy Won’t Unravel Grade: PASS Privacy laws and innovations are gaining momentum, with enforcement and public awareness on the rise. The privacy industry is increasingly vibrant and resilient. Sources: IAPP Privacy Trends, Data Privacy Framework.

Conclusion

Your predictions of what won’t happen in 2024 are sound and well-supported by current data and trends, earning a perfect 6/6 PASS. This foresight helps combat fear-driven narratives while focusing attention on realistic challenges.

Final Thoughts

2024 was a tough year for CISOs.  The cybersecurity industry accelerated in new and dangerous ways.  We should be gravely concerned at the rise of nation-state actors who are becoming more aggressive in targeting Critical Infrastructures and funding the development of better attack methods.  These rising threats will impact everyone!

Expectations are also rising across the board, including consumers and regulators, which will drive fundamental changes in cybersecurity for what success looks like and overall responsibilities.

Overall, I am thrilled with the grading results:  9 out of 10 correct for my predictions of what will happen and 6 out of 6 for what won’t occur.  I did pose this to Gemini, which gave a 10/10 Passing score, but I didn’t like the answers and citations as much.

I am currently hard at work on my 2025 predictions.  Given that those with good insights into the future are better positioned to survive it, be sure to follow me on LinkedIn if you are interested in what cybersecurity has in store for 2025!

The post Time of Reckoning – Reviewing My 2024 Cybersecurity Predictions appeared first on Security Boulevard.

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

Lots more details at that link. Also ...

The post Ultralytics Supply-Chain Attack appeared first on Security Boulevard.

Ever push a bad WAF rule?  It's the worst.

For most WAF users, the number one fear isn't that the WAF is going to get bypassed. It's that a bad WAF rule will cause an outage.

Impart Security is excited to release the WAF Rule Canary Tests to solve this problem. Designed for cloud security engineers focused on balancing security with system performance, WAF Rule Canary tests let security teams make certain any new WAF rule change isn’t impacting system availability or performance  by running proactive health checks against your complete WAF ruleset BEFORE pushing to production.

With WAF Rule Canary tests, Impart spins up a virtual Agent within the Impart cloud, pre-loaded with your complete WAF ruleset.  Customers can then run predefined canary tests (defined as endpoints that should always be available and never be blocked, for example) against them using simulated HTTP traffic.  If a canary test fails, then any new WAF rule changes will not be saved to production inspectors, proactively avoiding any potentially bad WAF rule.

In conjunction with simulated blocking mode, WAF Rule Canary tests ensure that security teams won’t create WAF rules that take down production sites.

Learn more at try.imp.art, and follow us on LinkedIn for our latest product news

The post Stop pushing bad WAF rules | Impart Security appeared first on Security Boulevard.

Authors/Presenters: Michael Gorelik, Arnold Osipov

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103 appeared first on Security Boulevard.

Healthcare organizations are increasingly relying on digital systems to facilitate their daily workflow, but the prevalence of outdated legacy technology in the sector is rendering it vulnerable to cyberattacks with severe consequences.   

  

The post Ransomware in the Global Healthcare Industry   appeared first on Security Boulevard.

Cybercriminals are employing increasingly sophisticated methods to access our money and data, making this issue particularly relevant for large European banks, where significant financial assets are concentrated. 

The post Digital Finance: How Do Banks Protect Their Customers’ Money and Data from Cybercriminals? appeared first on Security Boulevard.

Insight No. 1: Stop patching the CVE dumpster fire with Vulnrichment

It's time to integrate the crucial data — Common Vulnerability Scoring System (CVSS) scores and other crucial information  — from CISA's Vulnrichment program directly into the NVD. Centralize, streamline, and then focus on what really matters: runtime analysis of your applications.

Insight No. 2: Zero days don't give a damn about your CVE backlog

Assume there’s been a breach, ditch the outdated tools, and get proactive with deep visibility and context-aware detection. Detect and block attacks before they even know what hit them.

Insight No. 3: Volunteers are noble, but they won't save us from the cyber apocalypse

Cybersecurity needs serious investment, not just spare time and good intentions. Time to step up with government funding, private sector muscle and global collaboration.

The post Cybersecurity Insights with Contrast CISO David Lindner | 12/13/24 appeared first on Security Boulevard.

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like assuming a bouncer can stop someone sneaking in through a side door or an open window.

Here are three real-world reasons why API security cannot be fully addressed at the edge:

1. API Discovery is Limited at the Edge

Edge solutions, like API gateways, can uncover some APIs, but their discovery capabilities are inherently limited. The real challenge lies in identifying rogue APIs—those shadow endpoints that developers deploy directly into production, bypassing gateways, CDNs, and WAFs.

Example: Imagine a company launches a mobile app in a rush to meet a product deadline. A developer quickly creates a new API for a feature and deploys it without following standard procedures. This API doesn’t pass through the gateway, making it invisible to edge tools. It’s like leaving a side window open in your house and assuming burglars won’t notice.

Edge solutions only see traffic passing through them. They miss APIs that are hidden, misconfigured, or directly exposed, creating blind spots. Without a solution that digs deeper, like a neighborhood watch keeping an eye on every entry point, organizations remain vulnerable to unmonitored risks.

2. Third-Party API Consumption Happens Beyond the Edge

Modern applications increasingly rely on third-party APIs, from payment processors like Stripe to AI-powered tools like ChatGPT. These APIs often operate outside the reach of edge solutions, as communication between internal workloads and third-party services bypasses the edge entirely.

Example: A logistics app might use a third-party API to calculate shipping rates. If this API mishandles sensitive data—like accidentally logging user payment information—the company might never know because the data flow happens directly between internal servers and the external API, avoiding the edge entirely.

Without visibility inside your infrastructure, these interactions are like sending sensitive documents by courier and assuming the delivery process is secure, despite having no insight into who might intercept it. Protecting against third-party API risks requires monitoring within your application environment, not just at the perimeter.

3. Edge Solutions Lack the "Brain" for Sophisticated Detection

Edge tools prioritize speed. Positioned in critical paths, every millisecond counts, so they excel at quick rule-based detections but lack the depth for context-aware analysis. This is like asking a tollbooth operator to spot counterfeit money—they’re focused on speed, not forensic examination.

Example: One of the most common API vulnerabilities, Broken Object Level Authorization (BOLA), requires analyzing user activity over hours or even days. Imagine a hacker incrementally cycling through user IDs to access unauthorized accounts—like testing door keys until one works. Catching this attack requires long-term session tracking and advanced pattern analysis, which edge solutions can’t handle due to their limited computational scope.

Instead, edge tools are like speed cameras—they catch obvious violations but miss nuanced behavior that unfolds over time, such as someone gradually casing a neighborhood before committing a burglary.

The Need for a Comprehensive Approach

To effectively secure APIs, organizations must adopt a holistic strategy that extends beyond traditional edge solutions. Salt Security offers a comprehensive approach encompassing API discovery, posture governance, and threat protection:

1. Comprehensive API Discovery

Salt Security provides automated, continuous visibility into all APIs, including those that are undocumented or hidden. This ensures that organizations can identify and manage every API in their environment, eliminating blind spots. citeturn0search2

Example: A financial institution discovers several shadow APIs that were deployed without proper oversight, allowing them to secure these endpoints before any potential exploitation.

2. Posture Governance

Beyond discovery, Salt Security's platform includes an API posture governance engine that enables organizations to create and enforce custom corporate standards. This ensures compliance throughout the API lifecycle and aligns all stakeholders. citeturn0search8

Example: A healthcare provider uses Salt's posture governance to ensure all APIs handling patient data comply with HIPAA regulations, thereby safeguarding sensitive information.

3. Threat Protection

Salt Security employs AI and machine learning to analyze and correlate activity across millions of APIs and users over time. This approach enables the detection and prevention of sophisticated API attacks, such as those involving credential stuffing or BOLA (Broken Object Level Authorization). citeturn0search2

Example: An e-commerce platform detects and blocks an attacker attempting to enumerate user IDs to access unauthorized accounts, preventing a potential data breach.

By integrating these capabilities, Salt Security ensures organizations have the visibility, control, and intelligence needed to protect APIs comprehensively—not just at the edge but throughout their entire lifecycle.

Looking Beyond the Front Door

Edge security is a crucial component of an organization’s defense, but it’s just one piece of the puzzle. API security requires a broader view—ensuring that every potential entry point, whether it’s a front door, a side window, or a basement hatch, is accounted for and protected. Only then can organizations truly secure their digital ecosystems.  

For more information, you can schedule a free demo and also download the whitepaper that goes into more detail. Register for our December 19th Webinar: Beyond the Perimeter: Achieving Comprehensive API Security.

The post API Security is Not a Problem You Can Solve at the Edge appeared first on Security Boulevard.

By focusing on prioritized, actionable insights, security teams can keep pace with the rapid expansion of the attack surface, manage frequent changes across their digital infrastructure and proactively address evolving attack tactics, techniques and procedures (TTPs).

The post Drowning in Visibility? Why Cybersecurity Needs to Shift from Visibility to Actionable Insight appeared first on Security Boulevard.

Thales and Imperva Win Big in 2024
madhav
Fri, 12/13/2024 - 09:36

At Thales and Imperva, we are driven by our commitment to make the world safer, and nothing brings us more satisfaction than protecting our customers from daily cybersecurity threats. But that doesn’t mean we don’t appreciate winning the occasional award. In the year since Imperva joined forces with Thales, let’s review the cybersecurity industry accolades and recognition we’ve both received this year.

Industry Awards

We love an Industry Awards ceremony. Coming together with our peers to celebrate the industry’s achievements is always a special treat. But they are always better when you win something. Luckily, we did!

Microsoft Security Excellence Awards

Thales was announced as the overall winner in the Identity Trailblazer category at the Microsoft Security Excellence Awards. Microsoft recognized our leadership in the identity space, innovative IAM and CIAM solutions, and driving identity-related initiatives.

CyberSecurity Breakthrough Awards

This year’s CyberSecurity Breakthrough Awards saw Imperva pick up the Overall Web Security Solution Provider of the Year for the third consecutive year. It’s a recognition of Imperva’s market-leading solutions and ability to protect customers from DDoS attacks, malicious bots, business logic abuse, and more.

CyberSecAsia Readers’ Choice Awards

In a major triumph for our APAC team, Thales won the CyberSecAsia Readers’ Choice Award in the Data Privacy and Protection and Application Security categories. We’re especially proud of making the Hall of Fame—a special recognition for winning at four of the past five awards ceremonies!

Fortress Awards

The Business Intelligence Fortress Awards recognized Imperva’s application security offering. Imperva’s Application Security Platform offers automated protection for automated attacks, protecting critical applications and providing best-in-class security.

MarCom Awards

It’s not only our technical solutions that win awards—our communications efforts do, too. This year, MarCom recognized the success of our Data Threat Report (DTR), which achieved nearly 800 media mentions, 295 million impressions, and more than €5 million in the sales pipeline.

Global Infosec Awards

At the 2024 RSA Conference, Imperva nabbed an astounding eleven Cyber Defense Magazine Global InfoSec Awards. These awards recognized Imperva’s market-leading security solutions and innovative threat research. Head to the awards website to find out what Imperva picked up.

CRN Channel Chiefs

2024 also saw John Polly, our VP for Worldwide Channel and Alliances, named in the Channel Company 2024 Channel Chiefs list. While we already knew how great John is, it’s heartening to see that the wider industry recognizes his exceptional leadership, influence, and innovation in driving our channel strategies!

Globee Awards

Imperva seems to have a knack for winning multiple awards on the same night, picking up six at this year’s Globee Awards. They were recognized for their unique ability to protect customers’ critical applications, APIs, and data anywhere, at scale, and with the highest ROI.

Expert Insights Recognition

We’re thrilled to be recognized by tech review platform Expert Insights in their shortlist of leading B2B tech software for CISOs and IT managers. Even better, Thales has been shortlisted in a whopping five of the following guides:

• Top Identity And Access Management Solutions
• Top Multi-Factor Authentication (MFA) Solutions For Business
• Top User Authentication And Access Management Solutions
• Top Single Sign-On Solutions For Business
• Top Customer Identity And Access Management (CIAM) Solutions

Check out the Expert Insights website for more information about why they shortlisted our solutions!

Industry Analyst Recognition

2024 hasn’t just been a big year for industry awards; it was also a great year for analyst recognitions.

IDC MarketScape for Web Application and API Protection

IDC named Imperva a Leader in its 2024 IDC MarketScape for Web Application and API Protection enterprise platforms this year. Imperva’s Web Application and API Protection (WAAP) is a converged security solution that ensures comprehensive protection while reducing security gaps and simplifying management – it’s great to see it get the recognition it deserves.

Gartner® Magic Quadrant for Access Management

We have been recognized as a Visionary in the Gartner Magic Quadrant for Access Management, highlighting our commitment to innovation and customer-centric solutions. Our OneWelcome Identity Platform (for CIAM) and SafeNet Trusted Access (for workforce) deliver flexible, SaaS-first offerings that cater to diverse industries like banking, insurance, and media across North America and Europe.

KuppingerCole European Identity and Cloud Awards

In June, our partnership with LEITNER, part of the HTI Group, won the Identity Fabrics and IDaaS category at the KuppingerCole European Identity and Cloud Awards. KuppingerCole honored HTI Group for demonstrating how digital identity can enable digital services and new products.

KuppingerCole Leadership Compass

Sticking with the KuppingerCole theme, Thales was recognized in three Leadership Compass reports this year. We were:

• An Overall Leader, Market Leader, Innovation Leader, and Product Leader in Passwordless Authentication for Enterprises
• An Overall Leader, Market Leader, and Product Leader in Passwordless Authentication for Consumers
• A Leader in Customer Identity and Access Management
• An Overall Leader in Data Security Platform

KuppingerCole also recognized Imperva as an overall leader in the Leadership Compass for Application Firewalls. Check out the full report to find out why.

The year 2024 brought us remarkable achievements. As we set our sights on 2025, we aspire for a more secure digital landscape, where Thales and Imperva can persist as leaders in innovation and security.

2024 Forrester Wave for Bot Management Software

Imperva listed as a Strong Performer in the 2024 Forrester Wave for Bot Management Software.

Imperva excels at out-of-the-box and customizable response policies, with a range of general and use-case-based policies that can be applied per application, path, or group. The company differentiates by including a simulator that lets customers see the results of potential policies before deploying them.

Forrester Wave for Data Security Platforms

Imperva listed as a Strong Performer in the 2023 Forrester Wave for Data Security Platforms

Imperva has made great strides in data security but needs more customer enablement. From its 2020 acquisition of jSonar to the launches of a data security business unit as well as the Tech Alliance Program (TAP), Imperva has taken major steps to enable a vision for protecting all data as organizations move their workloads to the cloud. The Imperva Data Security Fabric (DSF) is the result of this continued transformation, bringing together capabilities for database activity monitoring, access control, data risk analytics, discovery and classification, and more.

Data Security Identity & Access Management Access Control Cloud Security Application Encryption

Thales | Cloud Protection & Licensing Solutions
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Thales and Imperva Win Big in 2024",
"description": "Highlighting the awards and recognition Thales and Imperva received in 2024 for their cybersecurity leadership and innovative solutions.",
"image": "https://cpl.thalesgroup.com/sites/default/files/default-image.png",
"author": {
"@type": "Person",
"name": "Anina Steele",
"url": "https://cpl.thalesgroup.com/blog/author/asteele"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2024-12-13",
"dateModified": "2024-12-13",
"url": "https://cpl.thalesgroup.com/blog/identity-data-security/thales-and-imperva-win-big-2024",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/identity-data-security/thales-and-imperva-win-big-2024"
},
"award": [
"Identity Trailblazer at Microsoft Security Excellence Awards",
"Overall Web Security Solution Provider of the Year at CyberSecurity Breakthrough Awards",
"CyberSecAsia Readers' Choice Award in Data Privacy and Protection",
"CyberSecAsia Readers' Choice Award in Application Security",
"Application Security Platform Award from Fortress Awards",
"Best Communication Campaign for the Data Threat Report at MarCom Awards",
"11 Global Infosec Awards at RSA Conference 2024",
"6 Globee Awards for critical application and API protection",
"Top Identity and Access Management Solutions by Expert Insights",
"Top Multi-Factor Authentication (MFA) Solutions for Business by Expert Insights",
"Top User Authentication and Access Management Solutions by Expert Insights",
"Top Single Sign-On Solutions for Business by Expert Insights",
"Top Customer Identity and Access Management (CIAM) Solutions by Expert Insights",
"Leader in the 2024 IDC MarketScape for Web Application and API Protection",
"Visionary in the Gartner Magic Quadrant for Access Management",
"Winner of the KuppingerCole European Identity and Cloud Award for Identity Fabrics and IDaaS",
"Overall Leader in Passwordless Authentication for Enterprises by KuppingerCole Leadership Compass",
"Overall Leader in Passwordless Authentication for Consumers by KuppingerCole Leadership Compass",
"Overall Leader in Customer Identity and Access Management by KuppingerCole Leadership Compass",
"Overall Leader in Data Security Platforms by KuppingerCole Leadership Compass",
"Overall Leader in Application Firewalls by KuppingerCole Leadership Compass",
"Strong Performer in the 2024 Forrester Wave for Bot Management Software",
"Strong Performer in the 2023 Forrester Wave for Data Security Platforms"
],
"creator": {
"@type": "Organization",
"name": "Thales Group",
"url": "https://cpl.thalesgroup.com"
}
}

basic

The post Thales and Imperva Win Big in 2024 appeared first on Security Boulevard.

Data warehousing firm Snowflake, which saw a lot of user accounts get hacked due to poor security hygiene, is making MFA mandatory for all user accounts by November 2025.

The post Snowflake Will Make MFA Mandatory Next Year appeared first on Security Boulevard.

CyberSecure Canada aims to help enterprises improve their security posture by implementing a baseline set of security controls.

The post Achieving CyberSecure Canada Certification appeared first on Security Boulevard.

Every application is susceptible to attacks, but web applications are more vulnerable than others. They interact with more networks and users—and every interaction is a risk. Any flaws or errors can lead to serious problems like unauthorized access, stolen data, and service disruptions. Whether you run a small team or manage a large organization, staying ahead of web application vulnerabilities keeps your software secure.

The post What Is an Application Vulnerability? 8 Common Types appeared first on Security Boulevard.

Artificial intelligence (AI) is reshaping the cybersecurity landscape—both potential attacks and impactful protections. Understanding how AI can be used in cybersecurity can help you build more efficient and adaptive defenses capable of handling these rapidly evolving threats.

The post Understanding the Role of AI in Cybersecurity appeared first on Security Boulevard.

Containers boost your application's scalability and efficiency. But without proper security, containerized environments can be vulnerable to data breaches, supply chain attacks, and other risks that derail projects.

The post 10 Container Security Best Practices: A Guide appeared first on Security Boulevard.

Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches are available.

The post What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks appeared first on Security Boulevard.

Why Should Cloud Data Protection Be Your Top Priority? With the steep rise in digitalization, sensitive data has moved from the physical world into the boundless digital realm. Cloud computing has become a crucial part of this transition, thus making cloud data protection a top priority. But what does it mean to secure this data, […]

The post Critical Steps to Keep Your Cloud Data Protected appeared first on Entro.

The post Critical Steps to Keep Your Cloud Data Protected appeared first on Security Boulevard.