Aggregator

If you’re a bit puzzled by all the talk about cloud native application protection platforms (CNAPPs), worry not. Our new eBook “Empower Your Cloud: Mastering CNAPP Security” explains in plain English what CNAPP is, how it works and why it’ll help you secure your cloud environment confidently. Read on to check out the eBook’s main highlights.

As organizations move operations to the cloud, the need for robust security measures has never been more critical. Cloud native application protection platforms (CNAPPs) offer comprehensive solutions designed to tackle the myriad threats and vulnerabilities that accompany cloud infrastructures.

Tenable recently published an eBook — “Empower Your Cloud: Mastering CNAPP Security.” You can download it here. This post summarizes the key points. But read the book to get the full story.

The misunderstood shared responsibility model

Cloud security was built on a misleading concept: the shared responsibility model. On its surface, the “shared responsibility” merely outlines the individual security responsibilities of cloud providers and customers. It seems pretty straightforward and the model does provide a framework for understanding security responsibilities. But customer beware: It usually places the onus on you to implement and maintain robust security measures. 

A cottage industry rises to add to the confusion

In response to the rush to the cloud, a cottage industry of solutions have popped up that handle a tiny sliver of the cloud security challenge. The end result is product fatigue. In the age of limited resources, when your day job has you focused on threats like ransomware and trying to ensure compliance, there are only so many alerts and systems you can pay attention to. After a while it’s just all noise.

Meanwhile, cloud breaches are almost universal

Amid that noise, the prevalence of cloud breaches underscores the urgency for more complete security measures. 

In Tenable's recent "Cloud Security Outlook" report, a staggering 95% of security professionals surveyed reported experiencing a cloud breach within an 18-month period, with an average of 3.6 breaches per respondent. These statistics highlight the pervasive nature of cloud security risks and the need for proactive measures to mitigate them.

(Source: Tenable's "Cloud Security Outlook" report, May 2024) 

Amid that noise, the prevalence of cloud breaches underscores the urgency for more complete security measures. 

CNAPPs to the rescue

CNAPP solutions replace that patchwork of siloed products that often cause more problems than they solve. Those products usually provide only partial coverage and often create overhead and friction with the products they’re supposed to work with. And, in today's multi-cloud landscape, organizations often work with multiple cloud providers to optimize services and avoid vendor lock-in. 

The complexity of securing the cloud is multiplied when it becomes plural: Clouds. Managing security across heterogeneous cloud infrastructures is a big challenge. Plus, traditional security tools provided by individual cloud vendors are often limited to their respective platforms, leading to fragmented security postures. 

A comprehensive CNAPP solution includes a wide variety of essential capabilities, including:

• Cloud security posture management (CSPM)
• Cloud infrastructure entitlement management (CIEM)
• Cloud workload protection (CWP)
• Kubernetes security posture management (KSPM)
• Infrastructure as code (IaC) scanning 
• Cloud detection and response (CDR) 
• Data security posture management (DSPM)

Must-have CNAPP components

As you evaluate CNAPPs, make sure you cover your bases on three key components: Identity and access management to ensure “least privilege” access; vulnerability management to prioritize and remediate vulnerabilities based on their potential impact; and exposure management to gain visibility across cloud environments and mitigate risks that stem from the toxic combinations of vulnerabilities, misconfigurations, and excessive permissions.

How CNAPPs can help you

CNAPPs benefit a wide range of stakeholders involved in cloud security, including security, DevOps, DevSecOps, IAM, and IT teams. A CNAPP also helps those disparate groups collaborate to reduce cloud environment risks.

Enterprises stand to gain a number of advantages, including enhanced visibility, consistent security posture, streamlined infrastructure health, minimal overhead, seamless integration, shift-left security and holistic security coverage. 

Check out this short video, in which a Tenable security engineer explains some CNAPP benefits experienced by Tenable customers.

Learn more

To learn more about CNAPPs, read our new eBook “Empower Your Cloud: Mastering CNAPP Security.”

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances

这段常态化时期，每天都整理和学习历年能打穿小朋友的漏洞，本文转载自https://xz.aliyun.com/

The 2024 Summer Games is among the largest events in the world, with everyone from home viewers to businesses, industries, and entire nations having interest and involvement. Each audience segment will depend on connectivity throughout the games. With a stage that large, bad actors with anything from a personal grudge...

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability
• CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released four Industrial Control Systems (ICS) advisories on July 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-205-01 National Instruments IO Trace
• ICSA-24-205-02 Hitachi Energy AFS/AFR Series Products
• ICSA-24-205-03 National Instruments LabVIEW
   
• ICSA-22-333-02 Hitachi Energy IED Connectivity Packages and PCM600 Products (Update A)

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

根据国家信息安全漏洞库（CNNVD）统计，本周（2024年7月15日至2024年7月21日）安全漏洞情况如下。

在当今数字化的环境中，漏洞管理是网络安全的一大挑战。要有效地进行漏洞管理，必须综合考虑漏洞的复杂性、多样性、不断演变的特点以及修复可能产生的影响等因素。

专家分析师团队支撑IOC问题反馈！

拓界科技—具备侦察思维的综合电子数据取证厂商

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP

实时掌握，安全有我

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the

速修复