Articles

Introduction to AWS Config: Simplified Cloud Auditing

,

Modern cloud environments are ever-changing, and so is the nature of cloud computing. The growing cloud assets accompany the attack surface expansion problem for organizations, which unveils the need for visibility of cloud resources. AWS Config addresses that exact demand. It can be challenging to understand resources within your infrastructure like:

  • Seeing what resources you have
  • Understanding your current configurations
  • Knowledge of configuration changes and change histories
  • Assessing if your resources are compliant with specific governances controls 
  • Having accurate and up-to-date audit information

Depending on the size of your AWS resources or deployment, overcoming these challenges and obtaining this information can become time-consuming and budget-intensive unless you use resource visibility and auditing tool like AWS Config

Source de l’article sur DZONE

/par

What Will AI Bring to the Cybersecurity Space in 2022

,

Over the last year, artificial intelligence (AI) has become a huge part of our everyday lives, which is something of a mixed bag that has brought along a wide variety of both positive and negative influences. On one hand, there are algorithms that are designed to perform a largely marketing-related series of tasks, which are perhaps those best known to individuals outside of the technical space. Think of the algorithms curating your TikTok feed and personalizing suggestions on YouTube. The AI that calculates your fastest morning commute based on virtual maps, your vehicle, and current traffic conditions is also a fairly visible one that has had its share of media attention.

A particular area, though, in which AI has become crucial is cybersecurity. Cybercriminals are increasingly harnessing AI to automate breaches and crack complex systems. Sophisticated, large-scale social engineering attacks and deep fakes are prime examples of this trend. Perhaps more subtle techniques, such as those involving AI-driven data compression algorithms, will soon become an even more important part of the space in the year to come.

Source de l’article sur DZONE

/par

Cybersecurity for Cloud Applications in 2021

,

Every digital aspect comes with a security risk if not handled properly. With billions of people using online and digital technologies worldwide, there are ample opportunities for hackers to break the security wall and create unrest all around. Cybersecurity news has become too frequent these days. We see bitcoin mining, credit card credential stealing, injecting malicious code into the systems, stealing confidential data, etc. In today’s digital world, it is not just about having speed, reaching your customers quickly, easy setup, mind-blowing features, etc., but rather, it is about how safe or secure your systems, data, or features are.

What is Cybersecurity?

The approach and practice of securing electronic data, networks, computer systems, and any form of digital infrastructure from malicious attacks is known as Cybersecurity. Banks, educational institutions, tech companies, government agencies, publishing media houses, hospitals, and every sector invest in cybersecurity infrastructure to protect their customer data, secrets, and business intelligence from attackers.

Source de l’article sur DZONE

/par

The Advent of Data Hyper-Protection

,

Critical system-of-record data must be compartmentalized and accessed by the right people and applications, at the right time.

Since the turn of the millennium, the art of cryptography has continuously evolved to meet the data security and privacy needs of doing business at Internet speed, by taking advantage of the ready processing horsepower of mainframe platforms for data encryption and decryption workloads.

Source de l’article sur DZONE

/par

The Importance of Machine Learning Security for Chatbots

,

Artificial Intelligence is a growing industry powered by advancements from large tech companies, new startups, and university research teams alike. While AI technology is advancing at a good pace, the regulations and failsafes around machine learning security are an entirely different story.

Failure to protect your ML models from cyber attacks such as data poisoning can be extremely costly. Chatbot vulnerabilities can even result in the theft of private user data. In this article, we’ll look at the importance of machine learning cyber security. Furthermore, we’ll explain how Scanta, an ML security company, protects Chatbots through their Virtual Assistant Shield. 

Source de l’article sur DZONE

/par

Istio 1.6 Improves Operability and Enhances Simplicity

,

Significant changes were made to the Istio service mesh in its version 1.5 release earlier this year, including notable modifications to the control plane architecture and the creation of a single model for extending Istio and its Envoy proxies using WebAssembly. Istio’s latest quarterly release, version 1.6, at first glance may seem to carry less weight in comparison, however, this update includes several important enhancements that continue to improve its operability.

Installation and Configuration Management

Reducing Upgrade Risks

Istio 1.6 introduces canary support for upgrading versions of the Istio control plane, enabling users to deploy numerous releases of Istiod within the same cluster and migrate pods to a newer version. This will significantly reduce any risks that arise when carrying out upgrades in a production cluster. When installing new control plane versions, the istioctl the command-line tool now supports assigning names to versions that can be utilized when assigning workloads to each specific Istiod version running in the service mesh.

Source de l’article sur DZONE

/par

API Security Weekly: Issue #70

,

This week, we check out a recent API vulnerability in Twitter. In addition, it looks like API vulnerabilities are a bit of a theme in apps by political parties: vulnerabilities were discovered in apps by Israel’s Likud and the Democratic Party in the USA. We also have two API security talks: one recorded and one upcoming webinar.

Vulnerability: Twitter

Twitter has disclosed a recent API exploit. The API endpoints to make finding friends in Twitter by their phone numbers easier were abused, possibly by state-sponsored actors, to mine accounts by mapping them to phone numbers. Detecting and throttling the exploit was hard because the phone numbers were not sequential and attackers used multiple accounts and IP addresses in their attacks.

Source de l’article sur DZONE

/par

Understanding The Difference Between IT Security and Cybersecurity

,

As businesses increasingly rely on data to fuel their daily operations, the need for protecting this data is at an all-time high. Systems, processes, and physical assets all need to be secured as part of a company’s overall data security plan.

There are many ways through which business information can be protected against threats. Some techniques involve securing data from cybercriminals, while others involve offline processes such as locking file cabinets, maintaining access control to specific rooms, and setting up employee guidelines during daily operations.

Source de l’article sur DZONE

/par