Ingeniøren Insights

2020 Open Source Security & Risk Analysis ReportHent

Synopsys’ Open Source Security and Risk Analysis (OSSRA) report includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

To help organisations develop secure, high-quality software, the Synopsys Cybersecurity Research Center (CyRC) publishes research that supports strong cyber security practices.

Download the report for an in-depth snapshot of the current state of open source security, compliance, and code quality risk in commercial software

Dette whitepaper er sponseret af Synopsis

Læs også

Securing Active Directory: Proactively Detecting Attacks

Active Directory has been the main identity and access management solution for organizations over the past 20 years. That fact has not changed, yet the technology from Microsoft hasn’t changed much either. This stale IAM solution is known not only to admins but attackers. Organizations need to take a different approach when it comes to protecting their AD infrastructure, as well as all the resources on the network where AD is controlling and protecting access. Attackers have taken a highly sophisticated approach to attacking AD, from external and internal positions alike.

POS: Preventing Malware in Point-of-Sale Systems

In this whitepaper, Alsid looks at the resurgence of point-of-sale (POS) malware and what steps you can take to prevent it from infecting your networks. While organizations should follow regulations to protect credit card transactions, compliance isn’t always enough to safeguard data. Case in point, POS malware exploded in 2019. Restoring infected systems, settling lawsuits, and bandaging up reputational damage carried a hefty price tag. Target spent $18.5 million just in payouts from lawsuits from 47 U.S. states over a data breach of its POS systems.

Healthcare: A Cybersecurity Health Check

Cyberattacks against the medical and hospital sector exploded at the end of 2019. Organizations operating in the private medical services industry were the first victims of this tidal wave. Following this, hospital centers the world over were subject to particularly meticulous cyberattacks from cybermafia groups. It is important to fully understand the particularities of this sector and analyze in depth the pathways for improvement so that we can confront this new threat to the healthcare industry.

DCShadow Explained - A Technical Deep Dive into the New AD Attack

On January 24, 2018, security researchers Benjamin Delpy and Vincent Le Toux announced a new attack technique targeting Active Directory at the BlueHat IL security conference. Named DCShadow, this attack allows an attacker with certain rights to create a rogue domain controller and replicate malicious objects in an AD infrastructure. Here, we’ll explain the technical foundations of the attack, its impact on Active Directory security, and how blue teams can detect it.

Active Directory Holds the Keys to your Kingdom, but is it Secure?

Microsoft’s Active Directory (AD) is widely used by enterprises around the world to connect and manage individual endpoints inside corporate networks. AD, built into the Windows server operating
system, stores information about users, passwords, devices, applications, services, and operations across the IT infrastructure. It also and controls access to Windows networks, programs, and data.

Firewall Best Practices to Block Ransomware Whitepaper

Ransomware continues to plague organizations, with over half of companies surveyed across 26 countries revealing that they were hit by ransomware in the last year. Such attacks are ever increasing in complexity and are getting more efficient at exploiting network and system vulnerabilities, leaving organizations with a significant clean-up bill: a global average of an eye-watering US$761,106.

How to Build Security into Your Software Development

Whether you use Agile, Waterfall or something in between, building security into your SDLC can improve efficiency and reduce costs if it’s done the right way.

When implementing security into the various phases of the SDLC, it’s important to implement these activities with purpose. Beyond fielding tactical situations and challenges, ask yourself where each activity fits into the overall program.

Download this whitepaper for a detailed overview of SDLCs and how you can make yours secure.

Cybersecurity Crisis-Planning Checklist

I tider præget af usikkerhed, må det være CxO'ens første prioritet at sikre medarbejdernes sundhed og trivsel. Virksomheder må optræde agile, ikke kun i udviklingen men også i den daglige drift - det gælder især i krisetider. Kriser medfører ofte disruption af normale rutiner og processer i driften, men disse tilpasninger til krisesituationer må ikke blive en 'new normal' som kompromitterer cybersikkerheden. Derfor er det CISO'ens opgave at handle hurtig og beslutsom.

Zscaler har identificeret otte strategiske mål for en CISO i krisetider. Læs om disse i dette whitepaper.

The Ultimate Guide to Headless CMS

The Ultimate Guide to CMS: Comparing the Architectures and Differences Between Headless CMS vs. Decoupled CMS vs. Traditional CMS
Surging demand for dynamic and personalized digital experiences has marketers and developers scrambling for a new kind of Content Management System, called a headless CMS, that can accommodate multiple-device delivery, but more importantly, one that can keep up with rapid change and please demanding audiences.

In this ebook, we will discuss the following topics:

Break the Replatform Cycle with MACH Enterprise Architecture

To adapt to the speed of modern business, enterprises need a modern architecture that is easy to evolve. MACH (microservices, API-first, cloud-native, headless) is a set of design principles behind a rising group of modular software that gives businesses the freedom to choose from the best tools on the market today and provide a structure that makes it easy to add, replace, or remove technologies in the future.