Cloud Security Posture Management CSPM

Organizations have increased public cloud usage, as there are obvious benefits (elasticity, pay-as-you-go subscription model, etc.). While adoption across cloud layers (IaaS, PaaS, SaaS) varies across organizations, one thing for sure is that IaaS usage is most prevalent. Organizations end up shifting to the cloud in an urgency and likely with a “lift and shift” […]

remote workforce vulnerability management

In an earlier blog article, we had a look at the challenges that organizations are facing with vulnerability management (VM) for their remote workforce. We briefly described what a Next Generation Vulnerability Management solution should look like for these scenarios. To summarize a Next Generation VM needs to be a cloud-based service which can provide […]

Information security polices outline the guiding principles for organizations outlook towards security and privacy and also holds itself accountable to its shareholders and consumers. Policies impact both technology and human decisions. There is always an effort to align technology solution with policies. The real challenge is to be able to enforce policies and flag violations […]

  • Posted in Machine Learning
  • Comments Off on Policy Driven Controls Assessment – Bridging the gap between letter and spirit
Remote workforce vulnerability management

Businesses always have had some remote workforce, but the current pandemic has resulted in an increased remote workforce. For most organizations nearly 90-100% workforce is now operating remotely (mostly work from home [WFH] cases). Functioning of this remote workforce is critical for business continuity. This has resulted in many sudden adjustments for IT and Security […]

Machine learning

In an earlier blog, I talked about how machine learning can help predict exploitability score for a vulnerability. In this blog, I will elaborate on some of the finer aspects before comparing with an alternative means available. From a machine learning angle, it is important to identify & include relevant features and use a balanced […]

Cyber Security

In InfoSec stress is a given, especially given that the InfoSec team needs to be right every time while bad actors need to be right only once. Vulnerability scanners overwhelm InfoSec teams, since these tools spew out a torrent of vulnerabilities. The whole scanning paradigm has outlived its value, but more about in a separate […]

vulnerabability exploitability

Every piece of code is a potential source of vulnerabilities. This could be operating systems, containers, databases, web servers and the list just goes on. It also includes hardware devices like L2 / L3 network devices, healthcare devices, IOT devices and more. To further compound things, the rate at which vulnerabilities are discovered is growing […]

  • Posted in Machine Learning
  • Comments Off on Predicting exploitability for a vulnerability as first step towards weaponization

Data Science and commercially available AI/ML implementations now make it possible to predict whether a vulnerability can be weaponized into malware. This could be a critical moment in cybersecurity as it allows vulnerability management to be truly proactive and reduces the remediation workload. But why bother with this? And even if we did, how could […]

Trust and Security

In an earlier blog article last month, we talked about the top used open source projects from Census II report and security vulnerabilities in these projects. The exposure from using open source projects is real and certainly not insignificant. In this article, we will look at a companion report from Linux Foundation namely the “Improving […]

It is estimated that Free and Open Source Software (FOSS) constitutes nearly 80-90% of any given piece of modern software. All sectors (public/private/tech/non-tech) have heavy reliance on software. It is imperative then to ensure health and security of open source software. Linux Foundation founded the Core Infrastructure Initiative (CII) back in 2014. CII members provided […]