May 3, 2024 at 06:57AM SaaS applications are dominant in the corporate world, but they pose new security risks. LayerX’s guide “Let There Be Light: Eliminating the Risk of Shadow SaaS” addresses the challenges of unauthorized SaaS app usage, suggesting mitigation practices and comparing security controls. It recommends secure browser extensions as the most comprehensive … Read more
April 29, 2024 at 01:59PM CISA, the US government cybersecurity agency, has released guidelines to enhance critical infrastructure security against AI-related threats. The guidelines identify three types of AI risks and advocate a four-part mitigation strategy, emphasizing a robust organizational culture focused on AI risk management. CISA also stresses the need for contextualized risk evaluation … Read more
April 26, 2024 at 12:37PM Government and security-sensitive firms are requiring software bills of material (SBOMs), listing components of applications. Attackers could exploit this information without sending packets. Larry Pesce warns that publicly accessible SBOMs can expose vulnerabilities. Yet, SBOMs aim to enhance software security, with 60% adoption expected by next year. Pesce advises using … Read more
March 15, 2024 at 12:33PM All companies, not just federal agencies, should strive to implement the “network and environment” aspect of the National Security Agency’s zero-trust guidelines. Based on the meeting notes, the key takeaway is that it is recommended for all companies, not just federal agencies, to strive to implement the “network and environment” … Read more