Author: Andrew Aken

Endpoints remain a perennially favorite vector for many types of cyberattacks. Hence, endpoint monitoring and visibility are both critical. Agent-based monitoring has various pain points. Installing an agent on every endpoint is difficult. Instalment takes time and creates extra work every time there’s a new device, an update, or a configuration change. In addition, too many agents can slow down devices or cause resource conflicts, as each agent uses system resources. What is the option? Enter agentless monitoring. As the name suggests, agentless monitoring involves the collection of telemetry directly through APIs, protocols, and integrations instead of installing a dedicated…

Endpoints remain a popular attack vector. Factors like the proliferation of IoT devices and trends like remote and work from home have destroyed the traditional idea of perimeter. This has made endpoint hardening a primary need to maintain and improve your enterprise’s security posture. Operational Measures Anything that needs to be implemented across an enterprise should necessarily begin at the operational level. Operational discipline ensures that whatever controls an organization can already enforce are fully enabled, integrated, and continuously enforced. While tooling is abundant, attackers generally succeed because of inconsistency, not invisibility. 1. Enforcing patch compliance: Most enterprises have a…

Vibe or AI-assisted coding is the “in” thing right now. It is clear why. First and foremost, AI models have now improved to the extent of producing workable code. Consequently, AI can allow faster coding, which means a shortened development life cycle and quicker time to go to market. Unlike the parable, the markets favor the hare, not the tortoise. Lastly, it allows people with less coding experience to generate production-level code. Unfortunately, since it also uses LLMs, it is also as much of a minefield as GenAI outputs. First and foremost, since developers are not developing code from scratch…

How does the idiom go? If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck, right? Well, it is not strictly true. The cybersecurity domain provides plenty of such examples. One is JSON Web Tokens (JSON). The idiom, in this case, goes: If it looks unencrypted, contains something resembling encrypted gibberish, it may very well not be encrypted. And considering JWTs are basically tokens that ensure access to all types of data, it is not hard to understand why they can be a lucrative asset for any bad actor.…

What is the similarity between Generative AI and the Marvel Comics supervillain Thanos? Both are inevitable. Generative AI is being increasingly used everywhere. The problem is that everything is fine when the AI is generating content based on the employees’ ideas, but what happens when it starts generating content based on the employee data? That too without the management’s knowledge? Shadow AI’s growing shadow Welcome to shadow AI. It works on the same principle as shadow IT and is even more dangerous. We already know the effects of AI on decision-making and cognition. As per IBM, from 2023 to 2024,…

To paraphrase Benjamin Franklin’s famous quote, “In this world, nothing is certain except death, taxes, and software vulnerabilities.” One hundred per cent bug and vulnerabilities-free code is yet to be written. Thus, vulnerability detection and management remain a perpetual headache for vendors and users. The old method scans for vulnerabilities and offers risk ratings (sometimes out of context) by vendors. The vulnerabilities are patched based on this score. Obviously, this method has several drawbacks, starting with SOCs getting fatigued by the process. The vendor scores would not have the same context for all vendors, which could result in critical flaws…

Why Ignoring App Security May Cost You More Than You Realize Still not convinced app security isn’t a big deal? Let’s examine some more real-life cyber disasters that prove just how disastrous it can be without In-App Protection. From billion-dollar businesses to everyday consumers, nobody is safe when security is compromised. These two high-profile incidents- the Uber data breach and the Starbucks app hack highlights the utmost importance of robust app data protection and application security best practices. The $100,000 Cover-Up Scandal: Uber Hack Uber, in the year 2016, experienced a massive data breach that revealed the personal data of 57…