Author: Nikhil

An SBOM is a comprehensive list of all the software components, dependencies, and metadata associated with an application. The SBOM functions as the inventory of all the building blocks that make up a software product. With it, organizations can better understand, manage, and secure their applications: CrowdStrike. So why has inventorying become a necessity? Because modern software supply chains have become too opaque and too fragmented for organizations to manage safely. This was because, as enterprises grew, they built, bought, and ran applications composed of hundreds or thousands of components without any clear visibility into their origins, dependencies, or vulnerabilities.…

Theoretically, it is a simple choice. It is preferable to opt for full SASE over ZTNA. If you have to choose between a full cybersecurity suite and an anti-malware software, all-around capabilities makes sense, because ZTNA is a core capability of SASE. SASE even extends security by combining ZTNA with networking (SD-WAN) and other security functions, like SWG, CASB, DLP, and FwaaS, under a single, cloud-native service fabric. But both technologies are becoming divergent choices for enterprises. Why? The technologies’ capabilities mean that some organizations will go all the way and add the entire SASE experience to their stack, while…

Endpoints remain a perennially favorite vector for many types of cyberattacks. Hence, endpoint monitoring and visibility are both critical. Agent-based monitoring has various pain points. Installing an agent on every endpoint is difficult. Instalment takes time and creates extra work every time there’s a new device, an update, or a configuration change. In addition, too many agents can slow down devices or cause resource conflicts, as each agent uses system resources. What is the option? Enter agentless monitoring. As the name suggests, agentless monitoring involves the collection of telemetry directly through APIs, protocols, and integrations instead of installing a dedicated…

The Zero Trust Network Security (ZTNS) software is an essential part of almost all security stacks now. However, like all other security technologies, this is also an eternal battle between the red/black and white hats. So, the products need to be updated to be able to successfully face the latest types of threats. But the security landscape is not the only factor changing dynamically. Zero Trust’s very definition expands every year, from network segmentation (2019–21) to identity-driven access (2022–23), to full-stack “trust orchestration” (2024–25). Vendors also keep updating products to enhance the threat-fighting capabilities. A yearly comparison shows how analysts…

In battles, innovation matters. The Mongol cavalry, led by Genghis Khan, was highly effective because of various strategies and tools, like the composite bow and rotating horses. What is true for attack is also true for defense. However, even these innovations can fail against an outnumbered enemy that is implementing a proper strategy with much fewer resources. So why are we starting off a blog about SOC modernization and financial realities? Because the current threat landscape is nothing short of a war between two sides that are consistently trying to find innovations to defeat the other, and only one…

Endpoints remain a popular attack vector. Factors like the proliferation of IoT devices and trends like remote and work from home have destroyed the traditional idea of perimeter. This has made endpoint hardening a primary need to maintain and improve your enterprise’s security posture. Operational Measures Anything that needs to be implemented across an enterprise should necessarily begin at the operational level. Operational discipline ensures that whatever controls an organization can already enforce are fully enabled, integrated, and continuously enforced. While tooling is abundant, attackers generally succeed because of inconsistency, not invisibility. 1. Enforcing patch compliance: Most enterprises have a…

To paraphrase Mark Twain, the reports of the impending death of SD-WAN following the rise of hybrid/remote work have been exaggerated. Its ability to connect distributed infrastructure, enabling direct, intelligent cloud connection, and providing network visibility ensure the technology remains popular and has adapted to include provisions like zero trust and next-generation firewalls. The second technology we are talking about here, edge networking, helps provide better internet speeds by coming closer to the point of origin of the data, and has many other benefits. Thus, the integration of these two technologies makes sense. SD-WAN helps distributed workplaces to centralize control…

Vibe or AI-assisted coding is the “in” thing right now. It is clear why. First and foremost, AI models have now improved to the extent of producing workable code. Consequently, AI can allow faster coding, which means a shortened development life cycle and quicker time to go to market. Unlike the parable, the markets favor the hare, not the tortoise. Lastly, it allows people with less coding experience to generate production-level code. Unfortunately, since it also uses LLMs, it is also as much of a minefield as GenAI outputs. First and foremost, since developers are not developing code from scratch…

Going by their ubiquity, we can safely say that the API economy is booming. The APIs allow systems to connect rapidly and seamlessly. This ability has enabled collaboration between companies, developers, and consumers and created new opportunities for innovation, efficiency, and revenue generation. The ability has also made APIs a target for bad actors. A compromised API provides various “benefits,” including access to sensitive data and logic, and access to even more APIs, expanding the attack surface exponentially. That brings us to the point: How secure are your APIs, really, and how quickly can we do an API risk audit…

How does the idiom go? If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck, right? Well, it is not strictly true. The cybersecurity domain provides plenty of such examples. One is JSON Web Tokens (JSON). The idiom, in this case, goes: If it looks unencrypted, contains something resembling encrypted gibberish, it may very well not be encrypted. And considering JWTs are basically tokens that ensure access to all types of data, it is not hard to understand why they can be a lucrative asset for any bad actor.…