Seeing Inside the Vortex: Detecting Living off the Land Techniques

Networking infrastructure is an often-overlooked threat surface being targeted by sophisticated threat actors. Learn more about this topic.

Cisco XDR Just Changed the Game, Again

Clear verdict. Decisive action. AI speed. Cisco XDR turns noise into clarity and alerts into action—enabling confident, timely response at scale.

DevOps Decoded: Prioritizing Security in a Dynamic World

Integrating security into the DevOps lifecycle is essential for building secure, scalable systems. By embedding security early on, teams can mitigate risks, enhance efficiency, and ensure compliance throughout development and deployment.

The State of Cloud Security Platforms and DevSecOps

A new survey by Cisco and Enterprise Strategy Group reveals the true contours of cloud native application development and security

Stay Compliant: Cisco Secure Workload Introduces State-of-the-art, Persona-based Reporting

Traditional workload security tools often fail to provide metrics tailored to the distinct needs of SecOps, Network Administrators, or CxOs.

Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate

Enterprise Strategy Group Report Identifies Crucial Requirements for Scalable Security, Multicloud Visibility, and True “Shift Left” DevSecOps

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.

Five Core Tenets Of Highly Effective DevSecOps Practices

One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience. Today’s cyber threat landscape is rife with sophisticated attacks aimed at all different parts of the software supply chain and the urgency for software-producing organizations to adopt DevSecOps practices that deeply

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in

Code Keepers: Mastering Non-Human Identity Management

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard

S3 Ep142: Putting the X in X-Ops

How to get all your corporate "Ops" teams working together, with cybersecurity correctness as a guiding light.

Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Pwn2Own hacking schedule released – Windows and Linux are top targets

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?