Growing Web Applications Require DevSecOps Shift: ModSec Can Help Web-based attacks, such as credential theft, code injection, SQLi, XSS, CSRF, malware, ransomware, denial of service (DoS) and others make digital transformation and cloud migration a potential losing trade-off. With every additional internet- and cloud-based app or connection comes new unknown vulnerabilities and risks to operations. […]
Written By Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP During Atomicorp OSSEC Conference 2021, Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP, described how he solves audit and accountability (AU) control and other compliance challenges in NIST 800-171. Complying With NIST-800-171 NIST 800-171 provides guidance to federal agencies to safeguard controlled unclassified information (CUI), and seeks to establish […]
Rule 1: First check the spark plugs! It’s a lesson my brother, Scott, and I learned as young men decades ago in high school. It’s something we even painted on the wall of our parents’ garage. And it’s an idea that’s been applicable in our work in software development and cybersecurity ever since. The principle […]
Webcasts and videos continue to bolster skills (watch this ‘hands-on’ professional… take an online guitar lesson, see how to fix your boat’s motor…), and it is no different in cybersecurity. Join Atomicorp and technology partners for OSSEC Conference 2021, where, in a four-day virtual conference, Open Source Security (OSSEC) will be discussed, analyzed, practiced, and […]
There is no such thing as perfect security. Therefore, having robust detection capabilities is key to determining if you have been hit with a cyber attack that evaded your protection capabilities. One of the most important detection and compliance capabilities today, file integrity monitoring (FIM) provides the ability to detect signs of intrusion or improper […]
Practice FIM, Web Application Protection, DevSecOps, Kubernetes Troubleshooting— Topics such as file integrity monitoring (FIM), ModSecurity web application security, securing Kubernetes, and the importance of security in DevOps will be explored during Atomicorp’s OSSEC Conference 2021, a four-day virtual conference, Tuesday, Oct. 19 through Friday, Oct. 22. OSSEC Conference 2021 consists of two full days […]
File integrity monitoring (FIM) tools and a host-based intrusion detection system (HIDS) are the foundation for security and compliance, including NIST, PCI-DSS, GDPR, and more. HIDS (host-based intrusion detection system) is a security system that monitors the computing devices on which it is installed, the traffic between devices, the containers on the device, and that […]
Monster of the Week; ModSecurity Rules and WAF to the Rescue Thar be monsters. Crimes are increasingly digital, with tens of thousands of websites getting hacked every day, on average. Malware can spread from there, infecting customers and members of the business supply chain. You know about the SolarWinds and Colonial Pipeline hacks, but there […]
Cybersecurity Executive Order Demands Zero Trust Zero trust is a hot button of the 2021 Cybersecurity Executive Order, and not surprising. As the SolarWinds and Colonial Pipeline hacks illustrated, devices and sensitive systems are getting compromised through deceptive practices such as ransomware and the compromising of code assumed to be trusted. In response to these […]
Federal Information Processing Standard 140-2 (FIPS 140-2) is a requirement for U.S. government organizations and contractors, a government security mandate designed to evaluate and approve encryption solutions serving the federal supply chain. It calls for security by a cryptographic module, and employs a security accreditation program for assessing private sector company security solution capabilities against […]