Posts under Cybersecurity
Earlier today, the CyberEdge Group published its 6th annual Cyberthreat Defense Report. The report includes a variety of interesting findings, which we’ll detail below. But the section of the report I found most interesting comes after all the survey results. “The Road Ahead” chapter offers advice on areas of security that need “proactive attention and investment.” The authors took great time and care to lay out the advanced capabilities needed to secure containers, citing:
On Tuesday, I had the honor of speaking about “Bringing the fight back to your security team,” at Structure Security 2017. My panel was comprised of former U.S. Government cybersecurity leaders who are now in the private sector, helping defend enterprises against attacks. Acknowledging that we’re flooded with breaches – with a record-breaking 4 billion personal records stolen by hackers in 2016 – we discussed strategies to turn the tide.
Earlier this year, the Center for Strategic and International Studies (CSIS) Cyber Policy Task Force published a report that made a number of cybersecurity policy recommendations for the 45th Presidency of the United States. As co-chair of the taskforce, I answered questions from The Hewlett Foundation about our recommendations.* Which of the task force’s recommendations do you think are most critical for the President and his team to focus on in the near term?
Why everyone from investors to the C-suite should consider container security Over the past few years, virtually all of the most innovative enterprise firms — from multinational banks like Goldman Sachs, to cutting-edge technology companies like Google — have set out to modernize the way they deliver software applications through containers and microservices architectures. By breaking down large applications into smaller, composable pieces, software developers and those in charge of managing applications have discovered that containers — and the microservices approach they enable — allow for software development that is far more agile, resilient, and efficient than traditional monolithic approaches.
WAF the heck do I do to protect against attacks on my container-based web applications? The hackers who want your organization’s valuable data will invariably target your web applications. Despite the steady increase in distributed denial-of-service (DDoS) attacks and ransomware, web application attacks represent the most common cause of data breaches.1 The vast majority of these attacks are executed by botnets, operated by organized crime2. Their goals: stealing credentials, growing the size of the botnet, and, of course, exfiltrating information that can be used for financial gain.
I’ve worked to align government and commercial cybersecurity initiatives throughout my career, from the White House to Silicon Valley. It’s crystal clear to me that we’re stronger when we work together. I’ve been speaking frequently on this topic recently, as co-chair of the CSIS Cyber Policy Task Force for the 45th President, ally of the Hewlett Foundation, advisor to the UC Berkeley Center for Long-Term Cybersecurity, and affiliate of the Stanford University Center for Security and International Cooperation.
On our launch day, Ali and I were guests on Derrick Harris’ ARCHITECHT Show. Check out this podcast to hear about the origin of StackRox, why CISOs personally invested in our company, what we think about microservices, and how we work with Docker. Episode 29: StackRox founders on making microservices secure ARCHITECHT Show, StackRox co-founders Sameer Bhalotra and Ali Golshan break down the state of container security and the new technology they have built to solve it.