Blog

Tips to secure Docker & Kubernetes

Like all technologies docker introduces new challenges with security and risk that need to be addressed. A compromised docker container can lead to other containers being compromised as well as the underlying operating system. There are several CVE’s that have been published over the last few years so make sure your containers are secure, and

Read More

Using ATT&CK for Cyber Threat Intelligence

The ATT&CK framework is based off adversary behaviors, it is based on real world observations which is cool. It is also community driven and focused. The ATT&CK addresses the ‘tough’ section of the pyramid of pain produced by David Bianco as shown below. We can use the ATT&CK framework to quickly gather TTP’s from open

Read More

Effective Threat Intelligence

What is Threat Intelligence To answer this we need to break it down, understand what a threat is and then understand what intelligence is. Threat – An expression of intent to do harm. In a cyber context simply something that exploits a vulnerability. A threat is not the vulnerability itself; it is whoever takes advantage

Read More

IAST & RASP

Code is being developed and deployed at an ever increasing rate, which is great for business when you can turn ideas to reality quickly and scale them out to customers. First to market will always be key, but at what cost? Preventing issues within code is quite well understood these days but unfortunately mistakes do

Read More

Recent posts

Categories