Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack.
Innovation in deception has languished for nearly a decade because of its exclusive ownership by information security specialists. This wasted potential motivated our design of a new generation of deception systems, called deception environments.
These are isolated replica environments containing complete, active systems that exist to attract, mislead, and observe attackers. By harnessing modern infrastructure and systems design expertise, software engineering teams can use deception tactics that are largely inaccessible to security specialists.
JupiterOne recently released a book featuring seven security practitioners telling their stories (Target, DoD USAF, sweetgreen, Cobalt, NTT Data Services, JupiterOne, Cyber Leadership Forum). The stories describe the details of major business problems experienced when implementing cybersecurity - and how they overcame them.
The NTIA Multistakeholder Process on Software Component Transparency1 seeks to provide industry-agnostic guidance and resources to support adoption and implementation of Software Bill of Materials (SBOM).2
As the practice of SBOM expands beyond trailblazing industries (e.g., Financial Services and Healthcare) and becomes more widely adopted, the resulting network effect will amplify the initial and inherent benefits that SBOMs provide. With increased awareness comes increased opportunity for misunderstanding.
This document is intended to help the reader to understand and dispel common, often sincere myths and misconceptions about SBOM. This list is not intended to be comprehensive. For more common questions and concerns, see the SBOM FAQ.
“The future is already here – it's just not evenly distributed.” -- Willam Gibson
Attackers have infinitely more time to breach a system than we do to defend it. The inequality of time problem stems from the fact that there is a mismatch between the time available to an assessment team and the time available to the attackers.
When conducting a penetration test or security assessment, companies are always limited on the amount of resources they can throw at the problem. They either have a finite number of people available, time for those people, or money to contract with the right people.
Attackers, on the other hand, have the luxury of infinite time. If they are dedicated and focused, they can take all the time that they need to penetrate your defenses.
Korean English professor and director of the Korean Language Program at Columbia University, Joowon Suh, explains the phrases English speakers might have missed out on while watching the hit Netflix show.
- Over 400 pre-built JupiterOne queries (free)
- Join us on Slack to continue the discussion
- Gartner and Hype Cycle® for Security Operations, 2021
- JupiterOne Platform (free) to setup your own queries and asset discovery
Posted By Mark Miller
Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.
Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.
As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).
To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.
Subscribe to our newsletter!
Get updates from JupiterOne Mission Control
Fresh content and cool cybersecurity news alerts delivered to your inbox at least 2x a month! Just let us know where to send it.