Articles

What is Cloud Security Architecture? Principles, Framework, and Architecture Assessment

Protect your organization in the cloud with a robust cloud security architecture. Learn more about cloud security architecture and its importance.

In Localhost We Trust: Exploring Vulnerabilities in Cortex.cpp, Jan’s AI Engine

Discover critical security vulnerabilities recently found in Cortex.cpp, the engine behind the local AI platform Jan AI, revealing that self-hosted AI isn't automatically secure. Learn how attackers could exploit these flaws and the importance of prioritizing security in the growing ecosystem of on-premise AI solutions.

7 Surprising Roadblocks on the Path to DevSecOps Maturity

Understand how your organization's DevSecOps maturity compares to industry benchmarks. Learn about common challenges in risk reduction, security fatigue, and developer adoption. Get the insights.

Adversarial Inputs to Image Classifiers: Understanding the Threat of Adversarial AI

Explore the vulnerabilities of AI image classifiers to adversarial attacks. Understand techniques like C&W, PGDL2, DeepFool, their implications, and the importance of AI security.

The Essential Guide to AI Bills of Materials (AIBOMs)

This guide is your one-stop shop on AI Bill of Materials (AIBOMs). Learn how to build an inventory of your AI model.

AI Attacks & Threats: What are they and how do they work?

Discover more about AI cyber-attacks: what they are, how they work, and how to protect your business against them.

How is AI being used in cybersecurity?

Learn how the emergence of AI is changing organizations' approaches to cybersecurity, leveraging different AI models to improve the efficiency of cybersecurity programs.

Why open source governance is key for security

What is open source governance? Open source governance is the recognized rules and customs that guide an open source project.

Cloud Compliance Standards: Frameworks & Controls

When choosing a cloud compliance tool, consider capabilities such as policy as code and historical reporting to help maintain and verify your compliance.

Cloud Security Automation

Organizations working towards adopting cloud computing report that security and compliance are two of the top three barriers they face: 35% of cybersecurity professionals stated security is their biggest barrier, while 31% reported compliance (Statista).

DevSecOps Program Success

Improving secure development is a journey that takes time, and starts with getting visibility into the existing security processes and practices that are done by each team today. If this isn’t done in an empathetic way, this process can be perceived as a reaction to development shortcomings. When others think there’s blame or judgment, it’s easy to get defensive responses.

SOC 2 Cloud Compliance Guide

What is SOC 2 and why is it important for your organization? Follow our steps to bring your cloud environments into SOC 2 compliance.

The shared responsibility model for cloud security

Cloud security is a shared responsibility between cloud providers and customers.

Enterprise security: How to stay secure at enterprise scale

Enterprise security is the use of technologies, practices, and processes to protect digital assets, systems, and data from threats and vulnerabilities.

Deep-Dive: Cloud Security Posture Management

Viele Unternehmen gehen den Weg in die Cloud unter der Annahme, dass ihr Provider – sei es AWS, Google Cloud, Microsoft Azure oder ein anderer – für die Sicherheit verantwortlich ist.

Product Security vs. Application Security: What’s the Difference?

Discover the differences between product and application security to build more secure products and applications.

Cloud-Sicherheit: Kernsäule für Cybersecurity

Die Sicherheit ihrer Services ist für Public-Cloud-Provider essenziell, baut ihr Geschäftsmodell doch in erster Linie auf dem Vertrauen ihrer Kunden auf. Zugleich verschwimmen durch ihre Nutzung zunehmend die Grenzen zwischen Cloud- und klassischer On-Prem-Infrastruktur.

Security Champions Overview

Security champions are developers with an interest in security and a home in development. They are the interface between two teams that have traditionally been siloed. Let’s take a look at some of the benefits any organization can gain from these programs.

Risk-Based Vulnerability Management (RBVM): What is it & how to implement

Risk-based vulnerability management (RBVM) is a relatively new AppSec practice that empowers organizations to see their risk in context and prioritize the most critical fixes.

SAST vs. DAST: what is the difference and how to combine the two?

Dynamic security testing (DAST) uses the opposite approach of SAST. Whereas SAST tools rely on white-box testing, DAST uses a black-box approach.