CloudSec Academy

Shaked Rotlevi

November 6, 2025

Cloud infrastructure entitlement management (CIEM) is a security process that helps organizations manage and control access rights to cloud resources.

In this article, we’ll discuss typical cloud security pitfalls and how AWS uses CSPM solutions to tackle these complexities and challenges, from real-time compliance tracking to detailed risk assessment.

Shaked Rotlevi

November 22, 2024

In this article, we’ll take a closer look at everything you need to know about data flow mapping: its huge benefits, how to create one, and best practices, and we’ll also provide sample templates using real-life examples.

Data security controls are security policies, technologies, and procedures that protect data from unauthorized access, alteration, or loss

Lauren Place

November 22, 2024

Cloud IDEs allow developers to work within a web browser, giving them access to real-time collaboration, seamless version control, and tight integration with other cloud-based apps such as code security or AI code generation assistants.

Ziad Ghalleb

November 15, 2024

Application detection and response (ADR) is an approach to application security that centers on identifying and mitigating threats at the application layer.

Ziad Ghalleb

November 12, 2024

Secure coding is the practice of developing software that is resistant to security vulnerabilities by applying security best practices, techniques, and tools early in development.

Swaroop Sham

November 8, 2024

Secure SDLC (SSDLC) is a framework for enhancing software security by integrating security designs, tools, and processes across the entire development lifecycle.

Lauren Place

November 8, 2024

DAST, or dynamic application security testing, is a testing approach that involves testing an application for different runtime vulnerabilities that come up only when the application is fully functional.

Defense in depth (DiD)—also known as layered defense—is a cybersecurity strategy that aims to safeguard data, networks, systems, and IT assets by using multiple layers of security controls.

IAST (Interactive Application Security Testing) is a security testing method that monitors applications in real-time during runtime to detect vulnerabilities by analyzing code behavior and data flow in live environments.

Open-source software (OSS) software composition analysis (SCA) tools are specialized solutions designed to analyze an application's open-source components and dependencies.

Nicolas Ehrman

November 6, 2024

API security encompasses the strategies, procedures, and solutions employed to defend APIs against threats, vulnerabilities, and unauthorized intrusion.

With a CNAPP, your team is empowered to pick and choose solutions that best fit your security capability and cost requirements. This article reviews the best open-source CNAPP tools for 2024.

In this post, we’ll find out why the sensitive data discovery process is so important—along with some of the main challenges. We’ll see how companies tackle the daunting task of classifying their data.

Ziad Ghalleb

October 31, 2024

Source code security refers to the practice of protecting and securing the source code of an application from vulnerabilities, threats, and unauthorized access.

Swaroop Sham

October 30, 2024

Infrastructure as code (IaC) scanning is the process of analyzing the scripts that automatically provision and configure infrastructure.

Uncover the top cloud security issues affecting organizations today. Learn how to address cloud security risks, threats, and challenges to protect your cloud environment.

Shashank Golla

October 29, 2024

Cloud security monitoring refers to the continuous observation and analysis of cloud-based resources, services, and infrastructure to detect security threats, vulnerabilities, and compliance risks.

Cloud infrastructure security describes the strategies, policies, and measures that organizations implement to protect cloud-based systems, data, and infrastructure from threats and vulnerabilities.

Ziad Ghalleb

October 28, 2024

SecDevOps is essentially DevOps with an emphasis on moving security further left. DevOps involves both the development team and the operations team in one process to improve deployment performance and service customers faster.

Chris Champa

October 25, 2024

Open-source software (OSS) incident response (IR) tools are publicly available tools enterprises use to effectively manage and respond to numerous security threats.

Shaked Rotlevi

October 25, 2024

Cross-site request forgery (CSRF), also known as XSRF or session riding, is an attack approach where threat actors trick trusted users of an application into performing unintended actions.

Shaked Rotlevi

October 25, 2024

Data sprawl refers to the dramatic proliferation of enterprise data across IT environments, which can lead to management challenges and security risks.

Cloud identity security is the practice of safeguarding digital identities and the sensitive cloud infrastructure and data they gatekeep from unauthorized access and misuse.

Shaked Rotlevi

October 17, 2024

AI data security is a specialized practice at the intersection of data protection and AI security that’s aimed at safeguarding data used in AI and machine learning (ML) systems.

Open-source intelligence (OSINT) is a framework that involves gathering, analyzing, and interpreting publicly available data to gain insights into cyber threats, adversarial activities, and attack techniques. OSINT identifies innocuous-seeming information that, if analyzed with an attacker’s mindset, could reveal critical loopholes in an enterprise’s security posture.

Vulnerability scanning is an integral component of every vulnerability management program, providing security teams with insights needed to address vulnerabilities before they become attack vectors. When conducted regularly, vulnerability assessments offer asset discovery and visibility, attack surface management, and compliance enforcement.

Greg Zemlin

October 14, 2024

Digital forensics is the cybersecurity process of gathering digital evidence and responding to a cyberattack.

Multi Cloud Security is the combination of strategies, controls, and technologies designed to address the complex challenges of a multi cloud environment.

Cloud data security is the comprehensive strategy of preventing data loss or leakage in the cloud from security threats like unauthorized access, data breaches, and insider threats.

The principle of least privilege (PoLP) is a cybersecurity concept in which users, processes, and devices are granted the minimum access and permissions necessary to perform their tasks.

In this article, we will explore the challenges of managing permissions, the risks associated with improper access controls, and how major cloud providers handle permissions. We’ll also take a look at best practices and advanced solutions like cloud infrastructure entitlement management (CIEM).

In this blog post, we’ll explore security measures and continuous monitoring strategies to prevent these leaks, mitigating the risks posed by security vulnerabilities, human error, and attacks.

In this article, we’ll explore what cloud risk management entails and take an in-depth look at the tools that can keep your systems safe.

Defense in depth is often considered a basic concept in any effective security strategy.

Ziad Ghalleb

October 4, 2024

Secrets detection is the process of identifying and managing sensitive information like API keys, passwords, and tokens within codebases to prevent unauthorized access and data breaches.

Vulnerability scanning is the process of detecting and evaluating security flaws in IT systems, networks, and software.

Cloud workload security protects workloads as they move across cloud environments through monitoring, access controls, encryption, and segmentation.

LLM models, like GPT and other foundation models, come with significant risks if not properly secured. From prompt injection attacks to training data poisoning, the potential vulnerabilities are manifold and far-reaching.

Greg Zemlin

September 27, 2024

A threat intel feed, or threat intelligence feed, provides a continuous incoming flow of data related to cyber threats and risks.

Greg Zemlin

September 24, 2024

In this blog post, we’ll shine a light on the top OSS threat intelligence platforms and tools that enterprises can integrate into their security stack.

Shaked Rotlevi

September 22, 2024

Data security compliance is a critical aspect of data governance that involves adhering to the security-centric rules and regulations set forth by supervisory and regulatory bodies, including federal agencies.

Ziad Ghalleb

September 20, 2024

The top 14 open-source application security tools—including SCA, secrets scanning, and application security testing tools—to help you streamline the critical process of securing your apps from threats and vulnerabilities.

A guide on the 9 best OSS API security tools that protect sensitive data, infrastructure, and business logic from unauthorized access, data theft, and other attacks.

Shaked Rotlevi

September 19, 2024

Data leakage is the unchecked exfiltration of organizational data to a third party. It occurs through various means such as misconfigured databases, poorly protected network servers, phishing attacks, or even careless data handling.

Swaroop Sham

September 18, 2024

Software supply chain security describes the set of processes that ensure the integrity, authenticity, and security of software components throughout their lifecycle.

Nicolas Ehrman

September 18, 2024

Open Policy Agent (OPA) is an open-source, versatile policy engine that facilitates unified and context-aware policy enforcement across various cloud environments.

Swaroop Sham

September 16, 2024

Cloud app security involves ensuring that both cloud-native and cloud-based apps are protected from vulnerabilities through the use of proper tools and practices.

Chris Champa

September 13, 2024

An incident response plan (IRP) is a detailed framework that provides clear, step-by-step guidelines to detect, contain, eradicate, and recover from security incidents.

Ziad Ghalleb

September 13, 2024

NIST’s Secure Software Development Framework (SSDF) is a structured approach that provides guidelines and best practices for integrating security throughout the software development life cycle (SDLC).

Shaked Rotlevi

September 13, 2024

ChatGPT security is the process of protecting an organization from the compliance, brand image, customer experience, and general safety risks that ChatGPT introduces into applications.

Shaked Rotlevi

September 12, 2024

Vulnerability prioritization is the practice of assessing and ranking identified security vulnerabilities based on critical factors such as severity, potential impact, exploitability, and business context. This ranking helps security experts and executives avoid alert fatigue to focus remediation efforts on the most critical vulnerabilities.

Ziad Ghalleb

September 12, 2024

Application security posture management entails continuously assessing applications for threats, risks, and vulnerabilities throughout the software development lifecycle (SDLC). 

Shaked Rotlevi

September 11, 2024

AI risk management is a set of tools and practices for assessing and securing artificial intelligence environments. Because of the non-deterministic, fast-evolving, and deep-tech nature of AI, effective AI risk management and SecOps requires more than just reactive measures.

Ziad Ghalleb

September 9, 2024

SAST (Static Application Security Testing) analyzes custom source code to identify potential security vulnerabilities, while SCA (Software Composition Analysis) focuses on assessing third-party and open source components for known vulnerabilities and license compliance.

Ziad Ghalleb

September 7, 2024

Static Application Security Testing (SAST) is a method of identifying security vulnerabilities in an application's source code, bytecode, or binary code before the software is deployed or executed. 

Ziad Ghalleb

September 7, 2024

In this Academy article, we'll dig into SAST and DAST security testing methods, exploring how they work and their core aspects

Ziad Ghalleb

September 7, 2024

In this article, we’ll explore the step-by-step process of code scanning, its benefits, approaches, and best practices.

In this article, we’ll explore the top 9 OSS CSPM tools available today, each with its unique capabilities and benefits for helping organizations identify cloud misconfigurations, prevent security breaches, and ensure compliance with industry standards.

Shashank Golla

September 5, 2024

Database security is the process of identifying, assessing, and mitigating risks that can compromise the confidentiality, integrity, and availability of data.

Greg Zemlin

September 5, 2024

Most incident response teams measure both MTTD and MTTR to not only shorten attackers’ dwell times in their systems but also to gauge the team’s readiness to combat future security incidents and then optimize response times.

Chris Champa

September 3, 2024

An incident response playbook is a document outlining clear steps for security teams to follow when responding to and resolving security incidents such as malware infections, unauthorized access, denial-of-service attacks, data breaches, or insider threats.

The vulnerability management lifecycle consists of six key stages: identification and assessment, prioritization, remediation and mitigation, verification and validation, reporting, and monitoring and improvement.

Nicolas Ehrman

August 30, 2024

Exposure management is when companies identify, assess, and mitigate the risk posed by exposed resources, such as networks, applications, data, and other assets.

Adversarial artificial intelligence (AI), or adversarial machine learning (ML), is a type of cyberattack where threat actors corrupt AI systems to manipulate their outputs and functionality.

A vulnerability management program is a structured, continuous approach to identifying, evaluating, and mitigating security weaknesses across an organization's IT ecosystem.

Chris Champa

August 28, 2024

Cloud incident response is a strategic approach to detecting and recovering from cyberattacks on cloud-based systems with the goal of minimizing the impact to your workloads and business operation accordingly.

An incident response team is a specialized security unit within an organization whose primary duties involve responding to cyber incidents and addressing compromised systems, applications, and data.

Greg Zemlin

August 23, 2024

Attack path analysis (APA) is a cybersecurity technique that identifies and maps how potential attackers could infiltrate your network and systems

SecOps is the collaborative integration of IT security and operations teams to protect and manage an organization's digital assets more efficiently.

Chris Champa

August 19, 2024

Cloud threat modeling is a systematic approach designed to uncover, evaluate, and rank the potential security vulnerabilities and dangers unique to cloud-based systems and infrastructure.

Nicolas Ehrman

August 19, 2024

Linux security ensures the confidentiality, integrity, and availability of Linux-based systems and protects them from hackers, brute-force attacks, and other cyber threats.

Nicolas Ehrman

August 16, 2024

A Kubernetes cluster consists of a group of node machines designed to run applications within containers.

Chris Champa

August 11, 2024

Cloud security logs are formatted text records that capture events and activities as they occur in a cloud environment, providing insight into what’s happening within that environment in real time.

Ziad Ghalleb

August 11, 2024

Open-source security is the collection of tools and processes used to secure and manage the lifecycle of open-source software (OSS) and dependencies from development to production.

A security operations center (SOC) team is a group of highly skilled professionals responsible for scanning IT environments and identifying and remediating cybersecurity threats and incidents

Cloud network security is a combination of tools, processes, and policies that protect your cloud environments.

Ziad Ghalleb

August 9, 2024

Security as Code (SaC) is a methodology that integrates security measures directly into the software development process. It involves codifying security policies and decisions, and automating security checks, tests, and gates within the DevOps pipeline.

The OWASP DevSecOps Maturity Model (DSOMM) is a framework for assessing and improving DevSecOps practices.

Chris Champa

August 5, 2024

Cloud forensics is a branch of digital forensics that applies investigative techniques to collecting and evaluating critical evidence in cloud computing environments following a security incident.

Shaked Rotlevi

August 5, 2024

LLM jacking is an attack technique that cybercriminals use to manipulate and exploit an enterprise’s cloud-based LLMs (large language models).

Credential access is a cyberattack technique where threat actors access and hijack legitimate user credentials to gain entry into an enterprise's IT environments.

Shaked Rotlevi

August 2, 2024

Prompt injection attacks are an AI security threat where an attacker manipulates the input prompt in natural language processing (NLP) systems to influence the system’s output.

Nicolas Ehrman

August 1, 2024

Helm Charts streamline the deployment of applications by providing a packaging format that includes all necessary Kubernetes resources.

As cloud adoption grows, the only way to mitigate risks and access the full spectrum of cloud capabilities is to prioritize visibility. Read on to learn more about cloud visibility—and how to achieve it.

Incident response is a critical aspect of enterprise cybersecurity that involves identifying and responding to cyberattacks, threats, and data breaches.

Chris Champa

July 23, 2024

Security operations centers (SOCs) are centralized facilities and functions within an enterprise’s IT ecosystem that monitor, manage, and mitigate cyber threats.

Nicolas Ehrman

July 20, 2024

A container engine is a software tool that automates the process of running applications in isolated, lightweight environments called containers.

eBPF provides deep visibility into network traffic and application performance while maintaining safety and efficiency by executing custom code in response to the kernel at runtime.

An incident response framework is a blueprint that helps organizations deal with security incidents in a structured and efficient way. It outlines the steps to take before, during, and after an incident, and assigns roles and responsibilities to different team members.

Nicolas Ehrman

July 16, 2024

File integrity monitoring (FIM) is a set of security practices that continuously verify the authenticity of file systems, operating system components, applications, and databases.

Data poisoning is a kind of cyberattack that targets the training data used to build artificial intelligence (AI) and machine learning (ML) models.

Incident response is a strategic approach to detecting and responding to cyberattacks with the goal of minimizing their impact to your IT systems and business as a whole.

Shaked Rotlevi

July 10, 2024

AI-SPM (AI security posture management) is a new and critical component of enterprise cybersecurity that secures AI models, pipelines, data, and services.

Dark AI involves the malicious use of artificial intelligence (AI) technologies to facilitate cyberattacks and data breaches. Dark AI includes both accidental and strategic weaponization of AI tools.

Ziad Ghalleb

July 9, 2024

Policy as code (PaC) is the use of code to define, automate, enforce, and manage the policies that govern the operation of cloud-native environments and their resources.

CIS benchmarks are publicly available security roadmaps offering core recommendations to guide organizations on hardening their IT systems against cyber threats.

Ziad Ghalleb

July 2, 2024

While DevOps delineates collaboration and automation practices that emphasize infrastructure provisioning and continuous monitoring, GitOps extends its concepts by employing Git as the single source of truth for both application and infrastructure settings.

Greg Zemlin

July 1, 2024

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a cybersecurity framework that helps enterprises fortify themselves against cyber threats.

Nicolas Ehrman

July 1, 2024

Kubernetes namespaces divide a given cluster into virtual clusters, helping to separate and manage resources while still keeping them within the same physical cluster. By segregating workloads and applying policies per namespace, you can create boundaries that keep your multi-tenant environments safe and organized.

Nicolas Ehrman

June 27, 2024

Understanding the nuances of Linux containers is crucial for building robust, secure applications. This blog post provides insights into the practical implementation of containers, focusing on both their strengths and potential pitfalls.

Swaroop Sham

June 23, 2024

Secret scanning is the practice of running automated scans on code repositories, execution pipelines, configuration files, commits, and other data sources to prevent potential security threats posed by exposed secrets.

Writing your IR plan from scratch? Not sure where to begin? Get a head start with these free templates and examples.

Greg Zemlin

June 20, 2024

MITRE ATT&CK®, a publicly available security toolkit that helps enterprises overcome cyber threats, defines defense evasion as a way for malicious actors to evade detection during an attack.

Greg Zemlin

June 14, 2024

Threat hunting involves a systematic, continuous search to find and eliminate malicious activity within an organization’s environment.

Nicolas Ehrman

June 12, 2024

7 essential best practices that every organization should start with

Greg Zemlin

June 10, 2024

Cloud investigation and response automation (CIRA) harnesses the power of advanced analytics, artificial intelligence (AI), and automation to provide organizations with real-time insights into potential security incidents within their cloud environments

Security by design is a software development approach that aims to establish security as a pillar, not an afterthought, i.e., integrating security controls into software products right from the design phase.

Two major formats dominate the SBOM ecosystem: Software Package Data Exchange (SPDX) and CycloneDX (CDX). Let’s review!

Greg Zemlin

June 5, 2024

Threat detection and response (TDR) is a set of continuous processes that proactively search for cyberattacks and respond to them in real time.

Greg Zemlin

June 3, 2024

Cloud detection and response is the process of identifying and mitigating security threats or incidents in cloud environments through monitoring, analysis, and automated or manual actions.

Nicolas Ehrman

June 3, 2024

Docker containers leverage the Docker Engine (a platform built on top of Linux containers) to simplify the software development process.

Nicolas Ehrman

May 29, 2024

Kubernetes runtime security refers to the measures and practices implemented to protect Kubernetes clusters and the applications running within them during their operational phase.

Nicolas Ehrman

May 29, 2024

In Kubernetes, a security context defines privilege and access control settings for a Pod or Container. It allows you to specify security configurations such as user and group IDs, filesystem permissions, and capabilities.

This article offers an extensive examination of Azure environments’ most pressing security risks along with suggested approaches for effectively mitigating these challenges.

Learn about the most pressing security risks shared by all AI applications and how to mitigate them.

Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.

Cloud sprawl is a phenomenon that involves the unmanaged growth of cloud-based resources and services.

Discover the similarities between CSPM and DSPM, what factors set them apart, and which one is the best choice for your organization’s needs.

Nicolas Ehrman

May 12, 2024

Container monitoring is the process of collecting, analyzing, and reporting metrics and data related to the performance and health of containerized applications and their hosting environments.

Data exfiltration is when sensitive data is accessed without authorization or stolen. Just like any data breach, it can lead to financial loss, reputational damage, and business disruptions.

Shashank Golla

May 10, 2024

Cloud migration security is a facet of cybersecurity that protects organizations from security risks during a transition to cloud environments from legacy infrastructure, like on-premises data centers.

Nicolas Ehrman

May 7, 2024

Kubernetes role-based access control (RBAC) serves as a foundational security layer within Kubernetes. It is essential for regulating access to the K8s API and its resources, allowing organizations to define user roles with specific permissions to effectively control who can see or interact with what resources within a cluster.

Greg Zemlin

May 6, 2024

Wade through the alphabet soup of detection and response technologies to understand where they overlap and how they differ.

A cloud workload protection platform (CWPP) is a security solution that provides continuous threat monitoring and protection for cloud workloads across different types of cloud environments.

Swaroop Sham

May 2, 2024

Code security, also known as secure coding, refers to the practices, methodologies, and tools designed to ensure that the code written for applications and systems is secure from vulnerabilities and threats.

Shaked Rotlevi

May 2, 2024

13 essential best practices for every organization + the common tools and services that can support them

A Cloud-Native Application Protection Platform (CNAPP) is a security solution that unifies all cloud security capabilities to protect cloud environments.

Nicolas Ehrman

April 29, 2024

Container runtime security is the combination of measures and technology implemented to protect containerized applications at the runtime stage.

Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.

Nicolas Ehrman

April 29, 2024

Common security risks associated with Terraform and the 6 essential best practices for terraform security.

Greg Zemlin

April 29, 2024

Cryptojacking is when an attacker hijacks your processing power to mine cryptocurrency for their own benefit.

Credential stuffing is a type of cyberattack where automated tools are used to repeatedly inject stolen username/password combinations into various services to gain access to legitimate users’ accounts in addition to those that were originally breached.

8 open-source vulnerability management tools and their features, categorized by use case

Nicolas Ehrman

April 24, 2024

Container orchestration involves organizing groups of containers that make up an application, managing their deployment, scaling, networking, and their availability to ensure they're running optimally.

This blog explores the significance of security in Azure environments and provides an overview of native as well as third-party security tools available to improve an organization’s Azure security stance.

10 native tools for IAM, data protection, network security, threat detection, and compliance management.

Cross-site scripting (XSS) is a vulnerability where hackers insert malicious scripts inside web applications with the aim of executing them in a user’s browser.

Nicolas Ehrman

April 21, 2024

The primary function of admission controllers is the enforcement of custom policies on incoming requests, ensuring that only valid and compliant API requests are executed.

Swaroop Sham

April 18, 2024

A Software Bill of Material (SBOM) is a comprehensive inventory that details every software component that makes up an application.

A man-in-the-middle (MitM) attack is a type of cyberattack where a hacker intercepts data transferred between two parties.

Nicolas Ehrman

April 14, 2024

At their core, containers encapsulate the application code and runtime, system tools, dependencies, and settings that enable it to operate in the same way across multiple environments.

Nicolas Ehrman

April 10, 2024

A Kubernetes secret is an object in the Kubernetes ecosystem that contains sensitive information (think keys, passwords, and tokens)

Nicolas Ehrman

April 10, 2024

Containerization encapsulates an application and its dependencies into a container image, facilitating consistent execution across any host operating system supporting a container engine.

In a nutshell, containers and virtual machines (VMs) are two inherently different approaches to packaging and deploying applications/services in isolated environments.

Nicolas Ehrman

April 8, 2024

Kubernetes as a service (KaaS) is a model in which hyperscalers like AWS, GCP, and Azure allow you to quickly and easily start a Kubernetes cluster and begin deploying workloads on it instantly.

A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.

We cover the top container security tools across 7 common use cases, including image scanning, compliance, secrets management, and runtime security.

Nicolas Ehrman

April 2, 2024

Kubernetes monitoring involves collecting, analyzing, and acting on performance data and metrics across your clusters.

This post discusses CSPM and SSPM in depth to reveal their respective use cases. You'll also learn how CSPM and SSPM complement each other to strengthen your overall security posture.

This article examines common AWS security challenges, including identity and access control gaps, data exposure risks, and monitoring blind spots.

In this article, we'll compare CIEM and IAM to explain how these crucial techniques help reduce your attack surface.

Shadow data is any data that is created, stored, or shared outside of an organization's formal IT environment and management policies.

Explore common security missteps in detail and learn actionable recommendations to help organizations strengthen their GCP environments.

Nicolas Ehrman

March 21, 2024

Containers as a service (CaaS) is a cloud service model that allows users to manage, upload, scale, run, and terminate containers using a service provider's API or web portal.

Nicolas Ehrman

March 18, 2024

20 essential security best practices every DevOps team should start with

Greg Zemlin

March 15, 2024

Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.

Nicolas Ehrman

March 15, 2024

Take a deep dive into the world of container images and learn their essential role in cloud security.

Nicolas Ehrman

March 14, 2024

Kubernetes vulnerability scanning is the systematic process of inspecting a Kubernetes cluster (including its container images and configurations) to detect security misconfigurations or vulnerabilities that could compromise the security posture of the cluster.

The shared responsibility model is a framework establishing cloud security responsibilities between cloud service providers (AWS, GCP, Azure) and customers.

Serverless security is the extra layer of protection designed for applications built on a serverless architecture. In this type of cloud computing, you write the code (functions) but the cloud provider handles the servers. This creates a different security approach.

A cloud operating model is a set of practices and procedures that organizations follow for effective management of their cloud resources.

A cloud security strategy is the combination of the measures, tools, policies, and procedures used to secure cloud data, applications, and infrastructure.

A rootkit is a suite of software designed to grant a cyberattacker privileged access while disguising the invasion to evade detection.

Nicolas Ehrman

March 8, 2024

Container architecture is a way to package and deploy applications as standardized units called containers.

Shaked Rotlevi

March 7, 2024

Cloud Security Posture Management (CSPM) describes the process of continuously detecting and remediating risks in cloud environments and services (e.g. S3 buckets w/ public read access). CSPM tools automatically evaluate cloud configurations against industry best practices, regulatory requirements, and security policies to ensure that cloud environments are secure and properly managed.

Nicolas Ehrman

March 7, 2024

External Attack Surface Management (EASM) refers to the process of identifying, analyzing, and managing an organization's external attack surface.

Nicolas Ehrman

March 1, 2024

9 essential best practices to securing your Kubernetes workloads

Nicolas Ehrman

March 1, 2024

8 no-brainer container security best practices + the key components of container architecture to secure

Risk-based vulnerability management is a vulnerability management approach that prioritizes vulnerabilities that pose the greatest risk to an organization.

Nicolas Ehrman

March 1, 2024

A container registry is a service that stores, manages, and distributes application images. Its architecture is designed to ensure availability by providing a centralized resource for container image discovery, distribution, and deployment.

Greg Zemlin

February 29, 2024

Learn how to create your own company incident response policy to prepare and prevent against an attack on your IT systems in this complete guide.

In this guide, we'll look at a variety of Docker alternatives that provide different benefits for your workloads—such as daemonless operation, a simplified management experience, improved container security, and enhanced scalability and orchestration for production environments.

Swaroop Sham

February 28, 2024

This article will refresh your knowledge of AWS and S3 security basics and then move into the best practices you need to get started with S3 security.

Swaroop Sham

February 26, 2024

DevSecOps, which stands for Development, Security, and Operations, is a software development practice that emphasizes integrating security considerations throughout the entire development lifecycle, from initial design to deployment and ongoing maintenance.

Nicolas Ehrman

February 26, 2024

Container security is the process of securing the container pipeline, the content running inside the containers, and the infrastructure on which the containers run.

This blog post explores the world of container orchestration tools beyond Kubernetes, highlighting cloud provider tools and open-source alternatives that promise to redefine how we deploy and manage applications.

A reverse shell attack is a type of cyberattack where a threat actor establishes a connection from a target machine (the victim's) to their machine.

Nicolas Ehrman

February 20, 2024

Cloud encryption is the process of transforming data into a secure format that's unreadable to anyone who doesn't have the key to decode it.

Nicolas Ehrman

February 19, 2024

Microservices security is the practice of protecting individual microservices and their communication channels from unauthorized access, data breaches, and other threats, ensuring a secure overall architecture despite its distributed nature.

Shaked Rotlevi

February 16, 2024

We’ll take a deep dive into the MLSecOps tools landscape by reviewing the five foundational areas of MLSecOps, exploring the growing importance of MLSecOps for organizations, and introducing six interesting open-source tools to check out

CSPM focuses on securing cloud infrastructure by identifying and remediating misconfigurations, while CIEM centers on managing and securing user identities and access permissions within cloud environments, addressing threats related to unauthorized access and entitlements.

Data security posture management (DSPM) is a solution designed to continuously monitor an organization's data security policies and procedures to detect vulnerabilities and potential risks.

Nicolas Ehrman

February 12, 2024

A container runtime is the foundational software that allows containers to operate within a host system.

In this article, we’ll look at the emergence of DevSecOps and then discuss actionable best practices for integrating DevSecOps into your workflows.

Learn where CNAPP and CSPM overlap, where they differ, and which one is right for your organization.

Shaked Rotlevi

January 31, 2024

To manage risks associated with AI, organizations need a strategic and well-coordinated security approach that extends traditional cybersecurity measures to the unique needs of AI.

Nicolas Ehrman

January 31, 2024

IAM security consists of policies and technologies designed to ensure that only authorized individuals gain access to the relevant resources within an organization.

Nicolas Ehrman

January 30, 2024

EKS security refers to the practices, strategies, and technologies that organizations use to protect Amazon Elastic Kubernetes Service (EKS) environments from threats.

Shaked Rotlevi

January 27, 2024

Cloud compliance is the series of procedures, controls, and organizational measures you need to have in place to ensure your cloud-based assets meet the requirements of the data protection regulations, standards, and frameworks that are relevant to your organization.

Nicolas Ehrman

January 26, 2024

Azure Kubernetes Service (AKS) delivers Kubernetes as a managed service in Azure and is popular among organizations looking for a hassle-free Kubernetes solution in the cloud.

Enterprise cloud security is the comprehensive set of practices, policies, and controls used by organizations to protect their data, applications, and infrastructure in the cloud.

A container platform is a comprehensive solution that allows organizations to efficiently create, deploy, and manage containers.

Learn where CSPM and CWPP overlap, where they differ, and which one is right for your organization.

Cloud management refers to the monitoring, maintenance, and operation of data, apps, and infrastructure hosted on the cloud.

Cloud governance entails the policies, processes, and controls an organization puts in place to ensure the effective and secure management of its cloud resources and services.

An attack surface is refers to all the potential entry points an attacker could exploit to gain unauthorized access to a system, network, or data.

Cloud security architecture is a broad set of principles designed to guide the implementation of security controls, practices, and solutions within a cloud computing environment.

Security posture is the overall defensive strength of an enterprise’s IT infrastructure, which comprises hardware, software, practices, policies, and personnel.

Explore the security roles your tools should cover, then outline the key tool types to help you build your security workflows.

Learn to navigate the complexities of cloud security, including the knowledge and tools required to build a robust and proactive defense against ever-evolving cyber threats.

Read on for a roundup of top open-source tools that are game-changers when it comes to securing your development and operations pipeline.

Nicolas Ehrman

January 2, 2024

Kubernetes Security Posture Management (KSPM) is the practice of monitoring, assessing, and ensuring the security and compliance of Kubernetes environments.

Cloud native security refers to the practices, tools, and policies that protect cloud native applications and infrastructures.

Software composition analysis (SCA) tools index your software dependencies to give you visibility into the packages you're using and any vulnerabilities they contain.

In this blog post, we’ll take a deep dive into software supply chains and discuss effective strategies for reducing security risks.

This article will give you a refresher on code security and review the most popular open-source code security tools available.

Cloud vulnerability management is the continuous process of identifying, classifying, prioritizing, and remediating security vulnerabilities in your cloud environment.

Swaroop Sham

December 15, 2023

This article will start with a quick refresher on SBOMs and then list the top SBOM-generation tools available.

Shaked Rotlevi

December 14, 2023

Understanding how to implement zero-trust architecture is crucial for protecting against the complexities of modern cyber threats.

Nicolas Ehrman

December 14, 2023

Container security scanning is a process that systematically analyzes container images for vulnerabilities and security issues, allowing developers to address potential threats before they escalate into breaches.

Nicolas Ehrman

December 14, 2023

Container image signing is a critical security process for establishing trust. Just as you'd expect a signature to verify the authenticity of a document, image signing does the same for container images—those neat packages that carry your code along with all the necessary parts to run it anywhere.

Nicolas Ehrman

December 13, 2023

Looking to make the most of containerization while minimizing risk? Container scanning solutions are a critical line of defense that help ensure the safe and secure deployment of applications.

Shadow AI is the unauthorized use or implementation of AI that is not controlled by, or visible to, an organization’s IT department.

Malicious code is any software or programming script that exploits software or network vulnerabilities and compromises data integrity.

Greg Zemlin

November 26, 2023

Agentless and agent-based systems are both valid approaches for cloud security. There is no single right answer when deciding which to choose, as each comes with its own advantages and drawbacks.

To help you make an informed decision, we've crafted a comprehensive comparison of AWS and Azure security, empowering you to select the cloud provider that seamlessly integrates with your unique needs.

Hybrid cloud security is a combination of strategies, technologies, and teams working in unison to secure an organization’s hybrid cloud environment.

Public cloud security describes establishing cybersecurity measures to secure public cloud environments accessible to multiple users or organizations.

Shaked Rotlevi

November 17, 2023

AWS security groups (SGs) are virtual firewalls for your EC2 instances that control both inbound and outbound traffic.

AI is the engine behind modern development processes, workload automation, and big data analytics. AI security is a key component of enterprise cybersecurity that focuses on defending AI infrastructure from cyberattacks.

Private cloud security is a term that describes the tools and techniques used to secure private cloud environments.

Cloud security standards include clear steps that organizations can take to secure their cloud environments and mitigate the risk of cyberattacks.

Cybersecurity Maturity Model Certification (CMMC) is an evaluation designed for Defense Industrial Base (DIB) contractors.

Nicolas Ehrman

October 31, 2023

Continuous integration and continuous delivery (CI/CD) have become the backbone of modern software development, enabling rapid, reliable, and consistent delivery of software products. To bolster your CI/CD pipeline, ensuring resilience against ever-evolving threats, follow the best practices in this guide.

Although the HIPAA doesn't make any specific reference to the cloud, it is a completely different IT environment from the on-premises data center—with different compliance challenges. Learn some of the key HIPAA considerations when you host your healthcare workloads in the cloud.

Learn how and why the financial industry is often targeted and discuss best practices for remediating these evolving security challenges.

Nicolas Ehrman

October 27, 2023

11 essential API security best practices that every organization should start with

Swaroop Sham

October 26, 2023

Infrastructure as Code (IaC) security is the practice of securing cloud infrastructure by embedding security controls into IaC templates and scripts.

Between its reliability and its robust scalability, Azure has become an integral part of many organizations' cloud architecture. Learn how to secure your Azure deployment with these 5 essential best practices.

A security misconfiguration is when incorrect security settings are applied to devices, applications, or data in your infrastructure.

Shift-left security is the practice of performing code and software security assurance processes as early as possible in the software development lifecycle (SDLC).

FISMA compliance is the set of processes, controls, and protocols an organization must have in place to ensure its information assets satisfy the requirements of the Federal Information Security Management Act (FISMA).

Nicolas Ehrman

October 9, 2023

The open-source nature of Kubernetes means that it is continually being updated and improved, which introduces new features and functionalities—as well as new vulnerabilities. Understand the most pressing K8 security challenges.

Nicolas Ehrman

October 9, 2023

It’s a good idea to consider a range of Kubernetes security tools. Open source solutions can greatly improve the security of your Kubernetes clusters, so this section explores the top 11 open-source Kubernetes security tools that can help to safeguard your Kubernetes environment.

Shaked Rotlevi

October 6, 2023

Configuration drift is when operating environments deviate from a baseline or standard configuration over time.

Patch management is the process of planning, testing, and applying updates to software systems and applications to address vulnerabilities, fix bugs, and improve overall system performance.

11 essential best practices every organization should start with

The short answer is no, AI is not expected to replace cybersecurity or take cybersecurity jobs.

10 essential AWS security best practices every organization should start with

Swaroop Sham

September 20, 2023

8 essential cloud security best practices that every organization should start with

Cloud security refers to a set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data, and infrastructure.

A walk through of what the cloud security posture management (CSPM) landscape will look like this year.

We outline the most common cloud vulnerabilities with real-life examples of attacks that exploited these vulnerabilities, and simple steps you can take to mitigate them.

11 native tools for IAM, data protection, network and application protection, compliance management, and threat detection

Vulnerability management involves continuously identifying, managing, and remediating vulnerabilities in IT environments, and is an integral part of any security program.

10 essential best practices to securing your Google Cloud environments

Swaroop Sham

August 4, 2023

The best Infrastructure as Code (IaC) tools, curated by use case and categorized into CSP-specific and CSP-neutral providers.

Shadow IT is an employee’s unauthorized use of IT services, applications, and resources that aren’t controlled by—or visible to—an organization’s IT department.