Veeam has shown evidence of its capabilities to provide backup, recovery and cybersecurity across an increasing number of heavyweight cloud platforms, databases and service layers including MongoDB and Nutanix.

The post Veeam Widens Beam to MongoDB, Nutanix & Proxmox VE appeared first on Security Boulevard.

The post Navigating Cloud Security: Q&A on the Importance of Collaboration and Innovation appeared first on Security Boulevard.

Xi whiz: Versa Networks criticized for swerving the blame.

The post China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target appeared first on Security Boulevard.

The post How Displays2go Increased Conversions & Reduced Costs with DataDome appeared first on Security Boulevard.

Should’ve listened to Edison: After the arrest of Pavel Durov—the Telegram CEO—comes news of domestic extremists using the chat app to organize.

The post ‘Terrorgram’ Telegram Terrorists Trash Transformers — Grid in Peril appeared first on Security Boulevard.

SaaS breaches are on the rise, and nearly half the corporate victims have more than 2,500 employees. Those are among the sobering conclusions from a survey of security experts at 644 organizations in six countries — the U.S., UK, France, Germany, Japan and Australia — by AppOmni, which found a third of organizations suffered a SaaS data..

The post One-Third Of Companies Suffered SaaS Breach This Year appeared first on Security Boulevard.

Miggio has discovered a configuration-based vulnerability that enables cybercriminals to bypass authentication and authorization services provided by the Application Load Balancer (ALB) from Amazon Web Services (AWS) that could affect more than 15,000 potentially vulnerable applications.

The post Miggo Uncovers AWS Load Balancer Security Flaw appeared first on Security Boulevard.

Who will secure my cloud use, a CSP or a focused specialty vendor?

Who is my primary cloud security tools provider?

This question asked in many ways has haunted me since my analyst days, and I’ve been itching for a good, fiery debate on this. So, we did this on our Cloud Security Podcast by Google where the co-hosts divided the positions, researched the arguments in advance of the debate and then just … WENT AT EACH OTHER :-)

The results were so fun and interesting that this blog was born!

The Case for Third-Party Vendor Tooling

These arguments hinge on three primary concerns: trust, consistency, and innovation.

Some observers also highlight the theoretical conflict of interest when a CSP is responsible for both building and securing the cloud (no idea why people say this, as IMHO there is no conflict here). This side also stressed the importance of consistency across multi-cloud environments and argued that dedicated security vendors are more likely to innovate more rapidly. They also may address client needs faster, especially narrow vertical needs.

• You just can’t trust the cloud builder to secure their own stuff (or “letting the cat guard the cream” as somebody weirdly opined on social media). Third-party vendors promise unbiased security analysis and can uncover security issues that CSPs might deprioritize, benefiting the broader public and individual users. This separation of duties suggests a more objective evaluation of cloud security.
• Consistency is super critical for multicloud. Third-party tools provide a consistent security framework across multiple cloud platforms. This simplifies management and reduces the need for specialized knowledge in each CSP’s unique security offerings.
• Startups just build better tools; this is their focus and sole mission; CSPs suffer from “security from a big company” syndrome, being slow and political. Third-party vendors, whose core business is security, are more likely to develop innovative and effective security solutions compared to CSPs, who may view security as a secondary concern.
• Auxiliary argument: Would you ever trust the CSP to secure the network/environment that belongs to their competitor?

The Case for CSP-Native

These arguments hinged on three primary concerns: deep platform knowledge, built-in security, and seamless stack.

Deep platform knowledge that CSPs possess suggests both robust and “automatic”, default security. The seamlessness of CSP-native tools and the vast (we mean it, BTW!) resources that CSPs dedicate to security also play a key role. CSPs are very well positioned to keep pace with the rapid evolution of cloud services, and secure them as they are built.

• CSP knows the platform and cloud in general best, can use unlisted or poorly documented capabilities to secure the cloud. Security deeply integrated into the platform is “more secure”, and also better linked with asset tracking, and other IT ops / DevOps capabilities. This deep knowledge translates into superior security capabilities, both practical and conceptual.
• Built-in beats bolt-on, with fewer seams to break and break through. CSP-native tools offer seamless integration with other services, streamlining workflows, and reducing the risk of security gaps that can arise from stitching together disparate tools. This results in a simpler and more manageable security stack. Recent breaches highlight the risks associated with these integration points, underscoring the advantage of built-in security.
• Using native tools reduces the number of third-party vendors and solutions you need to manage, leading to a simpler security stack and less administrative overhead. When cloud platforms and security tools share the same foundation, operational teams benefit from streamlined access and workflows.
• Auxiliary argument: CSP keeps pace with securing new services as they are being launched. And there are a lot of cloud services being launched.

The Verdict

• “It depends” wins! It really does. No, we are not hedging or fudging. Are you disappointed?
• To make it practical, we need to answer “depends on what?” Organizational realities: how you use cloud, what cloud, how many clouds, what is your threat model, etc.
• None of the arguments from either side include a “killer” or a clincher argument that stops the debate and hands the victory to one side.
• Often starting with CSP-native tools and then supplementing with third-party solutions to address any gaps (if any) is the way to go (this also was Gartner advice in my days, BTW)

Listen to the audio version (better jokes!). And, yes, do read “Snow Crash” if you somehow failed to, before.

Resources:

• EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim
• EP74 Who Will Solve Cloud Security: A View from Google Investment Side
• EP22 Securing Multi-Cloud from a CISO Perspective, Part 3
• EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
• “Use Cloud Securely? What Does This Even Mean?!”

The Great Cloud Security Debate: CSP vs. Third-Party Security Tools was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post The Great Cloud Security Debate: CSP vs. Third-Party Security Tools appeared first on Security Boulevard.

The post Mastering Cloud Security: Uncovering Hidden Vulnerabilities with NodeZero™ appeared first on Horizon3.ai.

The post Mastering Cloud Security: Uncovering Hidden Vulnerabilities with NodeZero™ appeared first on Security Boulevard.

The post How to Patch your Linux Kernel before it gets exploited? appeared first on Kratikal Blogs.

The post How to Patch your Linux Kernel before it gets exploited? appeared first on Security Boulevard.