Cloud security refers to technologies, best practices, and safety guidelines that help to protect your data from human errors, insider and security threats. Therefore, it naturally covers a wide range of procedures, which are aimed at securing systems from data…
Category: DZone Security Zone
Building Resilient Identity Systems: Lessons from Securing Billions of Authentication Requests
As workforce becomes more digital, identity security has become the center of enterprise cyber security. This is particularly challenging given that more than 40 billion authentication requests are processed each day, across platforms and devices, and more solutions than ever are…
Endpoint Security Controls: Designing a Secure Endpoint Architecture, Part 2
As we understood the foundational principles for designing and reviewing endpoint security controls in Part 1, we also covered key topics such as standardizing and enrolling approved devices and operating systems, enforcing strong authentication and centralized identity management, and validating…
Secure by Design: Modernizing Authentication With Centralized Access and Adaptive Signals
Introduction Managing identity and access management (IAM) for large-scale enterprises is a complex challenge, particularly when dealing with legacy systems that cannot be transitioned from overnight to modern authentication. Traditional migration often spans years, leaving enterprises burdened with technical debts…
Endpoint Security Controls: Designing a Secure Endpoint Architecture, Part 1
As organizations embrace digital transformation and hybrid work, the endpoint becomes both a critical productivity enabler and a significant security liability. Laptops, desktops, smartphones, and even IoT devices form the frontline in the battle for data integrity and organizational resilience.…
Detection and Mitigation of Lateral Movement in Cloud Networks
How Hackers Bypass Lateral Movement Detection (And How to Stop Them) Detecting lateral movement has emerged as a crucial cybersecurity challenge today. Attackers who breach network perimeters follow a five-step process. They start with reconnaissance, move to their original compromise,…
Developers Beware: Slopsquatting and Vibe Coding Can Increase Risk of AI-Powered Attacks
Security researchers and developers are raising alarms over “slopsquatting,” a new form of supply chain attack that leverages AI-generated misinformation commonly known as hallucinations. As developers increasingly rely on coding tools like GitHub Copilot, ChatGPT, and DeepSeek, attackers are exploiting…
FIPS 140-3: The Security Standard That Protects Our Federal Data
FIPS (Federal Information Processing Standards) [1] defines a set of public security standards developed by NIST (National Institute of Standards and Technology) [2] that govern the security requirements for cryptographic modules used in government systems. FIPS 140-3 is the latest…
Understanding IEEE 802.11(Wi-Fi) Encryption and Authentication: Write Your Own Custom Packet Sniffer
Introduction As of 2023, it’s estimated that 42 billion cumulative Wi-Fi enabled devices have been shipped (Wi-Fi® by the Numbers: Technology Momentum in 2023, n.d.). Every new device adds to the increasing wireless attack surface, and it’s important for anyone…
Agentic AI for Automated Application Security and Vulnerability Management
It was not so long ago that I was having a much closer look at how AI is becoming embedded in our everyday developer work. I have watched more intelligent code suggestions, automated testing routines, and those ubiquitous chatbots become…