Why DevOps Teams are Using Threat Modeling to Secure Their Infrastructure as Code
Infrastructure as Code (IaC) sure is convenient. IaC is a way for DevOps teams to deploy and manage application environments through a model, rather than having to do it manually. And there sure are lots of benefits to deploying infrastructure that way. Benefits...
How Threat Modeling Improves Cloud Infrastructures With Continuous Cloud Security
It seems that just about every application resides in the cloud today. There’s little doubt that these cloud infrastructures need cloud security. But cloud infrastructures are dynamic—they change continuously. So, how do you protect something that’s constantly...
An Overview of the Evolution of Threat Modeling
As threat modeling becomes an integral part of application development, it is interesting to take a look back on its evolution. Here we see that its development represents a continuum from do-it-yourself to one-click threat modeling (almost). Microsoft STRIDE...
The Regulatory Standard for Cybersecurity in the Automotive Industry
As we detailed in our last post, cars are essentially computers on wheels. And there will soon be a lot of these connected vehicles. According to Juniper Research, by 2025 there will be 206 million automobiles with embedded connectivity, 30 million of which will be...
Now That Cars are Computers on Wheels, How do we Protect Them?
We’ve heard someone refer to a Tesla as an iPhone on wheels, and that’s not too far off. Computer chips have been in automobiles for decades—that’ not new. What is new is that automobiles are now connected to the cloud. Just another node on the internet-of-things...
How Threat Modeling Helps Defend Against APT: The Most Complex Cyberattack
Just how long can advanced persistent threat last? What is the most complex cyberattack? While the answer is certainly up for debate, a leading candidate has to be APT: advanced persistent threat. A good explanation of APT comes from Cisco. “An advanced persistent...
Insider Threats: Why These Cybersecurity Incidents Continue to Grow
With the rising threat of ransomware and other attacks that originate from outside organizations’ networks, it’s easy to forget the damage that an insider threat—whether it’s employee carelessness or something more malicious—can cause in both money and resources....
Ice Phishing Takes Advantage of Tectonic Shift to Web3
The Badger DAO attack last November and December—during which an attacker stole about $121 million from users—is a good example of “ice phishing” on the blockchain. If that term conjures up images of plaid and puffy coat-clad folks huddled around a hole atop a frozen...
