by threatmodeler | Oct 8, 2020 | Attack Surface Analysis, AWS, CISO, Cloud security, security controls
The move to cloud poses unique challenges as organizations adapt to securing infrastructure as code for all applications, while being prepared to secure brave new features such as containers, microservices and automatic scaling. Threat modeling, traditionally a manual...
by threatmodeler | Aug 12, 2020 | AWS, Cloud security, Cloud Threat Modeling, Compensating Controls, Risk Management, Security
It’s no secret that Amazon Web Services (AWS) helps to run a wide swath of the web’s most popular websites, services, and applications. However, the rise of cloud services has not gone unnoticed by hackers, who have broadened their scope from traditional...
by threatmodeler | Jul 2, 2020 | Attack Surface Analysis, AWS, CISO, Cloud security, Developers
For this ThreatModeler Blog Special Edition, we recap our Fireside Chat (with link to the webcast) moderated By Ty Sbano, Chief Security & Trust Officer, Sisense; with panelists: Praveen Nallasamy, Vice President, Cybersecurity at BlackRock Tom Holodnik, Software...
by threatmodeler | Jun 23, 2020 | AWS, Cloud security, Cloud Threat Modeling, DevSecOps
While much of the tech world is adopting the private cloud for the added security and scalability, today’s developers typically rely on its public, less secure cousin. The reason is simple: it’s way cheaper. “Private” cloud infrastructure requires providers to assign...
by threatmodeler | Jun 4, 2020 | AWS, AWS Security Epics Automated, Cloud security, Security
How Security and Compliance Teams Can Collaborate and Thrive in the Cloud Compliance and security share a great deal in common, but there are key differences. Both deal with organizational safety and security, minimize risk, protect consumer data, and experience...
by threatmodeler | Jun 2, 2020 | Attack Surface Analysis, AWS, AWS Security Epics Automated, CISO, DevOps, DevSecOps
By Michael Vizard The best cybersecurity defense is always applied in layers. If one line of defense fails, the next should be able to thwart an attack and so on. That same, tried and true, security in depth concept applies to DevOps as responsibility for...
