Don MacVittie explains we’re in the ‘dream world’ of data – where the cloud-native stack realizes the dream of portable programming.
Only 30% of Orgs Fully Implement DevSecOps
With the pressure to release more rapidly, security is shifting left within the continuous development pipeline at most organizations. This imperative is increasing with the rise of cyberattacks. Yet both a lack of training and poor visibility are stalling many DevSecOps rollouts, a recent CSA study found. DevSecOps is still a relatively new practice and […]
DevSecOps Implementation: EDR/XDR
We mentioned host intrusion detection and network intrusion detection in an earlier blog, and mentioned firewalls a couple of times in passing. Let’s delve a bit into the history to understand how these tools’ functionality has evolved over time. On the host side, we had virus detection, in one form or another, from early in […]
DevSecOps Implementation: Intrusion Detection
Originally, this series was just going to be four articles on the DevSec side of DevSecOps. There are many reasons for this, but primarily because that side is cleaner. The other reason is that these topics are beyond the work we were doing at Accelerated Strategies Group. But we’ve had a number of requests to […]
How Managed Detection and Response (MDR) Solutions Benefit DevOps
Managed Detection and Response (MDR), a relative newcomer in the cybersecurity realm, is starting to have a noticeable impact on enterprises seeking to better secure their operations. Research giant Gartner notes that, “By 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment capabilities.” Despite […]
DevSecOps Implementation: Interactive Testing
This is the fourth installment in this series on DevSecOps. Read the first installment, on static analysis, here the second installment, on source composition analysis, here, and the third installment, on dynamic scans, here. Dynamic testing looks at the running application, poking and prodding to see how it reacts to known vulnerabilities. A complete dynamic […]
DevSecOps Implementation: Static Analysis
One of the things I’ve done for Accelerated Strategies Group recently is looking into DevSecOps toolsets. This is a fun area for me, as development and security fit together well in my mind. Having a separate security group is useful, even necessary in some scenarios, but letting developers crank out code and looking for vulnerabilities […]
Survey: DevSecOps Progress Remains Elusive
Results of a survey of 103 IT professionals attending the recent DeveloperWeek Austin conference suggests that awareness of cybersecurity issues is clearly rising among developers, yet most organizations still have a long way to go toward before approaching anything resembling adoption of best DevSecOps practices. Conducted by WhiteHat Security, a unit of NTT Communications, the […]
Survey: DevSecOps Easier Said Than Done
While there’s clearly a lot of interest in best DevSecOps processes, a survey of more than 3,000 DevOps practitioners suggests adopting DevSecOps will require a lot of patience and perseverance. The “2019 State of DevOps Report,” co-written by Puppet, CircleCI and Splunk, ranks respondents on a scale of High, Medium and Low in terms of […]
Aqua Security Survey Finds Sharp Rise in DevSecOps
A new survey of 80 cybersecurity professionals that attended the recent RSA Conference 2018 event finds the number of organizations that have a formal or informal DevSecOps team in place has increased by several orders of magnitude year over year. The survey, conducted by Aqua Security, finds 62 percent of respondents have a formal or […]