Security-as-Code Gains More Support, but Still Nascent

Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps. [TechWeb]( Follow Dark Reading: [RSS]( April 19, 2022 LATEST SECURITY NEWS & COMMENTARY [Security-as-Code Gains More Support, But Still Nascent]( Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps. [Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now]( The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner. [Name That Toon: Helping Hands]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [(Sponsored Article) Supply and Demand Hits Cybersecurity: Navigating the Skills Shortage]( As everyone feels the pain of the skills crunch, what can companies do to secure the talent they desperately need? It comes down to making two key changes. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Creating a Security Culture Where People Can Admit Mistakes]( In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses. [New Malware Tools Pose 'Clear and Present Threat' to ICS Environments]( The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure. [Identifying a Vulnerability in the SAP Software Supply Chain]( Make sure you're using the patch to block this supply chain attack. [MORE]( EDITORS' CHOICE [Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans]( Chemical companies are the latest to be targeted by the well-known North Korean group, which has targeted financial firms, security researchers, and technology companies in the past. LATEST FROM THE EDGE [Security Lessons From a Payment Fraud Attack]( Companies need to detect and counteract brute-force and enumeration attacks before fraudsters run away with their customers' funds. LATEST FROM DR TECHNOLOGY [Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps]( IT departments must account for the business impact and security risks such applications introduce. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage]( - [Business Buyers Guide to Password Managers]( - [2021 Gartner Market Guide for Managed Detection and Response Report]( - [Security Orchestration Dummies]( - [Cortex XSOAR - The Essential Guide to Phishing Investigation and Response]( [ACCESS TECH LIBRARY NOW]( - [Building an Effective Active Directory Security Strategy]( For cyber criminals, Microsoft's Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts ... - [PAM for the Extended Enterprise: Enforcing privileged access in hybrid cloud environments]( We're seeing cloud transformation plans accelerate as organizations scramble to keep their business running amid a large-scale shift to remote work. In the race to go live, security teams struggle to ensure the same protections for cloud-hosted workloads as those ... [MORE WEBINARS]( FEATURED REPORTS - [How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World]( Dark Reading's 2022 Endpoint Security Report examines how IT and cybersecurity professionals are grappling with the impact of pandemic-related changes on endpoint security strategies. The report explores how they are building their endpoint security defenses, and provides insight on what organizations ... - [Zero Trust in Real Life]( [MORE REPORTS]( CURRENT ISSUE [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Absolute Software Introduces Ransomware Response Offering]( [Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)