Hidden Risk in the Default Roles of Google-Managed Service Accounts
Some Google-managed service accounts are binded by default to a role granting access to storage.objects.read. This hidden risk is yet another great reason to use customer-managed KMS keys to encrypt your sensitive data stored in buckets.
The Advanced Risk of Basic Roles In GCP IAM
Basic roles in GCP allow data-level actions, even though at first glance it might seem like they don’t. Avoid using basic roles, and if you must use them, make a special effort to protect any sensitive data you store in your GCP projects.
開発チームと運用チーム間のコミュニケーションを促進するためにセキュリティリーダーができること
Developers, Ops and DevOps teams must incorporate security into their processes – often a hard sell. Here’s how security leaders can successfully align with them to weave security into their tools and workflows.
Nessus に統合された Terrascan でクラウドインフラストラクチャのセキュリティを強化
The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
Identity Access Management in Google Cloud Platform (GCP IAM): What Security Pros Need to Know
An introduction to GCP’s RBAC mechanism for permission assignments — and how to apply the principles of least privilege to keep your organization secure.
Tenable.io、州政府および地方自治体を保護する取り組みの一環として、StateRAMP 認証を受ける
StateRAMP-authorized cloud solutions like Tenable.io meet stringent security and compliance standards.
改良されたポータルで Tenable コンプライアンステンプレートをより迅速に見つける
Following a portal relaunch, Tenable’s Audit Files are now easier to find and manage, thanks to a new search engine that supports a variety of search query criteria.
セキュリティリーダーが DevOps と連携してセキュリティ重視の文化を構築するための 3 つの取り組み
Learn how your organization can boost security efforts by eliminating the disconnect between Security and DevOps teams. Establishing a strong security culture that bridges the gap between DevOps and security is one of the greatest challenges that CISOs and other security leaders face. Because…
2022 年 Tenable Assure パートナー賞、受賞者発表
Celebrating the elite defenders who are helping organizations around the world reduce their cyber risk. Cybersecurity is always a team effort. Day in, day out, defenders rely on an ecosystem of teams, partners and vendors to address the evolving threat landscape and deliver holistic security. …
マイクロソフトの 2022 年 5 月月例セキュリティ更新プログラム、55 件の CVE を修正 (CVE-2022-26925)
Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.
CVE-2022-1388: F5BIG-IP における認証回避の脆弱性
CVE-2022-1388: Authentication Bypass in F5 BIG-IP F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution. This vulnerability is actively being exploited. Update May 10: The Identifying Affected Systems section now…
営業チームに問い合わせる