Risk

A quick look at the File Access Policy Analyzer, an open source tool simplifying application control implementation

RSA Conference 2022 again highlighted that many data breaches are due to unpatched systems. In this article I look at some of the technologies available to help organisations ensure that updates are applied across their hybrid cloud environments

Application control is a critical security control, allowing you to specifically authorise applications, processes and shared libraries. This blog introduces some ofthe resources you can use to learn more about application control, and get hands-on.

Did you know that you can scan the internal OpenShift registry for security issues? Read on to find out how.

Automation allows organisations to scale security workflows across hybrid cloud environments. In this article I take a closer look at automating application control, and how you can use Ansible roles to create reusable automation content.

What does it mean to be "Kubernetes-native"? And what does Kubernetes-native security look like?

Injecting integrity checks to application control processes is a winning security combination. Application control allows you to specify that only certain processes can execute on a system - but how do you know they are the right processes? How can you ensure that the code that you want to execute is the code that actually executes?

Application control seems to be one of those elusive security controls that organisations spend years chasing. How can we validate which processes are authorised to run on a system, and then enforce this?

Compliance evokes images of checking boxes. The real purpose of IT system compliance is risk migitation, and it probably just needs a better name