SecOps Blog – BMC Blogs BMC Software Sat, 18 Aug 2018 05:12:20 +0000 en-US hourly 1 SecOps Blog – BMC Blogs 32 32 BMC Cloud Operations Uses TrueSight Cloud Security Tue, 14 Aug 2018 00:00:08 +0000 Yes, we eat our own cooking. Have you ever wondered how BMC Software keeps its cloud environments safe and secure? One of the proudest and most thrilling moments for our Cloud Engineering team was using our TrueSight Cloud Security, BMC’s very own automated cloud security and compliance solution, to achieve 100% compliance of our multiple […]]]> Intrusion Detection vs Intrusion Prevention Systems: What’s the Difference? Thu, 26 Jul 2018 00:00:24 +0000 Network Intrusion refers to unauthorized activity within an IT infrastructure network. The purpose of unauthorized network activities range from espionage and exploitation to data leaks and network downtime. According to the 2018 Verizon Data Breach Investigations Report that studied more than 53,000 security incidents around the world, most network infringements attempts successfully compromise the network […]]]> What is Ransomware as a Service? RaaS Explained Thu, 19 Jul 2018 00:00:19 +0000 Software is shifting away from locally-installed apps to Software as a Service web applications that run in the cloud. Criminals are cashing in on this trend, which has led to the creation of Ransomware as a Service (RaaS), a growing threat to business. RaaS refers to various online malware exploits that bad actors can use […]]]> What is Identity-As-A-Service? IDaaS Explained Mon, 16 Jul 2018 00:00:04 +0000 Cloud computing brings unprecedented new requirements to manage user identity and access privileges. The average number of cloud-based apps used in enterprises ranges between 900 to 1200 different services. If each service requires its own set of login credentials, users will inherently rely on vulnerable password combinations or avoid using the service entirely. In order […]]]> Vulnerability Assessments vs Penetration Testing: What’s The Difference? Thu, 05 Jul 2018 00:51:47 +0000 Vulnerability assessments and penetration testing are techniques used by IT security teams to identify and resolve security issues in an organization’s IT networks, infrastructure, applications, and other areas. These assessments and tests share a common goal, but the methods and tools used to find and fix security flaws are different. Both are essential to a […]]]> Cloud Resource Misconfiguration Exposes 230 Million US Consumers Tue, 03 Jul 2018 00:00:06 +0000 Last week, news broke of yet another high-profile cloud data breach. A security researcher found an unsecured database owned by a marketing firm, Exactis, containing extensive personal data on 230 million US consumers. Since the US population is 326 million and 22.6% are under the age of 181, this database essentially included information on nearly […]]]> Security Threats in the Multi-Cloud Thu, 14 Jun 2018 00:00:03 +0000 Today, a majority of organizations are not only actively moving most of their workloads to the cloud, but many of them are also using a multi-cloud model. By leveraging one provider for a specific functionality and another for its cost or location, companies are finding that cloud diversification can help them to meet all of […]]]> Azure Compliance: 3 Keys for Getting Started Mon, 11 Jun 2018 00:00:42 +0000 As enterprise businesses accelerate innovation in the cloud, the concepts of threat detection, data privacy and compliance audits have never been more important. Indeed, violations can lead to costly security breaches, regulatory actions and loss of brand equity. Microsoft, which launched its cloud services platform Azure back in 2011, clearly understands the importance of compliance, […]]]> To Patch or Not to Patch: The Latest on Fighting the Spectre and Meltdown Vulnerabilities Thu, 12 Apr 2018 00:00:49 +0000 A few months ago, we wrote about the Spectre and Meltdown vulnerabilities discovered in Intel processors and how to address them: primarily, by deploying software patches. But recently, the plot thickened. Microsoft’s Meltdown patch actually made the original vulnerability worse, creating the new “Total Meltdown” vulnerability that puts its predecessor to shame. While the original […]]]> Cryptojackers Are Stealing Your Electrons Tue, 10 Apr 2018 00:00:32 +0000 Currency, in all its forms, has thieves that take what is not theirs. Cryptocurrency is no different. The fact that bitcoins are not a physical currency does not stop cybercriminals from stealing them, but these are not the same as cryptojackers. Cryptojackers are out to steal your electrons. Hijackers are bad guys that overtake something […]]]>