Three Ways to Align with the White House’s Cybersecurity…

The global pandemic and more recent geo-political events have brought an even greater focus on the threat of cyber attacks on individuals and businesses.

Even as global lockdowns and restrictions on movement have eased, many organizations have not adapted to remote or hybrid styles of work. The reality that most of the workforce now operates outside a perimeter that can be controlled creates greater opportunity for scammers, hackers and the potential for cyber attacks than ever before. New intelligence suggests that cyber attacks targeting the United States are being considered.

To educate companies, the White House provided a fact sheet that included a comprehensive list of security best practices for organizations seeking to rapidly secure their digital infrastructure. The White House statement recommended public and private organizations move with urgency to enhance their cyber security posture and protect critical infrastructures.

Specific recommendations include:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get into your systems;
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
  • Check with your cybersecurity professionals to make sure your systems are patched and protected against all known vulnerabilities; frequently change passwords across your networks so that stolen credentials are useless to malicious actors;
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt your data so it can not be used if it is stolen;
  • Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report unusual behavior on their computers or phones, such as unusual crashes or very slow operation; and
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.

Veracode Developer-first Mission

At Veracode our mission is to take a developer-first security approach to securing the software that powers businesses. Here are three ways that you can use the Veracode Platform to align with the recent White House guidelines.

  1. Shifting security left is key to any developer-first AppSec program. That’s why we enable you to identify security vulnerabilities from directly within your IDE. You can perform a static scan or assess the composition of your software from any of our 30+ developer focused integrations. With static code analysis and Software Composition Analysis (SCA), integrations into VSCode, Azure DevOps, and many more, we meet developers where you are with the tools you need.
  2. SCA plays a key role in identifying supply chain risks and is paramount in any successful AppSec program. Veracode SCA helps you build an inventory of your third-party components to identify vulnerabilities, including open-source and commercial code. The Veracode Platform analyzes both your own and third-party code in a single static scan, providing you visibility across your entire application portfolio. You can access SCA results after your static prescan is complete, enabling your developers and AppSec teams to quickly identify known vulnerabilities and automatically remediate them.
  3. The White House urged rapid action in dealing with potential Cyber ​​Security software threats. Often the first step to identifying risk is to create a Software Bill Of Materials (SBOM). The Veracode AppSec platform enables your developers and security teams to quickly create an SBOM and identify potential software risks. To learn more about how to create an SBOM in the Veracode platform check out our blog How to generate a Software Bill of Materials (SBOM) in Veracode Software Composition Analysis (SCA).

In the wake of the SolarWinds hack and the recent Log4Shell vulnerability in Log4j, governments are prioritizing cybersecurity and are actively mapping out plans to ensure their departments, partners, and stakeholders are building greater cyber resilience.

It has never been more important to remain vigilant and to remove roadblocks that prevent organizations from securing their software. Veracode is committed to helping developers and AppSec teams meet the White House recommendations around security both now and long into the future.

For more information on how we’re helping developers and application security teams check out the links below:

Source

The global pandemic and more recent geo-political events have brought an even greater focus on the threat of cyber attacks on individuals and businesses.

Even as global lockdowns and restrictions on movement have eased, many organizations have not adapted to remote or hybrid styles of work. The reality that most of the workforce now operates outside a perimeter that can be controlled creates greater opportunity for scammers, hackers and the potential for cyber attacks than ever before. New intelligence suggests that cyber attacks targeting the United States are being considered.

To educate companies, the White House provided a fact sheet that included a comprehensive list of security best practices for organizations seeking to rapidly secure their digital infrastructure. The White House statement recommended public and private organizations move with urgency to enhance their cyber security posture and protect critical infrastructures.

Specific recommendations include:

  • Mandate the use of multi-factor authentication on your systems to make it harder for attackers to get into your systems;
  • Deploy modern security tools on your computers and devices to continuously look for and mitigate threats;
  • Check with your cybersecurity professionals to make sure your systems are patched and protected against all known vulnerabilities; frequently change passwords across your networks so that stolen credentials are useless to malicious actors;
  • Back up your data and ensure you have offline backups beyond the reach of malicious actors;
  • Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack;
  • Encrypt your data so it can not be used if it is stolen;
  • Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report unusual behavior on their computers or phones, such as unusual crashes or very slow operation; and
  • Engage proactively with your local FBI field office or CISA Regional Office to establish relationships in advance of any cyber incidents. Please encourage your IT and Security leadership to visit the websites of CISA and the FBI where they will find technical information and other useful resources.

Veracode Developer-first Mission

At Veracode our mission is to take a developer-first security approach to securing the software that powers businesses. Here are three ways that you can use the Veracode Platform to align with the recent White House guidelines.

  1. Shifting security left is key to any developer-first AppSec program. That’s why we enable you to identify security vulnerabilities from directly within your IDE. You can perform a static scan or assess the composition of your software from any of our 30+ developer focused integrations. With static code analysis and Software Composition Analysis (SCA), integrations into VSCode, Azure DevOps, and many more, we meet developers where you are with the tools you need.
  2. SCA plays a key role in identifying supply chain risks and is paramount in any successful AppSec program. Veracode SCA helps you build an inventory of your third-party components to identify vulnerabilities, including open-source and commercial code. The Veracode Platform analyzes both your own and third-party code in a single static scan, providing you visibility across your entire application portfolio. You can access SCA results after your static prescan is complete, enabling your developers and AppSec teams to quickly identify known vulnerabilities and automatically remediate them.
  3. The White House urged rapid action in dealing with potential Cyber ​​Security software threats. Often the first step to identifying risk is to create a Software Bill Of Materials (SBOM). The Veracode AppSec platform enables your developers and security teams to quickly create an SBOM and identify potential software risks. To learn more about how to create an SBOM in the Veracode platform check out our blog How to generate a Software Bill of Materials (SBOM) in Veracode Software Composition Analysis (SCA).

In the wake of the SolarWinds hack and the recent Log4Shell vulnerability in Log4j, governments are prioritizing cybersecurity and are actively mapping out plans to ensure their departments, partners, and stakeholders are building greater cyber resilience.

It has never been more important to remain vigilant and to remove roadblocks that prevent organizations from securing their software. Veracode is committed to helping developers and AppSec teams meet the White House recommendations around security both now and long into the future.

For more information on how we’re helping developers and application security teams check out the links below:

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Vicarius vsociety enables peer-to-peer networking and open-source collaboration on vulnerability research

Vicarius announced at the Black Hat USA 2022 conference the release of vsociety, a social community...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!