Since we covered SecDevOps in May 2015, SecOps, DevOps and software-as-a-service (SaaS) have become mainstream among developers and consumers. The rate of cyberattacks also rose sharply during that time, suggesting that fraudsters are as determined as ever to breach cloud defenses.

Planning and SecOps Certification

IT managers should conduct threat modeling and risk assessment at the beginning of the planning stage. Shadow IT can make it even more difficult for IT teams to understand, assess and control their assets.

ISO27k is one of the most important frameworks for cybersecurity professionals to understand. Customers demand assurances that organizations employ IT best practices across all stages of the cloud delivery model. Frameworks such as ISO27k provide independently certified approaches to building trust with customers.

Data Sharing Is Key During Development

The development stage focuses on the best implementation practices for secure engineering. During this phase, developers must implement encryption models and understand their performance implications in a mirror production environment. They should then conduct security scans and penetration testing and share the results to empower the engineering community. Finally, IT managers should train developers to identify security risks.

When considering a content delivery network (CDN), IT decision-makers should carefully consider endpoint protection services such as rate limiting. The desire for identity federations and recent high-profile vulnerabilities in social media accounts has led to a resurgence in the need to protect our assets from traditional attack vectors such as brute-force password login. It is critical for cloud service providers to have access to all log data to mitigate these risks.

Respond, Review, Repeat

The operations stage involves security monitoring and incident response. IT managers must assess all new data within the context of the security controls that were implemented during the development stage. They should then review the new features against the original threat model and ensure that new hardware and workstations are managed correctly to prevent shadow IT.

It’s critical to manage user access, especially privileged access, and adjust credentials regularly to meet business needs. Furthermore, IT teams should share vulnerabilities and regularly review processes related to logging security incidents.

A Bright Future for SecOps in 2017

Information is key. Cybersecurity leaders must determine whether they have the necessary forensic tooling and skills to react quickly to security events, build incident response plans and gather forensic data.

Audit readiness is an ongoing process. IT leaders must constantly question their ability to successfully pass an audit at any point in time. Operational readiness is equally important. Developers want to release new features as quickly as possible, and this often clashes with the operational responsibility to sustain a service. Any change to the IT environment should be reviewed by all stakeholders.

Machine learning should deliver a new set of tools to engineering and operational teams and unlock a new partnership between security analysts and technology to outthink and outpace threats, setting developers up for a successful and secure 2017.

Read the white paper to learn more about cybersecurity in the cognitive era

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…