By Paul Veeneman Editor’s Note: Paul Veeneman (CISSP, CISM, CRISC, CMMC-RP) is a cybersecurity, risk management, and compliance professional with 27 years of experience providing knowledge and guidance across various verticals and critical infrastructure. The following article is an abstract from his guest presentation at Atomic OSSEC Conference 2023. Why open source software and security? […]
Open source software is flexible and free, enabling DevSecOps-oriented IT organizations to get more out of the software without having to wait for commercial vendor developments and updates. Open source software provides the fabric and foundation for Red Hat middleware, Kubernetes container environments, as well as application cluster deployments. It is also commonly used to […]
By Atomicorp (Get more out of your OSSEC intrusion detection … not just rules and basic detection. With Atomic OSSEC, you get professional support, installation and configuration assistance, multiple threat feeds, vulnerability intelligence, active response (HIPS), FIM, SCAP and CIS compliance tools, web based graphical analysis, and more.) Free open-source software and free security […]
What is air gapping? Air gapping is something that is used within military environments, in airplanes, nuclear power plants, financial institutions and other critical infrastructure, but what is air gapping really? Air gapping is a cybersecurity and compliance measure in which one or more computers are physically disconnected, or isolated, from untrusted or unsecure networks […]
As you may have read, on August 21, 2021, Trustwave, a longtime support mechanism for ModSecurity implementations, announced the end of support and development for ModSecurity Rules and WAF solutions. This departure leaves a potential gap in technical support for organizations or individual security developers wanting to continue to use the ModSecurity foundation and a […]
CHANTILLY, Va., Nov. 23, 2021 / – Atomicorp, an endpoint and cloud workload protection vendor, today announced an ongoing commitment to provide commercial support for ModSecurity users, including subscription rule sets and professional support. ModSecurity, an open source web application firewall (WAF) that organizations use to protect web applications and sites from web attacks, has […]
Growing Web Applications Require DevSecOps Shift: ModSec Can Help Web-based attacks, such as credential theft, code injection, SQLi, XSS, CSRF, malware, ransomware, denial of service (DoS) and others make digital transformation and cloud migration a potential losing trade-off. With every additional internet- and cloud-based app or connection comes new unknown vulnerabilities and risks to operations. […]
Written By Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP During Atomicorp OSSEC Conference 2021, Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP, described how he solves audit and accountability (AU) control and other compliance challenges in NIST 800-171. Complying With NIST-800-171 NIST 800-171 provides guidance to federal agencies to safeguard controlled unclassified information (CUI), and seeks to establish […]
Rule 1: First check the spark plugs! It’s a lesson my brother, Scott, and I learned as young men decades ago in high school. It’s something we even painted on the wall of our parents’ garage. And it’s an idea that’s been applicable in our work in software development and cybersecurity ever since. The principle […]
Webcasts and videos continue to bolster skills (watch this ‘hands-on’ professional… take an online guitar lesson, see how to fix your boat’s motor…), and it is no different in cybersecurity. Join Atomicorp and technology partners for OSSEC Conference 2021, where, in a four-day virtual conference, Open Source Security (OSSEC) will be discussed, analyzed, practiced, and […]
