RAD Security

What do you think about when people say 'Software Supply Chain Attack'? How far does NIST guidance go in protecting against attacks? And how does a cloud native workload fingerprint work anyway? Get answers next week with Jimmy Mesta 🤙and Chris H.! https://lnkd.in/ewmvuWaD

We built RAD Security based on the belief that you cannot periodically scan your environment and hope that you are catching everything. We needed to build a modern solution that could detect and respond to today's threats. Check out this 1 minute video on what modern cloud native security means to Jimmy Mesta 🤙

My first encounter with securing Kubernetes in the wild was at v0.8 It was the Wild West back then and while we’ve come a long way, there’s still work to be done! Happy birthday Kubernetes!

🎂 The very first commit of Kubernetes was pushed to GitHub ten years ago today, and the cloud community has never been the same. What a journey! Learn more about the history of K8s and what's ahead in this blog post by Kubernetes: https://lnkd.in/dhYFkmnH

From executive orders and directives to SBOM requirements, image signing and scanning, there's been some serious progress on software supply chain security. But where are there still gaps? Learn from Jimmy Mesta 🤙 and Chris Hughes at our upcoming webinar. https://lnkd.in/ewmvuWaD

Many of the most helpful innovations come from combining ideas across specialties. 💡 In this whitepaper, we explain the key requirements for the combination of "ITDR" + "cloud native environments" - and here's a hint: detection and response for Kubernetes RBAC requires much more than the list of misconfigurations that come with a CIEM or KIEM solution. 🔦 ☑ Bonus question: Did you know that the term 'Identity Detection and Response' was initially coined by Gartner (thank you for another acronym) to describe protection for identity infrastructure, like Active Directory? ➡ The concept has since evolved to include tools that "help protect identity systems, detect when they are compromised and enable efficient remediation” https://lnkd.in/erjWZAvD

If pictures are worth a thousand words . . . what is a product tour worth? 🤔 At a minimum, it's the best way to get a feel for RAD and behavioral cloud native detection and response. 👍 Check it out! https://lnkd.in/ei-bdKrp

The latest Cyber Defense Magazine included RAD in "Transformative Innovations" from RSA, featuring both Brooke M. and Jimmy Mesta 🤙 First, on page 35 under Insights from RSA Conference 2024  : "I was personally fascinated when Brooke Motta also highlighted the importance of diversity and inclusion in cybersecurity, encouraging a culture that supports women in the field. RAD Security sets itself apart by providing a proactive approach to cloud security, enabling organizations to detect and respond to attacks as they happen, rather than relying on reactive, signature-based detection methods." Then, (page 147) Jimmy Mesta 🤙 wrote "Unlocking the Power of Behavioral Cloud Native Threat Detection and Response", which explains how behavioral detection and response should look in cloud native versus traditional environments. We loved the description of the Transformative Innovations (which included RAD) as "Beyond the Buzz Word AI, the Practical Groundbreaking Stuff." Check it out (it's free)! https://lnkd.in/ex7bnrSi

'Ideally, your application doesn't fire an alert at all. Things should just be silent, radio silent, if it's all working as planned.' Intrigued? You should be! Watch the entire video where Jimmy Mesta 🤙and Ashish Rajan 🤴🏾🧔🏾♂️ spell out clearly why detection with runtime signatures is dead, and CSPMs are not enough for Kubernetes Security

I cannot recommend this episode of Cloud Security Podcast with Jimmy Mesta 🤙 and Ashish Rajan 🤴🏾🧔🏾♂️ enough - but I'll take it further than Ashish does when he points out the Kubernetes sized gap in CSPM. Saying you do cloud security posture management without meaningful Kubernetes support is like saying you provide supply chain security but you don't support code. Yes you run other stuff in your cloud, but Kubernetes is the mission control center of modern applications. If you don't think your organization uses Kubernetes, it's time to talk to your developers as soon as possible, because I guarantee you're using it or a similar container orchestration tool. This is why I'm all in on the future of CDR - all the ignored posture management alerts in the world don't stop a single attack on your most critical infrastructure, only innovators like RAD Security (and the few companies that have dedicated the proper focus to K8s https://lnkd.in/esMY-Kgp) provide meaningful security against modern threats. https://lnkd.in/eHcpVVJi