During a recent webinar with Joseph Blankenship, Vice President and Director of Research at Forrester Research, and James Murphy, Senior Offering Manager at IBM Security, I had the opportunity to chat about the complexity of today's security landscape.
After discussing common security challenges and possible solutions, and examining security platforms in detail, Murphy gave an overview of how IBM tackles security complexity with IBM Cloud Pak for Security, a security platform that helps security professionals identify hidden threats, make informed, risk-based decisions, and prioritize team time.
The webinar we recorded includes a quick demonstration of Cloud Pak for Security so viewers can see it in action and better understand how the platform brings security data and workflows together into a unified experience without the need for data migration.
Incorporating security best practices for the security of web applications during application development can plug some of these holes and ensure that applications meet security standards and are free of vulnerabilities. Some common types of security headers are HTTP-strict transport security HSTS, X-XSS protection, X-content-type-options, X-frame-options and Content-Security-Policy.
You will find many security tools for web applications that can identify security risks in code with SAST. However, SAST can give a lot of false positive results, so analyze and filter the results carefully so that you can fix the real problems.
Many cloud security tools focus on the use of real-time data, but not on historical data stored deep in archives. Best security practices for historical data include improved data classification to identify different sensitivities and develop policies to prevent data loss in order to have an action plan in case of a data breach.