This article is contributed. See the original author and article here.
The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list also incorporates updated weakness data for recent Common Vulnerabilities and Exposure records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog.
This article is contributed. See the original author and article here.
Over the last few years, organizations have increasingly adopted cloud-native SaaS applications to meet changing agility and productivity needs. While the growth of SaaS apps has enabled cost savings and other gains for organizations, it has also raised a significant challenge for security teams. Ensuring a secure way to use essential productivity-enhancing tools has become a critical strategic priority for security teams. Today, we are thrilled to announce the public preview of SaaS Security Posture Management capabilities in Microsoft Defender for Cloud Apps that will enable you to view, identify, and remediate misconfigurations across your applications to improve your organizational security.
Lack of visibility, misconfigurations, and sophisticated attacks are some of the common threats that put your sensitive data and users of SaaS apps at risk. In today’s threat landscape, customers need a new approach to:
Proactively strengthen the security posture of SaaS apps enabled in your enterprise.
Detect any breach/attack on these applications and respond quickly.
Prevent any sensitive data leakage even in the case of an attack.
Microsoft Defender for Cloud Apps is designed to help secure your SaaS applications and protect sensitive data in your organization against evolving threats. Empower your security teams with enhanced visibility and assessment tools to identify usage patterns, assess risk and business levels, and manage more than 31,000 SaaS applications to defend against threats.
For each application, you have visibility into its users, their IPs, and their traffic volumes to detect anomalous behavior. Further, you can view the security, compliance, and legal risk levels (e.g. SOC2, ISO27001, GPDR, encryption protocol, etc.) of every application in your organization. After approving specific apps, access deeper protections to ones containing sensitive information with tools to detect attack attempts, suspicious behaviors, and potential data leakages.
New integrated SaaS security posture management with Microsoft Secure Score
It’s not enough to only know which SaaS apps are being run in your environment – for security teams, understanding best practices and managing the configurations across your organization’s SaaS apps are of equal importance. Microsoft Defender for Cloud Apps not only helps you discover all the SaaS apps in your environment but with new security posture management (SSPM) capabilities, you can also get deeper visibility and automatically identify misconfigurations and gaps in each app. Today, you can access security posture insights across Office 365, Salesforce (preview), and ServiceNow (preview), with additional SaaS apps to be added in the coming months. This experience is integrated into the Microsoft 365 Defender dashboard to enable security teams to see their holistic security posture across the enterprise with Microsoft Secure Score.
Figure 1 Microsoft Defender for Cloud apps enables you to manage your security posture of apps such as Salesforce directly within Microsoft Secure Score.
Within the Microsoft Secure Score blade, your security teams can identify misconfigurations and get a step-by-step remediation guide for every risky security configuration in your environment for the related SaaS apps.
Start today
Defender for Cloud Apps helps you gain visibility of your cloud apps, discover shadow IT, protect sensitive information anywhere in the cloud, enable protection against cyber threats, assess compliance, and manage your security posture across cloud apps. In addition to Azure and Office 365 applications, Microsoft Defender for Cloud Apps enables you to protect your assets across the use of many applications including Atlassian, Box, Dropbox, Google Workspace, OneLogin, Okta, Cisco WebEx, Salesforce, Slack, ServiceNow, DocuSign, NetDocuments, GitHub, Zoom (preview), Workplace by Meta (preview), Egnyte (Preview), and more. With Defender for Cloud Apps’ extensive coverage, gain the right visibility tools to detect and prevent attacks and data leakages.
If you are already using Defender for Cloud Apps, you can start using the new SSPM security posture management capabilities by connecting Salesforce or connecting ServiceNow (if you already have an existing connector to Salesforce or ServiceNow, you can immediately use the new capabilities). Security assessments and recommendations will be shown automatically in Microsoft 365 Defender portal under security recommendations.
This article is contributed. See the original author and article here.
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.
This article is contributed. See the original author and article here.
The momentum of e-commerce continues. In fact, McKinsey & Company has stated that e-commerce shopping has 30 percent higher penetration than pre-COVID-19 pandemic, and that this pandemic has also accelerated e-commerce growth by five years.1 The COVID-19 pandemic certainly explains part of the growth in the demand, but it is not the whole story. Other factors such as increased mobile commerce, accelerated business-to-business (B2B) and direct-to-consumer (DTC) e-commerce adoption, and new technological advances have created both opportunities and challenges for companies that embrace omnichannel retailing.
Retailers must either build new or infuse present strategies, systems, and processes with a composable approach to obtain omnichannel commerce experience. Let’s look at how Microsoft Dynamics 365 modular and composable cloud-based solutions help organizations provide their customers with unified commerce experiences.
Agility improves operational execution
Retailers are investing in integrating experiences and agile solutions for a good reason. McKinsey & Company states that the new bar for omnichannel excellence is 10 or more channels over three engagement modes (in-person, remote, and self-service), delivered 24/7.2 Omnichannel fulfillment retail tactics, such as buy online pickup in store (BOPIS), buy online pickup at curbside (BOPAC), reserve online pickup in store (ROPIS), buy online return in store (BORIS), or locker, ship from store, ship to store, endless aisle, two-day delivery, and more, are adding more complexity and challenges for retailers to deliver on their order promise.
Hence, in these environments, unifying data across internal and external networks to include physical and digital touchpoints requires agile and resilient solutions for faster responses to market changes and disruptions. At the pandemic’s beginning, many retailers, manufacturers, distributors, and consumer packaged goods (CPG) companies accelerated their digital transformation journey to adapt to changing customers’ needs quickly.
“With Dynamics 365, we can make decisions much more quickly and respond in near real-time to consumer demand. What used to take two days now happens almost immediately.”
Russell Anderson, Senior Director, Retail Operations Columbia Sportswear
A modern microservices-based order management system (OMS) helps organizations incrementally replace modular components of their existing infrastructure to gradually advance wherever they are in their supply chain and commerce digital transformation journey. It also allows organizations to avoid costly and time-consuming rip-and-replace projects by seamlessly integrating with existing enterprise resource planning (ERP) investments, unifying data across disparate systems, and unlocking siloed inventory and operational data.
Extensibility scales end-to-end visibility and fulfillment
As order intake, cross-channel inventories, and third-party logistics providers (3PLs) intersect at order management, end-to-end visibility becomes an imperative. More than 80 percent of shoppers said it is important for retailers to provide the estimated date/time of arrival for products on their website, and 78 percent said providing in-store availability was important to them.3
Dynamics 365 Intelligent Order Management helps organizations achieve end-to-end order visibility through its fulfillment optimization engine that uses real-time inventory visibility and AI. More than half, 66 percent, of retailers surveyed said inventory accuracya core capability for omnichannel fulfillmentwas very or somewhat challenging when setting up their omnichannel program.4
Dynamics 365 Intelligent Order Management also extends its intelligent fulfillment optimization capabilities with out-of-the-box, pre-built connectors to an ecosystem of specialized partners for e-commerce, delivery, transportation, warehouse management, tax compliance, price calculation, and other logistics services.
For example, consider our pre-built connector to our partner Flexe, the programmatic logistics leader. The Dynamics 365 Intelligent Order Management Flexe connector expands the fulfillment capabilities, processes purchase orders from Flexe, and adds flexible warehouse management service. It also provides Dynamics 365 Intelligent Order Management users the option to rapidly expand network capacity, or allocate inventory closer to the customers and avoid the long-term contracts or fixed costs of traditional warehouse solutions.
With the ability to extend business capabilities through pre-built partner connectors, organizations can improve omnichannel strategies in step with their retail supply chain digital transformation processes. This allows organizations to incrementally scale their offering with modular, composable, and cloud-based business applications, bringing more agility and resilience into their omnichannel distribution network.
Composability enables omnichannel success
According to Gartner, by 2024, 60 percent of intelligent software as a service (SaaS) will be composed from packaged business capabilities providing data, analytical insight, and operational application services.5 And by 2024, the design mantra for new SaaS and custom applications will be “composable API-first or API-only,” rendering traditional SaaS and custom applications “legacy.”6
Dynamics 365 unlocks composability and helps organizations achieve a unified commerce experience. It seamlessly integrates with existing ERP and customer relationship management (CRM) systems so that retailers can respond faster to customers’ needs by extending their business capabilities through out-of-the-box connectors to an ecosystem of specialized logistics services. This intelligent and modern platform provides a single view of orders across channels. Our fulfillment optimization engine uses a rules-based system, real-time inventory visibility, and AI to determine the most cost-efficient order fulfillment.
According to Forrester, 68 percent of global retail and wholesale purchase influencers plan to invest in AI solutions.7 Retail supply chain and commerce professionals can take advantage of the machine learning, AI, and low-code/no code features of Dynamics 365 Intelligent Order Management. They can easily reconfigure order flows and proactively overcome bottlenecks by modeling the order journey through an easy-to-use orchestration designer built in the fulfillment optimization engine.
Create more agile and resilient supply chains
Dynamics 365 supply chain solutions helps build agile and resilient supply chains through easy-to-use, modular, and composable cloud-based business applications. Dynamics 365 Intelligent Order Management works seamlessly with existing ERP and CRM systems so that retailers can get to market faster, even when dealing with the complexities and challenges of omnichannel retail and fulfillment. They can also respond faster to customer needs by extending their fulfillment services through a composable and API-first connectivity architecture with out-of-the-box connectors to market-leading 3PL software solutions. With easy-to-deploy omnichannel fulfillment solution, retailers, manufacturers, distributors, and CPG companies can accelerate their supply chain digital transformation and turn order fulfillment into a competitive advantage.
Recent Comments