Blog

Overcoming challenges in governing scanner adoption—step by step

Learn how to unify the context from different scanning stages to achieve a coherent risk picture.

Foster a DevSecOps culture where security isn’t a bottleneck

Overcome friction in the security-developer relationship by embedding security practices early in the development lifecycle.

Five Levels of Vulnerability Prioritization: From Basic to Advanced

Learn which factors can shift your vulnerability prioritization framework from basic to advanced in 2024.

Reducing the vulnerability backlog with Dazz CI/CD Gating

With minimal resources, every security team should be focused on trying to minimize the vulnerability backlog. Dazz CI/CD gating allows teams to prevent risks before reaching production with custom policies.

regreSSHion OpenSSH RCE Vulnerability: What is it, and how can I stay safe?

Building vs. buying an ASPM solution (and what we can learn from raising Tamagotchis)

Care and feeding of an ASPM solution you build vs. buy may prove more painful than expected.

How ASPM Helps Secure Your Cloud Apps

In this post, we outline how Application Security Posture Management (ASPM) solutions can be used to secure cloud applications, and what to consider in an ASPM solution.

What We Know About Vulnerability Exploitation in 2024 (So Far)

What are the vulnerability exploitation trends to watch in 2024? We scoured the 2024 Verizon Data Breach Investigation report to shed light on how vulnerabilities are being exploited and what you can do about it.

The Top 7 Questions We Get Asked about CTEM

In this blog post, we'll delve into the top seven questions that cybersecurity practitioners often ask about CTEM—see if you’ve been looking for answers to these yourself!

Asking the Right Questions About ASPM

Dive into the top questions asked about ASPM, learning from Noah Simon, Head of Product Marketing at Dazz.

Fighting AI with AI: Social media, deepfakes, and cybersecurity

Attackers can take advantage of AI, just as we can. How do we use it to combat them?

A Conversation with Dazz Advisor Nick Warner

Get insights on everything from customer delight to determining a company’s market potential

AI is Now Exploiting Known Vulnerabilities - and what you can do about it

A new study shows that AI can exploit known vulnerabilities with great efficacy. This post explains the implications and why security teams should fight AI with AI to reduce their threat exposure.

Why ASPM is critical now—and how you can make it happen

According to Gartner, 40% of organizations will have an ASPM solution in place by 2026. Get equipped to make sure you’re ready too.

Maximizing CISA SSVC with the Dazz Unified Remediation Platform

Leverage CISA's SSVC framework and Dazz Platform to streamline cybersecurity and enhance vulnerability management efficiently.

DevSecOps Tools for Building Secure Apps

Learn about the essential DevSecOps tools that are used by security and engineering teams to build more secure software applications.

Dazzurday Night Fever: A fireside chat with John Travolta on Dazz’s disco theme for RSAC 2024

We caught up with Travolta to get his valuable insights on RSAC 2024 in a brief fireside chat.

The Narrow Escape from the xz Disaster

This blog highlights CVE-2024-3094 and why it is a good reminder to strengthen remediation processes for supply chain security risks.

New Dazz connections - March 2024

Learn about the latest Dazz Unified Remediation connections and integrations that help with Application Security Posture Management (ASPM), and Continuous Threat Exposure Management (CTEM), and DevSecOps programs.

From Coder to Cloud Security CRO: Dazz CRO Jared Phipps

Dazz CEO Merav Bahat hosts a fireside chat with Dazz CRO Jared Phipps on his cybersecurity career, views on unified remediation, ASPM, market growth, and more.

Innovating Without Stagnating: Strategies for Security Remediation

In this article, we check in with one of our favorite cybersecurity experts, Tunde Oni-Daniel, Head of Technology Operations and Engineering at OneMain Financial

6 surprising findings from the CSA State of Security Remediation Report

The Cloud Security Alliance (CSA) released a new report providing insight into the challenges that security engineers and CISOs are facing in their remediation operations. Here are 6 key takeaways from their survey.

The GC on Cybersecurity: SEC disclosure rules, security challenges, and more with Dazz General Couns

Dazz General Counsel Roni Sii shares her perspectives on the SEC’s disclosure rules, and challenges in the cybersecurity industry.

Understanding and Remediating Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

Learn about the latest critical vulnerabilities that affect Ivanti Connect Secure and Policy Secure gateways and how to accelerate remediation.

3 Ways Dazz Customers Experience Business Value

Companies are embracing unified remediation based on the meaningful business benefits it brings: lower risk, improved compliance governance, and more efficient and productive teams.

Other practices are placing greater trust in AI... when will cybersecurity?

Many industries are placing greater trust in AI, but there is a lot of room for the Cybersecurity industry to advance their applications of AI

Larry Trittschuh Joins as Dazz’s Newest Advisor

Today I’m thrilled to announce that Larry Trittschuh has joined us in an advisory role for Dazz, bringing 14+ years of board experience and 30+ years of leadership experience.

How Remediation Improves Readiness For SEC Cybersecurity Rule Disclosures

The new SEC cybersecurity rules for incident disclosure highlights the need for organizations to improve remediation processes.

Introducing Dazz Custom Dashboards

Dazz custom dashboards improve security governance and cyber risk management reporting.

The Dazz Unified Remediation Platform is Here

Dazz is excited to announce the Unified Remediation Platform to help security and development teams fix security issues across cloud, applications, code, and infrastructure.

Dazz is Now Available on Three Cloud Marketplaces

Dazz is now available on AWS, GCP, and Azure Marketplaces, making it easier than ever to improve security remediation.

Why I’m Excited to Announce Unified Remediation for all Environments and Technologies

When Tomer, Yuval, and myself started Dazz, we recognized that remediation was broken. Customers of all sizes and industries — no matter their security maturity — were struggling to navigate through data to....

For Cloud Security, Detection is Not Enough

Imagine receiving a bad diagnosis at the doctor’s office – but no treatment plan. The same thing happens daily with cloud security. Most large corporations have tools to detect security issues, vulnerabilities, and mi...

Assistive vs Automatic Remediation: What to Consider

Assistive and automatic remediation approaches can help security teams respond faster. Here's how they differ and what to consider.

Secure Your Development Pipelines with Dazz and GitHub

Dazz integrates with both Cloud and On-prem versions of GitHub versions to bring greater context to code repositories and security issues.

Securing CI/CD Pipelines: Why a Comprehensive Approach is Needed

Explore why a comprehensive approach to securing CI/CD pipelines is essential, and see practical steps to help you fortify your pipeline against threats.

Navigating the Road to Autonomous Cloud Remediation: Strategies and Implementation

Learn key strategies, best practices, and cutting-edge technologies for automating cloud incident response and enhancing operational efficiency.

You’ve Tackled Shadow IT - Now Tackle Shadow DevOps

ShadowDevops consists of “shadow code” and “shadow pipelines” that can pose risks internal to your business and the apps that are built and used by consumers.

I’m implementing generative AI into my company’s cybersecurity product. Here’s what I’ve learned.

A software engineer implemented generative AI cybersecurity and shared the pros and cons of integrating LLMs into your cybersecurity product.

Learn how to leverage NLP & LLMs to classify security findings

Natural Language Processing (NLP) and Large Language Models (LLMs) are significantly improving the security findings classification process.

Cloud Security Detection Doesn’t Reduce Risk.

As organizations migrate their software development lifecycle from on-premises to the cloud, our tools have changed to deal with fast-paced CI/CD pipelines.

How to Make Your CNAPP Strategy Dazzle

Combine the power of Dazz and CNAPPs to automatically deduplicate alerts, prioritize critical issues, find owners, and remediate vulnerabilities at root causes.

IDC: The Business Value of Cloud Security Remediation

4 Dazz customers tell IDC how the Dazz platform has enabled greater collaboration between security and dev teams, faster vulnerability remediation, and more.

How Vulnerabilities & Misconfigurations Fan Out in the Cloud

Learn how the cloud can intensify security flaws and challenges within the development environment.

3 Cloud Security Remediation Mistakes Companies Keep Making

Three common mistakes are not fixing things at the source, not propagating the remediation, and waiting to get detection and visibility perfect before getting started.

The Top Problems with Vulnerability Remediation Today

The threat landscape is changing fast, and an unfiltered view of every emerging risk can lead to an overwhelming sense of not knowing what to fix first.

Balancing security, innovation, and who's liable for security flaws

There is growing tension between the pursuit of competitive advantage and concerns surrounding security vulnerabilities that can disrupt business operations.

Evan Morgan of Ally Financial Becomes a Dazz Advisor

Dazz welcomes Evan Morgan, Executive Director of Cyber Security Technology at Ally Financial, as a company advisor.

Automated Cloud Security Remediation with ChatGPT

Discover how ChatGPT helps in multi-possibility security scenarios including remediating Infrastructure as Code alerts where the “action space” is large.

3 challenges that prevent faster mean time to remediation

According to Gartner, 99% of cloud security breaches in the next three years will be caused by preventable misconfigurations and coding mistakes.

Four things you need to know before building a secure SDLC

Are you selecting the right security tools & organizing them in an optimized SDLC architecture? Dev and security teams: here are 4 questions to ask yourselves.

Security Insights from Dazz Advisor Marene Allison

Get security insights on budget decreases, how to effectively “go cloud,” and more from Marene Allison, Dazz advisor and former CISO at Johnson & Johnson.

How to Prevent Cloud Attacks: 7 Mitigation Methods

This post discusses the top seven methods to prevent cloud attacks and protect your data.

Cloud Software Development Life Cycle (SDLC)

Your cloud software development life cycle (SDLC) is a goat rodeo. Here are 6 best practices for a secure SDLC.

Cloud-Native Development: Security Challenge or Opportunity?

A security program that harnesses modern SDLC for risk reduction is an efficient and smart way for security teams to keep up with the cloud-native development.

Remediation Tactics for the 2023 Circle CI Data Breach

Find out how to reduce risk in tools and code, quickly remediate critical security issues when they arise, and more in the wake of the Circle CI data breach.

The Criticality of SDLC for Vulnerability Remediation

Take the steps to address the entire code-to-cloud process in a holistic view, accurately assess risk in the cloud, and build efficient remediation plans.

How to Monitor Pipeline Sprawl in DevOps

CI/CD pipeline sprawl is happening faster than you can rein it in. Discover how to monitor sprawl going forward and cut remediation time by as much as 90%.

No More “Swiss Cheese” in Cloud Remediation…and Other 2023 Trends

According to Gartner, Bain and Company, PwC, and CISO friends of Dazz, we’ll see these three hot cloud security trends in 2023.

How to Remediate OpenSSL-CVE-2022-XXXXX

Check out the details on the critical vulnerability with the release of OpenSSL 3.0.7 and see the official remediation guidelines.

OpenSSL Critical Vulnerability - What is Affected? - Dazz

Everything you should know about OpenSSL critical vulnerability so far and some insights to help you prioritize your remediation efforts.

6 Reasons Why We Build UI Components Library From Scratch

Using open-source libraries to build your application is a great way to move quickly and keep your team focused on building core business logic.

No More Sassy SaaS Integrations

Applications today are giant meshes of services and interconnected APIs. Learn how to create a framework that helps your SaaS integrations.

Cloud Security is Broken, But It Doesn't Need to Be.

Growing alert backlogs, manual remediation, and a lack of guardrails break the cloud security process. Fix it with sustainable cloud security.

Dazz Launches Automated Cloud Remediation

Dazz auto remediation cuts the backlog down by being razor focused on the remediation and prevention workflows so developers can get through their work.