Security Boulevard

In today’s fast-paced digital ecosystem, APIs are the lifeblood connecting an ever-growing universe of applications and systems, driving efficiency and agility for modern organizations. But as APIs continue to proliferate, they introduce new risks that cybersecurity teams must navigate with precision and purpose. The Enterprise Strategy Group (ESG) has released a new report, “API Security […]

The post Unpacking API Security from Development to Runtime: Key Insights for Cybersecurity Pros appeared first on Cequence Security.

The post Unpacking API Security from Development to Runtime: Key Insights for Cybersecurity Pros appeared first on Security Boulevard.

Later in the month, our founder Simon Moffatt, will host a webinar panel discussing the rise of NIS2 - what it is, how it impacts identity and security controls and risk management and what pragmatic steps organisations can take to become compliant.

The post NIS2 Compliance: How to Get There appeared first on The Cyber Hut.

The post NIS2 Compliance: How to Get There appeared first on Security Boulevard.

Understanding Runtime Security in Multi-Cloud Environments Runtime security in multi-cloud environments encompasses the continuous monitoring and protection of

The post Runtime security in multi-cloud environments: best practices and importance appeared first on ARMO.

The post Runtime security in multi-cloud environments: best practices and importance appeared first on Security Boulevard.

Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“:

Abstract: Large Language Models (LLMs) have transformed code com-
pletion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs. To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models. Unlike recent attacks that embed malicious payloads in detectable or irrelevant sections of the code (e.g., comments), CODEBREAKER leverages LLMs (e.g., GPT-4) for sophisticated payload transformation (without affecting functionalities), ensuring that both the poisoned data for fine-tuning and generated code can evade strong vulnerability detection. CODEBREAKER stands out with its comprehensive coverage of vulnerabilities, making it the first to provide such an extensive set for evaluation. Our extensive experimental evaluations and user studies underline the strong attack performance of CODEBREAKER across various settings, validating its superiority over existing approaches. By integrating malicious payloads directly into the source code with minimal transformation, CODEBREAKER challenges current security measures, underscoring the critical need for more robust defenses for code completion...

The post Subverting LLM Coders appeared first on Security Boulevard.

What is NIST CSF 2.0 Critical? NIST CSF CRITICAL is a custom cybersecurity framework designed to streamline and enhance the implementation of the NIST Cybersecurity Framework (CSF) by utilizing the most relevant controls from NIST 800-53 and aligning them with the best practices established by the Center for Internet Security (CIS). This framework aims to […]

The post NIST CSF 2.0 Critical appeared first on Centraleyes.

The post NIST CSF 2.0 Critical appeared first on Security Boulevard.

What is the Texas Data Privacy and Security Act? The Texas Data Privacy and Security Act (TDPSA) is a state law designed to protect the privacy and security of Texas residents’ personal information. Enacted to align with a growing national trend towards stronger data privacy laws, the TDPSA places specific requirements on businesses operating in […]

The post Texas Data Privacy and Security Act (TDPSA) appeared first on Centraleyes.

The post Texas Data Privacy and Security Act (TDPSA) appeared first on Security Boulevard.

What is the Oregon Consumer Privacy Act? The Oregon Consumer Privacy Act (OCPA) is a state privacy law that sets guidelines for how businesses should collect, use, and protect the personal data of Oregon residents. Signed into law in 2023, OCPA aims to strengthen individual privacy rights and establish clear responsibilities for businesses operating within […]

The post Oregon Consumer Privacy Act (OCPA) appeared first on Centraleyes.

The post Oregon Consumer Privacy Act (OCPA) appeared first on Security Boulevard.

What is the Nebraska Data Privacy Act? The Nebraska Data Privacy Act (NDPA) is a state-level privacy law designed to protect Nebraska residents’ personal information and ensure that businesses operating in the state handle data responsibly. It establishes requirements for companies to manage, secure, and use personal data transparently, giving individuals more control over how […]

The post Nebraska Data Privacy Act (NDPA) appeared first on Centraleyes.

The post Nebraska Data Privacy Act (NDPA) appeared first on Security Boulevard.

The post How to comply with PCI DSS 4’s Req 6.4.3 and 11.6.1 in 4 minutes or less?  appeared first on Feroot Security.

The post How to comply with PCI DSS 4’s Req 6.4.3 and 11.6.1 in 4 minutes or less?  appeared first on Security Boulevard.

I recently watched a video that struck me as a perfect metaphor for today’s challenges and innovations in Governance, Risk, and Compliance (GRC). In the clip, a driver faced with crossing a canal doesn’t attempt to drive through the water, which would almost certainly fail. Instead, he balances the boom and bucket of his tractor […]

The post Unlock the Future of GRC: Top Innovations Transforming the Industry appeared first on Centraleyes.

The post Unlock the Future of GRC: Top Innovations Transforming the Industry appeared first on Security Boulevard.

Explore top PowerDMARC alternatives and compare their features, pricing, and benefits. Discover why PowerDMARC remains the industry leader in email security.

The post Top 10 PowerDMARC Alternatives and Competitors: Detailed Feature Comparison appeared first on Security Boulevard.

Hackers are acutely aware that basic corporate account credentials present a significant vulnerability, increasing the stakes for SMBs in particular.

The post Securing SMBs in a Cloud-Driven World: Best Practices for Cost-Effective Digital Hygiene Through Verified Authentication appeared first on Security Boulevard.

As of November 1, 2024, the new amendments to the New York State Department of Financial Services (NYDFS) Cybersecurity Regulations have officially come into play. These regulations are significant for...

The post New York State Cybersecurity Regulations Now in Effect: What You Need to Know? appeared first on Strobes Security.

The post New York State Cybersecurity Regulations Now in Effect: What You Need to Know? appeared first on Security Boulevard.

A Critical Guide to Securing Large Language Models
madhav
Thu, 11/07/2024 - 06:25

Securing large language models (LLMs) presents unique challenges due to their complexity, scale, and data interactions. Before we dive into securing them, let’s touch on the basics.

• What are LLMs? LLMs are Large Language Models that are advanced artificial intelligence systems designed to understand and generate human-like text.
• How popular are LLMs? Incredibly, as they generate text, images, answer questions, and write creative content for you.
• How do businesses use LLMs? They enhance customer service, create content, summarize research, analyze large datasets, and translate languages.

Securing LLMs is critical as they are trained on massive datasets that contain sensitive information. Protecting LLMs from unauthorized access or misuse is vital.

The Thales Solution for LLM Security

• CTE agent: The CTE (CipherTrust Transparent Encryption) agent is a software component installed at the kernel level on a physical or virtual machine. It encrypts and protects data on that machine. Once installed, the CTE agent enables encryption for any number of devices or directories on the machine, ensuring that only authorized users and processes can access the encrypted data at file system level transparent to the application.
• CTE-U agent: The CTE-U (CipherTrust Transparent Encryption UserSpace) agent is a user-space level encryption solution that serves the same fundamental purpose, as the CTE agent. Unlike the CTE agent, the CTE-U agent operates at the user-space level.

What is CipherTrust Transparent Encryption?

CipherTrust Transparent Encryption (CTE), is part of the CipherTrust Data Security Platform (CDSP) which delivers data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging. Protecting data wherever it resides, on-premises, across multiple clouds and within big data, and Kubernetes environments. The deployment is simple, scalable, and fast, with agents installed at operating, filesystem or device layer, and encryption and decryption are transparent to all applications that run above it. CipherTrust Transparent Encryption is designed to meet data security compliance and best practice requirements with minimal disruption, effort, and cost. Implementation is seamless keeping both business and operational processes working without changes even during deployment and roll out. The solution works in conjunction with the FIPS 140-2 up to Level 3 compliant CipherTrust Manager, which centralizes encryption key and policy management for CDSP.

Benefits of CipherTrust Transparent Encryption

Simplified Management: CipherTrust Manager provides a unified management console that enables you to discover and classify sensitive data and protect data using integrated Thales Data Protection Connectors across on-premises data stores and multi-cloud deployments. It offers advanced self-service licensing for improved visibility and control of licenses.

Cloud-friendly Deployment: CipherTrust Manager offers users additional hosting options, and can run as a native virtual machine on AWS, Microsoft Azure, Google Cloud, VMware, Microsoft HyperV and more. Additionally, native support for CipherTrust Cloud Key Management is available on CipherTrust Manager to streamline key management across multiple cloud infrastructures and SaaS applications.

Flexible Form Factors:

CipherTrust Manager is available in both virtual and physical form factors. Flexible deployment options can easily scale to provide key management at remote facilities or in cloud infrastructures. CipherTrust Manager supports managing keys in the FIPS 140 L3 boundary of Luna Network HSM.

Protect LLMs with Thales

To Protect LLMs, the Thales CipherTrust Data Security Platform with Transparent Encryption is used, whereas enterprises can leverage Thales’ advanced data protection features within the CipherTrust platform. Thales is a trusted brand in the LLM Security Industry. View our comprehensive White Paper for information on LLM Security. We'll continue to innovate with LLM Security and continue publishing updates in future articles.

Data Security Compliance Encryption Key Management Cloud Security

Doug Bies | Product Marketing Manager
More About This Author > Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "A Critical Guide to Securing Large Language Models",
"description": "Explore the complexities of securing large language models (LLMs) and learn how Thales’ CipherTrust Transparent Encryption (CTE) provides advanced protection for sensitive data and compliance across cloud and on-premises environments.",
"datePublished": "2024-11-07",
"author": {
"@type": "Person",
"name": "Doug Bies",
"url": "https://cpl.thalesgroup.com/blog/author/dbies",
"sameAs": "https://www.linkedin.com/in/doug-bies-440487a/"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": "https://cpl.thalesgroup.com/blog/data-security/securing-large-language-models"
}

basic

The post A Critical Guide to Securing Large Language Models appeared first on Security Boulevard.

Financial services companies that are based in or do business in the European Union must achieve DORA compliance by January 25, 2025.

The post When Should You Prepare Your Java State for DORA Compliance? (Hint: NOW)  appeared first on Azul | Better Java Performance, Superior Java Support.

The post When Should You Prepare Your Java State for DORA Compliance? (Hint: NOW)  appeared first on Security Boulevard.

Understand the impact that de-identifying text embeddings has on your RAG system. Learn more about preserving data utility.

The post Protecting privacy without hurting RAG performance appeared first on Security Boulevard.

IntroductionLogonBox is pleased to announce the immediate availability of LogonBox VPN 2.4.10.This release includes performance improvements relating to account unlocks and syncing large numbers of users as well as some security updates on the Web UI.Performance improvementsIf a sync contains large numbers of groups (over 10,000 or so), LogonBox could be very slow for some [...]

Read More...

The post LogonBox VPN 2.4.10 – Now Available appeared first on LogonBox.

The post LogonBox VPN 2.4.10 – Now Available appeared first on Security Boulevard.

IntroductionLogonBox is pleased to announce the immediate availability of LogonBox SSPR 2.4.10 and the Desktop Credentials Provider version 6.3.This release includes performance improvements relating to account unlocks and syncing large numbers of users, some updates to the Desktop Credentials Provider as well as some security updates.Performance improvementsIf a sync contains large numbers of groups (over [...]

Read More...

The post LogonBox SSPR 2.4.10 – Now Available appeared first on LogonBox.

The post LogonBox SSPR 2.4.10 – Now Available appeared first on Security Boulevard.

As the use of open source software (OSS) continues to grow, so do the challenges around maintaining security and efficiency in software dependency management.

The post Optimizing efficiency and reducing waste in open source software management appeared first on Security Boulevard.

In today’s data-driven landscape, sensitive information—like PII (Personally Identifiable Information), PHI (Protected Health Information), and PCI (Payment Card Information)—sprawls across enterprise systems. For data teams, keeping tabs on this data has become a formidable task. Sensitive data discovery, the process of locating, classifying, and securing this information, is no longer optional. But with sensitive data […]

The post Sensitive Data Discovery for Enterprises: Turning Data Chaos into Compliance first appeared on Accutive Security.

The post Sensitive Data Discovery for Enterprises: Turning Data Chaos into Compliance appeared first on Security Boulevard.