5 Security Blindspots
No buzzwords or Gartner categories, just really important security stuff
James Berthoty
James has worked across most areas of the security industry - from IT, to DevOps to security operations. He created Latio as a resource for engineers to find the best security tools for their environment.
What Tool Best Compliments CNAPP?
Despite what they'd tell you, CNAPP's don't do everything
ADR - The Future of Runtime
Application Detection Response is the hot off the press buzzword that's going to be the next big thing
[Latio Pulse #10] RSA Takeaways
RSA Takeaways Me and Jacob - Certified Sales Wiz at Opus A coworker told me “RSA is a marketing conference” and they couldn’t be more correct. I spent most of the time running from coffee shop to coffee shop, because most of my favorite vendors didn’t think spending
RSAC Innovation Sandbox 2024 - Who to Watch
The best part of working on Latio is getting to see the amazing innovation across emerging security products. I was excited to see that this year I agree with most of the RSA Innovation Sandbox choices. I wanted to take this week to highlight some of their amazing work and
A Platform is not a Product
Platforms vs. Point Solutions Founded Dates of CNAPP Providers One recurring discussion in cybersecurity is the relative value of platforms versus point solutions. Conveniently enough, every platform provider thinks platforms are what the people really want; conversely, every point solution thinks platforms are an awful value proposition. The truth lays
Does Reachability Matter?
The Heart of Reachability A while ago, I wrote an article called “5 types of reachability analysis” with Endor Labs. In that article, I talked about the 5 types of reachability, which I summarized as: * Function-level reachability * Package baselining * Internet reachability * Dependency-level reachability * Package used in image At the heart
WTF is a Cloud Native Application Protection Platform (CNAPP)?
Death to CNAPP!
Vulnerability Management and XZ Utils - Is there any hope?
CVE-2024-3094, Open Source Security, and VulnCon - Is there any hope? I’ve never been so sure that vulnerabilities are both critical, and don’t matter at all. This last week was VulnCon in my very own Raleigh, NC. Overall, the main benefit was seeing just how human our vulnerability
LLM Security Architecture
If you want a guaranteed winner LinkedIn post, here’s a free template: “Companies are not taking LLM security seriously enough, researchers got {Popular LLM} to reveal {Nothing That Sensitive}. The security industry can be really susceptible to VC trends, because for every “mind blowing new technology” comes along with
Do you need Container Vulnerability Scanning and SCA Scanning?
This week I met with Kodem. Kodem has entered into the narrow but exciting world of granular runtime vulnerability detection alongside Oligo, offering a function level view of dependencies based on eBPF logs. A lot of the content here is also covered in the latest YouTube video. This led to
Getting Secure Beyond CVE Scanning
This is not a post meant to bash CVEs, especially with the recent drama around the issues at the NVD. Instead, I’m arguing that CVEs are the baseline for supply chain security, not the end goal. Table of Contents * Are CVE's really the best we can do?