Gartner recently released its 2020 Market Guide for Managed Detection and Response (MDR) Services. Reading the fifth edition of this report reminds me of how far the industry has come and just how far it needs to go. I remember 2016 and working with Gartner analysts to champion a new category that better described what…
The availability of reliable and actionable threat intelligence is essential for any effective security strategy. Security tools not only need to be able to gather threat intelligence from the places in the network they have been deployed, but they also need to be able to share and correlate that intelligence across and between all other…
The 18th-century philosopher Voltaire once said, “Perfect is the enemy of good.” If you try to make software perfect, not only will you fail, but you’ll never bring a product to market. In the world of application security, this means setting priorities. Fix the biggest problems. Eliminate the worst threats. Thanks to the expanding DevSecOps…
The Building Security In Maturity Model (BSIMM)—the annual report on the evolution of software security initiatives (SSIs)—is gaining some maturity . The latest report, which went public on September 15, is the 11th iteration. The BSIMM is a real-world view of application security activities on which organizations are spending time and money. Here are some…
Derek Manky from Fortinet’s FortiGuard Labs looks at how to create a top-down approach to threat intelligence that produces actionable intelligence for CISOs. While legacy threats still exist, new threats are launched every day. This video looks at how CISOs can respond more quickly to the changing face of threats. If the current pandemic has…
Despite the best of intentions among security and development teams, finding common ground can be a real challenge. Both sides are driven by different—and often competing—metrics, making alignment even harder. Add the fact that most security teams lack an understanding of modern application development practices, including the move to microservices-driven architectures and the use of…
What’s the difference between IT security and application security? And what do all those acronyms mean? Learn more in our quick cyber security primer. In many organizations, software security responsibility is divided between IT security and application security. At the most fundamental level, IT security is about buying software, while application security is about building…
If you ask a cybersecurity professional what they like about their job, odds are high that somewhere near the top of the list is: “Things are always changing.” It’s almost a cliché that cyberthreats are always evolving, but it remains true. Threat actors are inventive, and many have the skills and motivation to continually refine…
Good threat intelligence can sift through mountains of data collected from sensors across the globe to provide insights into what is happening and what countermeasures need to be in place to defend against a dynamic threat environment. For example, Fortinet’s FortiGuard Labs just released its latest Global Threat Landscape Report covering the first half of…
Today’s CIOs have an unprecedented challenge on their hands. They are spearheading digital transformation efforts, creating revenue-generating applications, enabling remote work and driving seamless customer experiences. This new business environment also created a veritable playground for attackers, making it hard to strike the right balance between innovation and security. Most attacks today follow a similar…
