Integrated solutions that can see, share, and correlate live threat data enable the sort of broad visibility across the network that security systems require to effectively detect and respond to threats. But that is only half of the equation.
If you try to make software perfect, not only will you fail, but you’ll never bring a product to market. In the world of application security, this means setting priorities. Fix the biggest problems. Eliminate the worst threats.
The Building Security In Maturity Model (BSIMM)—the annual report on the evolution of software security initiatives (SSIs)—is gaining some maturity . The latest report, which went public on September 15, is the 11th iteration. The BSIMM is a real-world view of application security activities on which organizations are spending time and money. Here are some…
Gartner recently released its 2020 Market Guide for Managed Detection and Response (MDR) Services. Reading the fifth edition of this report reminds me of how far the industry has come and just how far it needs to go. I remember 2016 and working with Gartner analysts to champion a new category that better described what…
Despite the best of intentions among security and development teams, finding common ground can be a real challenge. Both sides are driven by different—and often competing—metrics, making alignment even harder. Add the fact that most security teams lack an understanding of modern application development practices, including the move to microservices-driven architectures and the use of…
At the most fundamental level, IT security is about buying software, while application security is about building software. The core mission of both groups is bringing risk down to an acceptable level.
If you ask a cybersecurity professional what they like about their job, odds are high that somewhere near the top of the list is: “Things are always changing.” It’s almost a cliché that cyberthreats are always evolving, but it remains true. Threat actors are inventive, and many have the skills and motivation to continually refine…
Good threat intelligence can sift through mountains of data collected from sensors across the globe to provide insights into what is happening and what countermeasures need to be in place to defend against a dynamic threat environment.
Today’s CIOs have an unprecedented challenge on their hands. They are spearheading digital transformation efforts, creating revenue-generating applications, enabling remote work and driving seamless customer experiences. This new business environment also created a veritable playground for attackers, making it hard to strike the right balance between innovation and security. Most attacks today follow a similar…
The technology environment in which businesses and society operate is becoming increasingly complex. Smart cities now rely on tools like AI to coordinate things like traffic, power, and emergency systems. Distributed manufacturing platforms use it to respond to consumer demand in near-real-time. Massive data centers depend on intelligent systems to process elephant flows of information…
