Free Cybersecurity Research, Whitepapers, Reports | SC Media

It’s the kind of note that grabs you by the shirt and doesn’t let go: “All of your files are stolen and encrypted!” The next thing you read is the extortion demand: pay up, or else. In this scenario, your organization has a limited amount of time to ask a series of critical questions before making the ultimate choice. By as...

After a bruising year that saw major businesses extorted to the breaking point, CISOs are now bracing for 2024 in what could easily become a record-setting year for ransomware attacks. In this eBook, Daniel Thomas looks at attacks from this year and what they tell us about adversaries’ evolving tactics, as well as how CISOs can direct their ...

No organization is immune to the sophisticated methods today’s threat actors are using, from bypassing traditional authentication tools to hijacking users’ web sessions. And no single tool on its own can protect against these attacks – especially at a time when: Key initiatives, such as cloud migrations, are driven by an ecosystem of ...

Any user can become privileged in certain conditions. This includes everyday employees using business applications in which they can access — and take actions with — the resources attackers aim to exploit. And whether you’re a CIO or a PAM admin, you likely see this evolution of privilege occurring regularly. Protecting your users’ ide...

As organizations migrate their assets to the cloud, in-house security teams can become overwhelmed and be unclear on how to tackle their new environment. Paul Wagenseil shows you how multi-signal MDR providers can help deploy and manage cloud-native security tools like Cloud Security Posture Managment (CSPM) and Cloud Workload Protection Platform ...

If you’re an organization looking to score a key victory in the field of identity and access management, it may feel like your IAM goals are slipping out of reach, due to a wide variety of challenging conditions. Fortunately, security teams can counteract common IAM pain points by adhering to the following recommendations that can h...

While many organizations move to the cloud to improve their security, they may confront a set of challenges that expose them to greater risk from the outside. Misconfigurations, insecure APIs, limited visibility of cloud workloads, and data breaches resulting from unauthorized access are some of the most common pitfalls. In this report, we present...

Cybersecurity teams spend hundreds of hours each year gathering controls evidence to demonstrate compliance with regulatory requirements. With more requirements on the horizon, an expanding cyber threat landscape, and an increasing number of connection points that need to be secured, that burden only stands to increase.Eliminating time-consuming r...

It’s the cybersecurity question every executive and board member wants — and needs — to have answered: How much will it cost if a cybersecurity risk materializes and causes a breach? Provide the answer with confidence by tying cyber threats to business impact using cyber risk quantification. Cyber risk quantification is a powerful method for...

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission.In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a vari...

Organizations must comply with 13 of 63 new security requirements outlined in PCI DSS Version 4 by March 2024, and must comply with the rest by March 2025. This survival guide will unpack what has changed from earlier versions of the standard and how to adapt/keep up with help from a platform that provides: • Around-the-clock online portal support...

Penetration testing is a craft as old as the cybersecurity industry, but attack tactics and the vulnerabilities they exploit have increased dramatically in recent years. This eBook will help ethical hackers adapt by unpacking what has changed and which new tools are available, including: • Hybrid pen testing that combines automated scripted tools ...

Mission-critical apps now running in the cloud contain vast amounts of information about customers and employees and are a prime target for attack. Bad actors leverage generative AI to form sophisticated attacks and rapidly adapt malware to avoid detection. Transforming security operations for the cloud is imperative to build a cyber-resilient bus...

Mission-critical apps now running in the cloud contain vast amounts of information about customers and employees and are a prime target for attack. Bad actors leverage generative AI to form sophisticated attacks and rapidly adapt malware to avoid detection. Transforming security operations for the cloud is imperative to build a cyber-resilient bus...

GenAI is being applied to security operations in ways that will revolutionize the field of cybersecurity. With its ability to create new content that is barely distinguishable from human-created content, GenAI is having a radical impact on every aspect of security operations – people, processes, and technologies. GenAI’s ability to process, ...

GenAI is being applied to security operations in ways that will revolutionize the field of cybersecurity. With its ability to create new content that is barely distinguishable from human-created content, GenAI is having a radical impact on every aspect of security operations – people, processes, and technologies. GenAI’s ability to process, ...

Ransomware-as-a-service is thriving. A sprawling enterprise of initial access brokers, buyers, sellers, and other affiliates and third parties now feed the dark web with ransomware kits that are tailor-made to get past company defenses. Smart use of social engineering, combined with malicious AI-generated code and clever exploits of legitimate sof...

Is your SOC team armed to identify and stop hybrid attacks? Today’s unknown hybrid attacks can start with anyone and move anywhere, at any speed, to disrupt anything in your environment — even with every possible preventative measure in place. But once your mindset changes, so does the effectiveness of your defense. Learn the 4 core reasons ...

Is your SOC team armed to identify and stop hybrid attacks? Today’s unknown hybrid attacks can start with anyone and move anywhere, at any speed, to disrupt anything in your environment — even with every possible preventative measure in place. But once your mindset changes, so does the effectiveness of your defense. Learn the 4 core reasons ...

After a bruising year that saw major businesses extorted to the breaking point, CISOs are now bracing for 2024 in what could easily become a record-setting year for ransomware attacks. In this eBook, Daniel Thomas looks at attacks from this year and what they tell us about adversaries’ evolving tactics, as well as how CISOs can direct their or...

Cybersecurity teams spend hundreds — even thousands — of hours each year gathering controls evidence to demonstrate compliance. With more regulatory requirements on the horizon, an ever-expanding cyber threat landscape, and an increasing number of connection points that need to be secured, that burden stands to increase. Eliminating unnecessary, t...

What does it take to achieve excellent attack surface management in the age of digital transformation?Protecting complex attack surfaces is difficult and often requires cyber tools that have complementary capabilities. Good cyber hygiene, effective configuration management that enforces cybersecurity policies, and continuous monitoring of cyber to...

Curious about the core benefits of the Tanium platform? Tanium commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study to examine the potential return on investment (ROI) enterprises may realize by deploying the Tanium platform.Explore the benefits, costs, and risks associated with this investment, from the perspective of...

Enterprise IT teams are adapting to a new IT landscape with a workforce mostly or entirely remote indefinitely. More applications and storage are moving to the cloud. And cybercriminals, watching these changes unfold, are focusing their attention on new targets and new forms of attack.The inside-out enterprise: redefining IT SecOps for today’...

Effectively coordinating software and patch deployments across an environment requires that IT ops and security teams be aligned, collaborative and accountable. This requires that key systems be in place and shared workflows be clearly defined. Learn the crucial role that cyber hygiene plays in this process in the ultimate guide to cyber hygiene. ...

This ebook dives into everything from why detecting attacker activity and recon known as ransomOps is critical to stopping ransomware and many of the steps security professionals are taking to successfully slam the door on today’s ransomware tactics. We’ll share how customers are able to detect active attacks almost immediately as well...

Security teams are choosing NDR over IDS to gain better threat detection and response. This whitepaper covers how today’s sophisticated cyber attacker TTPs create a challenge for traditional security approaches and why NDR can detect what others miss. In this white paper, you’ll discover:– How attackers bypass perimeter and signa...

This ebook dives into everything from why detecting attacker activity and recon known as ransomOps is critical to stopping ransomware and many of the steps security professionals are taking to successfully slam the door on today’s ransomware tactics. We’ll share how customers are able to detect active attacks almost immediately as well...

With the increasing number of cyber threats your SOC team faces, is your SIEM capable of keeping pace with every hybrid cloud threat? The coverage and clarity needed to detect threats across every attack surface is a big ask, but it’s not hard to make sure you’re maximizing current security investments. Get your free guide today to fin...

With the increasing number of cyber threats your SOC team faces, is your SIEM capable of keeping pace with every hybrid cloud threat? The coverage and clarity needed to detect threats across every attack surface is a big ask, but it’s not hard to make sure you’re maximizing current security investments. Get your free guide today to fin...

Security teams are choosing NDR over IDS to gain better threat detection and response. This whitepaper covers how today’s sophisticated cyber attacker TTPs create a challenge for traditional security approaches and why NDR can detect what others miss. In this white paper, you’ll discover:– How attackers bypass perimeter and signa...

Our digital identities help us navigate the complexities of an increasingly connected world. From mobile-banking apps, online shopping and social media to video streaming services, patient health portals and AirBnB reservations, digital identities are what make it possible for all these transactions to verify that we are who we claim to be. And...

Traditional application security controls don’t provide adequate protection for your APIs. You need purpose-built API security controls that address the unique vulnerabilities APIs introduce. But where do you start? This Buyer’s Guide highlights the key capabilities necessary for a complete API security platform. As you evaluate API se...

API Security Trends in 2023 Today every modern enterprise is heavily reliant on APIs, to the point they’re now indispensable. As evidence, API traffic now represents over 80% of the current internet traffic. However, organizations are discovering that API attacks are growing at the same pace. According to our latest survey, 78% of cybersecur...

Does your PKI need updated? Maybe your current solution can’t support the growing volume of certificates in your environment or you’re looking to replace an expiring certificate authority or near-end-of-life server. No matter the reason, PKI is critical to infrastructure and shouldn’t be ignored. With that, however, many teams fi...

Public key infrastructure (PKI) is everywhere. It’s the trust engine behind websites, networks, cloud environments, and even your software pipeline. There’s just one problem. Because of its widespread adoption, PKI has become difficult to manage and scale. And as a recent report shows, 53% of organizations don’t have enough staff...

Scaling ITRM: The Promise and Challenges of Risk Quantification, empowers InfoSec professionals to proactively manage risk, protect valuable assets, and maintain a competitive edge in an ever-evolving risk landscape.

IT Risk & Compliance Platforms: A Buyer’s Guide examines how purpose-built IT risk and compliance (ITRC) management software can make your organization more secure and better equipped to respond to new threats and regulatory changes. Download the full guide for actionable insights on how to choose and implement an ITRC platform.

In an effort to address the rise in cyber breaches, the U.S. Securities and Exchange Commission has released new cybersecurity disclosure requirements for public companies. Get a comprehensive guide to help you navigate the new rules, including key dates, an overview of the requirements, and steps to prepare.

The SEC’s highly-anticipated cybersecurity reporting rules are finally in force, and the December compliance deadlines are fast approaching. Learn more about these new regulations and explore how Risk Cloud’s GRC platform – a preferred vendor already used within your organization – can simplify compliance efforts and ensure consistency...

Small to medium-sized businesses may not have the budget of other industry titans, but new data shows they’re ready to spend on cybersecurity tools that can reduce risk and eliminate advanced threats. The problem is that MSPs – who are in the best position to help these businesses – are struggling to understand what their clients need and tailor t...

What’s the best way to stop a cyberattack from turning into a full breach? Prepare in advance. Often, after an organization experiences a breach, they’ll realize they could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place. This incident response guide will help you to: Gain a deep underst...

Tech leaders are at the center of infosec for every company and lead the charge for operationalizing strategy. This new Active Adversary Report released by Sophos seeks to help tech leaders make more informed decisions about how to deploy their resources and best satisfy corporate strategy to better protect the organization. Included are findings ...

The Sophos 2023 Threat Report documents the latest cyberthreat trends over the last year and provides the insights you need to defend against evolving attacks. The report is based on the research and real-world experiences of Sophos’ threat, incident response and AI experts, and covers: The cyber impact of the war in Ukraine The maturity of...

What’s the best way to stop a cyberattack from turning into a full breach? Prepare in advance. Often, after an organization experiences a breach, they’ll realize they could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place. This incident response guide will help you to: Gain a deep underst...

To help organizations better understand the role cyber defenses play in optimizing their insurance position, Sophos has conducted a study of 3,000 IT/cybersecurity professionals that reveals: The level of cyber insurance adoption in 2023 The role of cyber defenses in securing coverage The impact of cyber insurance on an organization’s abili...

What’s the best way to stop a cyberattack from turning into a full breach? Prepare in advance. Often, after an organization experiences a breach, they’ll realize they could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place. This incident response guide will help you to: Gain a deep underst...

The Sophos 2023 Threat Report documents the latest cyberthreat trends over the last year and provides the insights you need to defend against evolving attacks. The report is based on the research and real-world experiences of Sophos’ threat, incident response and AI experts, and covers: The cyber impact of the war in Ukraine The maturity of...

Cybersecurity is the stage for AI’s next big breakthrough. Generative AI like ChatGPT and other large language models has blurred the lines between authentic sources and their imposters, but it has also given organizations a powerful tool to digest and make sense of incredible volumes of data. In this eBook, Daniel Thomas examines the central ...

Based on a survey of 3,000 cybersecurity/IT professionals across 14 countries, this report reveals the reality of securing an organization from cyberthreats in 2023, and the business impact of adversaries. It includes: Frequency and type of cyberattacks experienced over the last year Top perceived security risks for 2023 The reality of alert inve...

66% of organizations were hit by ransomware in the last year. Is your endpoint protection solution optimally configured to protect against these devastating attacks? Get practical guidance on configuring your endpoint solution to provide optimum protection in this guide, and: Learn how ransomware attacks work Discover the six endpoint-protection ...

In this report, learn how experiences of ransomware have evolved over the last 12 months, and the impact ransomware now has on organizations. Discover: Which organizations experienced the highest rate of attack over the last year The root causes of attacks How often data is encrypted, and how often organizations pay the ransom to get it back The ...

Browser security in the enterprise is not what it was just a few years ago. With the increased risks that come with a distributed hybrid workforce, enterprise security teams need to adapt quickly. Using Google Chrome Enterprise as an example, this eBook explains what features are essential to protect the enterprise against today’s attacks, i...

Get ready for the SEC’s new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure mandate. The “Scaling ITRM: The Promise and Challenges of Risk Quantification” ebook explores the existing barriers to risk quantification and the myths surrounding them. It also explains why every moment without risk quantifi...

“Digital Risk Report 2023: Pervasive Risk, Persistent Fragmentation, and Accelerating Technology Investment” takes a comprehensive look at how companies are using digital risk management to achieve stronger resilience, better performance, greater assurance, and more cost-effective compliance.

Depending on your business’s size, industry, and compliance needs, it will be subject to third-party audits. Businesses will typically choose to undergo a third-party audit with the goal of achieving or maintaining a security certification, such as SOC 2 (I and II), ISO, or PCI DSS. Get six best practices to help you prepare in this article....

Control testing and evidence collection is often a time-consuming, burdensome process for compliance teams, auditors, and stakeholders alike. Teams can save time and improve consistency and accuracy with automation. Learn some key considerations and best practices for getting started in this article.

Struggling to juggle numerous compliance requirements, frameworks, stakeholders, and workflows? The right technology can help bring order to the chaos. To ensure your team finds a solution that meets their needs, get this checklist of key features to consider.

While organizations have drastically increased their use of third parties, third-party risk management (TPRM) maturity hasn’t kept pace. This ebook from AuditBoard and RSM, Third-Party Risk Management: Trends and Strategies to Help You Stay Ahead of the Curve, translates current TPRM trends and lessons learned into actionable ideas to help y...

Secure data in an increasingly complex cloud landscape with Data Security Posture Management (DSPM). From locating sensitive data to prioritizing security risks and offering actionable solutions, DSPM provides a comprehensive, agile defense strategy. Elevate your organization’s data security; explore our white papers to learn more.

Elevate your data security with our essential white paper. Gain insights into creating a data-driven culture, establishing effective data governance, and ensuring ethical data use. Learn how to build a comprehensive data protection strategy that can help your organization thrive in a fast-paced, data-centric world. Download now to stay ahead of th...

Trying to decide which SIEM is right for your enterprise? Devo’s done the hard part for you. Download the 2023 Buyer’s Guide for Next-Gen SIEM to compare leading SIEM vendors. The 2023 buyer’s guide compares and contrasts four SIEM vendors — Splunk, Microsoft Sentinel, Google Chronicle, and Devo — across six key categories: 1. De...

Introducing automation into your SOC lets your analysts focus on the most critical threat detection, hunting, and response activities. Threat actors are faster and more sophisticated than most SOCs. Coupled with an explosion of data (and resulting attack surfaces), many SOC teams are discouraged and burnt out. Download this eBook to learn more a...

Organizations increasingly need to assess the current state of their security. As a result, MSSPs are in the unique position of capitalizing on this demand when adding autonomous penetration testing to their portfolio. Learn how to build high-value, high-margin business on top of the NodeZero™ platform to deliver increasing value.

For MSSPs, manual penetration tests are time consuming, expensive, and often provide limited value to their customers. And when compared to autonomous pentesting results, manual approaches often lack accuracy and coverage. Learn how NodeZero™ provides an alternative security assessment approach that helps grow sales, improves retention, and increa...

Why Secure BYO–PC is the future, how to build a formal program, and what tools can help you bring it to life and when to avoid virtual desktops. In this Ebook, you will learn about: Why it’s time to embrace Secure BYO–PC How to build a Secure BYO–PC program Questions you must ask yourself when building your hybrid work plan Take the next st...

In this report, learn how experiences of ransomware have evolved over the last 12 months, and the impact ransomware now has on organizations. Discover: Which organizations experienced the highest rate of attack over the last year The root causes of attacks How often data is encrypted, and how often organizations pay the ransom to get it back The ...

Respondents from our audience are focusing their endpoint security efforts on the idea that end users can’t be trusted to keep the bad guys out. Multifactor authentication and strong password enforcement top the list of resulting controls, requiring users to submit extra proof that they are who they say they are to weed out imposters; explore deta...

As organizations settle into the era of “work from anywhere,” security teams find themselves awash in more endpoints than they can keep track of – an ocean of devices the bad guys can easily target. This eBook connects the endpoint challenge to larger trends identified in the 2023 State of Ransomware Report and how Managed Detection an...

Respondents hunger for threat intelligence tools to boost incident response. The challenge, along with the usual skills and budget shortages — it’s difficult to integrate various security products and data feeds. Failures on this front degrade the quality of the data they receive. This report covers those concerns and more, and offers ...

Some businesses have relied on the cloud for years, while others have recently migrated to the cloud because of the pandemic. Regardless of their experience, most respondents from CRA Business Intelligence’s September 2022 Cloud Security Survey recognize that despite the appeal of cloud, there are many security risks and vulnerabilities. And keepi...

Recent surveys by CRA Business Intelligence paint a grim picture of security professionals bracing for the next ransomware attack. Their ability to detect and respond to malicious behavior early enough to prevent downtime and business disruption is moderate at best. Highly targeted sectors such as education, healthcare, and financial services part...

There’s no shortage of cybersecurity training and certifications for security professionals, yet programs available today are focused on session completion, not outcomes. This outmoded approach to training doesn’t translate to measurable improvements in cybersecurity knowledge, skills, and judgment that lead to long-term resilience. Pe...

All companies are on a journey to advanced identity security – most just don’t know it yet. SailPoint’s horizons of identity security report defined the core capabilities of five distinct horizons of identity security, from beginning to advanced, dependent not only on technical capabilities, but also on the company’s strategy, op...

Every human, bot and machine now needs a digital identity to navigate the world of rapidly evolving technologies including the metaverse, decentralized finance, crypto and Web 3.0 Business leaders across industries have realized that next-generation digital identity will be essential to enable seamless collaboration with business partners, boost o...

Cloud-based security is here to stay, but customers aren’t always happy with what they get. Paul Wagenseil breaks down the different forms of converged network security, explains what to expect and outlines how to choose the right solution for your organization.

If a web vulnerability can be exploited, it cannot be a false positive. This is the guiding principle behind the Invicti Proof-Based Scanning. Automated and detailed proof of exploitability enables organizations to avoid manually verifying scan results and take control of their web application security at scale. Dig into the comprehensive feature ...

Stop compromising on web app security! Build a complete application security program that covers every corner of every application – without hiring an army of security experts. This Buyer’s Guide will help you evaluate web application security tools to find the one that’s right for you. Download this guide to learn: What effective fea...

In the chaos generated by alert overload, inefficient communications, and inadequate toolchains, how do development and security practitioners deal with it all? Download this report and learn more about: The real-life effectiveness of existing AppSec processes The anticipated spending trends for security initiatives Tried-and-true ways to prove R...

Traditional security programs often fail due to their reactive nature and inability to keep up with rapidly evolving cyber threats, leaving organizations vulnerable to sophisticated attacks and breaches. In the current landscape, a cohesive security program is crucial for not only surviving but thriving amidst the relentless wave of advanced attac...

The gap between Application Security teams and developers is a common challenge in many organizations. Application Security teams are responsible for ensuring the security of software applications, while developers focus on writing code and delivering new features. This eBook maps out pragmatic strategies you can implement to help close the divide...

Ransomware attacks, breaches, untamed AI and geopolitical cyber strife are a daily feature in the news, and all are use cases for Managed Detection and Response (MDR). This eBook explores how MDR can be used to reduce or prevent the mayhem seen in the headlines by: • Speeding up the time from intrusion to detection and response • Doing so with low...

Annual AT&T Cybersecurity Insights Report. The 2023 report will focus on the edge ecosystem. The core report focuses on connecting and securing the entire edge computing ecosystem; transport infrastructure, endpoints, operating systems, application workloads, production monitoring/management/mitigation/runtime. The 2023 AT&T Cybersecurity ...

Security professionals responding to a CRA Business Intelligence survey have encountered multiple challenges in their quest to achieve solid vulnerability management. Some struggle to get adequate executive buy-in and funding, while others find their efforts complicated by a glut of legacy technology accumulated during mergers. Those doing the bes...

Learn how to assess the risks of cross-tenant attacks and how to double down on your cloud security to make your environment even more secure with this two-step infographic from Wiz

Enterprise adoption of the cloud during the past five years has been “staggering”, according to Pete Chronis, CISO of Paramount. However, this rapid adoption has revealed a troubling problem: silos within organizations, which create barriers between key players like CISOs, DevOps, andengineering teams. Wiz brought together leading CISO...

Gartner has defined a new category of security tools called Cloud Security Posture Management (CSPM) to help organizations tackle the wide range of security needs that come with migrating to the cloud and scaling their infrastructure. CSPM is a solution that continuously manages cloud security risk and provides compliance assurance in the cloud. W...

Wiz’s State of the Cloud 2023 report provides analysis of trends in cloud usage such as multi-cloud, use of managed services and more. In addition, the report highlights notable cloud risks based on insights from 30% of Fortune 100 enterprise cloud environments.

SANS research has shown that more organizations are using multiple cloud providers. Multicloud adoption can be driven by a variety of factors, such as competitive differentiation, mergers and acquisitions, and more. This whitepaper contains the results from the SANS 2022 Multicloud Survey, including multicloud adoption trends, how adoption decisio...

A practical guide to transforming security teams, processes, and tools to support cloud development. Organizations of all sizes and industries, from small businesses to large enterprises, are adopting more cloud to realize the benefits of scalability, flexibility, and cost-effectiveness for their business. At the same time, the cloud has led to th...

Whether public key infrastructure (PKI) is your passion or it’s something you wouldn’t touch with a 39-and-a-half-foot pole, it’s without a doubt become critical to the security of your organization. A rare few companies have an in-house expert or even an entire team dedicated to PKI, but for most, it’s more of a “hot...

For the third consecutive year, Keyfactor and The Ponemon Institute have collaborated on the State of Machine Identity Management report —an in-depth look at the role of PKI and machine identities in establishing digital trust and securing modern enterprises. This year’s report provides an analysis of 1,280 survey responses from security lea...

AI generators: Understanding the AppSec risks and how DAST can helpAI text- and code-generating tools like GitHub Copilot and ChatGPT can help developers write code faster and more efficiently, but carefree reliance on these tools could expose your organization to a range of risks. Superficially valid suggestions can result in vulnerable code that...

For many people, the introduction to the world of digital forensics might come through popular culture. For decades, movies, television, and even video games have delved into the world of hackers exploiting computer systems and the crime-solving computer sleuths working to stop them. But of course that’s not really a realistic depiction of t...

While ransomware attacks and data breaches are justifiably scary, insider threats are far more common—and far more damaging—than most people know. Culprits like the “London Whale,” who cost JP Morgan over $7 billion, and the Yahoo research scientist who stole over half a million pages of IP after taking a job from a competitor make hea...