Free Cybersecurity Research, Whitepapers, Reports | SC Media

The Harsh Realities of Cloud Security: Misconfigurations, Lack of Oversight and Little Visibility
Some businesses have relied on the cloud for years, while others have recently migrated to the cloud because of the pandemic. Regardless of their experience, most respondents from CRA Business Intelligence’s September 2022 Cloud Security Survey recognize that despite the appeal of cloud, there are many security risks and vulnerabilities. And...
More Info
Guide: Machine Learning Applied in Bot Detection
Explore the possibilities for applying machine learning (ML) in bot detection and cybersecurity with this guide from DataDome’s team. Guide includes: • How ML is Used for Good & Bad in Cybersecurity• How to Apply ML in Bot Detection• How to Build, Train, & Monitor ML Models• 2 Real-Life Examples of ML Applied to Bot Protection
More Info
Ransomware Ready: Orgs Fight Back with More Aggressive Strategies and Technology
Many organizations continue to struggle with ransomware and attackers have a clear edge today. Organizations continue to struggle at detection and response. But the news isn’t all bad: Most respondents are taking additional steps that should prove helpful in their defense against ransomware in the years ahead. Those are among the takeaways o...
More Info
Security Culture Report 2022—Global Trends in Security Culture
The 2022 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations’ security cultures and surveying more than 530,000 employees across 2,910 organizations worldwide. The report offers unique insights which allow organizational leaders to better understand how employees view security within their organizations....
More Info
What Your Password Policy Should Be
Reports of the death of passwords have been greatly exaggerated. You know passwords are still a necessary evil, despite recurring predictions that some new credentialing architecture will take over in just a few years’ time. Until then, your goal is to craft password policies that mitigate as much risk as possible for both your employees and...
More Info
The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022
KnowBe4 Recognized as a Leader in Security Awareness and Training Solutions by Forrester Research KnowBe4 has been named a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022. Using a 30-criteria evaluation, the Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current...
More Info
Phishing by Industry Benchmarking
As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up! IT security seems to be a race between effective technology and clever attack methods. However, there’s an often overlooked security layer that can significantly redu...
More Info
Forrester Total Economic Impact™ of KnowBe4
Cost Savings & Business Benefits Enabled by the KnowBe4 and PhishER Platforms KnowBe4 commissioned Forrester Consulting to conduct a Total Economic Impact™ study examining the potential Return on Investment (ROI) enterprises might realize by deploying KnowBe4’s Security Awareness Training & Simulated Phishing and PhishER platforms. F...
More Info
Ransomware Hostage Rescue Manual
Download Your Ransomware Hostage Rescue Manual Free your files! Get the most informative and complete hostage rescue manual on ransomware. This manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You will also receive a Ransomware Attack Response Checklist and Ransomware Preve...
More Info
Building a Security Awareness Program to Help Defend Against Cyber Extortion and Ransomware
Due to the rise in sophistication and volume of cyber extortion and ransomware, the time is now to bulk up your defenses against these threats. You cannot achieve these improved defenses by deploying shiny “anti-ransomware” technology alone. A defense-in-depth model with multiple layers of control is needed. Building a security culture...
More Info
CEO Fraud Prevention Manual
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be one of them. CEO fraud has been responsible for more than $26 billion in losses. Despite these losses, CEO fraud remains a blind spot for many C-level executives who quickly learn the consequences of a weak cyber-risk assessment. Part I explains how top executi...
More Info
Security Culture Maturity Model
Introducing the Security Culture Maturity Model The data-driven and evidence-based Security Culture Maturity Model, developed by KnowBe4 Research, is the industry’s first maturity model specifically geared to measure security culture. The model is fueled by KnowBe4’s massive security awareness, behavior, and culture dataset. Security C...
More Info
Ponemon Report: The State of Enterprise Identity
With a wave of unexpected challenges flooding the cybersecurity landscape, many enterprises are reassessing their view of identity security and the ever-present role it plays in mitigating risk and ensuring regulatory compliance. This inaugural research study by Saviynt and the Ponemon Institute examines enterprise risk associated with identity &a...
More Info
2022 Identity and Security Trends
Between evolving cyberattacks and executive orders, last year exposed new levels of uncertainty across the security landscape. Data shows us these challenges are only projected to grow — and now’s the time to mobilize. Loaded with expert insights and the latest industry analytics, our new eBook presents the TOP TEN trends for identity & ...
More Info
Making the Move to Modern IGA: Expert Insights to Transition Your Legacy Identity Governance & Administration Platform
Identity isn’t what it was a decade ago. Changes in the technology & regulatory landscape, user behavior, and organizational priorities have transformed it from a compliance-oriented discipline to a business enabler — and often a board-level initiative. This eBook showcases proven guidance on preparing, implementing, and evaluating an IG...
More Info
Beyond the Vault: Cloud-Powered PAM
Across the globe, enterprises are racing towards cloud migration. To ensure secure access for remote workforces, identity and PAM platforms have a responsibility to keep pace. This eBook decodes the history of PAM and its password vaulting roots and highlights how modern enterprises can achieve Zero Trust with a cloud-first solution.
More Info
The Harsh Realities of Cloud Security: Misconfigurations, Lack of Oversight and Little Visibility
Some businesses have relied on the cloud for years, while others have recently migrated to the cloud because of the pandemic. Regardless of their experience, most respondents from CRA Business Intelligence’s September 2022 Cloud Security Survey recognize that despite the appeal of cloud, there are many security risks and vulnerabilities. And...
More Info
5 Challenges to securing public cloud infrastructure
A recent CyberRisk Alliance Business Intelligence study of how organizations are managing cloud security revealed that the number of cloud assets/workloads is growing among companies, with 55% of respondents running up to 50 assets/workloads in the public cloud and 56% on hosted clouds; on average respondents maintain 66 assets in either public or...
More Info
The State of Email Security 2022
Businesses around the world continue to find themselves in the crosshairs of a torrent of new cyberattacks. While the big picture is unquestionably grim, not all is doom and gloom. Get valuable insights from your peers on how to combat cybersecurity threats in the sixth annual State of Email Security report. With insights from 1,400 security profe...
More Info
Tackling phishing, impersonation and brand exploits
There’s no doubt that cyber-attack tactics have evolved. Deception is now the name of the game rather than brute forcing access to networks and devices. Increasingly sophisticated attackers are hoodwinking their targets and phishing attacks are up 54%, with impersonation attacks growing by an even more substantial 67%. Phishing makes up a si...
More Info
Teaching Good Security Behaviors with Seinfeld
Poor password hygiene. Employee naivete. Misuse of personal email. Even with today’s most advanced protection, organizations remain vulnerable because of one key factor: human error. But there is hope. Research shows that training that is entertaining and humorous is proven to increase employee engagement and lead to deeper embedding of cruc...
More Info
HACK YOUR PENTESTING ROUTINE
Security teams face the challenge of communicating clearly in an ever-evolving landscape of threats, tools, and expectations. The offensive security methods that worked just a few years ago may no longer be meeting the needs of all stakeholders. If you are eager to find ways of improving your internal processes and your client satisfaction, the 10...
More Info
THE POWER OF PURPLE TEAMING
Security teams know the key to catching and stopping attacks early is to understand how their adversaries think. But many are behind the curve, according to a survey (conducted by CyberRisk Alliance and sponsored by PlexTrac) among 315 security influencers and decision makers in the U.S. and Canada. When it comes to stopping ransomware attacks in ...
More Info
Bot Security Guide to Proxies
Proxies enable users to change their IP addresses. However, they can also be used by bad actors to scale bot attacks and help bad bots stay anonymous. So how can you identify and flag proxies before they harm your business? Find your answer in this guide and learn how to: – Define proxies and types of proxies – Identify the differences...
More Info
Top Five Reasons to Use MDR Services
Organizations are increasingly turning to managed detection and response (MDR) services to detect and neutralize advanced, human-led attacks that technology solutions alone cannot prevent. However, the proliferation of cybersecurity solutions on the market can make it difficult to understand exactly what MDR is, how it fits with your wider cyberse...
More Info
Four Key Tips from Incident Response Experts
Know in advance how to respond to a critical cyber attack. This guide highlights the biggest lessons everyone should learn when it comes to responding to cybersecurity incidents. Understanding these key tips from incident response experts will help give your team advantages when defending your organization. Read more to be better prepared when def...
More Info
Modern Techniques for Securing Single Page Applications
Single Page Applications (SPAs) seem simple on the surface, using modern development stacks that streamline Web UI development and deliver rich user experiences. However, SPA security becomes more complicated when considering threats such as Cross-Site Scripting (XSS). The browser is a hostile place to execute code, so application developers must ...
More Info
API Security for the Modern Enterprise
This eBook gathers articles written by API security experts and covers the most critical aspects of securing APIs and microservices. It introduces related topics, standards like OAuth 2, OpenID Connect, and SCIM, and how to connect these to your applications, systems, and user identities. You will learn how to securely: Move endusers through digi...
More Info
The Harsh Realities of Cloud Security: Misconfigurations, Lack of Oversight and Little Visibility
Some businesses have relied on the cloud for years, while others have recently migrated to the cloud because of the pandemic. Regardless of their experience, most respondents from CRA Business Intelligence’s September 2022 Cloud Security Survey recognize that despite the appeal of cloud, there are many security risks and vulnerabilities. And...
More Info
Threat Hunting Essentials: How To Craft An Effective Process
Threat hunting has become a critical exercise in the fight for stronger security. But as the threat landscape continues to change, hunting techniques must also adapt. This eBook explores that changing landscape and offers guidance to help organizations get started with threat hunting and ramp up exercises with maximum effectiveness. This will incl...
More Info
Work from Anywhere: Security That Makes It Possible
The new normal of the post-pandemic world is that people will split their work hours between their homes, offices, and wherever they may travel. To support Work from Anywhere (WFA), organizations need robust, unified security controls. But each of these locations present unique challenges that require different security solutions. This eBook will ...
More Info
How we did it: Detection and prevention of a dependency confusion attack
Tactics of adversaries to infiltrate the software supply chain have grown more sophisticated. Among them: co-opting the names of submissions in public code, with the ultimate goal being to use counterfeit code to compromise networks. How can organizations recognize pockets of risk that may exist within their own development efforts? What preventat...
More Info
External Attack Surface Management (EASM): From Understanding to Implementation
With the ever-increasing volume of exposure and attacks, security decision makers are increasingly eying External Attack Surface Management (EASM) to better define where their attack surface is and better defend it. But confusion persists over what EASM entails and how best to implement it. This eBook defines it and offers a roadmap for how best t...
More Info
CIAM 101: Securing access and improving experiences for customers
Customer identity and access management (CIAM) enables organizations to securely capture and manage customer identity and profile data, as well as control customer access to applications and services. But how does it work and what must security teams know when considering investments to secure customer access and experience? This eBook will explor...
More Info
The Harsh Realities of Cloud Security: Misconfigurations, Lack of Oversight and Little Visibility
Some businesses have relied on the cloud for years, while others have recently migrated to the cloud because of the pandemic. Regardless of their experience, most respondents from CRA Business Intelligence’s September 2022 Cloud Security Survey recognize that despite the appeal of cloud, there are many security risks and vulnerabilities. And...
More Info
Zero Trust Adoption Faces Ongoing Headwinds
Zero trust is widely accepted as a powerful tool to secure complex IT environments and reduce attack surface. Yet adoption levels remain relatively low due to the challenges companies face with implementation, according to a recent survey conducted by CRA Business Intelligence, the research and content arm of the cybersecurity data and insights co...
More Info
ALL ABOUT EASM: THE EXTERNAL ATTACK SURFACE MANAGEMENT BUYERS GUIDE
With the expanding attack surface and the ever-changing and complex modern technology environment, organizations need a systematic way to manage the risks associated with their externally facing systems. That means selecting, deploying, and using an external attack surface management platform. The EASM platform will continuously seek to discove...
More Info
CRA Study: Non-traditional Endpoint Security Widely Unchecked, Contributing to Surge in Breaches
The widespread shift to work-at-home environments and the proliferation of non-traditional endpoints has had a moderate to high impact on the number of enterprise-related security breaches (41%) since 2020, according to a survey conducted by CRA Business Intelligence, the research and content arm of the cybersecurity data and insights company Cybe...
More Info
Threat Intel Leveraged to Secure Systems and Educate Executives
Organizations understand the important role threat intelligence solutions play in maintaining a strong cybersecurity posture, particularly with the rise of ransomware. According to findings in a survey from CRA Business Intelligence, the research and content arm of the cybersecurity data and insights company CyberRisk Alliance, they also leverage ...
More Info
Strategies for Building Cohesive Security Programs
Over the last two decades, the field of cybersecurity has undergone explosive growth. The shift to a digitally driven economy, the rapid progress and adoption of new technologies, the rise of advanced attacks and the commoditization of offensive tools have all contributed to cybersecurity’s continued evolution.Unfortunately, up until very rec...
More Info
Delivering Business Value Through a Well-Governed Digital Identity Program
In this white paper, Delivering Business Value Through a Well-Governed Digital Identity Program, we help you understand how Digital Identity and Access Management (IAM) programs can deliver value and help meet business objectives through an attribute-based approach. We also discuss the necessary framework for identity governance programs and how to...
More Info
New critical vulnerabilities in SAP Internet Communication Manager require immediate attention
The Onapsis Research Labs identified three critical vulnerabilities in a memory handling mechanism which can lead to full system takeover, if exploited by an attacker. Leveraging the most critical vulnerability (CVSSv3 10.0) is simple, requires no previous authentication, no preconditions are necessary, and the payload can be sent through HTTP(S), ...
More Info
Customer Identity Buyer’s Guide
The way you design, manage and deploy customer identity can make or break your customers’ experience. Customer identity and accessmanagement (CIAM) gives you the capabilities to deliver seamless experiences at every point in your customers’ journey, making it fundamental if your organization’s strategic objectives include continue...
More Info
MFA for Customers
Multi-factor authentication (MFA) provides a critical extra layer of protection to your enterprise and your customers. No longer just for employee use cases, MFA can be successfully leveraged to secure your customers’ interactions with your digital properties and mitigate the ripple effect of compromised credentials.Implementing multi-factor ...
More Info
ZTNA vs On-Premises Firewall VPN: The Ultimate Guide Description: See how Zero Trust Network Access compares to on-premises VPNs
Hardware firewall VPNs of yesterday simply cannot protect workers beyond the traditional perimeter. This leaves a major security gap for today’s modern organization in a continuing effort to reduce external threats and protect remote employees.
More Info
Attackers on High Ground as Organizations Struggle with Email Security
Despite years of security investments, many organizations continue to struggle against criminal actors who launch daily phishing and other email-based attacks against them, according to new findings in a survey from CRA Business Intelligence, the research and content arm of the cybersecurity data and insights company CyberRisk Alliance.   The M...
More Info
Understand And Implement Integrated Cyber Risk Management
Many organizations rely on outdated and manual methods to assess and manage cyber risk. As a result, they lack adequate visibility into the organization’s true threat exposure. Leadership must know how and where to invest to minimize their risk effectively, and the key to that is Integrated Cyber Risk Management. This eBook unpacks all the cr...
More Info
Privileged Access Management as-a-Service: Protecting the Keys to Your Kingdom
Your privileged accounts are a significant risk – and not just from external hackers. 26% of businesses have users with more access privileges than required for their job meaning malicious insiders may already have what they need to damage your organization. Download this eBook courtesy of Optiv to learn how widespread PAM-related problems a...
More Info
CyberArk Privileged Access Management Solutions
Attackers are wreaking havoc across the globe with advanced cyber attacks that directly target the most valuable assets of an enterprise making privileged access management solutions integral to your business’ future. Download this white paper courtesy of CyberArk to learn how to identify your current level of risk, who your privileged users...
More Info
Piecemeal Approaches to API Security put Organizations in the Crosshairs
Many security teams struggle to achieve the visibility and maturity needed to minimize risks and protect against sophisticated attacks such as bots and distributed denial of service (DDoS), according to a new report from CRA Business Intelligence, the research arm of cybersecurity information services company CyberRisk Alliance. The survey was und...
More Info
Stakeholder Analysis: Motives, Needs and Drivers for Security Awareness Training in Modern Work Environments
Motives, needs and drivers for cybersecurity awareness training in modern work environments are findings of a stakeholder analysis with over 160 cybersecurity leaders presenting their opinions and experiences.The demand for more effective cybersecurity solutions is greater than ever. Cybersecurity by design is about securing infrastructure and maki...
More Info
The Human Risk Assessment
The biggest challenge for cybersecurity leaders is how to measure human behavior in cybersecurity.The human side of cybersecurity came into focus. Incorporating the human factor into cybersecurity by design is the future of establishing a holistic cybersecurity strategy. Of course, this comes with a whole new set of challenges. Cybersecurity knowl...
More Info
What Your Password Policy Should Be
Reports of the death of passwords have been greatly exaggerated.You know passwords are still a necessary evil, despite recurring predictions that some new credentialing architecture will take over in just a few years’ time. Until then, your goal is to craft password policies that mitigate as much risk as possible for both your employees and y...
More Info
Security Culture Report 2022Global Trends in Security Culture
The 2022 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations’ security cultures and surveying more than 530,000 employees across 2,910 organizations worldwide.The report offers unique insights which allow organizational leaders to better understand how employees view security within their organizations. T...
More Info
TPCRM 101
As organizations increasingly rely on third parties, their ecosystems become larger and more vulnerable to third-party cyber risk. Luckily, there are steps you can take in order to protect your organization from these threats, and ensuring you have a solid TPCRM strategy in place is an imperative first stepIn this guide you will learn: 1. Why havin...
More Info
CRA Study: Remote Workers Spell Trouble for InfoSec
As Enterprises and government agencies across the globe rush to support employees working remotely during the pandemic, attackers seized upon the resulting vulnerabilities, leaving security teams stretched thinly and struggling to keep up, according to a new survey from CRA Business Intelligence, the research arm of cybersecurity information servi...
More Info
CRA Study: Global Phishing Incidents Increasingly Driven by Ransomware Gangs 
Phishing attacks are increasingly driven by sophisticated ransomware gangs, and some companies are suffering up to five security incidents per quarter as a result, according to new survey findings from CRA Business Intelligence, the research and market insights arm of cybersecurity information services company CyberRisk Alliance.   Th...
More Info
CRA Study: As Cloud Adoption Surges, Can Security Keep Pace?
Security executives recognize that most business-technology systems will be maintained in a cloud environment moving forward, but are concerned that security teams are not equipped to manage the associated risk, according to a new study from CRA Business Intelligence, the research and content arm of cybersecurity information services company Cyber...
More Info
Ransomware Gangs, Industries They Target and How to Fight Back
A recent study from CyberRisk Alliance’s Business Intelligence Unit showed companies across industries under ferocious assault from ransomware gangs. In this Expert Focus eBook, experts from eSentire outline where the most damaging attacks are coming from and which industries suffer most, how criminals get in and, most importantly, how securi...
More Info
Balance Endpoint Protection And Productivity Through Zero Trust
As companies adapt to an increasingly remote workforce, security leaders are struggling with an explosion of devices requiring sensitive corporate data access outside of the traditional security perimeter. Attackers leverage gaps in protection measures exposed by this expanding attack surface to move laterally through corporate networks and comprom...
More Info
Click Happens: The case for Isolation Technology rooted in Zero Trust
We live in a world where the question is no longer whether your company will experience a data breach, but when. Hardly a day goes by that you don’t hear about a major data breach or a new cyberattack that’s making headlinesand the costs associated with these security events continue to mount. One solution is isolation technology rooted...
More Info
The State of Ransomware 2022
Sophos’ annual study of the real-world ransomware experiences of IT professionals working at the frontline has revealed an ever more challenging attack environment together with the growing financial and operational burden ransomware places on its victims. It also shines new light on the relationship between ransomware and cyber insurance, an...
More Info
CRA Study: XDR Poised to Become a Force Multiplier for Threat Detection
Organizations continue to grapple with the pace of threat expansion, especially those that evade existing cybersecurity solutions or go undetected for longer than they should. Even under the best of circumstances, security operations can be stretched thin by today’s demands and the siloed nature of security solutions that scatter data and slow pro...
More Info
Invicti AppSec Indicator: Worrisome Vulnerability Trends in the Race to Innovation
There’s no sugarcoating it: severe vulnerabilities simply aren’t getting any scarcer. In the Spring 2022 edition of the Invicti AppSec Indicator, we’re digging into a huge data set from more than 900 global Invicti customers for a holistic look at these vulnerability trends, and what organizations need to do to improve their secur...
More Info
Cover Your APIs: Securing Your Hidden Web Attack Surface
Modern web applications rely heavily on APIs, yet they’re a blind spot for many organizations. If you don’t know what might be lurking beyond your asset inventory, implementing API scanning can help secure your hidden attack surface. Read this white paper to learn: How today’s web applications incorporate APIs How APIs have cr...
More Info
Cybersecurity in U.S. Critical Infrastructure: Chemical
In a survey CyberRisk Alliance conducted among InfraGard’s membership, respondents in the chemical sector cited many headwinds to effective security, including the challenges they face keeping up with technological change. “Some of the systems we have implemented are very new to everyone. So, we are learning as we go,” said one re...
More Info
Cybersecurity in U.S. Critical Infrastructure
Findings from a summer 2021 CyberRisk Alliance research survey The Critical Infrastructure Resilience and Readiness (CIRR) benchmark scores covered in this report are based on an online CyberRisk Alliance survey conducted from July through September 2021. The survey targeted members of InfraGard a nonprofit organization serving as a public-private...
More Info
Forge Threat Detection Success at the Pyramid Apex
Sequenced behavioral-based detectionsSingular atomic-based detections have been the foundation for threat detectionin security operation centers (SOCs); however, atomic-based detectionsalone are not enough the concept has proven unreliable, yielding noisydetections with short operational lifespans. The pyramid of paincategorizes the various detect...
More Info
Why Pentesting Needs to Evolve
Antiquated legacy penetration testing methods fail to catch all the critical vulnerabilities that exist within a company’s environment, which puts organizations at risk. Security teams are moving away from traditional pen testing methods to more innovative and continuous solutions. Learn more about the challenges and deficiencies of tradition...
More Info
The State of Developer-Driven Security 2022
For the second year, Secure Code Warrior has commissioned research with Evans Data Corp to survey 1,200 developers globally to understand the skills, perceptions, and behaviors when it comes to secure coding practices, and their impact and perceived relevancy in the software development lifecycle (SDLC).View the results to explore: Why do only 14%...
More Info
The challenges (and opportunities) for secure coding practices
Despite the vast array of security measures adopted by organizations, we continue to see the repercussions of software vulnerabilities. Based on The State of Developer-Driven Security Survey 2022 by Secure Code Warrior, this whitepaper examines the responses of 1,200 developers globally to understand the state of developer security skills, and the ...
More Info
Zero Trust Slow to Build Momentum
Organizations are keen to implement zero trust architecture but have been held back by a continued lack of understanding about what that entails, according to new survey findings.The survey, sponsored by Attivo Networks and HP Wolf Security, was conducted inJanuary and February 2022among 300 IT and cybersecurity decision-makers and influencers from...
More Info
Encryption weaponized: How ransomware gangs use encryption against you, and how to fight back
Criminal actors are using encryption to mask advanced attack activity. This ebook explores their techniques, how the use of encryption evades ETA and other decryption workarounds, and which specific actions security teams can take to mount a more ironclad defense, including the use of decryption to more effectively detect attack traffic.
More Info
Enable industry-leading protection against ransomware attacks
Despite investing in and deploying various identity and access management systems, organizations of every size are faced with the constant looming threat of privileged identity risk. And with more than 95 million Active Directory accounts being targeted by attackers daily, the need to identify and protect those accounts is urgent.*In this eBook, le...
More Info
Eliminating Your #1 Blindspot Why Identity Risk Management is Essential
Identity is now the number one attack vector vulnerable identities are present in every organization. Identity risks are like a residue that remains after the course of normal IT operations. Vulnerable identities persist because of gaps between IT and security teams, and because of gaps within existing identity solutions, such as Privileged Access...
More Info
Analyzing Identity Risks (AIR) Research Report
Analyzing Identity Risks (AIR) 2022 is a statistical analysis of every Identity Risk Assessment that Illusive conducted during 2021 and includes real-world examples of how these identity risks manifest.Discover the growing use of identity-based attack tactics in ransomware and other cyberattacks and also what you can do to identify critical vulnera...
More Info
MDR or MSSP
In today’s hyper-connected world, cyberattack risks have never been more pronounced. Threat actors continue developing new and increasingly malicious and often ingenious tactics to achieve their ultimate goals. As a result, a more focused and proactive approach to detecting, investigating, and responding to threats is required. In this guide,...
More Info
The Forrester Wave: Security Awareness and Training Solutions, Q1 2022
KnowBe4 Recognized as a Leader in Security Awareness and Training Solutions by Forrester ResearchKnowBe4 has been named a Leader in The Forrester Wave: Security Awareness and Training Solutions, Q1 2022. Using a 30-criteria evaluation, the Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current of...
More Info
Building a Security Awareness Program to Help Defend Against Cyber Extortion and Ransomware
Due to the rise in sophistication and volume of cyber extortion and ransomware, the time is now to bulk up your defenses against these threats.You cannot achieve these improved defenses by deploying shiny “anti-ransomware” technology alone. A defense-in-depth model with multiple layers of control is needed.Building a security culture, o...
More Info
Security Culture Maturity Model
Introducing the Security Culture Maturity ModelThe data-driven and evidence-based Security Culture Maturity Model, developed by KnowBe4 Research, is the industry’s first maturity model specifically geared to measure security culture. The model is fueled by KnowBe4’s massive security awareness, behavior, and culture dataset.Security Cult...
More Info
CRA Study: Zero Trust Interest Surges, But Adoption Lags as Organizations Struggle with Concepts 
Organizations are keen to implement zero trust architecture but have been held back by a continued lack of understanding about what that entails, according to new survey findings. The survey, sponsored by Attivo Networks and HP Wolf Security, was conducted in January and February 2022 among 300 IT and cybersecurity decision-makers and influence...
More Info
Encryption vs.decryption: A Network traffic analysis analysis
Within the MITRE ATT&CK framework, which attacks would you miss by not fully decrypting traffic? Can fully decrypted traffic help detect attacks sooner? This report explores the best balance between protection, privacy and performance for traffic decryption.
More Info
CRA Study: Managing Third-Party Risk in the Era of Zero Trust 
Companies large and small are struggling to stave off data breaches and prevent compliance violations as third-party partners they increasingly rely upon come under attack. These findings are according to a new survey fielded by CRA Business Intelligence, the insights and research unit of cybersecurity information services company CyberRisk Allian...
More Info
Should I pay a ransom? A 5-step decision-making process
It’s the kind of note that grabs you by the shirt and doesn’t let go: “All of your files are stolen and encrypted!” The next thing you read is the extortion demand: pay up, or else. In this scenario, your organization has a limited amount of time to ask a series of critical questions before making the ultimate choice. By asking and addres...
More Info
Incident response for a remote world
Most enterprise incident response plans were developed before the pandemic, designed for a world in which responders did their work on site. With more security practitioners working remotely, procedures, tools and techniques that worked well on premises no longer cut it. A new approach is required. This eBook focuses on the challenges created...
More Info
Forrester Total Economic Impact of Tanium
The Forrester Consulting Total Economic Impact (TEI) study commissioned by Tanium helps technology decision-makers to examine the financial analysis and potential impact of Tanium’s solutions to their business. When you read the report, you’ll learn why organizations relying on point solutions to manage and secure their devices face a v...
More Info
Organizations Struggle to Measure and Monitor Cyber Risk
Many organizations struggle with a perilous communications gap. Data from this Harvard Business Review Pulse Survey commissioned by Tanium illuminates how effective cyber-risk oversight is hampered by the mutual shortage of knowledge between executives and cybersecurity leaders and what they must do to build bridges to effective communication, incl...
More Info
Building the foundation of a mature threat hunting program
Many organizations, especially large global enterprises, don’t always have the best visibility into how many third-party vendors they are using at a given time, or what types of assets are in their environment because of those third-party vendors. In addition, they are at the mercy of their third-party partners’ security as well as thei...
More Info
The Inside-out Enterprise: Redefining IT SecOps for the Remote-First Workplace
Once concentrated in internally managed data centers, applications and data are now distributed across multiple public and private clouds. This presents unprecedented challenges for IT teams around asset inventory, vulnerability assessment, patch management and client security; not to mention help desk responses and employee productivity. Download ...
More Info
Ransomware vs. Multi-cloud: How to protect multi-cloud environments from the next attack
Though the scale and economics of the cloud are a boon for today’s enterprise, moving applications and data out of the data center into multi-cloud environments has greatly expanded threat surfaces, putting enterprises at greater risk of devastating ransomware attacks. This report will explore how to move beyond segmentation inside the ...
More Info
SecurityWeekly Labs Review: Cortex XDR
Like most XDR products, endpoint is both at the core of the Cortex XDR product and shares the stage with a long list of native and third-party integrations. Palo Alto’s ubiquitous firewall is a key component, though competitors’ firewalls are also supported. Log ingestion, cloud infrastructure, and IAM components all have their pa...
More Info
2022 Cyber Workforce Benchmark Report
Over the last 18 months, we at Immersive Labs conducted a deep analysis into the cyber knowledge, skills, and judgment of more than 2,100 organizations based on their participation in over 500,000 exercises and simulations. The findings from this study are compiled in the world’s first Cyber Workforce Benchmark Report. The Cyber Workforce Ben...
More Info
There’s No Place for Guesswork in Cyber Attack Investigations
Recently, organizations have witnessed more (and more aggressive) data breaches than ever before. The likelihood that it’s likely only a matter of time before their own network comes under attack intensifies the pressure on IT and cybersecurity pros. Beyond the endpoint security, firewalls and other protective mechanisms that they have alread...
More Info
Ransomware Attacks with Real-World Consequences
Ransomware groups have taken their attacks to a dangerous new level in recent months, targeting ubiquitous software used by business, government agencies and critical infrastructure, and revealing multiple vulnerabilities in the software supply chain. Among them was the SolarWinds attack, discovered at the end of 2020. More recently, a rans...
More Info
Cybersecurity in U.S. Critical Infrastructure: Critical Manufacturing
In a survey CyberRisk Alliance conducted among InfraGard’s membership, respondents in the critical manufacturing sector cited many challenges in their ability to execute their cybersecurity strategies. Companies in this industry are having to play catchup as the technology it depends upon is increasingly digitized and connected. “...
More Info
The Emerging Case for Proactive Mule Detection
While the financial services industry is nearly unanimous in acknowledging mules are central to the fraud supply chain, and disrupting mule activity would deal a damaging blog to global financial crime, the road to get there is not quite as easy.The bad news is that robust networks of mule accounts were created during the pandemic to move money fro...
More Info
Spot the Impostor: Tackling the Rise in Social Engineering Scams
Social engineering scams are on the rise worldwide. In the last year, the number of social engineering scams have increased 57%, and impostor scams were the number one type of fraud reported by consumers, according to the U.S. Federal Trade Commission.Legacy fraud prevention controls that rely on device, IP and network-based attributes are no longe...
More Info
2021 ICS/OT Cybersecurity Year in Review – Executive Summary
PREPARE YOUR CYBER DEFENSES. The industrial cyber threat landscape is constantly changing with new adversaries, vulnerabilities, and attacks that put operations and safety at risk. Get what you need to know quickly to protect your critical assets by reading the Executive Summary of the 2021 Year in Review. Discover: Findings from incident response...
More Info