Free Cybersecurity Research, Whitepapers, Reports | SC Media

CRA Study: Non-traditional Endpoint Security Widely Unchecked, Contributing to Surge in Breaches
The widespread shift to work-at-home environments and the proliferation of non-traditional endpoints has had a moderate to high impact on the number of enterprise-related security breaches (41%) since 2020, according to a survey conducted by CRA Business Intelligence, the research and content arm o...
All About EASM: The External Attack Surface Management Buyers Guide
This buyer’s guide covers the emerging External Attack Surface Management space what the technology is designed to address, how it results in risk reduction, and how to find and deploy the ideal EASM platform.
Cloud Identitys Buyers Guide
Cloud computing and identity and access management (IAM) are foundational to realizing the full potential of digital transformation. Choosing a cloud identity security solution that supports your specific digital transformation objectives while addressing the necessary cloud migration requirements, ...
Increase Efficiency: Migrate Your Identity Infrastructure to Ping Identitys Cloud
Watch as Ping Identity’s VP of Cloud Migration, Joseph Dhanapal, discusses cloud migration benefits, steps, and timelines. Additionally, Davis Arora, Sr Director of Cyber Security at Honeywell, shares his cloud migration story and benefits of migrating to Ping’s cloud.
CIAM 101: Securing access and improving experiences for customers
Customer identity and access management (CIAM) enables organizations to securely capture and manage customer identity and profile data, as well as control customer access to applications and services. But how does it work and what must security teams know when considering investments to secure custo...
New solutions to account takeovers
In this Gartner Report, Shift Focus from MFA to Continuous Adaptive Trust, you’ll learn the details of MFA and its current place in the security process.Make effective choices for MFA by focusing on risk-appropriate options, rather than just checking the MFA box. Multi-Factor Authentication (M...
The battle against attempted fraud continues
Gatepoint Research recently surveyed 100 executives from diverse businesses on their fraud prevention strategies on behalf of Telesign. A few of the questions included: How fraud management fits into their overall business and operations strategy What tools they use to prevent fraud What challenges...
Engage and protect your customers at every touchpoint
Open communications paths and close security gapsHow many touchpoints do you have with your customer over their lifecycle? Each engagement represents an opportunity to build a world- class customer experience, but it also represents a point of vulnerability that savvy fraudsters seek to exploit.This...
The fundamentals of establishing digital trust
Telesign’s VP of Marketing, Brendon O’Donovan, recently sat down with ISMG’s SVP Editor, Tom Field, to discuss the concept of digital trust, why it is the immediate future of how enterprises conduct business, and the fundamentals of maintaining trust in the digital world.With trust...
New solutions to account takeovers
In this Gartner Report, Shift Focus from MFA to Continuous Adaptive Trust, you’ll learn the details of MFA and its current place in the security process.Make effective choices for MFA by focusing on risk-appropriate options, rather than just checking the MFA box. Multi-Factor Authentication (M...
API Security for the Modern Enterprise
This eBook gathers articles written by API security experts and covers the most critical aspects of securing APIs and microservices. It introduces related topics, standards like OAuth 2, OpenID Connect, and SCIM, and how to connect these to your applications, systems, and user identities.You will le...
Modern Techniques for Securing Single Page Applications
Single Page Applications (SPAs) seem simple on the surface, using modern development stacks that streamline Web UI development and deliver rich user experiences. However, SPA security becomes more complicated when considering threats such as Cross-Site Scripting (XSS). The browser is a hostile place...
Why Should You Care About Unknown & Unexpected Changes?
On average, it takes 212 days before an enterprise company realizes they have been breached. The only way to reduce this unacceptable statistic is via System Integrity Assurance. An integrity solution should provide configuration management, change reconciliation, change roll-back and/or prevention,...
CimTrak Solution Brief – System
System Hardening is accomplished by leveraging the best practices of benchmarks such as CIS Benchmarks or DISA STIGs and the award-winning CimTrak platform. This ensures that any unexpected or unauthorized changes to your security posture are detected and documented via CimTrak’s robust report...
ZTNA vs On-Premises Firewall VPN: The Ultimate Guide
Hardware firewall VPNs of yesterday simply cannot protect workers beyond the traditional perimeter. This leaves a major security gap for today’s modern organization in a continuing effort to reduce external threats and protect remote employees.
The WFH Security Checklist: 10 Essential Tips for IT Teams
According to Perimeter 81’s recent State of Cybersecurity Report, 87% of companies plan to have employees working remotely in 2022 and beyond. Download this white paper and checklist to help you rapidly deploy secure remote access for your entire workforceno matter where they are working.
The Essential Guide to Preventing Ransomware Attacks
There were over 2,690 ransomware attacks last year alone. One accidental click from an unknowing or untrained employee can wind up costing you millions. Is your organization and remote workforce secure from ransomware threats?
ZTNA vs On-Premises Firewall VPN: The Ultimate Guide
Hardware firewall VPNs of yesterday simply cannot protect workers beyond the traditional perimeter. This leaves a major security gap for today’s modern organization in a continuing effort to reduce external threats and protect remote employees.
The WFH Security Checklist: 10 Essential Tips for IT Teams
According to Perimeter 81’s recent State of Cybersecurity Report, 87% of companies plan to have employees working remotely in 2022 and beyond. Download this white paper and checklist to help you rapidly deploy secure remote access for your entire workforceno matter where they are working.
ZTNA vs. VPN | How a ZTNA Solution Does What VPNs Cant
Gartner predicts that 60% of enterprises will phase out their VPNs in favor of a ZTNA security solution by 2023. Don’t leave your security behind. Discover 7 convincing reasons to ditch your legacy VPN for ZTNA or risk leaving your network vulnerable to external attacks. Move past the limitati...
Hack Your Pentesting Routine
Security teams face the challenge of communicating clearly in an ever-evolving landscape of threats, tools, and expectations. The offensive security methods that worked just a few years ago may no longer be meeting the needs of all stakeholders. If you are eager to find ways of improving your intern...
Pam Maturity Model Matrix
Privileged Access Management (PAM) is the most effective way to combat identity and privilege-based attacks, by securing passwords and other secrets, granular access control, session management, and other Zero Trust strategies.But, trying to implement all PAM capabilities at the same time would be a...
IDC TechBrief: Interactive Application Security Testing (IAST)
With the exponential growth of code complexity and demand for secure software, there’s no better time than now for AppSec and Developers to use Interactive Application Security Testing (IAST).Read the “IDC TechBrief: Interactive Application Security Testing” to learn how IAST: Pro...
Ponemon Report: The State of Enterprise Identity
With a wave of unexpected challenges flooding the cybersecurity landscape, many enterprises are reassessing their view of identity security and the ever-present role it plays in mitigating risk and ensuring regulatory compliance.This inaugural research study by Saviynt and the Ponemon Institute exam...
Cloud Security Automation For Dummies
Get the big picture on cloud security, in all its complexity, speed, and scale. Our Cloud Security Automation For Dummies eBook provides a solid foundation in the value, challenges, and best practices of cloud security automation. Journey through the paradigm shift in cloud security: where we areand...
Buyer’s Guide for Cloud Security Platform
Cyber resilience comes when you’ve secured your multi-cloud infrastructure and enabled your DevSecOps team with transparency so they can discover and fix security issues more quickly.Finding a tool that empowers your team with a single unified platform is a challenge. To help, we’ve prep...
Organizations Adopt Aggressive, More Proactive Vulnerability Management Strategies in 2022
There isn’t an information security professional who hasn’t contemplated the potentially dire consequences of a cyberattack to their organization. Findings from CRA’s July 2022 Vulnerability Management Study indicate that virtually all respondents are concerned about the various we...
Writing a Killer Penetration Test Report
You may have l33t skillz on the command line, but can you communicate through the written word?The penetration test report is the deliverable upon which a penetration tester or security consultancy will be judged by clients and indirectly by future clients. Yet very few pentesters enjoy let alone f...
The Power of Purple Teaming
Security teams know the key to catching and stopping attacks early is to understand how their adversaries think. But many are behind the curve, according to a survey (conducted by CyberRisk Alliance and sponsored by PlexTrac) among 315 security influencers and decision makers in the U.S. and Canada....
Threat Hunting Essentials: How To Craft An Effective Process
Threat hunting has become a critical exercise in the fight for stronger security. But as the threat landscape continues to change, hunting techniques must also adapt. This eBook explores that changing landscape and offers guidance to help organizations get started with threat hunting and ramp up exe...
Threat Intel Leveraged to Secure Systems and Educate Executives
Organizations understand the important role threat intelligence solutions play in maintaining a strong cybersecurity posture, particularly with the rise of ransomware. According to findings in a survey from CRA Business Intelligence, the research and content arm of the cybersecurity data and insigh...
Strategies for Building Cohesive Security Programs
Over the last two decades, the field of cybersecurity has undergone explosive growth. The shift to a digitally driven economy, the rapid progress and adoption of new technologies, the rise of advanced attacks and the commoditization of offensive tools have all contributed to cybersecurity’s co...
Delivering Business Value Through a Well-Governed Digital Identity Program
In this white paper, Delivering Business Value Through a Well-Governed Digital Identity Program, we help you understand how Digital Identity and Access Management (IAM) programs can deliver value and help meet business objectives through an attribute-based approach. We also discuss the necessary fra...
Active SAP Exploitation Activity Identified by the Onapsis Research Labs
The Onapsis Research Labs observed active exploitation attempts against three existing and previously patched SAP vulnerabilities. These vulnerabilities are remotely exploitable through the HTTP(s) protocol and have publicly available exploits and PoCs which facilitate its exploitation.This session ...
New critical vulnerabilities in SAP Internet Communication Manager require immediate attention
The Onapsis Research Labs identified three critical vulnerabilities in a memory handling mechanism which can lead to full system takeover, if exploited by an attacker. Leveraging the most critical vulnerability (CVSSv3 10.0) is simple, requires no previous authentication, no preconditions are necess...
Customer Identity Buyer’s Guide
The way you design, manage and deploy customer identity can make or break your customers’ experience. Customer identity and accessmanagement (CIAM) gives you the capabilities to deliver seamless experiences at every point in your customers’ journey, making it fundamental if your organiza...
MFA for Customers
Multi-factor authentication (MFA) provides a critical extra layer of protection to your enterprise and your customers. No longer just for employee use cases, MFA can be successfully leveraged to secure your customers’ interactions with your digital properties and mitigate the ripple effect of ...
The Essential Guide to Preventing Ransomware Attacks
There were over 2,690 ransomware attacks last year alone. One accidental click from an unknowing or untrained employee can wind up costing you millions. Is your organization and remote workforce secure from ransomware threats? Find out with The Essential Guide to Preventing Ransomware Attacks eBook....
ZTNA vs On-Premises Firewall VPN: The Ultimate Guide Description: See how Zero Trust Network Access compares to on-premises VPNs
Hardware firewall VPNs of yesterday simply cannot protect workers beyond the traditional perimeter. This leaves a major security gap for today’s modern organization in a continuing effort to reduce external threats and protect remote employees.
The WFH Security Checklist: 10 Essential Tips for IT Teams
According to Perimeter 81’s recent State of Cybersecurity Report, 87% of companies plan to have employees working remotely in 2022 and beyond. Download this white paper and checklist to help you rapidly deploy secure remote access for your entire workforceno matter where they are working.
ZTNA vs. VPN | How a ZTNA Solution Does What VPNs Cant
Gartner predicts that 60% of enterprises will phase out their VPNs in favor of a ZTNA security solution by 2023. Don’t leave your security behind. Discover 7 convincing reasons to ditch your legacy VPN for ZTNA or risk leaving your network vulnerable to external attacks. Move past the limitati...
How to Keep up With the Rapidly Expanding Scope of the OWASP Top Ten
Since the Top Ten first launched in 2003, organizations rely on the list to assess the completeness of their application security effortsand implications for compliance and risk management. Read this eBook to see: What was added and what changed in the 2021 OWASP Top Ten What are the most important...
ESG: Developers: Own Your Security Destiny
In this new report by Enterprise Strategy Group (ESG), developers will come away with key insights on how to eliminate friction with their security counterparts including: How to pick the right tools so developers can own security within their native workflow How to eliminate painful re-work and ou...
Third-Party Cyber Risk Management for Dummies
The traditional way of approaching third-party cyber risk management (TPCRM) is outdated and full of inefficiencies and missed opportunities that leave organizations vulnerable to cyber risk. But that doesn’t have to be the case. Download the guide to learn: Why traditional approaches to th...
Risk and Security Workflows Book of Knowledge
Change can happen in an instant, and over the last year, many leaders learned that firsthand. This book features stories told at Knowledge 2021 from organizations like Bupa, TCF Bank, and the University of Southern California and how they handle complex challenges with the help of workflows.
Attackers on High Ground as Organizations Struggle with Email Security
Despite years of security investments, many organizations continue to struggle against criminal actors who launch daily phishing and other email-based attacks against them, according to new findings in a survey from CRA Business Intelligence, the research and content arm of the cybersecurity data a...
Understand And Implement Integrated Cyber Risk Management
Many organizations rely on outdated and manual methods to assess and manage cyber risk. As a result, they lack adequate visibility into the organization’s true threat exposure. Leadership must know how and where to invest to minimize their risk effectively, and the key to that is Integrated Cy...
Privileged Access Management as-a-Service: Protecting the Keys to Your Kingdom
Your privileged accounts are a significant risk – and not just from external hackers. 26% of businesses have users with more access privileges than required for their job meaning malicious insiders may already have what they need to damage your organization. Download this eBook courtesy of Op...
CyberArk Privileged Access Management Solutions
Attackers are wreaking havoc across the globe with advanced cyber attacks that directly target the most valuable assets of an enterprise making privileged access management solutions integral to your business’ future. Download this white paper courtesy of CyberArk to learn how to identify you...
Piecemeal Approaches to API Security put Organizations in the Crosshairs
Many security teams struggle to achieve the visibility and maturity needed to minimize risks and protect against sophisticated attacks such as bots and distributed denial of service (DDoS), according to a new report from CRA Business Intelligence, the research arm of cybersecurity information servi...
Stakeholder Analysis: Motives, Needs and Drivers for Security Awareness Training in Modern Work Environments
Motives, needs and drivers for cybersecurity awareness training in modern work environments are findings of a stakeholder analysis with over 160 cybersecurity leaders presenting their opinions and experiences.The demand for more effective cybersecurity solutions is greater than ever. Cybersecurity b...
The Human Risk Assessment
The biggest challenge for cybersecurity leaders is how to measure human behavior in cybersecurity.The human side of cybersecurity came into focus. Incorporating the human factor into cybersecurity by design is the future of establishing a holistic cybersecurity strategy. Of course, this comes with a...
What Your Password Policy Should Be
Reports of the death of passwords have been greatly exaggerated.You know passwords are still a necessary evil, despite recurring predictions that some new credentialing architecture will take over in just a few years’ time. Until then, your goal is to craft password policies that mitigate as m...
Security Culture Report 2022Global Trends in Security Culture
The 2022 KnowBe4 Security Culture Report is the largest study of its kind, measuring organizations’ security cultures and surveying more than 530,000 employees across 2,910 organizations worldwide.The report offers unique insights which allow organizational leaders to better understand how emp...
TPCRM 101
As organizations increasingly rely on third parties, their ecosystems become larger and more vulnerable to third-party cyber risk. Luckily, there are steps you can take in order to protect your organization from these threats, and ensuring you have a solid TPCRM strategy in place is an imperative fi...
CRA Study: Remote Workers Spell Trouble for InfoSec
As Enterprises and government agencies across the globe rush to support employees working remotely during the pandemic, attackers seized upon the resulting vulnerabilities, leaving security teams stretched thinly and struggling to keep up, according to a new survey from CRA Business Intelligence, t...
CRA Study: Global Phishing Incidents Increasingly Driven by Ransomware Gangs 
Phishing attacks are increasingly driven by sophisticated ransomware gangs, and some companies are suffering up to five security incidents per quarter as a result, according to new survey findings from CRA Business Intelligence, the research and market insights arm of cybersecurity information serv...
CRA Study: As Cloud Adoption Surges, Can Security Keep Pace?
Security executives recognize that most business-technology systems will be maintained in a cloud environment moving forward, but are concerned that security teams are not equipped to manage the associated risk, according to a new study from CRA Business Intelligence, the research and content arm o...
Ultimate Guide to CIAM
Our world has rapidly evolved into a digital reality where many daily interactions occur online rather than face-to- face. It’s tempting to attribute this fast-moving digital transformation solely to the COVID global pandemic. But in actuality, it was merely the accelerant for a trend that was...
Ransomware Gangs, Industries They Target and How to Fight Back
A recent study from CyberRisk Alliance’s Business Intelligence Unit showed companies across industries under ferocious assault from ransomware gangs. In this Expert Focus eBook, experts from eSentire outline where the most damaging attacks are coming from and which industries suffer most, how ...
Balance Endpoint Protection And Productivity Through Zero Trust
As companies adapt to an increasingly remote workforce, security leaders are struggling with an explosion of devices requiring sensitive corporate data access outside of the traditional security perimeter. Attackers leverage gaps in protection measures exposed by this expanding attack surface to mov...
Click Happens: The case for Isolation Technology rooted in Zero Trust
We live in a world where the question is no longer whether your company will experience a data breach, but when. Hardly a day goes by that you don’t hear about a major data breach or a new cyberattack that’s making headlinesand the costs associated with these security events continue to ...
The State of Ransomware 2022
Sophos’ annual study of the real-world ransomware experiences of IT professionals working at the frontline has revealed an ever more challenging attack environment together with the growing financial and operational burden ransomware places on its victims. It also shines new light on the relat...
CRA Study: XDR Poised to Become a Force Multiplier for Threat Detection
Organizations continue to grapple with the pace of threat expansion, especially those that evade existing cybersecurity solutions or go undetected for longer than they should. Even under the best of circumstances, security operations can be stretched thin by today’s demands and the siloed nature of...
Invicti AppSec Indicator: Worrisome Vulnerability Trends in the Race to Innovation
There’s no sugarcoating it: severe vulnerabilities simply aren’t getting any scarcer. In the Spring 2022 edition of the Invicti AppSec Indicator, we’re digging into a huge data set from more than 900 global Invicti customers for a holistic look at these vulnerability trends, and wh...
Cover Your APIs: Securing Your Hidden Web Attack Surface
Modern web applications rely heavily on APIs, yet they’re a blind spot for many organizations. If you don’t know what might be lurking beyond your asset inventory, implementing API scanning can help secure your hidden attack surface. Read this white paper to learn: How today’s w...
SW Labs Review: Detectify Surface Monitoring
This review, written by Paul Asadoorian, focuses on Detectify’s Surface Monitoring product. This crowdsource-backed attack surface monitoring component discovers Internet facing assets such as subdomains, exposed files, vulnerabilities and misconfigurations.The Surface Monitoring product was d...
Cybersecurity in U.S. Critical Infrastructure: Chemical
In a survey CyberRisk Alliance conducted among InfraGard’s membership, respondents in the chemical sector cited many headwinds to effective security, including the challenges they face keeping up with technological change. “Some of the systems we have implemented are very new to everyone...
Cybersecurity in U.S. Critical Infrastructure
Findings from a summer 2021 CyberRisk Alliance research survey The Critical Infrastructure Resilience and Readiness (CIRR) benchmark scores covered in this report are based on an online CyberRisk Alliance survey conducted from July through September 2021. The survey targeted members of InfraGard a ...
Webinar: Join the (Re)evolution of Security
Security has made a name for itself as “important” and “a priority” for businesses, but is it being implemented? Are you ready to be part of the security conversation and know the right questions to ask?As security and business success become synonymous we’re wanted to...
Forge Threat Detection Success at the Pyramid Apex
Sequenced behavioral-based detectionsSingular atomic-based detections have been the foundation for threat detectionin security operation centers (SOCs); however, atomic-based detectionsalone are not enough the concept has proven unreliable, yielding noisydetections with short operational lifespans....
Why Pentesting Needs to Evolve
Antiquated legacy penetration testing methods fail to catch all the critical vulnerabilities that exist within a company’s environment, which puts organizations at risk. Security teams are moving away from traditional pen testing methods to more innovative and continuous solutions. Learn more ...
The State of Developer-Driven Security 2022
For the second year, Secure Code Warrior has commissioned research with Evans Data Corp to survey 1,200 developers globally to understand the skills, perceptions, and behaviors when it comes to secure coding practices, and their impact and perceived relevancy in the software development lifecycle (S...
The challenges (and opportunities) for secure coding practices
Despite the vast array of security measures adopted by organizations, we continue to see the repercussions of software vulnerabilities. Based on The State of Developer-Driven Security Survey 2022 by Secure Code Warrior, this whitepaper examines the responses of 1,200 developers globally to understan...
Zero Trust Slow to Build Momentum
Organizations are keen to implement zero trust architecture but have been held back by a continued lack of understanding about what that entails, according to new survey findings.The survey, sponsored by Attivo Networks and HP Wolf Security, was conducted inJanuary and February 2022among 300 IT and ...
Encryption weaponized: How ransomware gangs use encryption against you, and how to fight back
Criminal actors are using encryption to mask advanced attack activity. This ebook explores their techniques, how the use of encryption evades ETA and other decryption workarounds, and which specific actions security teams can take to mount a more ironclad defense, including the use of decryption to ...
Enable industry-leading protection against ransomware attacks
Despite investing in and deploying various identity and access management systems, organizations of every size are faced with the constant looming threat of privileged identity risk. And with more than 95 million Active Directory accounts being targeted by attackers daily, the need to identify and p...
Eliminating Your #1 Blindspot Why Identity Risk Management is Essential
Identity is now the number one attack vector vulnerable identities are present in every organization. Identity risks are like a residue that remains after the course of normal IT operations. Vulnerable identities persist because of gaps between IT and security teams, and because of gaps within exis...
Analyzing Identity Risks (AIR) Research Report
Analyzing Identity Risks (AIR) 2022 is a statistical analysis of every Identity Risk Assessment that Illusive conducted during 2021 and includes real-world examples of how these identity risks manifest.Discover the growing use of identity-based attack tactics in ransomware and other cyberattacks and...
Russia-Ukraine Crisis | Defending Your Organization From Geopolitical Cybersecurity Threats
As the geopolitical stage becomes increasingly tumultuous, organizations across the globe need to be in a heightened state of alert regarding their cybersecurity. Watch this session as our security experts share their commentary and advice in response to potential state-sponsored attacks from Russia...
MDR or MSSP
In today’s hyper-connected world, cyberattack risks have never been more pronounced. Threat actors continue developing new and increasingly malicious and often ingenious tactics to achieve their ultimate goals. As a result, a more focused and proactive approach to detecting, investigating, and...
The Forrester Wave: Security Awareness and Training Solutions, Q1 2022
KnowBe4 Recognized as a Leader in Security Awareness and Training Solutions by Forrester ResearchKnowBe4 has been named a Leader in The Forrester Wave: Security Awareness and Training Solutions, Q1 2022. Using a 30-criteria evaluation, the Forrester Wave report ranks 11 vendors in the security aware...
Building a Security Awareness Program to Help Defend Against Cyber Extortion and Ransomware
Due to the rise in sophistication and volume of cyber extortion and ransomware, the time is now to bulk up your defenses against these threats.You cannot achieve these improved defenses by deploying shiny “anti-ransomware” technology alone. A defense-in-depth model with multiple layers o...
Security Culture Maturity Model
Introducing the Security Culture Maturity ModelThe data-driven and evidence-based Security Culture Maturity Model, developed by KnowBe4 Research, is the industry’s first maturity model specifically geared to measure security culture. The model is fueled by KnowBe4’s massive security awar...
IT Security Best Practices to Block Ransomware
Check out this report to examine commonly used techniques to deliver ransomware, understand why attacks are succeeding, and review IT security recommendations to help your organization stay secure. In addition, learn the critical cybersecurity technologies that every IT setup should include.
Security Essentials 101 for Datacenters
Learn how datacenters are driving high performance and agility, while also delivering rock solid security.Download the guides to high performance security for hybrid datacenters, including the use of SecDevOps, AI/ML, and autonomous threat prevention. And, learn about your peers’ top prioritie...
CRA Study: Zero Trust Interest Surges, But Adoption Lags as Organizations Struggle with Concepts 
Organizations are keen to implement zero trust architecture but have been held back by a continued lack of understanding about what that entails, according to new survey findings. The survey, sponsored by Attivo Networks and HP Wolf Security, was conducted in January and February 2022 among 300 ...
Encryption vs.decryption: A Network traffic analysis analysis
Within the MITRE ATT&CK framework, which attacks would you miss by not fully decrypting traffic? Can fully decrypted traffic help detect attacks sooner? This report explores the best balance between protection, privacy and performance for traffic decryption.
CRA Study: Managing Third-Party Risk in the Era of Zero Trust 
Companies large and small are struggling to stave off data breaches and prevent compliance violations as third-party partners they increasingly rely upon come under attack. These findings are according to a new survey fielded by CRA Business Intelligence, the insights and research unit of cybersecu...
Should I pay a ransom? A 5-step decision-making process
It’s the kind of note that grabs you by the shirt and doesn’t let go: “All of your files are stolen and encrypted!” The next thing you read is the extortion demand: pay up, or else. In this scenario, your organization has a limited amount of time to ask a series of critical questions before m...
Incident response for a remote world
Most enterprise incident response plans were developed before the pandemic, designed for a world in which responders did their work on site. With more security practitioners working remotely, procedures, tools and techniques that worked well on premises no longer cut it. A new approach is requ...
Forrester Total Economic Impact of Tanium
The Forrester Consulting Total Economic Impact (TEI) study commissioned by Tanium helps technology decision-makers to examine the financial analysis and potential impact of Tanium’s solutions to their business. When you read the report, you’ll learn why organizations relying on point sol...
Organizations Struggle to Measure and Monitor Cyber Risk
Many organizations struggle with a perilous communications gap. Data from this Harvard Business Review Pulse Survey commissioned by Tanium illuminates how effective cyber-risk oversight is hampered by the mutual shortage of knowledge between executives and cybersecurity leaders and what they must do...
Building the foundation of a mature threat hunting program
Many organizations, especially large global enterprises, don’t always have the best visibility into how many third-party vendors they are using at a given time, or what types of assets are in their environment because of those third-party vendors. In addition, they are at the mercy of their th...
The Inside-out Enterprise: Redefining IT SecOps for the Remote-First Workplace
Once concentrated in internally managed data centers, applications and data are now distributed across multiple public and private clouds. This presents unprecedented challenges for IT teams around asset inventory, vulnerability assessment, patch management and client security; not to mention help d...
2022 Identity and Security Trends
Between evolving cyberattacks and executive orders, last year exposed new levels of uncertainty across the security landscape. Data shows us these challenges are only projected to grow and now’s the time to mobilize. Loaded with expert insights and the latest industry analytics, our new eBook...
Ransomware vs. Multi-cloud: How to protect multi-cloud environments from the next attack
Though the scale and economics of the cloud are a boon for today’s enterprise, moving applications and data out of the data center into multi-cloud environments has greatly expanded threat surfaces, putting enterprises at greater risk of devastating ransomware attacks. This report will e...
SecurityWeekly Labs Review: Cortex XDR
Like most XDR products, endpoint is both at the core of the Cortex XDR product and shares the stage with a long list of native and third-party integrations. Palo Alto’s ubiquitous firewall is a key component, though competitors’ firewalls are also supported. Log ingestion, cloud in...