Cybercrime | SC Media

Cybercrime

Partner

Community Defense Model
The CIS Controls® are a set of 20 top-level secure best practices containing 171 Sub-Controls, that provide a prioritized path to gradually improve an organization’s cyber defense program.
2020 Buyer’s Guide Report
Breaches are all too common today as determined cyber criminals have become better organized and more targeted in their attacks. In many cases, a C-level executive loses their job as a result. That doesn’t have to be you—or your organization. The right testing solution is key to keeping you safe. While searching for the one that’s the best fit for your organization, be sure to prioritize your goals. Are you seeking holistic security to mitigate the chance of a breach? Are you focused solely on compliance? Is there a customer or partner insisting that you get a checkup? Are you looking for a point-in-time test or for continuous security as your network and applications evolve?
Executive Protection at Home is the Major Gap in Cybersecurity
While many of us do not realize it, industrious hackers are interested in gaining access to just about any set of personal and private data and assets so that these materials can be exploited. The level of the value lies in how much the payoff may be once the criminal steals the private data and puts it to work for nefarious purposes. For a key executive or board member, the pay off potential is obviously high.
The State of Personal Cybersecurity & Privacy
In 2020, the risk of cybercrime is greater than ever. When new clients join BlackCloak, we scan and assess their networks, devices, and security practices. The results are often shocking. Many individuals are surprised to discover that their homes and devices had previously been compromised. We solve the problem – but in the process, we have uncovered revealing data about the current state of personal cybersecurity and privacy.
Cybersecurity Awareness Month Resources: Phishing Awareness Kit
Engage and educate your end users with our free toolkit: Are your end users protected from dangerous phishing attacks? To help you protect them, Proofpoint Security Awareness Training is offering a free Phishing Awareness Kit. This helpful kit gives you the tools you need to engage your users and turn them into a strong line of defense against phishing attacks and other cyber threats.
SANS Top New Attacks and Threat Report
There are many places to find backward-looking statistics of how many attacks were launched in cyberspace. Forward-looking guidance areas that security managers should focus on are harder to find. In times of economic uncertainty, it is even more critical for security teams to prioritize resources to increase effectiveness and efficiency in dealing with known threats while also minimizing the risk from emerging attacks.
Cyber Range and Simulation Based Training Use Case Coverage
A new generation of eLearning and simulation technologies is changing the way CISOs operationalize cybersecurity. Advanced training technologies are helping teams hire more effectively, hone the skills of their cyber pros, and build highly efficient incident response processes. Learn about the value that simulation-based training offers across seven critical cybersecurity team use cases.
The Rise of Machine Learning (ML) in Cybersecurity
While many organizations are guarding the front door with yesterday’s signature-based antivirus (AV) solutions, today’s unknown malware walks out the back door with all their data. What’s the answer?
Know Your Enemy. Know Your Risk.
Understanding the risks to your most sensitive data begins with understanding the mindset of the hackers attacking it. This report gets inside the mind of a hacker, analyzing their motivations for penetrating cyber defenses, their methods and the most effective ways to reduce your risk.
Third-party risk to the nth degree
For many, cost-effective scalability usually means outsourcing some or all of your business functions to a complex web of third-party vendors. The Third-Party Risk to the Nth Degree white paper provides quantitative and contextual measures by which your organization can compare current practices and investment to help mitigate third-party cyber risk.
A Guide to Digital Risk Protection for Security Teams
The broad adoption of collaboration, chat, and social channels, such as Microsoft Teams, and Slack, WhatsApp, and LinkedIn, coupled with the rapid expansion of work-from-home (WFH) during the COVID-19 pandemic has created an expansive attack surface with huge cyber risk exposure for the enterprise. These digital communication channels operate with a volume and velocity that is rapidly outpacing email.
Report: 2020 Phishing By Industry Benchmarking
As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to be a race between effective technology and ever evolving attack strategies from the bad guys. However, there’s an often-overlooked security layer that can significantly reduce your organization’s attack surface: New-school security awareness training.
Winnti: More than just Windows and Gates
The Winnti malware family was first reported in 2013 and since then, threat actors leveraging Winnti malware have victimized a diverse set of targets for varied motivations. While the name ‘Winnti’ in public reporting was previously used to signify a single actor, there is now industry consensus that the malware itself may be shared (or sold) across a small group of actors.
Who is GOSSIPGIRL? Revisiting the O.G. threat actor supergroup
Follow this fascinating take on a thin thread unearthed in a CSEC presentation titled “Pay attention to that man behind the curtain: Discovering aliens on CNE infrastructure” that led to surprising discoveries on a threat actor assumed to be retired.
Abusing Code Signing for Profit
Signing a Windows executable file was originally conceived as a way to discriminate between legitimate and potentially malicious software. Unfortunately, the system is built on a problematic core tenet: Trust.
Ponemon Institute: Staffing the IT security function in the age of automation
Ponemon Institute conducted the second annual study "Staffing the IT Security Function in the Age of Automation: A Study of Organizations in the United States, United Kingdom and APAC" to better understand how organizations are addressing the problem of attracting and retaining IT security practitioners and how the adoption of automation and artificial intelligence (AI) will impact IT security.
Security megatrends report summary
This report delves into several areas of concern today. The report identifies challenges and perceptions that enterprises, midmarket companies, and SMBs face across seven industry verticals including manufacturing, financial, and healthcare. The goal is to help readers to understand the common issues and where they are doing a better or worse job than others. Ultimately, the report will help readers understand how to handle threats better, no matter where they stand now.
Osterman Research: Addressing the top 10 security issues organizations face
Cybersecurity must be a top-level priority for any organization and for many it is. Security should be viewed holistically and should include a range of elements, including layered, technology-based solutions on-premises and in the cloud; security awareness training to help employees become a more integral part of security defenses; the establishment of common-sense policies and practices that will bolster security defenses; and security education for the board of directors and senior managers to help them understand the critical role they play in enabling a culture of security.
The 2019 what keeps you up at night report
In this report, we’re going to take a deep dive into the stuff of nightmares - security concerns that have organizations worried and most importantly, provide actionable insights to what you can do about it.
Threat impact and endpoint protection report
For this report, business across all industries were surveyed to find out what they're doing to defend themselves. We examined how organizations protect themselves from ransomware and the effectiveness of their protection.
Forrester Total Economic Impact Study
Read this study for an in-depth explanation of Forrester’s analysis and a detailed walk-through of KnowBe4's impact on our customer’s business. The resulting research paper assesses the performance of the KnowBe4 Platform. How does 127% ROI with a one month payback sound?
Cisco annual cybersecurity report
For years, Cisco has been warning defenders about escalating cybercriminal activity around the globe. In this, their Annual Cybersecurity Report, we present data and analysis from Cisco threat researchers and several of our technology partners about attacker behavior observed over the past 12 to 18 months.
A modern approach to branch security
As networks become decentralized and users connect directly to SaaS applications, backhauling traffic to apply security policies just isn’t efficient. Plus, backhauling internet bound traffic is expensive, and it adds latency. More and more branch offices are migrating to direct internet access (DIA). Find out how to quickly and easily secure this traffic.
Ransomware galore: the four you shouldn’t ignore
Ransomware is a growing issue that isn’t going away anytime soon. The threat of losing access to your mission-critical systems and data can keep you up at night. No one wants to receive a hacker’s demand to pay now or lose your information forever. That’s why you’ve already renewed your focus on data backup and recovery. It’s hard, and you know you need to do it. Beyond that, do you know what your top defensive priorities should be? There are four more things that you absolutely must do.
6 ways to make your security stack work harder
Got more security tools than you can handle? Discover an easier way to make the most of your existing investments. We'll share ways you can reduce security alerts and extend your security off network, anywhere users go.
What attacks aren’t you seeing?
This eBook will educate IT pros about the risks of only relying on legacy defenses like firewalls, web gateways and sandboxes for network security.
3 things you need to know about prioritizing vulnerabilities
If you’re looking for answers to questions like “Where should we prioritize based on risk?” and “Which vulnerabilities are likeliest to be exploited?” this quick read is an excellent way to get started. Download the free ebook now.
Radicati Group: DLP market quadrant 2018
The constant presence of internal and external threats, along with increased worldwide regulations such as the General Data Protection Regulation (GDPR), have continued to drive the adoption of data loss prevention (DLP) solutions. In the “Data Loss Prevention – Market Quadrant 2018” report, The Radicati Group estimates the DLP market will double from $1.1 billion in 2018 to $2.2 billion by 2022.
The State of IT Operations and Cybersecurity Operations
This new study finds that while IT and security opertations are getting better at collaborating, several key roadblocks continue to undermine their success. Ready to understand what those roadblocks are and how to overcome them? Download the report for analysis.
Embracing encryption: Fight the darkspace with Reveal(x)
Encryption is skyrocketing both inside corporate networks and on the public internet—and studies show that more and more attackers are using this trend to hide their activities from your SOC. Luckily, there are methods you can use to embrace encryption in the enterprise without sacrificing your ability to see, hunt, and stop attackers. Read the technical brief for a deep dive.
2019 Threat hunting report
Based on a comprehensive survey of cybersecurity professionals in our 400,000-member Information Security Community on LinkedIn, the 2019 Threat Hunting Report confirms that organizations are increasing their operational maturity and investments in threat hunting.
SANS Top New Attacks and Threat Report
This SANS white paper begins with a baseline of statistics from two of the most reliable sources of breach and malware data, then summarizes the expert advice from the SANS instructors on the RSA panel, detailing the emerging threats to look out for in 2019 and beyond.
Practical advice for avoiding phishing emails
Phishing emails require one thing to be successful: For the recipient to take the bait. This “decision tree” is a helpful reminder that verifying unknown emails is an important step in protecting your data and devices.
State of the Phish report
This cybersecurity report analyses data from tens of millions of simulated phishing attacks sent through Proofpoint's Security Education Platform over a 12-month period, as well as an extensive survey of their global database of infosec professionals. It also includes survey data from thousands of working adults in seven countries — the US, UK, France, Germany, Italy, Australia, and Japan — providing cybersecurity insights into end-user security awareness and behavior around phishing, ransomware, and more.
Gartner: A guide to choosing a vulnerability assessment solution, 2019
How do you find a vulnerability assessment solution that will meet your organization's needs for complete visibility? Read Gartner’s A Guide to Choosing a Vulnerability Assessment Solution to learn key buying criteria to evaluate the appropriate vendor for your organization and discover important questions to ask during the selection process.
Gartner Peer Insights ‘Voice of the Customer’: Secure web gateways
Cisco has been named in the first ever Gartner ‘Voice of the Customer’ report for the Secure Web Gateways (SWG) market for Cisco Umbrella. Gartner Peer Insights is a peer review and ratings platform designed for enterprise software and services decision makers. This document synthesizes Gartner Peer Insights’ content in the SWG market for 2018.
Malicious cryptominers are eyeing your resources
Malicious cryptomining has consistently been one of the top threats across all internet activity in 2018. Cryptocurrency’s market volatility could make it much more lucrative than ransomware. Find out who they’re targeting and how to protect your network.
Art of darkness: Emerging trends in DDoS protection
DDoS mitigation techniques continue to evolve. That’s because DDoS attacks continue to grow in size, complexity, and malice. In recent years, criminal hackers have begun to use these attacks as a smokescreen for fraud taking place in the background. With more cybercriminals using DDoS attacks to access troves of valuable consumer data, mitigating DDoS has never been more important. Without a comprehensive security solution, it’s not just your consumers who are more vulnerable. It’s your business’s reputation. Businesses worldwide are being forced to step up their DDoS attack defense. Many are turning to Neustar DDoS protection. Neustar offers the world’s largest data scrubbing network. Our DDoS solutions can help your business maintain its online presence, reduce the threat of theft, and protect your bottom line. Help your company defend against DDoS. Download the free report to find out where the attacks have been, where they’re headed next, and what you need to do to protect your consumers.
Protecting Your IT Assets from Cryptomining Malware
Cryptomining malware has exploded on the threat landscape, becoming one of the most common malware attacks and posing a significant risk to your IT assets. Here are the answers you need: what it does, how it gets in, and how to recognize and prevent it.
2018 Annual Threat Report
eSentire’s 2018 Annual Threat Report highlights a growing botnet attack infrastructure, an exponential increase in coinmining and the rising threat of Maldocs. With the exponential growth of cyber threats being a common theme in 2018, 2019 will present significant challenges for organizations looking to stay ahead of threats. For even the most prepared organizations, the increase in threats will present considerable operational and financial challenges as automation has made it easier, and more economical than ever, for threat actors to execute attacks. In order to stay ahead, it will be crucial for both organizations and security vendors to turn to emerging technologies such as artificial intelligence (AI) to help take on a proactive approach to protecting their most valuable assets.
Cybersecurity FutureWatch 2018
Cybersecurity FutureWatch 2018 is an in-depth analysis of cyber trends and forecasts. This data-driven report illustrates critical industry developments that will inform a company’s cybersecurity planning as technology advances. The report is based on a survey of more than 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada, which found that only 30 percent of respondents are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years. Furthermore, it explores security evolution and maturity amid emerging technology adoption and evolving business needs.
SANS 2019 Top New Attacks and Threat Report from Anomali
This SANS whitepaper analyzes a baseline of breach and malware data from the past year and goes further to summarize expert opinions from SANS instructors on the emerging threats to look out for in 2019 and beyond. SANS experts cover the areas they believe will have the highest impact for the future, in addition to mitigation advice for each.
SANS 2019 SOC Survey from Anomali
Get an overview of common and best practices, defendable metrics that can be used to justify SOC resources to management, and which key areas SOC managers can prioritize to increase the effectiveness and efficiency of security operations.
Russia Federation Cybersecurity Profile from Anomali Labs
Russia is well-known for its aggressive cyber-strategy, and the motivations for these attacks are deeply intertwined with its social, political, and historic climate. This report provides a thorough examination of Russia’s cybersecurity landscape.
2019 Ponemon Report: The Value of Threat Intelligence from Anomali
The Ponemon Institute surveyed Over 1,000 security professionals in the US and the UK on threat intelligence topics. Participants utilize threat intelligence as part of their cybersecurity programs. Results show that participants believe in the importance of threat intelligence data but are struggling to maximize its effectiveness in detecting cyber threats.
Best practices for protecting against phishing, ransomware, and email fraud
This new Osterman Research whitepaper outlines ten best practices to consider that show how a combination of risk assessment and audits of your current security posture, implementing end-user security awareness training, and establishing detailed security policies can protect your organization from ransomware, CEO Fraud and other phishing attacks.
2019 cyberthreat defense report
Now in its sixth year, the annual Cyberthreat Defense Report by CyberEdge Group provides the most comprehensive view of IT security from over 1,200 IT security decision-makers and practitioners across 17 countries, representing 19 industries. Download the report to learn more.
Managing the risk of post-breach or “resident” attacks
How well-equipped is your organization to stop insider attacks or external attackers once they’re inside your network? According to this study, almost two-thirds of respondents lack efficient capabilities to detect and investigate “stealth” attackers before serious damage occurs.
How-to guide for preserving and collecting data
Don’t leave your preservation and collection practices to chance. Download this ebook, “A How-To Guide to Preserving and Collecting Data,” to learn the who, what, when, and why around data preservation and collection best practices.
Phishing threat & malware review 2019
Learn how 90% of verified phish were found in environments using secure email gateways (SEGs). That’s just one of the key findings in our expanded report, now covering phishing threats as well as malware developments.
5 Uncomfortable Truths About Phishing Defense 2019
Get out of your comfort zone and embrace the truth about phishing defense and today’s rapidly changing threat landscape. When over 90% of breaches start as phishing emails—threats that email gateways miss and other defenses are slow to stop—you need to stare the truth in the eye and rethink your approach.
19 minute eBook: A minute by minute account of collective defense in action
Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do? A Cofense customer faced that very scenario and relied on Cofense Triage and the Cofense Phishing Defense Center (PDC) to analyze, respond to, and resolve the attack—in less than 20 minutes after it launched. Download the eBook for a minute-by-minute account of what happened—how users and security professionals worked together to avoid a major breach.
Six phishing predictions 2019
In volume and complexity, phishing attacks are getting worse. Read why organizations expect AI to raise its anti-phishing game and also, take a look at the trend towards off-the-shelf malware (but don’t forget about custom varieties). Get ahead of the problem, download this eBook on phishing trends our experts anticipate.
2019 phishing defense resolutions
With more than 90% of breaches attributed to successful phishing campaigns – it’s time to think about how to prepare and prevent attacks in the coming year. Learn the top ten tips that can improve your company’s security awareness, intelligence and protection.
Q1, 2019 Cyber Threats & Trends Report
In this report, Neustar, Inc., a trusted, neutral provider of real-time information services highlights new areas of growth in Distributed Denial of Service (DDoS) attacks over the past year. Download the report to gain new insights with these observations and other trends of the latest cyber attacks.
Once upon a network: Modern-day security tales
New security solutions can be challenging for an IT professional. Enduring sleepless nights thanks to a security solution that didn’t really deliver. Calming a stressed CIO. Feeling exposed and vulnerable. Unable to shake the feeling that something’s not right. But Cisco Umbrella is different. Read the flipbook to learn how.
Cyberattack simulation vs pen testing vs vulnerability scanning
As we will see in this Whitepaper, vulnerability scans and penetration tests are useful for getting insight into the security posture of an organization at a specific moment. Although useful, they do not present the full picture; especially when it comes to sophisticated, multi-vector attacks.
The 3 approaches of breach and attack simulation technologies
There are currently several vendors providing Breach & Attack Simulation solutions with different approaches that are gaining traction as more and more users are jumping on the BAS bandwagon. In this document you will learn about the 3 Approaches of BAS technologies and which approach Cymulate platform use.
Beyond the Phish report
Phishing is just one of many attack vectors used by cybercriminals. This 2018 Beyond the Phish® Report shows why it’s critical to assess and train end users on cybersecurity threats beyond email-based social engineering.
IT, OT, and IoT: Dotting your cyber I’s & crossing your cyber T’s
Modern manufacturing is grappling to manage a blended OT and IT ecosystem. The adoption of new tech and growing accountability leave operations more vulnerable to cyber risks. This paper explores the challenges facing manufacturing management, and provides a framework for critical cyber security must haves to reduce risk and protect the industry from operational disruption and financial losses.
SC Media
Defending the inbox
Cybercriminals have come a long way from typo-ridden spam emails and unclaimed heritage scams. Today’s email threats (e.g. phishing, spear phishing, and malware) are hyper-targeted and hyper-dynamic, making them increasingly difficult to detect. As the attack vector evolves, so too must email security approaches. Recognizing that it’s impossible for email filters to block every threat, the Anticipate-Decimate-Remediate model takes a holistic approach to thwarting threats before, during, and after the attack. This approach brings technology, people, and process together in a mutually reinforcing environment. Moreover, it leverages technology with a state of consciousness and continuous learning to not only detect new threats but automatically remediate threats it initially missed.
SC Media
Art of darkness: Emerging trends in DDoS protection
DDoS mitigation techniques continue to evolve. That’s because DDoS attacks continue to grow in size, complexity, and malice. In recent years, criminal hackers have begun to use these attacks as a smokescreen for fraud taking place in the background. With more cybercriminals using DDoS attacks to access troves of valuable consumer data, mitigating DDoS has never been more important. Without a comprehensive security solution, it’s not just your consumers who are more vulnerable. It’s your business’s reputation. Businesses worldwide are being forced to step up their DDoS attack defense. Many are turning to Neustar DDoS protection. Neustar offers the world’s largest data scrubbing network. Our DDoS solutions can help your business maintain its online presence, reduce the threat of theft, and protect your bottom line. Help your company defend against DDoS. Download the free report to find out where the attacks have been, where they’re headed next, and what you need to do to protect your consumers.
Defending the inbox
Cybercriminals have come a long way from typo-ridden spam emails and unclaimed heritage scams. Today’s email threats (e.g. phishing, spear phishing, and malware) are hyper-targeted and hyper-dynamic, making them increasingly difficult to detect. As the attack vector evolves, so too must email security approaches. Recognizing that it’s impossible for email filters to block every threat, the Anticipate-Decimate-Remediate model takes a holistic approach to thwarting threats before, during, and after the attack. This approach brings technology, people, and process together in a mutually reinforcing environment. Moreover, it leverages technology with a state of consciousness and continuous learning to not only detect new threats but automatically remediate threats it initially missed.
How to prioritize cybersecurity risks: A primer for CISOs
Download the “How to Prioritize Cybersecurity Risks: A Primer for CISOs” ebook now to learn how to adopt a risk-based approach to prioritization, why visibility into all your company’s IT assets is key to understanding the scope of vulnerabilities, and how to change the conversation from “How many vulnerabilities do we have?” to “Which vulnerabilities pose the greatest risk?”.
3 things you need to know about prioritizing vulnerabilities
If you’re looking for answers to questions like “Where should we prioritize based on risk?” and “Which vulnerabilities are likeliest to be exploited?” this quick read is an excellent way to get started. Download the free ebook now.
Measuring and managing the cyber risks to business operations
Unlike other business disciplines (CRM, ERP, HR), cybersecurity lacks clear business metrics that help frame decision-making in language the C-suite and board easily understand. To evaluate which metrics matter most, Tenable commissioned Ponemon Institute to study the effects of cyber risk on business operations. The study surveyed 2,410 IT and infosec decision-makers in the US, UK, Germany, Australia, Mexico and Japan.
Third-party risk to the nth degree
For many, cost-effective scalability usually means outsourcing some or all of your business functions to a complex web of third-party vendors. The Third-Party Risk to the Nth Degree white paper provides quantitative and contextual measures by which your organization can compare current practices and investment to help mitigate third-party cyber risk.
2018 Annual Threat Report
eSentire’s 2018 Annual Threat Report highlights a growing botnet attack infrastructure, an exponential increase in coinmining and the rising threat of Maldocs. With the exponential growth of cyber threats being a common theme in 2018, 2019 will present significant challenges for organizations looking to stay ahead of threats. For even the most prepared organizations, the increase in threats will present considerable operational and financial challenges as automation has made it easier, and more economical than ever, for threat actors to execute attacks. In order to stay ahead, it will be crucial for both organizations and security vendors to turn to emerging technologies such as artificial intelligence (AI) to help take on a proactive approach to protecting their most valuable assets.
Cybersecurity FutureWatch 2018
Cybersecurity FutureWatch 2018 is an in-depth analysis of cyber trends and forecasts. This data-driven report illustrates critical industry developments that will inform a company’s cybersecurity planning as technology advances. The report is based on a survey of more than 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada, which found that only 30 percent of respondents are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years. Furthermore, it explores security evolution and maturity amid emerging technology adoption and evolving business needs.
Cybersecurity Report Card
See the results of the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs. Their responses shed light on how cybersecurity practices are evolving, and what the most successful organizations are doing to ensure they stay ahead of the ever-growing and changing threat landscape.
2019 Vulnerability and threat trends
The threat landscape is evolving: you need to know exactly how and why it's changing. According to the findings of the Vulnerability and Threat Trends Report 2019 — which examines vulnerabilities, exploits and threats in play — in 2018, the amount of newly published CVEs hit its highest ever level, rising to 16,000, cryptomining became the most popular form of attack, with instances up by 110 percent, and Google Chrome was hit hardest as web browser vulnerabilities grew by 20 percent.
Keeping a low [attack] profile
While you can’t stop cyberattacks from happening altogether, you can take proactive measures to lower the risk of damage. Reducing your attack profile makes data breaches much more difficult to execute and means your defensive resources can be more focused and effective. Let Cylance and its users explain how to improve your defensive posture with a low attack profile.
Beginner’s guide to threat hunting
Learn the building blocks necessary to create a threat hunting program from scratch including practical steps your organization can put into place right away.
2018 Threat Intelligence Report
Threat intelligence has become a significant weapon in the fight against cybersecurity threats and a large majority of organizations have made it a key part of their security programs. This report outlines the most common benefits of threat intelligence platforms.
The black market report: A look inside the dark web
In Armor’s new annual Black Market report, our researchers offer a look into the world of cybercrime that many Web users do not see. At Armor, our Threat Resistance Unit (TRU) research team monitors the cyber underground to keep an eye on threat actor activity. For three months, experts with TRU compiled and analyzed data to create a snapshot of the criminal marketplaces where stolen hotel rewards points are purchased, compromised bank accounts and credit cards are sold and cybercrime-as-a-service is a hot commodity.
Dwell time as a critical security success metric
It takes just five days for an advanced persistent threat (APT) to penetrate your network and steal data. In this environment, you need protection that reduces dwell time to seconds, not days.
Blockchain (r)evolution
This report offers an overview of its admittedly fuzzy origins, its evolution to Blockchain 2.0, attraction for crypto pirates, and potential to expand into more legitimate industries.
SANS Threat Hunting Survey Results
Survey results from 600 respondents show that hunting is still new and poorly defined from a process and organizational standpoint. Most organizations are still reacting to alerts and incidents instead of proactively seeking out the threats. Threat hunting itself cannot be fully automated. The act of threat hunting begins where automation ends, although it leverages automation heavily. Find out how organizations are finding success in their threat hunting practice.
Cybersecurity Report Card
See the results of the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs. Their responses shed light on how cybersecurity practices are evolving, and what the most successful organizations are doing to ensure they stay ahead of the ever-growing and changing threat landscape.
2018 Threat Intelligence Report
Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security programs. This threat intelligence report, produced by Cybersecurity Insiders, explores how organizations are leveraging threat intelligence data, the benefits and most critical features of threat intelligence platforms, and the biggest cyber threats organizations are using their threat intelligence to combat.
Detect advanced threats with endpoint detection and response
As malicious actors target endpoints with new types of attacks designed to evade traditional antivirus tools, security teams are looking to endpoint detection and response (EDR) solutions for an additional layer of security. Download this solution brief now to learn how USM Anywhere enables security teams to detect and respond to threats faster.
Security Information and Event Management Mid-Market Analysis
This Executive Brief is based on the 2017 Frost & Sullivan report, “Security Information and Event Management (SIEM)—Global Market Analysis, Forecast to 2021” which provides an analysis of the SIEM market, examines the innovations driving that market and compares the positions of leading competitors. This abbreviated brief focuses on the SIEM requirements of mid-market organizations and an analysis of the vendors who serve this market, including in-depth coverage of AlienVault.
Unified Security Management vs. SIEM: a technical comparison
Get a full overview of the changing security landscape, and more importantly insight into the rapidly changing SIEM category, and the reasons that have led to those changes. To offer a complete picture of the changes to SIEM technology, it is valuable for some to understand the context of the SIEM market and how (and why) AlienVault differentiates itself form the traditional approach.
Insider’s guide to incident response
The fight to protect your company’s data isn’t for the faint of heart. And when it comes to the worst-case scenario, you’ll need all the help you can get. That’s why we’ve developed the Insider’s Guide to Incident Response. It will give you an insider’s perspective on how to build an incident response plan and develop a team armed with the right tools and training to combat serious threats to your network.
SIEM for Beginners
Need a crash course on SIEM? No problem. Security Information and Event Management (SIEM) platforms provide real-time correlation of events generated from network security controls. These security gurus will explain what SIEM is (and isn’t) and how to get up and running with it quickly and painlessly.
Cyber security challenges faced by critical national infrastructure organizations
In this three-minute video Cath Goulding, Nominet’s Head of Cyber Security, outlines the cyber challenges faced by organizations involved in critical national infrastructure (CNI) provision and maintenance. Cath quantifies the cyber threats faced by CNI and assesses three recent, high-profile attacks that crippled CNI. She explains how Nominet’s NTX platform would have prevented those attacks, had it been installed.
The financial services industry is under attack
This one-page infographic brings into stark focus the dangers that cyber threats pose for the financial services industry. It quantifies the damage done and is useful for raising awareness of the risks that unprepared organizations face: exposure to operational, financial and reputational damage.
Commercial cyber security breaches
A one-page infographic quantifying the threat that organizations face from the internet every day. You’ll learn how many businesses experience cyber attacks, the damage done and the precautions they take (or don’t take). The review is based on the UK Government’s 2018 study of commercial cyber breaches – a trusted and independent source. The document is useful in supporting cases for investing in protection from cyber threats.
DNS security for financial services
A white paper on cyber security for the finance sector, which covers the cyber threats faced by financial institutions and the risks those threats convey. It includes brief explanations of how Nominet’s tools and services use the DNS as a protective shield, to protect financial organizations and help them cope safely with digital transformation and regulatory compliance.
Why critical national infrastructure (CNI) providers need CNI-ready DNS security
A white paper on cyber security for organizations considered part of critical national infrastructure, covering the cyber threats faced by them and the risks they face. The white paper includes brief explanations of how Nominet’s tools and services use the DNS as a protective shield to help CNI organizations protect against threats of nuisance, sabotage and extortion emanating from various web-based bad actors.
Demystifying DNS for cyber security
This educational white paper aims to have you understand your DNS better and the role it plays in your infrastructure, learn how attackers can use the DNS as an attack vector, and build cyber defenses at the DNS, whether you are an organization or an ISP.
Automated security management: Increasing efficiency and reducing risk with visibility, context, and automation
Security management automation includes a wide range of technologies, many of which can help shrink the attack surface by driving improvements in firewall and security policy management as well as vulnerability and threat management. However, whether you’re struggling with compliance and network changes, tasked with auditing and reporting, or grappling with vulnerability discovery and prioritization, deciding where to automate is challenging. Download the whitepaper to learn where makes the most sense in your security program and why it’s essential to effectively controlling your attack surface.
Osterman Research: Understanding security process and the need to automate
Seems like everyone in security is talking about automation and AI/ML (artificial intelligence and machine learning) these days. However, what are organizations actually doing? What percentage of core security processes are fully or partially automated? And, where do security leaders see the greatest business impact? Read the Report written by Michael D. Osterman, president of Osterman Research, as he goes through the findings of a new global survey sponsored by Skybox Security on automation in cybersecurity. And, learn from Skybox what the foundation of any automation program should be.
How visibility of the attack surface minimizes risk
Gaining comprehensive visibility of your network is the foundation of any good security program, as it’s critical to understanding and mitigating risks. And that means visibility across your entire hybrid network: physical, virtual, multi-cloud and even OT (ICS/SCADA). There are definitely challenges, however, to gaining and maintaining the comprehensive visibility needed to all assets, infrastructure, security controls, vulnerabilities, and threats – and doing so in a single pane of glass.
The Eight Business And Security Benefits Of Zero Trust
Traditional security approaches have focused on protecting either the network itself or the devices that access the network. But today, security must move at the speed of business in a digital ecosystem where security pros have less control over networks, devices, apps, and people. Forrester’s Zero Trust model moves away from a perimeter-centric approach to one that is data-centric, using network visibility, consolidation of security controls and microperimeters to mitigate both an attacker’s ability to penetrate a network and their ability to wreak havoc should they get inside. Learn why moving to this new model makes both security and business sense.
How to analyze and reduce the risk of DDoS attacks
The reality is that DDoS attacks have been around for over 20 years. And most organizations have some form of protection in place from DDoS attacks. But as this paper will point out; over the last few years DDoS attacks have increased dramatically in size, frequency and complexity. This paper is designed to help you re-assess your risk of the modern-day DDoS attack by posing this: “Is the protection you may have put in place years ago, still adequate to protect you from the modern-day DDoS attack?” If not, then you are at risk.
DDoS attack trends report
Today, attackers can release enormous terabit-per second-scale DDoS attacks. They routinely harness hundreds of thousands of Internet of Things (IoT) devices to launch attacks against specific targets that may be oceans and continents away. Further, state sponsored Advanced Persistent Threat (APT) groups representing a broad range of nation-states are seen as impactful, while traditional crimeware activity continues to proliferate. This report represents our view of the threat landscape in first half of 2018, based on all our holdings and driven by analysis from our intelligence unit.
Advanced threat trends report
The global cyber threat landscape continues to evolve, unleashing increasingly sophisticated and persistent attack techniques at internet scale. Today, we observe the impact of state-sponsored Advanced Persistent Threat (APT) groups representing an increasingly broad range of nation states, while traditional crimeware activity continues to proliferate. This report presents the threat landscape in first half of 2018, driven by analysis from NetScout’s intelligence unit.

Editorial

Getting ahead of cybersecurity threats
When one thinks of the word “defense,” an image of something stopping an intruder often comes to mind. But what if your defenses became proactive and went on the offensive? That’s the idea behind such security strategies as red and blue team, threat sharing, and the use of artificial intelligence to build smarter threat intelligence defenses. Rather than waiting for the attackers, some CISOs are doing their own hacking of their own and their partners’ applications, making sure that there are no Zero Days being introduced into their networks. Companies also are being more aggressive about ensuring their supply chains are safe and using threat intelligence to reduce the number of known attack vulnerabilities. What are you doing to protect your network in advance, and how do you sell these proactive programs to your C-Suite. SC Media explores the possibilities.
Tomorrow’s attacks today
This eBook looks at the current threat prevention landscape, as well as looking ahead to what we might see in the months or years to come. Will your network be ready for every attack in the next generation breach? Probably not – but you could be better prepared.
Phishing reference guide
Despite following training, users are still baffled and defeated by phishing hustlers. CISOs and CIOs unleash their red teams to help users recognize the pernicious attacks.
CISOs vs the board
This eBook looks at changes in corporate liability laws in the US and abroad, how it impacts North American companies and options for how boards of directors will address the issues. Managing risk has never been so fraught with challenging regulations that could run into the megamillions.
Users are the target
This Special Report covers how to teach users to recognize phishing and other potential malware that was clever enough to get past the best technological best efforts.
SC Media
Finding a signal in all the noise
Threat detection and identification is as much an art as it is a science. It is one thing to scan threat intelligence and SIEM output to find a breach, but quite another to recognize that a user lockout might be more than just user error and instead is the first sign of a breach. The nuance of how an incident occurs could spell the difference between recognizing a real breach and perhaps an accidental error or no incident at all. This eBook delves into how to find that signal in all the noise.
SC Media
Going down the ransomware rabbit hole
Today's cyber thief has to build an effective business model, but they don't need to be a programming guru or a master financial criminal -- they just need to know a little bit about human nature. There’s a lot more that goes into a successful malware or ransomware attack than just sending out an infected email. This ebook looks at the business model behind ransomware, offers recommendations on actions you can take today to give yourself a stronger defensive posture against ransomware and suggestions on what to do if ransomware hits.
SC Media
Finding a signal in all the noise
Threat detection and identification is as much an art as it is a science. It is one thing to scan threat intelligence and SIEM output to find a breach, but quite another to recognize that a user lockout might be more than just user error and instead is the first sign of a breach. The nuance of how an incident occurs could spell the difference between recognizing a real breach and perhaps an accidental error or no incident at all. This eBook delves into how to find that signal in all the noise.
Finding a signal in all the noise
Threat detection and identification is as much an art as it is a science. It is one thing to scan threat intelligence and SIEM output to find a breach, but quite another to recognize that a user lockout might be more than just user error and instead is the first sign of a breach. The nuance of how an incident occurs could spell the difference between recognizing a real breach and perhaps an accidental error or no incident at all. This eBook delves into how to find that signal in all the noise.
Going down the ransomware rabbit hole
Today's cyber thief has to build an effective business model, but they don't need to be a programming guru or a master financial criminal -- they just need to know a little bit about human nature. There’s a lot more that goes into a successful malware or ransomware attack than just sending out an infected email. This ebook looks at the business model behind ransomware, offers recommendations on actions you can take today to give yourself a stronger defensive posture against ransomware and suggestions on what to do if ransomware hits.