Business Management: Security Support and Executive Communications

Use Azure Security Center to conduct a security posture assessment

In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture. Continue Reading

How container adoption affects container security

Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago. Continue Reading

How and why data breach lawsuits are settled

For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements. Continue Reading

Application Guard to block malicious attachments in Office 365

Microsoft is bringing the Application Guard security container to Office 365 ProPlus this year, which could limit the threat of malicious Office documents for subscribers. Continue Reading

A fresh look at enterprise firewall management

Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization. Continue Reading

Zero-trust framework creates challenges for app dev

Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers. Continue Reading

3 security and ethics considerations for modern-day CISOs

Many conversations today revolve around security and ethics. A strong CISO voice is crucial to keeping enterprises safe while embracing this critical cultural awakening. Continue Reading

ConnectWise ransomware attacks affecting Automate customers

ConnectWise warned that ransomware attacks are targeting open ports for its Automate on-premises application, but the company has offered few details about the nature of the attacks. Continue Reading

Trend Micro insider threat steals, sells customer data

A Trend Micro employee stole and sold customer support data, which was used by a malicious third-party actor to scam consumer customers of the cybersecurity company. Continue Reading

Creating and managing a zero-trust security framework

IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face. Continue Reading

SSL certificate abuse drives growing number of phishing attacks

Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse. Continue Reading

Firefox bug is enabling attackers to freeze out users

A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading

Risks of container escape vulnerabilities and how to counter them

Container escape vulnerabilities create new challenges for security and risk management teams. Learn more about container escapes and how to prevent exploitation. Continue Reading

4 innovative ways to remedy the cybersecurity skills gap

Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading

First BlueKeep attacks in the wild may be dark portents

Following months of warnings from law enforcement and the infosec community, the first BlueKeep exploit campaign was discovered in the wild and experts say it won't be the last. Continue Reading

Assessing the value of personal data for class action lawsuits

Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation. Continue Reading

Test your grasp of AI threats, privacy regulations and more

Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading

Threat Stack Application Security Monitoring adds Python support

Now supporting both Python and Node.js, Application Security Monitoring can identify risk throughout the software development lifecycle for both third-party and native code. Continue Reading

When cyberthreats are nebulous, how can you plan?

Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading

When cyberthreats are nebulous, how can you plan?

 Continue Reading

AI threats, understaffed defenses and other cyber nightmares

 Continue Reading

CISOs, does your incident response plan cover all the bases?

Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading

CISOs, does your incident response plan cover all the bases?

 Continue Reading

Report shows CISOs, IT unprepared for privacy regulations

Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading

Report shows CISOs, IT unprepared for privacy regulations

 Continue Reading

A cybersecurity skills gap demands thinking outside the box

Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe. Continue Reading

A cybersecurity skills gap demands thinking outside the box

 Continue Reading

Enterprises feel the pain of cybersecurity staff shortages

It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount. Continue Reading

AI for good or evil? AI dangers, advantages and decisions

Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field? Continue Reading

AI for good or evil? AI dangers, advantages and decisions

 Continue Reading

Adsterra still connected to malvertising campaign, despite denials

Despite a pledge of "zero tolerance" for malicious activity, ad network Adsterra was found to be once again connecting with the Master134 malvertising campaign. Continue Reading

Imperva CEO steps down following breach investigation

Chris Hylen unexpectedly stepped down as CEO of Imperva in the wake of a data breach involving cloud WAF customer data, though it's unclear if the two events are connected. Continue Reading

Splunk Mission Control launch enables a unified SOC

Mission Control is intended to unify Splunk Enterprise Security, Splunk Phantom and Splunk User Behavior Analytics into the Splunk Security Operations Suite. Continue Reading

Adobe exposure includes data on 7.5 million users

Adobe exposed data on 7.5 million users and employees and one expert says the incident highlights why production data shouldn't be used in test environments. Continue Reading

Understand the top 4 use cases for AI in cybersecurity

AI applications in security offers organizations four unique benefits. Learn how machine learning advances can change industry approaches to threat detection and prevention. Continue Reading

What are the roles and responsibilities of a liaison officer?

While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading

How to go passwordless if not all your apps support modern authentication standards

We want to eliminate passwords ASAP, unfortunately, some older apps can stand in the way of progress—thankfully, some identity providers devised solutions. Continue Reading

How the future of data privacy regulation is spurring change

Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading

5 cloud storage privacy questions to ask potential providers

Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service. Continue Reading

On a penetration tester career path, flexibility and curiosity are key

Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path. Continue Reading

Cyber insurance has changed incident response -- for better or worse

Cyber insurance carriers are assuming greater control over how enterprises conduct incident response, which has caused angst and frustration among some security vendors. Continue Reading

CompTIA PenTest+ practice test questions to assess your knowledge

Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing. Continue Reading

Another CCleaner attack hits Avast supply chain

Avast was able to stop an attempted supply chain attack targeting its CCleaner software, but experts say all enterprises should be wary of similar supply chain attacks. Continue Reading

Combat the human aspect of risk with insider threat management

When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading

Forcepoint Web Security offering reaches for the edge

Forcepoint has delivered a web-based security tool leveraging elastic cloud gateway technology that allows admins to access content from any remote location. Continue Reading

Bugcrowd launches Attack Surface Management platform

The new platform provides an extra layer of testing by sending its findings to Bugcrowd's crowdsourced security testing tools. Continue Reading

How to address cloud IAM challenges

Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges. Continue Reading

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between AES and DES. Continue Reading

Sophos acquisition bid presents potential growth, peril

Private equity firm Thoma Bravo made an offer to acquire Sophos for approximately $3.9 billion. Analysts discuss what the deal might mean for the endpoint security vendor. Continue Reading

Malware detection methods struggle to keep up with evolving threats

Experts discuss the increasingly complex methods of malware detection needed when dealing with everything from low-level attackers to advanced persistent threat groups. Continue Reading

Netscout CSO speaks to third-party risk, security gender gap

Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry. Continue Reading

6 different types of hackers, from black hat to red hat

Black, white and grey hats are familiar to security pros, but as the spectrum evolves to include green, blue and red, things get muddled. Brush up on types of hackers, new and old. Continue Reading

DevSecOps model requires security get out of its comfort zone

Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading

Is a cybersecurity insurance policy a worthy investment?

Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a wise investment to prevent risk. Continue Reading

Okta competing with Microsoft, Google, and others in passwordless offerings

While giants Microsoft and Google try leading the passwordless charge, Okta also plans to help organizations cut down on password use. Continue Reading

Exposed Docker hosts open the door for cryptojacking

Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware to other containers. Continue Reading

How should I choose a cybersecurity insurance provider?

To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and how to get the answers you need. Continue Reading

Essential instruments for a pen test toolkit

Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific tools for wireless, network and web app pen testing. Continue Reading

What types of cybersecurity insurance coverage are available?

Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization. Continue Reading

NIST offers a handy vendor-neutral overview of zero trust architecture

Curious about zero trust but don’t understand it yet or how to achieve it, then NIST is here to help you. Continue Reading

Imperva breach update puts blame on exposed AWS API keys

Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor security controls led to the compromise. Continue Reading

Okta is making big investments in on-premises identity

Okta is also working to bring more context into access decisions. Continue Reading

Cybersecurity threats on the rise, prey on human nature

Cybersecurity attacks continue to rise, taking advantage of network vulnerabilities -- and human ones. First National Technology Solutions' CISO offers advice. Continue Reading

Palo Alto Networks launches new version of Demisto SOAR platform

New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile app providing chat support and updates for users. Continue Reading

Twitter 2FA data 'inadvertently' used for advertising

Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time. Continue Reading

How far is Google going in eliminating passwords?

We looked at Microsoft, let’s see how a couple other vendors are doing as well, starting with Google. Continue Reading

Defining and evaluating SOC as a service

As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise. Continue Reading

NSA warns VPN vulnerabilities exploited by nation-state hackers

Nation-state hackers are exploiting previously disclosed vulnerabilities in VPNs from Pulse Secure, Palo Alto Networks and Fortinet, according to a security advisory from the NSA. Continue Reading

Experts expect hospital ransomware attacks to continue

One week after being hit by a ransomware attack, hospitals in Alabama are turning away patients while working on recovery, and experts warn of similar attacks in the future. Continue Reading

Choosing between an SSL/TLS VPN vs. IPsec VPN

Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here. Continue Reading

To secure DevOps, break culture and tooling barriers

The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading

The 3 pillars of a DevSecOps model

In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading

How to beef up S3 bucket security to prevent a breach

Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe. Continue Reading

Virtual network security measures to thwart access threats

Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues. Continue Reading

Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike

This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference. Continue Reading

Zendesk breach in 2016 affected 10,000 customers

Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details. Continue Reading

How security teams benefit from traffic mirroring in the cloud

Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks. Continue Reading

Ping Identity launches identity and access management tool

PingCentral aims to streamline the identity and access management processes and bridge the gap between IAM teams and application teams to improve productivity. Continue Reading

Hospital ransomware attacks lead to patients being turned away

Ransomware attacks hit seven hospitals in Australia and three in Alabama, with the Alabaman hospitals being forced to turn away patients because of the attacks. Continue Reading

How can DNS privacy issues be addressed?

Learn two techniques for improving end-user DNS privacy protection that prevent DNS from exposing information about websites users visit and the people users communicate with. Continue Reading

Bulletproof host raided in former NATO bunker

German authorities arrested seven in raid of bulletproof hosting company CyberBunker -- which was housed in a former NATO bunker -- for allegedly hosting dark web marketplaces. Continue Reading

Top enterprise 5G security concerns and how to address them

The benefits of 5G are aplenty, but the next-generation LTE technology also presents a number of risks. Learn how to securely deploy 5G in your enterprise. Continue Reading

Your third-party risk management best practices need updating

Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips. Continue Reading

Sophos launches Managed Threat Response service

The new offering is built on Sophos' endpoint security platform Intercept X Advanced, with capabilities supported by the company's recent acquisition of Rook Security and DarkBytes. Continue Reading

The 3 types of DNS servers and how they work

DNS is a core internet technology, instrumental in mapping human-readable domains into corresponding IP addresses. Learn about the three DNS server types and their roles in the internet. Continue Reading

How PCI DSS compliance milestones can be a GDPR measuring stick

Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates. Continue Reading

New York files lawsuit over Dunkin' breach response

The New York attorney general filed a lawsuit against Dunkin' Brands regarding attacks dating back to 2015 and alleges the company failed to respond or notify victims properly. Continue Reading

Should I invest in attack simulation tools?

Attack simulation tools -- along with third-party penetration testing -- can help improve an organization's enterprise security. Find out why. Continue Reading

Top tips for using the Kali Linux pen testing distribution

It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman. Continue Reading

After Bugcrowd pilot, Air Force bug bounty program eyes expansion

The U.S. Air Force is eyeing an expansion of its bug bounty efforts after partnering with Bugcrowd on a three-month pilot program for its cloud platform. Continue Reading

Penetration testing vs. red team: What's the difference?

Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses. Continue Reading

When should I use breach and attack simulation tools?

Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure. Continue Reading

Trump pushes debunked DNC hack conspiracy in call with Ukraine

In a call with the Ukrainian president that is now the focus of an impeachment inquiry, President Trump discussed CrowdStrike and asked for help with finding a 'server.' Continue Reading

Do network layer and application layer DDoS attacks differ?

Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects. Continue Reading

Build an agile cybersecurity program with Scrum

Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams. Continue Reading

How to use SOAR tools to simplify enterprise infosec programs

SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading

Cloudflare battles malicious bots with 'fight mode'

Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. Continue Reading

Using DNS RPZ to pump up cybersecurity awareness

Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading

When will we finally ditch passwords? Here’s Microsoft’s 4-step plan

Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap? Continue Reading

How software-defined perimeter authentication ups security

Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security. Continue Reading