Security analytics and automation
Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.
Top Stories
-
Tip
02 Jul 2025
How to build a cybersecurity strategy and plan in 4 steps
A cybersecurity strategy isn't meant to be perfect, but this high-level plan must be proactive, effective, actively supported and evolving. Here are four key steps to get there. Continue Reading
-
Feature
02 Jul 2025
What is the future of cybersecurity?
As cyberthreats grow more sophisticated, enterprises face mounting challenges. What does the future of cybersecurity hold, and how can organizations stay ahead? Continue Reading
-
News
30 Jun 2025
News brief: AI security threats surge as governance lags
Check out the latest security news from the Informa TechTarget team. Continue Reading
-
Tip
24 Jun 2025
Cybersecurity governance: A guide for businesses to follow
Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
-
Tip
23 Jun 2025
How to choose a cybersecurity vendor: 12 key criteria
Choosing a cybersecurity vendor entails a two-phase approach: shortlisting vendors using clear requirements, then conducting thorough evaluations based on key criteria. Here's how. Continue Reading
-
News
13 Jun 2025
News brief: Gartner Security and Risk Management Summit recap
Check out the latest security news from the Informa TechTarget team. Continue Reading
-
Tip
12 Jun 2025
How to craft an effective AI security policy for enterprises
Enterprises unable to manage AI risks face data breaches, algorithmic bias and adversarial attacks, among other risks. Learn how to implement a comprehensive AI security policy. Continue Reading
-
Definition
02 Jun 2025
What is compliance automation?
Compliance automation, also known as automated compliance, is the practice of using technology -- such as applications with AI features -- to perform and simplify compliance procedures. Continue Reading
-
Definition
16 May 2025
What is risk appetite?
Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value. Continue Reading
-
Definition
09 May 2025
What is risk reporting?
Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes. Continue Reading
-
Feature
01 May 2025
4 lessons in the new era of AI-enabled cybercrime
Cyberattacks have evolved rapidly as GenAI use has become more widespread. An RSAC Conference 2025 panel shared what they've learned over the past two years. Continue Reading
-
Definition
29 Apr 2025
What is an automation architect?
An automation architect is a senior IT professional responsible for the strategic design, development and governance of automation initiatives across an organization. Continue Reading
-
News
28 Apr 2025
Cisco, former Google, Meta experts train cybersecurity LLM
Cisco's new Foundation AI group, which includes engineers from multiple companies, has released a compact AI reasoning model based on Llama 3 for cybersecurity to open source. Continue Reading
-
Opinion
24 Apr 2025
Change is in the wind for SecOps: Are you ready?
Attackers have historically had time on their side, outpacing defenders who have struggled to keep up. Agentic AI appears poised to change the game. Continue Reading
-
Definition
08 Apr 2025
What is a side-channel attack?
A side-channel attack is a cybersecurity exploit that aims to gather information from or influence a system's program execution. It does this by measuring or exploiting indirect effects of the system or its hardware rather than directly targeting the program or its code. Continue Reading
-
Definition
27 Mar 2025
What is IT automation? A complete guide for IT teams
IT automation is the use of instructions to create a clear, consistent and repeatable process that replaces an IT professional's manual work in data centers and cloud deployments. Continue Reading
-
Tip
07 Mar 2025
Top 14 open source penetration testing tools
From Aircrack-ng to ZAP, these open source penetration testing tools are essential additions to any security pro's toolbox. Continue Reading
-
News
28 Feb 2025
Microsoft targets AI deepfake cybercrime network in lawsuit
Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. Continue Reading
-
Tip
07 Feb 2025
The advantages and disadvantages of AI in cybersecurity
To meet growing cybersecurity needs, many organizations are turning to AI. However, without the right strategies in place, AI can introduce risks alongside its benefits. Continue Reading
-
News
03 Feb 2025
NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks
Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20. Continue Reading
-
Podcast
30 Jan 2025
Risk & Repeat: DeepSeek security issues emerge
The introduction of DeepSeek's new generative AI models has been met with fervor, but security issues have created apparent challenges for the Chinese startup. Continue Reading
-
News
29 Jan 2025
Google details adversarial AI activity on Gemini
Google identified APTs from more than 20 nations misusing its Gemini AI chatbot but noted that threat actors were unsuccessful in finding novel techniques or vulnerabilities. Continue Reading
-
News
28 Jan 2025
DeepSeek claims 'malicious attacks' disrupting AI service
DeepSeek, which gained popularity recently for its AI platform, did not specify the cause of 'large-scale malicious attacks,' which continue to disrupt new account registrations. Continue Reading
-
News
23 Dec 2024
10 of the biggest cybersecurity stories of 2024
Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
-
News
16 Dec 2024
Blackberry sells Cylance to Arctic Wolf for $160M
After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security. Continue Reading
-
Opinion
11 Dec 2024
3 cybersecurity predictions for 2025
Will service as software, agentic cybersecurity and automated remediation reach their potential in 2025? Read up on what analyst Tyler Shields has to say. Continue Reading
-
News
10 Dec 2024
Microsoft enhanced Recall security, but will it be enough?
Microsoft's controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month. Continue Reading
-
News
02 Dec 2024
AWS launches automated service for incident response
AWS Security Incident Response, which launched ahead of the re:Invent 2024 conference this week, can automatically triage and remediate events detected in Amazon GuardDuty. Continue Reading
-
News
26 Nov 2024
AWS CISO details automated cybersecurity tools for customers
Chris Betz, CISO at AWS, discusses how three internal tools are designed to automatically identify and mitigate threats for the cloud giant's customers. Continue Reading
-
News
19 Nov 2024
Microsoft to offer hackers millions in Zero Day Quest event
Microsoft launched Zero Day Quest on Tuesday with a preliminary event offering bug bounty researchers rewards with multipliers for select security scenarios. Continue Reading
-
Tip
12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
-
Tip
12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
-
News
10 Oct 2024
OpenAI details how threat actors are abusing ChatGPT
While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful. Continue Reading
-
Definition
10 Oct 2024
What is threat intelligence?
Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization. Continue Reading
-
Definition
09 Oct 2024
What is user behavior analytics (UBA)?
User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
-
News
12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B
Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
-
Definition
12 Sep 2024
What is threat detection and response (TDR)? Complete guide
Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization. Continue Reading
-
Definition
06 Sep 2024
What is network detection and response (NDR)?
Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack. Continue Reading
-
Definition
16 Aug 2024
What is machine learning? Guide, definition and examples
Machine learning is a branch of AI focused on building computer systems that learn from data. Continue Reading
-
News
14 Aug 2024
GitHub Copilot Autofix tackles vulnerabilities with AI
GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool. Continue Reading
-
News
08 Aug 2024
CrowdStrike, AI dominate conversation at Black Hat USA 2024
Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion. Continue Reading
-
News
08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections
Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
-
News
07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs
Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
-
News
06 Aug 2024
Security framework to determine whether defenders are winning
Columbia University researcher and longtime security practitioner Jason Healey will present at Black Hat USA a new framework to determine defensive advantage. Continue Reading
-
Opinion
30 Jul 2024
Be prepared for breach disclosure and a magnitude assessment
Organizations need to take a proactive approach to monitoring data stores continuously, and in the case of a breach, assess the magnitude quickly and accurately. DSPM can help you. Continue Reading
-
Definition
26 Jul 2024
What is a key performance indicator (KPI)? Strategy and guide
Key performance indicators (KPIs) are quantifiable business metrics that corporate executives, managers and other stakeholders use to track and analyze factors deemed crucial to meeting the organization's stated objectives. Continue Reading
-
News
18 Jul 2024
Amazon CISO discusses the company's cautious approach to AI
At the recent AWS re:Inforce 2024 conference, Amazon CISO CJ Moses spoke about the risks and threats associated with new AI technology and how the cloud giant addresses them. Continue Reading
-
Tip
15 Jul 2024
6 tips to plan a digital transformation budget
Formulating budgets for digital transformation projects is fraught with complexities, expectations and unknowns that differentiate it from traditional IT and business planning. Continue Reading
-
Tip
12 Jul 2024
How to prevent deepfakes in the era of generative AI
Businesses must be ever vigilant in detecting the increasingly sophisticated nuances of deepfakes by applying security techniques that range from the simple to the complex. Continue Reading
-
News
17 Jun 2024
Post-lawsuit, Splunk and Cribl meet again in data pipelines
Weeks after a jury awarded Splunk $1 in its lawsuit against Cribl, the two vendors remain on a collision course, this time in the realm of data pipelines and federated analytics. Continue Reading
-
???topicInfoType.history_content???
13 Jun 2024
History and evolution of machine learning: A timeline
Machine learning's legacy dates from the early beginnings of neural networks to recent advancements in generative AI that democratize new and controversial ways to create content. Continue Reading
-
News
13 Jun 2024
Microsoft's Recall changes might be too little, too late
Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
-
News
12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs
Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
-
News
23 May 2024
93% of vulnerabilities unanalyzed by NVD since February
New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year. Continue Reading
-
News
22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'
Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
-
Definition
21 May 2024
cloud workload protection platform (CWPP)
A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement. Continue Reading
-
Feature
17 May 2024
How AI-driven patching could transform cybersecurity
At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
-
News
16 May 2024
IBM sells QRadar SaaS assets to Palo Alto Networks
The deal with Palo Alto Networks comes one year after IBM announced QRadar Suite, an AI-enhanced security platform that combined existing SIEM and XDR products. Continue Reading
-
Podcast
15 May 2024
Risk & Repeat: Recapping RSA Conference 2024
Artificial intelligence was center stage at RSA Conference 2024, but the show also focused on secure-by-design principles, the ransomware landscape and more. Continue Reading
-
News
10 May 2024
US officials optimistic on AI but warn of risks, abuse
Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
-
News
08 May 2024
Microsoft touts expansion of Secure Future Initiative
At RSA Conference 2024, Microsoft vice president Vasu Jakkal discussed some of the criticisms leveled against the company and how the Secure Future Initiative will address them. Continue Reading
-
News
06 May 2024
Google unveils new threat intelligence service at RSAC 2024
Google Threat Intelligence combines investigation findings from Mandiant with crowdsourced intelligence from VirusTotal and operationalizes the data with Google's Gemini AI model. Continue Reading
-
News
06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting
At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
-
News
06 May 2024
IBM study shows security for GenAI projects is an afterthought
IBM's survey of C-suite executives finds that 82% say trustworthy and secure AI are essential, but only 24% have a security component included in their GenAI projects. Continue Reading
-
News
06 May 2024
Cisco details Splunk security integrations, AI developments
Just two months after Cisco completed its $28 billion acquisition of analytics giant Splunk, the company added XDR capabilities into Splunk Enterprise Security. Continue Reading
-
Opinion
29 Apr 2024
RSAC 2024: Real-world cybersecurity uses for GenAI
Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity. Continue Reading
-
News
02 Apr 2024
Microsoft Copilot for Security brings GenAI to SOC teams
Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
-
Opinion
19 Mar 2024
Surprising ways Microsoft Copilot for Security helps infosec
Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures. Continue Reading
-
News
29 Feb 2024
AWS on why CISOs should track 'the metric of no'
AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
-
Opinion
27 Feb 2024
Threat intelligence programs need updating -- and CISOs know it
Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
-
News
14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs
Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
-
Tip
14 Feb 2024
What is cybersecurity mesh and how can it help you?
The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
-
Tip
12 Feb 2024
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
Feature
25 Jan 2024
Top benefits and challenges of SOAR tools
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
-
Feature
23 Jan 2024
Top incident response service providers, vendors and software
Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
-
Tip
22 Jan 2024
Incident response automation: What it is and how it works
Many of today's security operations teams are understaffed and overwhelmed. Learn how incident response automation can help them work smarter, instead of harder. Continue Reading
-
Answer
17 Jan 2024
SOAR vs. SIEM: What's the difference?
When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading
-
Definition
31 Oct 2023
AI watermarking
AI watermarking is the process of embedding a recognizable, unique signal into the output of an artificial intelligence model, such as text or an image, to identify that content as AI generated. Continue Reading
-
Tip
27 Oct 2023
9 tips to measure and improve digital transformation ROI
Amid a rapidly changing business landscape and competing priorities, a compelling ROI is all the more critical to justify and secure funding for digital transformation projects. Continue Reading
-
News
24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'
Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
-
News
05 Oct 2023
IBM launches new AI-powered TDR Services
IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities. Continue Reading
-
Feature
22 Sep 2023
How to create a SOAR playbook in Microsoft Sentinel
Using automation through tools such as SOAR and SIEM can improve incident response alert efficiency. One automated feature analysts can use is the SOAR playbook. Continue Reading
-
Feature
22 Sep 2023
How SOAR helps improve MTTD and MTTR metrics
By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts. Continue Reading
-
News
21 Sep 2023
IT pros react to blockbuster $28B Cisco-Splunk deal
Cisco goes through with its long-rumored acquisition of Splunk for security and observability. But the two aren't necessarily a perfect fit, according to some industry observers. Continue Reading
-
News
23 Aug 2023
Google launches AI-powered data classification for Workspace
Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
-
News
10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML
During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
-
News
10 Aug 2023
Researchers put LLMs to the test in phishing email experiment
A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Continue Reading
-
News
09 Aug 2023
Generative AI takes center stage at Black Hat USA 2023
About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Continue Reading
-
News
09 Aug 2023
Tenable launches LLM-powered ExposureAI product
ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
-
News
07 Aug 2023
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
-
News
01 Aug 2023
Experts expect Sumo Logic match post-New Relic acquisition
New Relic and Sumo Logic were both taken private by the same firm, as consolidation -- and attrition -- continues among observability tools. Continue Reading
-
Guest Post
28 Jul 2023
Intersection of generative AI, cybersecurity and digital trust
The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
-
Opinion
26 Jul 2023
Security hygiene and posture management: A work in progress
Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
-
News
19 Jul 2023
Microsoft to expand free cloud logging following recent hacks
Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
-
News
19 Jul 2023
Chainguard automates SBOMs, but has Images-based agenda
Container images, that is. Chainguard Enforce now automates SBOMs, but execs and an early customer say they aren't the ultimate answer to software supply chain security. Continue Reading
-
News
18 Jul 2023
Splunk AI update adds specialized models for SecOps tasks
Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
-
Tip
12 Jul 2023
The history, evolution and current state of SIEM
SIEM met the need for a security tool that could pinpoint threats in real time. But new threats mean that the next evolution of SIEM will offer even more firepower. Continue Reading
-
News
12 Jul 2023
Chainalysis observes sharp rise in ransomware payments
The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
-
Opinion
11 Jul 2023
Top developer relations trends for building stronger teams
Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
-
News
27 Jun 2023
ChatGPT users at risk for credential theft
As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
-
Opinion
21 Jun 2023
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
-
News
21 Jun 2023
Critical VMware Aria Operations bug under active exploitation
Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading