Security operations and management

Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.

Top Stories

Feature 08 Aug 2025
Experts weigh in on securing AI effectively

Using AI comes with security risks. Learn what the top attack vectors and privacy threats are, then discover how to mitigate them through proper strategy, monitoring and more. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
News 08 Aug 2025
NSA partnering with cyber firms to support under-resourced defense contractors

The spy agency has sought out creative ways to help protect small companies supplying the U.S. military. Continue Reading

— Cybersecurity Dive

News 06 Aug 2025

To raise or not to raise: Bootstrapped founders share their views

A trio of startup founders -- GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore -- agree that raising venture capital funding can be beneficial, but a company's success depends on how well the product fits customer needs. Continue Reading

— Dark Reading
News 06 Aug 2025

CISA's relationship with industry needs work to reestablish trust, experts say

Critics say budget cuts, job losses have hurt the agency’s ability to coordinate with private industry. Continue Reading

— Cybersecurity Dive
Video 05 Aug 2025
AI security: Top experts weigh in on the why and how

AI is everywhere, so security focus on this new technology is essential. In this podcast episode, three top security experts review the risks and discuss ways to mitigate them. Continue Reading
By
- Staff report
Feature 05 Aug 2025
How to prepare for post-quantum computing security

One of the biggest fears about quantum computing is its ability to easily break current encryption algorithms. Learn why and how to start making quantum security preparations. Continue Reading
By
- Kyle Johnson, Technology Editor
News 04 Aug 2025

Dark Reading News Desk turns 10, back at Black Hat USA for 2025

Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required. Continue Reading

— Dark Reading
Tip 04 Aug 2025
How to recover from a ransomware attack: A complete guide

With a ransomware recovery plan, organizations can act quickly to prevent data loss without descending into chaos. Learn the crucial steps to incorporate into your plan. Continue Reading
By
- John Burke, Nemertes Research
Tutorial 01 Aug 2025
How to use the John the Ripper password cracker

Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool. Continue Reading
By
- Ed Moyle, SecurityCurve
Video 01 Aug 2025
An explanation of purple teaming

Purple teaming unites offensive red teams and defensive blue teams to share knowledge, find vulnerabilities and strengthen security through structured frameworks and playbooks. Continue Reading
By
- Sharon Shea, Executive Editor
- Sabrina Polin, Managing Editor
- Tommy Everson, Assistant Editor
Tip 25 Jul 2025
How to implement security control rationalization

Security control rationalization helps CISOs reduce cybersecurity tool sprawl, cut spending and improve efficiency -- all without compromising protection. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 23 Jul 2025
Top DevSecOps certifications and trainings for 2025

DevOps Institute, Practical DevSecOps, EXIN and EC-Council are among the organizations that offer DevSecOps certifications and trainings for cybersecurity professionals. Continue Reading
By
- Colin Domoney
Feature 18 Jul 2025
CISO role in ASM could add runtime security, tokenization

Runtime security and tokenization stand to play a bigger role in attack surface management, a development that could influence security leaders' responsibilities. Continue Reading
By
- John Moore, Industry Editor
Tip 18 Jul 2025
How to build a cybersecurity team to maximize business impact

How CISOs design and build their security teams is as important as the technology they select to safeguard their organizations' digital assets. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 17 Jul 2025
How to calculate cybersecurity ROI for CEOs and boards

Calculating and communicating cybersecurity ROI can help persuade top management to invest. Here's how to use meaningful, concrete metrics that resonate with business leaders. Continue Reading
By
- Jerald Murphy, Nemertes Research
- Alissa Irei, Senior Site Editor
News 17 Jul 2025

Knostic wins 2024 Black Hat Startup Spotlight Competition

During a 'Shark Tank'-like final, each startup's representative spent five minutes detailing their company and product, with an additional five minutes to take questions from eight judges from Omdia, investment firms, and top companies in cyber. Continue Reading

— Dark Reading
News 17 Jul 2025

We've all been wrong: Phishing training doesn't work

Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have? Continue Reading

— Dark Reading
News 17 Jul 2025

CISA director: Cybersecurity is ‘not an impossible problem’

In Jen Easterly’s view, the solution to the industry’s pains lies in secure by design. “We got ourselves into this, we have to get ourselves out,” she said during a media briefing at Black Hat. Continue Reading

— Cybersecurity Dive
News 17 Jul 2025

Black Hat USA 2024 Highlights

Check out all the highlights from Black Hat USA 2024 at the Mandalay Bay in Las Vegas. Continue Reading

— Dark Reading
Tip 15 Jul 2025
What is cybersecurity mesh? Key applications and benefits

Is it time to consider a different approach to security architecture? Cybersecurity mesh might be an effective way to address complex, distributed environments. Continue Reading
By
- Ed Moyle, SecurityCurve
Definition 15 Jul 2025
What is cybersecurity?

Cybersecurity is the practice of protecting systems, networks and data from digital threats. Continue Reading
By
- Kinza Yasar, Technical Writer
- Sharon Shea, Executive Editor
- Alexander S. Gillis, Technical Writer and Editor
Tip 11 Jul 2025
How to build a cybersecurity culture across your business

As a company's cyber-risks evolve, so must its culture. Follow these tips to create a strong cybersecurity culture that helps protect your organization from cyberthreats. Continue Reading
By
- Jerald Murphy, Nemertes Research
- John Burke, Nemertes Research
Tip 10 Jul 2025
CISO's guide to creating a cybersecurity board report

An effective cybersecurity board report influences executive decision-making at the highest levels. Learn how to write a report that resonates with corporate directors. Continue Reading
By
- Jerald Murphy, Nemertes Research
- Alissa Irei, Senior Site Editor
Tip 10 Jul 2025
What CISOs need to know about AI governance frameworks

AI offers business benefits but poses legal, ethical and reputational risks. Governance programs manage these risks while ensuring responsible use and regulatory compliance. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Tip 09 Jul 2025
Security log management tips and best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By
- Ed Moyle, SecurityCurve
- Michael Cobb
Definition 09 Jul 2025
What is a CISO as a service (CISOaaS)?

CISO as a service, or CISOaaS, is the outsourcing of CISO (chief information security officer) and information security leadership responsibilities to a third-party provider. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Ben Lutkevich, Site Editor
Tip 09 Jul 2025
Incident response tabletop exercises: Guide and template

Have an incident response plan but aren't running incident response tabletop exercises? These simulations are key to knowing if your plan will work during an actual security event. Continue Reading
By
- Paul Kirvan
Feature 08 Jul 2025
How to implement zero trust: 7 expert steps

Zero trust means a lot more than determining how users access resources. Successful implementation takes time, commitment and ongoing support. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
- Alissa Irei, Senior Site Editor
Feature 07 Jul 2025
What is the future of cybersecurity?

As cyberthreats grow more sophisticated, enterprises face mounting challenges. What does the future of cybersecurity hold, and how can organizations stay ahead? Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 02 Jul 2025
What is SIEM (security information and event management)?

SIEM (security information and event management) is software that helps organizations detect, analyze, and respond to security threats by collecting and correlating security event data from across the IT environment in real time. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Linda Rosencrance
Definition 02 Jul 2025
What is the principle of least privilege (POLP)?

The principle of least privilege (POLP) is a concept in computer security that limits users' access rights to only what is strictly required to do their jobs. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Definition 02 Jul 2025
What is business continuity software?

Business continuity software is an application or suite designed to make business continuity planning/business continuity management (BCP/BCM) processes, metrics and compliance more efficient and accurate. Continue Reading
By
- Paul Kirvan
- Ed Hannan
Tip 02 Jul 2025
How to build a cybersecurity strategy and plan in 4 steps

A cybersecurity strategy isn't meant to be perfect, but this high-level plan must be proactive, effective, actively supported and evolving. Here are four key steps to get there. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 01 Jul 2025
Cybersecurity career path: A strategic guide for professionals

There's no single path for everyone, but knowing what employers look for and following these best practices can help you move up the cybersecurity career ladder. Continue Reading
By
- Chris Tozzi
Feature 30 Jun 2025
What is cybersecurity transformation? Best practices for success

Under increasing regulatory pressure and rising cyber threats, executives must prioritize cybersecurity transformation to safeguard assets, enable growth and ensure resilience. Continue Reading
By
- John Doan
Feature 30 Jun 2025
CISO playbook for securing AI in the enterprise

CISOs must partner with executive leadership to adopt a business-aligned AI security strategy that protects the organization while enabling responsible AI adoption. Continue Reading
By
- John Doan
Video 30 Jun 2025
Ransomware: Examples, prevention and mitigating the damage

Top cybersecurity experts gathered to discuss the latest threats from ransomware and how organizations, large and small, can prevent or, at least, mitigate an attack. Continue Reading
By
- Staff report
Tip 30 Jun 2025
How CISOs can manage and reduce compliance fatigue

Compliance fatigue can undermine security when poorly managed. CISOs can combat it by starting conversations, automating processes and using compliance to drive security initiatives. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 30 Jun 2025
What is attack surface management? Guide for organizations

Attack surface management can help CISOs and other cybersecurity managers address the growth in the number of potential entry points threat actors might exploit. Continue Reading
By
- John Moore, Industry Editor
Tip 30 Jun 2025
Cybersecurity outsourcing: Strategies, benefits and risks

For companies battling data breaches and cyberattacks, MSSPs can offer lower costs, better reliability, broader experience and more -- if organizations define their needs well. Continue Reading
By
- Mary K. Pratt
Tip 30 Jun 2025
10 cybersecurity best practices for organizations in 2025

To improve your organization's cybersecurity program, follow these best practices to safeguard your infrastructure and ensure a quick recovery after a breach. Continue Reading
By
- Chris Tozzi
Definition 30 Jun 2025
What is vulnerability management? Definition, process and strategy

Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sean Michael Kerner
Feature 30 Jun 2025
Enterprise cybersecurity: A strategic guide for CISOs

CISOs and others responsible for safeguarding an organization's systems, networks and data need to manage day-to-day threats while also planning strategically for what's ahead. Continue Reading
By
- Phil Sweeney, Industry Editor
- Craig Stedman, Industry Editor
Feature 30 Jun 2025
Why effective cybersecurity is important for businesses

Cyberattacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step. Continue Reading
By
- Mary K. Pratt
Tip 27 Jun 2025
Cybersecurity in M&A due diligence: Best practices for executives

Companies wouldn't think of merging with another organization without performing financial or business due diligence. The same is true of cybersecurity. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 27 Jun 2025
SBOM formats explained: Guide for enterprises

SBOMs inventory software components to help enhance security by tracking vulnerabilities. Teams have three standard SBOM formats to choose from: CycloneDX, SPDX and SWID tags. Continue Reading
By
- Ravi Das, ML Tech Inc.
Tip 27 Jun 2025
How to build a cybersecurity RFP

Crafting a cybersecurity RFP requires clear goals, precise questions and vendor vetting. Follow these guidelines to streamline the process and meet your company's security needs. Continue Reading
By
- Leah Zitter, Ph.D.
Tip 27 Jun 2025
Cybersecurity budget justification: A guide for CISOs

The best way to get a security budget request denied? Present it like a jargon-filled shopping list. Instead, make the case by tying security spending to business outcomes. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 26 Jun 2025
Cyber insurance trends 2025: What executives need to know

Cyber insurance is essential for protecting an organization from the financial impact of a cyberattack and is a critical part of a risk management strategy. Continue Reading
By
- Sean Michael Kerner
Tip 26 Jun 2025
10 key cybersecurity metrics and KPIs your board wants tracked

Security leaders need cybersecurity metrics to track their programs and inform decision-makers. These 10 metrics and KPIs provide a good foundation for tracking essential activity. Continue Reading
By
- Cynthia Brumfield, DCT Associates
Tip 25 Jun 2025
Ransomware threat actors today and how to thwart them

Top experts convened on BrightTALK's 'CISO Insights' to discuss 'Ransomware 3.0' -- the current threat and what organizations, large and small, must do to thwart these bad actors. Continue Reading
By
- Staff report
Tip 25 Jun 2025
6 edge monitoring best practices in the cloud

When it comes to application monitoring, edge workloads are outliers -- literally and metaphorically. Learn what sets them apart and how to implement monitoring best practices. Continue Reading
By
- Chris Tozzi
Definition 25 Jun 2025
What is CCTV (closed-circuit television)?

CCTV (closed-circuit television) is a video surveillance system in which signals are transmitted to a specific set of monitors and are not publicly broadcast. It is primarily used for security and monitoring. Continue Reading
By
- Katie Terrell Hanna
- Tayla Holman, Site Editor
- Kristen Lee, News Writer
Tip 25 Jun 2025
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Feature 24 Jun 2025
CISO burnout: How to balance leadership, pressure and sanity

With CISO burnout comes increasing cyber incidents and costly leadership turnover. Organizations must invest in support to prevent this growing security risk. Continue Reading
By
- Rosa Heaton, Content Manager
Tip 24 Jun 2025
Cybersecurity governance: A guide for businesses to follow

Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 24 Jun 2025
What is risk avoidance?

Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets. Continue Reading
By
- Mary K. Pratt
Feature 23 Jun 2025
22 free cybersecurity tools you should know about

Cybersecurity products can get pricy, but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular. Continue Reading
By
- Andy Patrizio
Definition 23 Jun 2025
What is pure risk?

Pure risk refers to risks that are beyond human control and result in a loss or no loss, with no possibility of financial gain. Continue Reading
By
- Linda Tucci, Industry Editor -- CIO/IT Strategy
- Ben Cole, Executive Editor
Definition 23 Jun 2025
What is residual risk? How is it different from inherent risk?

Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Francesca Sales
Tip 23 Jun 2025
How to choose a cybersecurity vendor: 12 key criteria

Choosing a cybersecurity vendor entails a two-phase approach: shortlisting vendors using clear requirements, then conducting thorough evaluations based on key criteria. Here's how. Continue Reading
By
- Leah Zitter, Ph.D.
Feature 20 Jun 2025
What executives must know about nation-state threat actors

Nation-state threat actors like Russia, China, Iran and North Korea are targeting critical infrastructure and sensitive data, so executives must prepare to defend against them. Continue Reading
By
- Madeleine Streets, Senior content manager
Tip 18 Jun 2025
CISO's guide to implementing a cybersecurity maturity model

CISOs must both meet today's challenges and anticipate tomorrow's -- no easy feat. Cybersecurity maturity models help strategically navigate evolving threats, regulations and tech. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 17 Jun 2025
Shadow AI: How CISOs can regain control in 2025 and beyond

Shadow AI threatens enterprises as employees increasingly use unauthorized AI tools. Discover the risks, governance strategies, and outlook for managing AI in today's workplace. Continue Reading
By
- Grant Hatchimonji
News 13 Jun 2025
News brief: Gartner Security and Risk Management Summit recap

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Staff report
Tip 13 Jun 2025
What is cyber risk quantification (CRQ)? How to get it right

Cyber risk quantification translates security threats into financial terms, so executives can prioritize risks, justify investments and allocate resources to protect the business. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Tip 13 Jun 2025
CISO's guide to building a strong cyber-resilience strategy

Cyber-resilience strategies that integrate BCDR, incident response and cybersecurity enable CISOs to build frameworks that help their organizations effectively handle cyberattacks. Continue Reading
By
- Paul Kirvan
Tip 13 Jun 2025
What a smart contract audit is, and how to conduct one

Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
By
- Paul Kirvan
Feature 12 Jun 2025
Cybersecurity risk management: Best practices and frameworks

This proactive approach protects business operations, ensures compliance and preserves reputation through comprehensive security practices. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Tip 12 Jun 2025
How to craft an effective AI security policy for enterprises

Enterprises unable to manage AI risks face data breaches, algorithmic bias and adversarial attacks, among other risks. Learn how to implement a comprehensive AI security policy. Continue Reading
By
- Paul Kirvan
Tip 11 Jun 2025
Should cybersecurity be part of your digital transformation strategy?

Digital transformation offers companies some tantalizing possibilities. But new technologies usher in new vulnerabilities. Cybersecurity needs to play a key role. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Definition 11 Jun 2025
What is ransomware as a service (RaaS)?

Ransomware as a service (RaaS) is a subscription-based business model that enables threat actors, also called affiliates, to launch ransomware attacks by accessing and using predeveloped ransomware tools. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Sean Michael Kerner
Guest Post 10 Jun 2025
How to implement effective app and API security controls

Security leaders must implement multilayered strategies combining threat modeling, balanced controls, cloud-first approaches and more to protect apps and APIs from evolving threats. Continue Reading
By
- William Dupre, Gartner
News 06 Jun 2025
News brief: CISA and partners face budget overhauls, cuts

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Staff report
News 03 Jun 2025
HashiCorp Terraform leads IBM, Red Hat integration roadmap

HashiCorp and IBM have begun to knit together products such as Terraform and Ansible and divulged some roadmap details, but a few potential product overlaps are still unresolved. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 02 Jun 2025
The DOGE effect on cybersecurity: Efficiency vs. risk

The DOGE effect on security is a complex issue. Pursuit of efficiency might be a legitimate goal, but experts caution it can conflict with cybersecurity defenses. Continue Reading
By
- Staff report
Video 02 Jun 2025
The DOGE effect on cyber: What's happened and what's next?

In this webinar, part of 'CISO Insights' series, cybersecurity experts debate the pros and cons of the Department of Government Efficiency's actions and the impact on their field. Continue Reading
By
- Staff report
News 21 May 2025
Red Hat, HashiCorp reveal Ansible, Terraform and Vault plans

Red Hat Ansible and HashiCorp reps filled in the blanks about how infrastructure automation tools will more deeply integrate, news welcomed by financial services customers. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 20 May 2025
Best practices for board-level cybersecurity oversight

Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, from SEC disclosure requirements to best practices. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 16 May 2025

RSAC 2025: AI everywhere, trust nowhere

We're at an inflection point. AI is changing the game, but the rules haven't caught up. Continue Reading

— Dark Reading
Conference Coverage 16 May 2025
RSAC Conference 2025

Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
Definition 16 May 2025
What is risk appetite?

Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 13 May 2025

Building effective security programs requires strategy, patience and clear vision

Capital One executives share insights on how organizations should design their security programs, implement passwordless technologies, and reduce their attack surface. Continue Reading

— Dark Reading
News 13 May 2025

Cyber then & now: Inside a 2-decade industry evolution

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI. Continue Reading

— Dark Reading
Definition 09 May 2025
What is a security operations center (SOC)?

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
By
- Kinza Yasar, Technical Writer
- Paul Kirvan
- Sarah Lewis
News 06 May 2025

AI domination: RSAC 2025 social media roundup

Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week. Continue Reading

— Dark Reading
News 02 May 2025

IBM uses agentic AI for autonomous security operations: RSAC 2025

The launch of IBM’s Autonomous Threat Operations Machine and X-Force Predictive Threat Intelligence agent were announced at the event. Continue Reading

— AI Business
News 02 May 2025

SANS top 5: Cyber has busted out of the SOC

This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging and regulatory constraints keeping defenders from fully utilizing AI's capabilities. Continue Reading

— Dark Reading
Feature 01 May 2025
RSAC 2025: The time for crypto-agility adoption is now

An RSAC 2025 speaker explained why companies should begin their quantum-safe journey now and how crypto-agility adoption helps prepare for post-quantum cryptography. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 30 Apr 2025
RSAC Conference 2025 video reports

We chatted on camera with attendees and presenters at RSAC 2025. Check out this video collection to get highlights from one of the world's major cybersecurity conferences. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
News 29 Apr 2025

RSAC 2025: Cisco debuts latest AI cybersecurity innovations

In terms of innovation, Cisco says it's 'just getting warmed up.' Continue Reading

— Channel Futures
News 29 Apr 2025

U.S. critical infrastructure still struggles with OT security

How does a company defend itself from cyberattacks by a foreign adversary? A collection of experts gathered at this year's RSAC Conference to explain how the U.S. can help. Continue Reading

— Dark Reading
News 28 Apr 2025
Cisco AI Defense embeds with ServiceNow SecOps tools

Cisco AI Defense will feed in data and automate AI governance in ServiceNow SecOps products as enterprises seek a platform approach to cybersecurity. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 28 Apr 2025
Cisco, former Google, Meta experts train cybersecurity LLM

Cisco's new Foundation AI group, which includes engineers from multiple companies, has released a compact AI reasoning model based on Llama 3 for cybersecurity to open source. Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 25 Apr 2025
RSAC 2025 to center on agentic AI, GenAI in security

If AI continues to become more accurate and secure, automation and self-healing systems that strengthen security programs could be the future. Continue Reading
By
- Melinda Marks, Practice Director
Tip 24 Apr 2025
How to incorporate smishing into security awareness training

Smishing is a major threat on enterprise smartphones, but users might not know how it compares to traditional email phishing. IT can help block attacks with training and testing. Continue Reading
By
- Brien Posey
Definition 23 Apr 2025
What is ransomware? Definition and complete guide

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Opinion 22 Apr 2025
3 EUC security topics I'll be looking for at RSAC 2025

There will be a ton of security topics that RSA Conference-goers can check out, but IT admins should be aware of three common themes surrounding email and endpoints. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 21 Apr 2025
How to create a CBOM for quantum readiness

Quantum is on the horizon -- is your organization ready to migrate to post-quantum cryptographic algorithms? Make a CBOM to understand where risky encryption algorithms are used. Continue Reading
By
- Rob Shapland
Tip 17 Apr 2025
Building mobile security awareness training for end users

Do concerns of malware, social engineering and unpatched software on employee mobile devices have you up at night? One good place to start is mobile security awareness training. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 17 Apr 2025
Tips to find cyber insurance coverage in 2025

Most businesses have a form of cyber insurance, either through cyber liability and data breach endorsements in traditional business policies or through standalone cyber policies. Continue Reading
By
- Kathleen Richards