Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Tip
28 Sep 2023
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
-
Opinion
25 Sep 2023
6 reasons Cisco acquired Splunk
A treasure trove of Cisco and Splunk data, AI and analytics can improve cyber-resilience, accelerate threat detection and response, and enable more intelligent networks. Continue Reading
-
Tutorial
22 Sep 2023
How to disable removable media access with Group Policy
Removable media can pose serious security problems. But there is a way to control who has access to optical disks and USB drives through Windows' Active Directory. Continue Reading
-
Opinion
22 Sep 2023
Google and Mandiant flex cybersecurity muscle at mWISE
End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution. Continue Reading
-
Tip
20 Sep 2023
How to train employees to avoid ransomware
Do your employees know what to do if ransomware strikes? As your organization's first line of defense, they should receive regular trainings on ransomware prevention and detection. Continue Reading
-
Tip
19 Sep 2023
4 tips to find cyber insurance coverage in 2023
The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2023 and how to get the most from your organization's coverage this year. Continue Reading
-
Opinion
18 Sep 2023
What to consider when creating a SaaS security strategy
Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
-
Tip
14 Sep 2023
How CIOs can build cybersecurity teamwork across leadership
Cross-departmental relationships are key to long-term business success. Discover why CIOs must focus on teamwork with these three C-suite roles for highly effective cybersecurity. Continue Reading
-
News
13 Sep 2023
Meet MLSecOps: Industry calls for new measures to secure AI
Open source security, already in the software supply chain spotlight, must expand to include AI models, according to the OpenSSF and DevSecOps vendor JFrog. Continue Reading
-
Podcast
12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks
Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
-
Feature
09 Sep 2023
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
-
Tip
06 Sep 2023
Cut through cybersecurity vendor hype with these 6 tips
Cybersecurity vendor hype can make purchasing decisions difficult. When considering a new product or service, think critically about whether it would truly add business value. Continue Reading
-
Podcast
30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms
Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
-
News
30 Aug 2023
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security
CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
-
Tip
28 Aug 2023
Enterprise dark web monitoring: Why it's worth the investment
Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets. Continue Reading
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
-
News
24 Aug 2023
VMware, Cisco prep generative AI for SecOps
Generative AI has the potential to go beyond identifying anomalies in known data to create new information, such as incident summaries or security policies -- as well as new risks. Continue Reading
-
News
22 Aug 2023
VMware revamps cloud software for edge management
VMware's new Edge Cloud Orchestrator, formerly VMware SASE Orchestrator, manages VMware's edge compute and SD-WAN systems. Carmaker Audi plans to use the product in its factories. Continue Reading
-
News
21 Aug 2023
Vendors criticize Microsoft for repeated security failings
Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
-
Feature
16 Aug 2023
How to use dynamic reverse engineering for embedded devices
In this excerpt from 'Practical Hardware Pentesting,' read step-by-step instructions on how to find vulnerabilities on IoT devices using dynamic reverse engineering. Continue Reading
-
Tip
14 Aug 2023
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
-
News
10 Aug 2023
CISA shares 'secure by design' plan for US tech ecosystem
The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
-
News
10 Aug 2023
Kemba Walden: We need to secure open source software
During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software. Continue Reading
-
News
09 Aug 2023
Coalition looks to bridge gap between CISOs, cyber insurance
While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
-
News
07 Aug 2023
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
-
Tip
04 Aug 2023
8 vulnerability management tools to consider in 2023
Vulnerability management tools help organizations identify and remediate system and application weaknesses and more. Choose your tool -- or tools -- carefully. Continue Reading
-
Opinion
26 Jul 2023
Security hygiene and posture management: A work in progress
Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
-
Feature
20 Jul 2023
Enterprise communication security a growing risk, priority
Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
-
News
19 Jul 2023
Microsoft to expand free cloud logging following recent hacks
Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
-
News
18 Jul 2023
Splunk AI update adds specialized models for SecOps tasks
Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
-
Tip
14 Jul 2023
Rein in cybersecurity tool sprawl with a portfolio approach
Market consolidation can counterintuitively exacerbate cybersecurity tool sprawl, with many products offering overlapping features. A portfolio approach brings clarity to chaos. Continue Reading
-
Feature
10 Jul 2023
How to map security gaps to the Mitre ATT&CK framework
Mapping security gaps to the Mitre ATT&CK framework enables SOC teams to prioritize, remediate and eliminate vulnerabilities before malicious actors exploit them. Continue Reading
-
Feature
10 Jul 2023
Get started: Threat modeling with the Mitre ATT&CK framework
The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
-
Feature
29 Jun 2023
Cued by breach postmortems, fintech refines zero trust
In a quest to continuously improve, Mercury's security leader takes inspiration from other companies' lessons learned, then updates tools and practices accordingly. Continue Reading
-
News
27 Jun 2023
HashiCorp Vault to expand in DevSecOps with BluBracket buy
HashiCorp expands Vault's focus to include DevSecOps with the acquisition of a secrets scanning startup, setting the stage for a potential showdown with Microsoft and GitHub. Continue Reading
-
Tip
23 Jun 2023
Top 10 threat modeling tools, plus features to look for
Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading
-
Opinion
21 Jun 2023
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
-
News
15 Jun 2023
CISA SBOM standards efforts stymied by confusion, inertia
Efforts to establish SBOM standards and guidance have progressed, but unanswered questions persist -- including how the federal government plans to enforce its own requirements. Continue Reading
-
Tip
15 Jun 2023
Risk assessment vs. threat modeling: What's the difference?
Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data. Continue Reading
-
Tip
14 Jun 2023
How to calculate cybersecurity ROI with concrete metrics
Calculating and communicating cybersecurity ROI can help persuade top management to invest. Here's how to use meaningful, concrete metrics. Continue Reading
-
Opinion
14 Jun 2023
Cisco releases new security offerings at Cisco Live 2023
At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
-
Tip
08 Jun 2023
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
-
Tip
07 Jun 2023
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
-
Tip
07 Jun 2023
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
-
Feature
30 May 2023
Vendors: Threat actor taxonomies are confusing but essential
Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
-
Tip
25 May 2023
How to conduct a smart contract audit and why it's needed
Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
-
Opinion
16 May 2023
Closing the book on RSA Conference 2023
AI, cloud security, SOC modernization and security hygiene and posture management were all hot topics at RSAC in San Francisco this year. Continue Reading
-
Tip
16 May 2023
How to build a better vulnerability management program
With a vulnerability management program in place, your organization is better equipped to identify and mitigate security vulnerabilities in people, processes and technologies. Continue Reading
-
Tip
12 May 2023
Incident response: How to implement a communication plan
Communication is critical to an effective incident response plan. Here are five best practices for communication planning and a free, editable template to get started. Continue Reading
-
News
10 May 2023
CISOs face mounting pressures, expectations post-pandemic
Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
-
Tip
10 May 2023
5 SBOM tools to start securing the software supply chain
Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
-
Feature
03 May 2023
Studies show ransomware has already caused patient deaths
No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
-
Tip
01 May 2023
Stay ahead of threats with DevOps security best practices
Unsure where to start when it comes to securing your DevOps environment? Taking these five actions can strengthen your organization's defenses against cyber attacks. Continue Reading
-
News
28 Apr 2023
ChatGPT uses for cybersecurity continue to ramp up
The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
-
News
25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice
Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
-
News
25 Apr 2023
DOJ's Monaco addresses 'misperception' of Joe Sullivan case
In her RSA Conference keynote, Deputy Attorney General Lisa Monaco was asked if the prosecution of former Uber CSO Joe Sullivan damaged trust with the private sector. Continue Reading
-
News
24 Apr 2023
IBM launches AI-powered security offering QRadar Suite
IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
-
Conference Coverage
24 Apr 2023
RSA Conference 2023 highlights strength through alliances
Follow this RSA 2023 guide from TechTarget Editorial to get pre-conference coverage and stay on top of breaking news and analysis from the infosec world's biggest annual event. Continue Reading
-
News
20 Apr 2023
DC Health Link breach caused by misconfigured server
Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. Continue Reading
-
Tip
19 Apr 2023
How to prepare for a cybersecurity audit
Organizations should conduct regular cybersecurity audits to determine if their networks and other assets are properly protected, as well as if they meet compliance mandates. Continue Reading
-
Tip
19 Apr 2023
Generative AI in SecOps and how to prepare
Generative AI assistants could be game changers in the SOC -- but not if SecOps teams haven't prepared for them. Here's how to get ready. Continue Reading
-
Feature
18 Apr 2023
How to use the Apple Rapid Security Response updates
Typical Apple OS updates are large and infrequent, but the Rapid Security Response feature helps admins keep Apple devices patched without performing full OS updates. Continue Reading
-
Guest Post
18 Apr 2023
Standardized data collection methods can help fight cybercrime
Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers. Continue Reading
-
Tip
18 Apr 2023
Top 7 enterprise cybersecurity challenges in 2023
Security teams faced unprecedented challenges in 2022. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2023. Continue Reading
-
Tip
17 Apr 2023
How to build a cybersecurity deception program
In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
-
Tutorial
13 Apr 2023
How to use the John the Ripper password cracker
Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool. Continue Reading
-
Tip
13 Apr 2023
Key Apple-native macOS security features for administrators
There are lots of universal security controls that can apply to any type of desktops, but IT teams need to look at the specific features native to desktops such as macOS. Continue Reading
-
Tutorial
12 Apr 2023
How to create fine-grained password policy in AD
Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
-
Tutorial
12 Apr 2023
How to enable Active Directory fine-grained password policies
Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
-
Opinion
11 Apr 2023
10 hot topics to look for at RSA Conference 2023
RSA Conference 2023 promises another exciting year of cybersecurity discussions and hyperbole. Enterprise Strategy Group's Jon Oltsik shares what he hopes to see at the show. Continue Reading
-
Answer
07 Apr 2023
Defining policy vs. standard vs. procedure vs. control
Infosec pros may have -- incorrectly -- heard the terms 'standard' and 'policy' used interchangeably. Examine the differences among a policy, standard, procedure and technical control. Continue Reading
-
Feature
05 Apr 2023
ICS kill chain: Adapting the cyber kill chain to ICS environments
As IT/OT convergence continues to gain traction, industrial control system security cannot be ignored. Performing pen tests based on the ICS Kill Chain can help. Continue Reading
-
Feature
05 Apr 2023
An intro to the IDMZ, the demilitarized zone for ICSes
Setting up an IDMZ -- a demilitarized zone between enterprise and industrial networks -- can prevent operational environments from becoming compromised by IT threats. Continue Reading
-
Feature
05 Apr 2023
Reinforce industrial control system security with ICS monitoring
Monitoring an industrial control system environment isn't that different from monitoring a traditional IT environment, but there are some considerations to keep in mind. Continue Reading
-
Feature
03 Apr 2023
Why medical device vulnerabilities are hard to prioritize
Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
-
Tip
29 Mar 2023
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
-
Tip
21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
-
News
20 Mar 2023
FBI arrests suspected BreachForums owner in New York
The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
-
Guest Post
15 Mar 2023
6 principles for building engaged security governance
Security governance isn't enough. Enter engaged security governance -- an ongoing process that aligns business strategy with security across an organization. Continue Reading
-
News
15 Mar 2023
Dell launches new security offerings for data protection, MDR
Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats. Continue Reading
-
Feature
15 Mar 2023
Top 30 incident response interview questions
Job interviews are nerve-wracking, but preparation can help minimize jitters and position you to land the role. Get started with these incident response interview questions. Continue Reading
-
Tip
13 Mar 2023
Is cybersecurity recession-proof?
No field is totally immune to economic downturns, but flexible, practical and prepared cybersecurity professionals should be able to weather any upcoming storms. Continue Reading
-
News
09 Mar 2023
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022
VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state. Continue Reading
-
News
08 Mar 2023
White House cybersecurity plan collides with SecOps reality
The White House Cybersecurity Strategy sets lofty goals. But recent market research suggests a significant number of enterprises don't follow existing SecOps best practices. Continue Reading
-
Opinion
07 Mar 2023
Research examines security operations proficiency issues
Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least proficient. Learn where and how to fix it. Continue Reading
-
Tip
03 Mar 2023
13 incident response best practices for your organization
An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best practices can help get your organization on track fast. Continue Reading
-
News
02 Mar 2023
New National Cybersecurity Strategy takes aim at ransomware
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software. Continue Reading
-
Feature
28 Feb 2023
Top benefits of SOAR tools, plus potential pitfalls to consider
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
-
Tip
27 Feb 2023
Building an incident response framework for your enterprise
Understanding incident response framework standards and how to build the best framework for your organization is essential to prevent threats and mitigate cyber incidents. Continue Reading
-
Tip
27 Feb 2023
Top 6 SOAR use cases to implement in enterprise SOCs
Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts. Continue Reading
-
Feature
27 Feb 2023
How to create a CSIRT: 10 best practices
The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading
-
Tip
24 Feb 2023
Cloud incident response: Frameworks and best practices
Cloud incident response, like it sounds, involves responding to incidents in the cloud. But there are nuances to be aware of and unique best practices to follow. Continue Reading
-
Feature
24 Feb 2023
Top incident response service providers, vendors and software
Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
-
Feature
23 Feb 2023
Inside the PEIR purple teaming model
Want to try purple team exercises but aren't sure how to do so? Try the 'Prepare, Execute, Identify and Remediate' purple teaming model. Continue Reading
-
Feature
23 Feb 2023
Understanding purple teaming benefits and challenges
Blue teams and red teams are coming together to form purple teams to improve their organization's security posture. What does this mean for the rivals? And how does it work? Continue Reading
-
Tip
22 Feb 2023
How to conduct incident response tabletop exercises
Have an incident response plan but aren't running incident response tabletop exercises? These simulations are key to knowing if your plan will work during an actual security event. Continue Reading
-
Tip
16 Feb 2023
Web 3.0 security risks: What you need to know
Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
-
Tip
15 Feb 2023
Incident response automation: What it is and how it works
Many of today's security operations teams are understaffed and overwhelmed. Learn how incident response automation can help them work smarter, instead of harder. Continue Reading
-
Tip
07 Feb 2023
CERT vs. CSIRT vs. SOC: What's the difference?
What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization. Continue Reading
-
Feature
07 Feb 2023
Top 10 types of information security threats for IT teams
Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond. Continue Reading
-
Feature
07 Feb 2023
10 types of security incidents and how to handle them
Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe. Continue Reading
-
Tip
06 Feb 2023
What to keep in mind when securing virtual environments
Virtual environments can contain numerous vulnerabilities for attackers to exploit -- with potentially devastating results. Use these tips to select security tools and strategies. Continue Reading