Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Tip
21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
-
News
20 Mar 2023
FBI arrests suspected BreachForums owner in New York
The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
-
News
25 Feb 2022
(ISC)2 study finds long remediation times for Log4Shell
An (ISC)2 survey of cybersecurity professionals found Log4Shell remediation for many organizations took several weeks or more than a month, requiring work on weekends and holidays. Continue Reading
-
Tip
24 Feb 2022
Pave a path to cybersecurity and physical security convergence
Physical security doesn't get the attention cybersecurity does, but that gap poses significant risks. Find out what you can do to better protect your organization's assets. Continue Reading
-
Tip
22 Feb 2022
Top 6 critical infrastructure cyber-risks
Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here. Continue Reading
-
Opinion
17 Feb 2022
Shifting security left requires a GitOps approach
Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
-
News
17 Feb 2022
SonicWall: Ransomware attacks increased 105% in 2021
While 2021 represented a turning point for law enforcement and government action against ransomware, SonicWall still observed massive growth in attacks. Continue Reading
-
News
16 Feb 2022
Apache Cassandra vulnerability puts servers at risk
Certain non-default configurations of the Apache Cassandra database software could leave the door open for remote code execution attacks, according to JFrog researchers. Continue Reading
-
Tip
15 Feb 2022
Why companies need cybersecurity and cyber resilience
Companies need cybersecurity and cyber-resilience plans to not only protect against attacks, but also mitigate damage in the aftermath of a successful one. Continue Reading
-
News
10 Feb 2022
DEF CON bans social engineering expert Chris Hadnagy
Hadnagy, an influential figure at the DEF CON security conference, was permanently banned following allegations of misconduct at the annual Las Vegas gathering. Continue Reading
-
Tip
10 Feb 2022
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
-
Guest Post
09 Feb 2022
How automated certificate management helps retain IT talent
Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
-
Tip
09 Feb 2022
How to successfully scale software bills of materials usage
Companies must plan properly when implementing software bills of materials at scale. Accomplish these three goals to keep SBOMs updated, accurate and actionable, despite complexity. Continue Reading
-
News
08 Feb 2022
DOJ recovers $3.6B from 2016 Bitfinex hack
A couple was arrested Tuesday morning after the DOJ traced 120,000 bitcoin to a digital wallet containing funds stolen during the 2016 hack of cryptocurrency platform Bitfinex. Continue Reading
-
News
07 Feb 2022
Wormhole offers $10M to Ethereum thieves
Wormhole also offered $10 million to anyone who provided 'information leading to the arrest and conviction of those responsible' for last week's heist. Continue Reading
-
News
03 Feb 2022
DHS forms first-ever Cyber Safety Review Board
The new initiative is one in a string of many by the Biden administration to push public and private collaboration in addressing cyber threats such as Log4j vulnerabilities. Continue Reading
-
Guest Post
03 Feb 2022
The importance of a policy-driven threat modeling approach
An expanding threat landscape, combined with increasing cloud use and a cybersecurity skill shortage, is driving the need for a policy-driven threat modeling approach. Continue Reading
-
News
03 Feb 2022
Juniper Networks launches Secure Edge firewall as a service
Secure Edge, the as-a-service version of Juniper's SRX firewalls, is managed through the Security Director Cloud platform for SASE released last May. Continue Reading
-
News
01 Feb 2022
Ransomware attacks continue to plague public services
Ransomware this year has picked up right where 2021 left off, with several local governments, schools and health services across the U.S. suffering attacks. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Tip
31 Jan 2022
8 best practices for blockchain security
In a world of decentralized record-keeping, remember all emerging technologies come with their own security risks. Follow these eight best practices to minimize the risk. Continue Reading
-
Feature
28 Jan 2022
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
-
Feature
27 Jan 2022
How to use Nmap to scan for open ports
One of Nmap's primary functions is conducting port scans. In this walkthrough, learn how to launch a default scan, along with other options that affect Nmap port scan behavior. Continue Reading
-
Guest Post
27 Jan 2022
How AI can help security teams detect threats
AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading
-
Tip
26 Jan 2022
Build a strong cyber-resilience strategy with existing tools
Existing security protocols and processes can be combined to build a cyber-resilience framework, but understanding how these components relate to each other is key. Continue Reading
-
News
25 Jan 2022
Bernalillo County ransomware attack still felt weeks later
A ransomware attack in early January disrupted government systems in New Mexico's largest county, which stalled operations at county offices and the county detention center. Continue Reading
-
Tip
18 Jan 2022
4 software supply chain security best practices
The increasing complexity of software supply chains makes it difficult for companies to understand all its components. Learn how to find vulnerabilities before attackers. Continue Reading
-
Guest Post
11 Jan 2022
Endpoint security is nothing without human operators
The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
-
News
10 Jan 2022
VMware ESXi 7 users vulnerable to hypervisor takeover bug
A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7. Continue Reading
-
Tip
10 Jan 2022
3 areas privacy and cybersecurity teams should collaborate
Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
-
Tip
04 Jan 2022
7 API security testing best practices, with checklist
APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
-
Guest Post
28 Dec 2021
How to make security accessible to developers
Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
-
Feature
28 Dec 2021
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
-
News
23 Dec 2021
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
-
Tip
22 Dec 2021
Cybersecurity asset management takes ITAM to the next level
Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
-
Tip
21 Dec 2021
5 ways to automate security testing in DevSecOps
Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading
-
Tip
21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
-
Guest Post
15 Dec 2021
The importance of automated certificate management
Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
-
Tip
10 Dec 2021
Cybersecurity employee training: How to build a solid plan
Cybersecurity training often misses the mark, while threats continue to grow. Succeed where others have failed by keeping training fresh, current and real. Here's how. Continue Reading
-
Guest Post
10 Dec 2021
The business benefits of data compliance
Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
-
Feature
10 Dec 2021
The Bigger Truth: Cybersecurity splurge and who needs 5G?
Commentary on the venture capital cybersecurity splurge, Ericsson's Vonage acquisition and the ESG 2022 Technology Spending Intentions Survey. Steve also asks: Who needs 5G, anyway? Continue Reading
-
News
07 Dec 2021
Google takes action against blockchain-based Glupteba botnet
In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet. Continue Reading
-
Feature
06 Dec 2021
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
-
Tip
06 Dec 2021
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
Tip
06 Dec 2021
Top blockchain security attacks, hacks and issues
These five factors have created issues for the blockchain security landscape. Learn more about blockchain hacks and attacks and how they will affect the future of Web3. Continue Reading
-
News
01 Dec 2021
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
-
News
01 Dec 2021
Palo Alto Networks and GTT to launch managed SASE platform
GTT Communications and Palo Alto Networks announced they will partner to offer a managed SASE platform using Prisma Access, Palo Alto's cloud-based security function. Continue Reading
-
Tip
29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
-
Guest Post
23 Nov 2021
How to talk about cybersecurity risks, colloquially
The cybersecurity field is riddled with confusion and complexity. Knowing how to talk about risk and how to manage it is key to building resilience. Continue Reading
-
Tip
22 Nov 2021
Top 5 password hygiene tips and best practices
Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
-
Guest Post
16 Nov 2021
How to create security metrics business leaders care about
Security metrics must be clear, actionable and resonate with business leadership. Learn how to create metrics that business leaders care about and will act upon. Continue Reading
-
Guest Post
16 Nov 2021
3 ways to balance app innovation with app security
New innovations come with an onslaught of risks and vulnerabilities. Use these three concepts to promote innovation, while ensuring web application security. Continue Reading
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
-
News
10 Nov 2021
US targets REvil, DarkSide ransomware with $10M rewards
Infosec experts weigh in on the U.S. government's latest tactic to thwart ransomware operations -- the offering of rewards of up to $10 million for information on operators. Continue Reading
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
-
News
08 Nov 2021
DOJ charges REvil ransomware members, seizes $6.1M
One of the accused cybercriminals, who was directly involved in the ransomware attack on Kaseya earlier this year, was arrested and faces extradition from Poland. Continue Reading
-
Feature
03 Nov 2021
Why chaos engineering testing makes sense for cybersecurity
Using the concept of chaos engineering, teams can determine whether systems perform as intended in time of need. But how does it relate to security? Continue Reading
-
Tip
27 Oct 2021
5 IT security policy best practices
As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
-
News
20 Oct 2021
Chris Krebs weighs in on zero trust, FBI web shell removal
Regarding the FBI action to silently remove web shells from vulnerable Exchange Servers, former CISA director Chris Krebs said he expects to see the action again if appropriate. Continue Reading
-
News
20 Oct 2021
Gartner analysts debate ransomware payments
During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands. Continue Reading
-
Guest Post
20 Oct 2021
5 questions to ask when creating a ransomware recovery plan
These 'five W's of ransomware' will help organizations ask the right questions when creating a ransomware-specific disaster recovery plan. Continue Reading
-
News
18 Oct 2021
FinCEN: 2021 ransomware activity outpaces 2020 in 6 months
The U.S. Treasury's financial crimes bureau has seen a rise in anonymity-enhanced cryptocurrencies like Monero, though Bitcoin remains the most used. Continue Reading
-
News
15 Oct 2021
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year. Continue Reading
-
News
14 Oct 2021
Enterprises ask Washington to step up cyber collaboration
During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats from the federal government. Continue Reading
-
News
11 Oct 2021
Cyber insurance premiums, costs skyrocket as attacks surge
As cyber attacks and losses have increased, so has demand for cyber insurance. But now premiums are reflecting a harsh new reality. Continue Reading
-
Tip
30 Sep 2021
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
-
News
28 Sep 2021
Ransomware: Has the U.S. reached a tipping point?
The ransomware problem has grown more severe in recent years due to a growing number of attacks against large organizations and the standardization of double-extortion tactics. Continue Reading
-
News
24 Sep 2021
Cybersecurity leaders back law for critical infrastructure
In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA. Continue Reading
-
Feature
23 Sep 2021
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go. Continue Reading
-
Guest Post
16 Sep 2021
7 tips for building a strong security culture
Cybersecurity isn't just IT's responsibility. Use these seven tips to build a security culture where employees and IT work together to keep their organization safe. Continue Reading
-
Feature
14 Sep 2021
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
-
News
08 Sep 2021
CrowdStrike threat report: Breakout time decreased 67% in 2021
CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service. Continue Reading
-
News
19 Aug 2021
CISA offers ransomware response guidelines to organizations
In its new ransomware prevention and response guide, CISA 'strongly discourages paying a ransom,' citing the potential to embolden threat actors and fund illicit activity. Continue Reading
-
Feature
11 Aug 2021
The differences between open XDR vs. native XDR
With extended detection and response, security teams get improved threat analytics and response capabilities. Here's what they need to know to choose the right type of XDR. Continue Reading
-
News
11 Aug 2021
NortonLifeLock and Avast joining forces in $8 billion merger
The combined company from NortonLifeLock and Avast will be dual-headquartered in Arizona and Prague, and will serve 500 million users, including 40 million direct customers. Continue Reading
-
News
05 Aug 2021
Researchers argue action bias hinders incident response
A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Continue Reading
-
News
05 Aug 2021
CISA director announces 'Joint Cyber Defense Collaborative'
The Joint Cyber Defense Collaborative, or JCDC, is a partnership between the public and private sectors to create and implement comprehensive national cybersecurity plans. Continue Reading
-
Feature
27 Jul 2021
Cybersecurity investments surge in 2021 as VCs go all in
Venture capital firms have flooded the cybersecurity market this year with investment dollars for young startups and established vendors alike. What's behind this surge? Continue Reading
-
News
26 Jul 2021
Gartner: 'Weaponized' operational tech poses grave danger
New research by Gartner analyst Wam Voster warns that while attacks in the IT world can lead to loss of information, attacks in the OT world can lead to loss of life. Continue Reading
-
News
22 Jul 2021
US Senate mulling bill on data breach notifications
The Senate Intelligence Committee introduced a bill that would require federal agencies and companies providing critical infrastructure to report network breaches to DHS. Continue Reading
-
News
22 Jul 2021
Kaseya obtained ransomware decryptor from 'trusted third party'
Kaseya told SearchSecurity that for 'confidentiality reasons' it could only confirm that the ransomware decryptor came from a trusted third party and that it was helping customers. Continue Reading
-
News
20 Jul 2021
DHS unveils second round of new pipeline security requirements
New requirements from DHS for oil and gas pipeline operators include the implementation of 'specific mitigation measures' against cyberthreats, specifically ransomware attacks. Continue Reading
-
News
15 Jul 2021
US government launches 'StopRansomware' site
In the latest initiatives to combat ransomware, the new website provides individuals and organizations with services and tools to help reduce the risk of attacks. Continue Reading
-
News
12 Jul 2021
Microsoft to acquire RiskIQ to combat growing cyberthreats
Microsoft has agreed to purchase threat intelligence vendor RiskIQ to bolster its cloud security offerings and help customers address global cyberthreats. Continue Reading
-
News
08 Jul 2021
Kaseya post-attack VSA deployment delayed until Sunday
Kaseya CEO Fred Voccola said in an early Wednesday video update that the VSA deployment delay was 'probably the hardest decision I've had to make in my career.' Continue Reading
-
Guest Post
08 Jul 2021
5 steps to implement threat modeling for incident response
This five-step process to develop an incident response plan from Rohit Dhamankar of Alert Logic includes threat modeling, which is key to thwarting cyber attacks. Continue Reading
-
News
30 Jun 2021
Alleged creator of Gozi banking Trojan arrested in Colombia
Romanian Mihai Ionut Paunescu, known as 'Virus,' was charged with two other supposed creators of the Gozi malware back in 2012, but Paunescu is the only one not to be extradited. Continue Reading
-
News
21 Jun 2021
Biden proposes critical infrastructure safe zones for hacking
The U.S. wants Russia to agree to make critical infrastructure targets off limits to hacking, but some infosec experts are skeptical such an agreement can be enforced. Continue Reading
-
News
17 Jun 2021
SolarWinds response team recounts early days of attack
During a webcast, members of the SolarWinds incident response team explained how a lucky break with a virtual machine aided their investigation into the historic breach. Continue Reading
-
News
16 Jun 2021
6 suspected Clop ransomware gang members arrested in Ukraine
The impact of the arrests is unknown, as Clop's ransomware leak site remains online after the arrests. The scale of the gang's current operation is also unknown. Continue Reading
-
Guest Post
11 Jun 2021
Top 5 benefits of a new cybersecurity market model
Companies are struggling to identify the cybersecurity technology that would actually be useful for their use cases. It's time for a new market model around efficacy instead. Continue Reading
-
News
10 Jun 2021
JBS USA paid $11M ransom to REvil hackers
Last week JBS USA said the ransomware attack was resolved and all facilities were fully operational, but now the company confirmed it paid a huge ransom. Continue Reading
-
Podcast
10 Jun 2021
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack. Continue Reading
-
News
09 Jun 2021
Mandiant: Compromised Colonial Pipeline password was reused
The Colonial Pipeline VPN password was relatively complex, according to Mandiant CTO Charles Carmakal, and likely would have been difficult for DarkSide threat actors to guess. Continue Reading
-
News
08 Jun 2021
FBI used encrypted Anom app in international crime bust
The FBI secretly ran an encrypted chat network that included 12,000 devices and was widely used by criminal organizations across the globe for various illegal dealings. Continue Reading
-
News
08 Jun 2021
FBI seized Colonial Pipeline ransom using private key
After Colonial Pipeline paid a $4.4 million ransom demand in last month's attack, the DOJ announced the majority of the funds have been retrieved by the FBI. Continue Reading
-
News
07 Jun 2021
DOJ charges alleged Trickbot developer
Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft. Continue Reading
-
Feature
03 Jun 2021
Security observability vs. visibility and monitoring
Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture. Continue Reading
-
News
03 Jun 2021
FireEye and Mandiant part ways in $1.2B deal
FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group. Continue Reading