Security operations and management

Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.

Top Stories

Conference Coverage 16 May 2025
RSAC Conference 2025

Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 01 May 2025
RSAC 2025: The time for crypto-agility adoption is now

An RSAC 2025 speaker explained why companies should begin their quantum-safe journey now and how crypto-agility adoption helps prepare for post-quantum cryptography. Continue Reading
By
- Kyle Johnson, Technology Editor

Tip 14 Sep 2023
How CIOs can build cybersecurity teamwork across leadership

Cross-departmental relationships are key to long-term business success. Discover why CIOs must focus on teamwork with these three C-suite roles for highly effective cybersecurity. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 13 Sep 2023
Meet MLSecOps: Industry calls for new measures to secure AI

Open source security, already in the software supply chain spotlight, must expand to include AI models, according to the OpenSSF and DevSecOps vendor JFrog. Continue Reading
By
- Beth Pariseau, Senior News Writer
Podcast 12 Sep 2023
Risk & Repeat: Big questions remain on Storm-0558 attacks

Microsoft revealed that Storm-0558 threat actors stole a consumer signing key from its corporate network, but many questions about the breach and subsequent attacks remain. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 06 Sep 2023
Cut through cybersecurity vendor hype with these 6 tips

Cybersecurity vendor hype can make purchasing decisions difficult. When considering a new product or service, think critically about whether it would truly add business value. Continue Reading
By
- Jerald Murphy, Nemertes Research
Definition 31 Aug 2023
IT controls

An IT control is a procedure or policy that provides a reasonable assurance that the information technology (IT) used by an organization operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations. Continue Reading
By
- Paul Kirvan
Podcast 30 Aug 2023
Risk & Repeat: Digging into Microsoft security criticisms

Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices, including patch bypasses, poor transparency and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Aug 2023
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security

CrowdStrike's Elia Zaitsev discusses the rise in credential-based attacks, as well as the common errors organizations make in the cloud that often lead to breaches. Continue Reading
By
- Rob Wright, Senior News Director
Definition 29 Aug 2023
critical infrastructure

Critical infrastructure is the collection of systems, networks and public works that a government considers essential to its functioning and safety of its citizens. Continue Reading
By
- Gavin Wright
Definition 28 Aug 2023
ISACA

ISACA is an independent, nonprofit, global association that engages in the development, adoption and use of globally accepted information system (IS) knowledge and practices. Continue Reading
By
- Paul Kirvan
Tip 28 Aug 2023
Enterprise dark web monitoring: Why it's worth the investment

Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets. Continue Reading
By
- Ed Moyle, SecurityCurve
News 24 Aug 2023
VMware, Cisco prep generative AI for SecOps

Generative AI has the potential to go beyond identifying anomalies in known data to create new information, such as incident summaries or security policies -- as well as new risks. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 22 Aug 2023
VMware revamps cloud software for edge management

VMware's new Edge Cloud Orchestrator, formerly VMware SASE Orchestrator, manages VMware's edge compute and SD-WAN systems. Carmaker Audi plans to use the product in its factories. Continue Reading
By
- Antone Gonsalves, Editor at Large
News 21 Aug 2023
Vendors criticize Microsoft for repeated security failings

Microsoft is facing frustration for numerous security issues, including problematic transparency, numerous patch bypasses and inconsistent communication practices. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 16 Aug 2023
How to use dynamic reverse engineering for embedded devices

In this excerpt from 'Practical Hardware Pentesting,' read step-by-step instructions on how to find vulnerabilities on IoT devices using dynamic reverse engineering. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
News 10 Aug 2023
CISA shares 'secure by design' plan for US tech ecosystem

The cyber agency plans to establish secure-by-design principles through internal and external communications, data collection and education for the next generation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Aug 2023
Kemba Walden: We need to secure open source software

During her Black Hat USA 2023 keynote, the acting national cyber director said the White House wants to develop realistic policies to improve the security of open source software. Continue Reading
By
- Rob Wright, Senior News Director
News 09 Aug 2023
Coalition looks to bridge gap between CISOs, cyber insurance

While carriers and CISOs agree cyber insurance has contributed to better security postures, Coalition said the relationship needs to stronger as threat evolve and intensify. Continue Reading
By
- Arielle Waldman, News Writer
News 07 Aug 2023
Google to discuss LLM benefits for threat intelligence programs

Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 04 Aug 2023
8 vulnerability management tools to consider in 2023

Vulnerability management tools help organizations identify and remediate system and application weaknesses and more. Choose your tool -- or tools -- carefully. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 03 Aug 2023
policy engine

A policy engine is a software component that allows an organization to create, monitor and enforce rules about how network resources and the organization's data can be accessed. Continue Reading
By
- Robert Sheldon
Opinion 26 Jul 2023
Security hygiene and posture management: A work in progress

Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Feature 20 Jul 2023
Enterprise communication security a growing risk, priority

Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools. Continue Reading
By
- Craig Stedman, Industry Editor
News 19 Jul 2023
Microsoft to expand free cloud logging following recent hacks

Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
By
- Rob Wright, Senior News Director
News 18 Jul 2023
Splunk AI update adds specialized models for SecOps tasks

Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 14 Jul 2023
Rein in cybersecurity tool sprawl with a portfolio approach

Market consolidation can counterintuitively exacerbate cybersecurity tool sprawl, with many products offering overlapping features. A portfolio approach brings clarity to chaos. Continue Reading
By
- Jerald Murphy, Nemertes Research
Feature 10 Jul 2023
How to map security gaps to the Mitre ATT&CK framework

Mapping security gaps to the Mitre ATT&CK framework enables SOC teams to prioritize, remediate and eliminate vulnerabilities before malicious actors exploit them. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 10 Jul 2023
Get started: Threat modeling with the Mitre ATT&CK framework

The Mitre ATT&CK framework may seem daunting at first, but it is a key tool that helps SOC teams conduct threat modeling. Learn how to get started. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 29 Jun 2023
Cued by breach postmortems, fintech refines zero trust

In a quest to continuously improve, Mercury's security leader takes inspiration from other companies' lessons learned, then updates tools and practices accordingly. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 27 Jun 2023
HashiCorp Vault to expand in DevSecOps with BluBracket buy

HashiCorp expands Vault's focus to include DevSecOps with the acquisition of a secrets scanning startup, setting the stage for a potential showdown with Microsoft and GitHub. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 23 Jun 2023
Top 10 threat modeling tools, plus features to look for

Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading
By
- Paul Kirvan
Opinion 21 Jun 2023
How AI benefits network detection and response

Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 15 Jun 2023
CISA SBOM standards efforts stymied by confusion, inertia

Efforts to establish SBOM standards and guidance have progressed, but unanswered questions persist -- including how the federal government plans to enforce its own requirements. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 15 Jun 2023
Risk assessment vs. threat modeling: What's the difference?

Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data. Continue Reading
By
- Michael Cobb
Tip 14 Jun 2023
How to calculate cybersecurity ROI with concrete metrics

Calculating and communicating cybersecurity ROI can help persuade top management to invest. Here's how to use meaningful, concrete metrics. Continue Reading
By
- Jerald Murphy, Nemertes Research
Opinion 14 Jun 2023
Cisco releases new security offerings at Cisco Live 2023

At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 08 Jun 2023
How to secure blockchain: 10 best practices

Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 07 Jun 2023
6 blockchain use cases for cybersecurity

Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Tip 07 Jun 2023
Top blockchain attacks, hacks and security issues explained

Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Feature 30 May 2023
Vendors: Threat actor taxonomies are confusing but essential

Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 25 May 2023
How to conduct a smart contract audit and why it's needed

Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
By
- Paul Kirvan
Opinion 16 May 2023
Closing the book on RSA Conference 2023

AI, cloud security, SOC modernization and security hygiene and posture management were all hot topics at RSAC in San Francisco this year. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 16 May 2023
How to build a better vulnerability management program

With a vulnerability management program in place, your organization is better equipped to identify and mitigate security vulnerabilities in people, processes and technologies. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 10 May 2023
CISOs face mounting pressures, expectations post-pandemic

Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 10 May 2023
5 SBOM tools to start securing the software supply chain

Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
By
- Ravi Das, ML Tech Inc.
Feature 03 May 2023
Studies show ransomware has already caused patient deaths

No patient deaths have been definitively attributed to cyber attacks on hospitals, but some infosec experts say that statistical evidence shows a different, grim reality. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 01 May 2023
Stay ahead of threats with DevOps security best practices

Unsure where to start when it comes to securing your DevOps environment? Taking these five actions can strengthen your organization's defenses against cyber attacks. Continue Reading
By
- Nihad Hassan
News 28 Apr 2023
ChatGPT uses for cybersecurity continue to ramp up

The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 25 Apr 2023
RSAC speaker offers ransomware victims unconventional advice

Triton Tech Consulting CEO Brandon Clark advised organizations to set aside the stigma of 'negotiating with terrorists' when deciding whether to pay a ransomware gang. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 25 Apr 2023
DOJ's Monaco addresses 'misperception' of Joe Sullivan case

In her RSA Conference keynote, Deputy Attorney General Lisa Monaco was asked if the prosecution of former Uber CSO Joe Sullivan damaged trust with the private sector. Continue Reading
By
- Rob Wright, Senior News Director
News 24 Apr 2023
IBM launches AI-powered security offering QRadar Suite

IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Apr 2023
DC Health Link breach caused by misconfigured server

Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 19 Apr 2023
How to prepare for a cybersecurity audit

Organizations should conduct regular cybersecurity audits to determine if their networks and other assets are properly protected, as well as if they meet compliance mandates. Continue Reading
By
- Paul Kirvan
Tip 19 Apr 2023
Generative AI in SecOps and how to prepare

Generative AI assistants could be game changers in the SOC -- but not if SecOps teams haven't prepared for them. Here's how to get ready. Continue Reading
By
- John Burke, Nemertes Research
Feature 18 Apr 2023
How to use the Apple Rapid Security Response updates

Typical Apple OS updates are large and infrequent, but the Rapid Security Response feature helps admins keep Apple devices patched without performing full OS updates. Continue Reading
By
- Brien Posey
Guest Post 18 Apr 2023
Standardized data collection methods can help fight cybercrime

Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers. Continue Reading
By
- Juan Vargas
Tip 17 Apr 2023
How to build a cybersecurity deception program

In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tutorial 13 Apr 2023
How to use the John the Ripper password cracker

Password crackers are essential tools in any pen tester's toolbox. This step-by-step tutorial explains how to use John the Ripper, an open source offline password-cracking tool. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 13 Apr 2023
Key Apple-native macOS security features for administrators

There are lots of universal security controls that can apply to any type of desktops, but IT teams need to look at the specific features native to desktops such as macOS. Continue Reading
By
- Robert Sheldon
Tutorial 12 Apr 2023
How to create fine-grained password policy in AD

Fine-grained password policies are a simple and effective way of ensuring password settings meet business requirements. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Tutorial 12 Apr 2023
How to enable Active Directory fine-grained password policies

Specifying multiple password policies customized to specific account types adds another layer to an organization's security posture. Using PSOs instead of Group Policy can help. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Opinion 11 Apr 2023
10 hot topics to look for at RSA Conference 2023

RSA Conference 2023 promises another exciting year of cybersecurity discussions and hyperbole. Enterprise Strategy Group's Jon Oltsik shares what he hopes to see at the show. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Answer 07 Apr 2023
Defining policy vs. standard vs. procedure vs. control

Infosec pros may have -- incorrectly -- heard the terms 'standard' and 'policy' used interchangeably. Examine the differences among a policy, standard, procedure and technical control. Continue Reading
By
- Katie Donegan, Social Media Manager
Definition 05 Apr 2023
deprovisioning

Deprovisioning is the part of the employee lifecycle in which access rights to software and network services are taken away. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Feature 05 Apr 2023
ICS kill chain: Adapting the cyber kill chain to ICS environments

As IT/OT convergence continues to gain traction, industrial control system security cannot be ignored. Performing pen tests based on the ICS Kill Chain can help. Continue Reading
By
- Sharon Shea, Executive Editor
- Packt Publishing
Feature 05 Apr 2023
An intro to the IDMZ, the demilitarized zone for ICSes

Setting up an IDMZ -- a demilitarized zone between enterprise and industrial networks -- can prevent operational environments from becoming compromised by IT threats. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 05 Apr 2023
Reinforce industrial control system security with ICS monitoring

Monitoring an industrial control system environment isn't that different from monitoring a traditional IT environment, but there are some considerations to keep in mind. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 03 Apr 2023
Why medical device vulnerabilities are hard to prioritize

Vulnerabilities in critical medical devices could lead to loss of life. But opinions are mixed on how serious the risk is to patient safety and how best to address the flaws. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Tip 29 Mar 2023
Vulnerability management vs. risk management, compared

Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By
- Ravi Das, ML Tech Inc.
Definition 24 Mar 2023
three-factor authentication (3FA)

Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 23 Mar 2023
cyber espionage

Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government entity. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Tip 21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise

As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 20 Mar 2023
FBI arrests suspected BreachForums owner in New York

The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
By
- Alexander Culafi, Senior News Writer
Guest Post 15 Mar 2023
6 principles for building engaged security governance

Security governance isn't enough. Enter engaged security governance -- an ongoing process that aligns business strategy with security across an organization. Continue Reading
By
- Steve Durbin
News 15 Mar 2023
Dell launches new security offerings for data protection, MDR

Dell's new and expansive services focus on top security challenges enterprises face, such as data protection, ransomware recovery and supply chain threats. Continue Reading
By
- Arielle Waldman, News Writer
Definition 14 Mar 2023
information security (infosec)

Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information. Continue Reading
By
- Kinza Yasar, Technical Writer
- Gavin Wright
- Taina Teravainen
Tip 13 Mar 2023
Is cybersecurity recession-proof?

No field is totally immune to economic downturns, but flexible, practical and prepared cybersecurity professionals should be able to weather any upcoming storms. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 09 Mar 2023
VulnCheck: CISA's KEV missing 42 vulnerabilities from 2022

VulnCheck said CISA's Known Exploited Vulnerabilities catalog 'cannot be treated as the authoritative catalog of exploited vulnerabilities' in its current state. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Mar 2023
White House cybersecurity plan collides with SecOps reality

The White House Cybersecurity Strategy sets lofty goals. But recent market research suggests a significant number of enterprises don't follow existing SecOps best practices. Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 07 Mar 2023
Research examines security operations proficiency issues

Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least proficient. Learn where and how to fix it. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 02 Mar 2023
New National Cybersecurity Strategy takes aim at ransomware

The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 23 Feb 2023
Inside the PEIR purple teaming model

Want to try purple team exercises but aren't sure how to do so? Try the 'Prepare, Execute, Identify and Remediate' purple teaming model. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 23 Feb 2023
Understanding purple teaming benefits and challenges

Blue teams and red teams are coming together to form purple teams to improve their organization's security posture. What does this mean for the rivals? And how does it work? Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 16 Feb 2023
E-Sign Act (Electronic Signatures in Global and National Commerce Act)

The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Tip 16 Feb 2023
Web 3.0 security risks: What you need to know

Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 09 Feb 2023
digital footprint

A digital footprint -- sometimes called a digital shadow -- is the body of data that an individual creates through their actions online. Continue Reading
By
- Ben Lutkevich, Site Editor
- Ivy Wigmore
Tip 06 Feb 2023
What to keep in mind when securing virtual environments

Virtual environments can contain numerous vulnerabilities for attackers to exploit -- with potentially devastating results. Use these tips to select security tools and strategies. Continue Reading
By
- Brian Kirsch, Milwaukee Area Technical College
Tutorial 01 Feb 2023
How to use BeEF, the Browser Exploitation Framework

The open source BeEF pen testing tool can be used by red and blue teams alike to hook web browsers and use them as beachheads to launch further attacks. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 31 Jan 2023
What cybersecurity consolidation means for enterprises

Experts predict cybersecurity consolidation will increase in the months and years ahead. Security leaders should consider what that means for their purchasing strategies. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 25 Jan 2023
OpenSSF GM talks funding, legal software supply chain issues

The OpenSSF leader lays out plans fund open source software supply chain security in a slowing economy and to speak out against the EU's Cyber Resilience Act. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 25 Jan 2023
How cyber deception technology strengthens enterprise security

They say the best defense is a good offense. Cyber deception puts that philosophy into practice in the enterprise, using a combination of technology and social engineering. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 17 Jan 2023
CircleCI incident adds to SecOps toil

SaaS CI/CD vendor CircleCI urged customers to rotate all secrets data, the latest of several security breaches weighing on SecOps pros charged with responding. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 16 Jan 2023
Judge dismisses Chris Hadnagy lawsuit against DEF CON

DEF CON said it wasn't the only infosec conference to receive code-of-conduct complaints about Chris Hadnagy, claiming Black Hat USA removed him from its review board. Continue Reading
By
- Rob Wright, Senior News Director
Podcast 10 Jan 2023
Risk & Repeat: Analyzing the Rackspace ransomware attack

This Risk & Repeat podcast episode discusses new details of the Rackspace ransomware attack, as well as the questions remaining following the company's final status update. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 05 Jan 2023
How to configure Windows privacy settings with Intune

To personalize UX, Windows devices aren't shy about collecting user data. This isn't ideal for enterprise security. Discover how to lock down privacy settings with Intune. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Podcast 21 Dec 2022
Risk & Repeat: OT security progress, threats in 2022

This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and an ever-evolving threat landscape. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Dec 2022
The state of OT security: A rapidly evolving landscape

Security experts weigh in on how the OT security landscape has evolved over the last decade, and where it could be going next as threats continue to mount. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 19 Dec 2022
11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
By
- Kyle Johnson, Technology Editor
News 02 Dec 2022
Experts argue 'sludge' could muck up cyber attacks

Network defenders can supplement their security postures with additional settings and policies that frustrate and discourage attackers, according to a new research paper. Continue Reading
By
- Shaun Nichols
Opinion 02 Dec 2022
XDR definitions don't matter, outcomes do

Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 01 Dec 2022
Mozilla, Microsoft drop Trustcor as root certificate authority

Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware. Continue Reading
By
- Rob Wright, Senior News Director