Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Feature
30 May 2023
Vendors: Threat actor taxonomies are confusing but essential
Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
-
Tip
25 May 2023
How to conduct a smart contract audit and why it's needed
Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
-
Feature
14 Sep 2021
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
-
News
08 Sep 2021
CrowdStrike threat report: Breakout time decreased 67% in 2021
CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service. Continue Reading
-
News
19 Aug 2021
CISA offers ransomware response guidelines to organizations
In its new ransomware prevention and response guide, CISA 'strongly discourages paying a ransom,' citing the potential to embolden threat actors and fund illicit activity. Continue Reading
-
Feature
11 Aug 2021
The differences between open XDR vs. native XDR
With extended detection and response, security teams get improved threat analytics and response capabilities. Here's what they need to know to choose the right type of XDR. Continue Reading
-
News
11 Aug 2021
NortonLifeLock and Avast joining forces in $8 billion merger
The combined company from NortonLifeLock and Avast will be dual-headquartered in Arizona and Prague, and will serve 500 million users, including 40 million direct customers. Continue Reading
-
News
05 Aug 2021
Researchers argue action bias hinders incident response
A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Continue Reading
-
News
05 Aug 2021
CISA director announces 'Joint Cyber Defense Collaborative'
The Joint Cyber Defense Collaborative, or JCDC, is a partnership between the public and private sectors to create and implement comprehensive national cybersecurity plans. Continue Reading
-
Feature
27 Jul 2021
Cybersecurity investments surge in 2021 as VCs go all in
Venture capital firms have flooded the cybersecurity market this year with investment dollars for young startups and established vendors alike. What's behind this surge? Continue Reading
-
News
26 Jul 2021
Gartner: 'Weaponized' operational tech poses grave danger
New research by Gartner analyst Wam Voster warns that while attacks in the IT world can lead to loss of information, attacks in the OT world can lead to loss of life. Continue Reading
-
News
22 Jul 2021
US Senate mulling bill on data breach notifications
The Senate Intelligence Committee introduced a bill that would require federal agencies and companies providing critical infrastructure to report network breaches to DHS. Continue Reading
-
News
22 Jul 2021
Kaseya obtained ransomware decryptor from 'trusted third party'
Kaseya told SearchSecurity that for 'confidentiality reasons' it could only confirm that the ransomware decryptor came from a trusted third party and that it was helping customers. Continue Reading
-
News
20 Jul 2021
DHS unveils second round of new pipeline security requirements
New requirements from DHS for oil and gas pipeline operators include the implementation of 'specific mitigation measures' against cyberthreats, specifically ransomware attacks. Continue Reading
-
News
15 Jul 2021
US government launches 'StopRansomware' site
In the latest initiatives to combat ransomware, the new website provides individuals and organizations with services and tools to help reduce the risk of attacks. Continue Reading
-
News
12 Jul 2021
Microsoft to acquire RiskIQ to combat growing cyberthreats
Microsoft has agreed to purchase threat intelligence vendor RiskIQ to bolster its cloud security offerings and help customers address global cyberthreats. Continue Reading
-
News
08 Jul 2021
Kaseya post-attack VSA deployment delayed until Sunday
Kaseya CEO Fred Voccola said in an early Wednesday video update that the VSA deployment delay was 'probably the hardest decision I've had to make in my career.' Continue Reading
-
Guest Post
08 Jul 2021
5 steps to implement threat modeling for incident response
This five-step process to develop an incident response plan from Rohit Dhamankar of Alert Logic includes threat modeling, which is key to thwarting cyber attacks. Continue Reading
-
News
30 Jun 2021
Alleged creator of Gozi banking Trojan arrested in Colombia
Romanian Mihai Ionut Paunescu, known as 'Virus,' was charged with two other supposed creators of the Gozi malware back in 2012, but Paunescu is the only one not to be extradited. Continue Reading
-
News
21 Jun 2021
Biden proposes critical infrastructure safe zones for hacking
The U.S. wants Russia to agree to make critical infrastructure targets off limits to hacking, but some infosec experts are skeptical such an agreement can be enforced. Continue Reading
-
News
17 Jun 2021
SolarWinds response team recounts early days of attack
During a webcast, members of the SolarWinds incident response team explained how a lucky break with a virtual machine aided their investigation into the historic breach. Continue Reading
-
News
16 Jun 2021
6 suspected Clop ransomware gang members arrested in Ukraine
The impact of the arrests is unknown, as Clop's ransomware leak site remains online after the arrests. The scale of the gang's current operation is also unknown. Continue Reading
-
Guest Post
11 Jun 2021
Top 5 benefits of a new cybersecurity market model
Companies are struggling to identify the cybersecurity technology that would actually be useful for their use cases. It's time for a new market model around efficacy instead. Continue Reading
-
News
10 Jun 2021
JBS USA paid $11M ransom to REvil hackers
Last week JBS USA said the ransomware attack was resolved and all facilities were fully operational, but now the company confirmed it paid a huge ransom. Continue Reading
-
Podcast
10 Jun 2021
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack. Continue Reading
-
News
09 Jun 2021
Mandiant: Compromised Colonial Pipeline password was reused
The Colonial Pipeline VPN password was relatively complex, according to Mandiant CTO Charles Carmakal, and likely would have been difficult for DarkSide threat actors to guess. Continue Reading
-
News
08 Jun 2021
FBI used encrypted Anom app in international crime bust
The FBI secretly ran an encrypted chat network that included 12,000 devices and was widely used by criminal organizations across the globe for various illegal dealings. Continue Reading
-
News
08 Jun 2021
FBI seized Colonial Pipeline ransom using private key
After Colonial Pipeline paid a $4.4 million ransom demand in last month's attack, the DOJ announced the majority of the funds have been retrieved by the FBI. Continue Reading
-
News
07 Jun 2021
DOJ charges alleged Trickbot developer
Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft. Continue Reading
-
Feature
03 Jun 2021
Security observability vs. visibility and monitoring
Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture. Continue Reading
-
News
03 Jun 2021
FireEye and Mandiant part ways in $1.2B deal
FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group. Continue Reading
-
Podcast
01 Jun 2021
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition. Continue Reading
-
Feature
28 May 2021
Inept cybersecurity education and training feed into skills gap
Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap. Continue Reading
-
News
27 May 2021
DHS opens valve on new pipeline security requirements
The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment. Continue Reading
-
News
24 May 2021
Conti ransomware spree draws FBI attention
Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks. Continue Reading
-
News
21 May 2021
Stale sessions, ML poisoning among 2021's top security threats
An all-star security panel at RSA Conference discusses the biggest issues facing companies today and what it thinks will emerge as the top threats in the coming months. Continue Reading
-
Feature
21 May 2021
RSA Conference 2021: 3 hot cybersecurity trends explained
In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE. Continue Reading
-
Feature
20 May 2021
4 ways to handle the cybersecurity skills shortage in 2021
More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how. Continue Reading
-
News
18 May 2021
Neuberger calls for shift in software supply chain security
In an RSA Conference keynote, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said security requires a major "mindset shift." Continue Reading
-
News
18 May 2021
5 ways bad incident response plans can help threat actors
Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks. Continue Reading
-
News
18 May 2021
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days. Continue Reading
-
Feature
17 May 2021
Cyber Defense Matrix makes sense of chaotic security market
The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals. Continue Reading
-
News
13 May 2021
Biden signs executive order to modernize cyberdefenses
Following several high-profile attacks on the federal government, the new executive order seeks to eliminate outdated security practices and improve supply chain security. Continue Reading
-
News
12 May 2021
Cyber insurance firm AXA halts coverage for ransom payments
As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries. Continue Reading
-
News
07 May 2021
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations. Continue Reading
-
Feature
07 May 2021
Despite confusion, zero-trust journey underway for many
Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading
-
Feature
06 May 2021
6 ways to spur cybersecurity board engagement
New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow. Continue Reading
-
Feature
05 May 2021
Buyers must navigate cybersecurity market confusion
Customer confusion in the security market stems from the number of new products designed to deal with a growing number of cyberthreats. Experts look at how to navigate it all. Continue Reading
-
Guest Post
03 May 2021
Cybersecurity contingency planning needs a face-lift
Following the unexpected craziness of 2020, companies need to sit down and revamp their cybersecurity contingency plan to ensure their business continuity. Continue Reading
-
Podcast
30 Apr 2021
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work? Continue Reading
-
Tip
30 Apr 2021
Types of MDR security services: MEDR vs. MNDR vs. MXDR
Organizations considering MDR security services should look into more tightly focused options hitting the market to find the best one for their security program's needs. Continue Reading
-
News
29 Apr 2021
Ransomware Task Force takes aim at cryptocurrencies
The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services. Continue Reading
-
Podcast
15 Apr 2021
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers. Continue Reading
-
News
15 Apr 2021
Applus inspection systems still down following malware attack
Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates. Continue Reading
-
News
14 Apr 2021
FBI removes web shells from infected Exchange servers
The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities. Continue Reading
-
Feature
05 Apr 2021
Can a new DHS cybersecurity strategy help the private sector?
The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated. Continue Reading
-
News
01 Apr 2021
Man indicted in Kansas water facility breach
While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee. Continue Reading
-
News
01 Apr 2021
CISA: U.S. agencies must scan for Exchange Server attacks
CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats. Continue Reading
-
News
01 Apr 2021
DHS: Ransomware poses a national security threat
Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S. Continue Reading
-
Feature
29 Mar 2021
Ransomware negotiations: An inside look at the process
Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed? Continue Reading
-
News
18 Mar 2021
FBI IC3 report's ransomware numbers are low, experts say
The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say. Continue Reading
-
Feature
17 Mar 2021
Top incident response tools to boost network protection
Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading
-
Guest Post
16 Mar 2021
How attackers counter incident response after a data breach
It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed. Continue Reading
-
News
08 Mar 2021
McAfee sells off enterprise business for $4 billion
Less than six months after its IPO, McAfee has agreed to sell its enterprise business to private equity firm Symphony Technology Group and refocus on consumer cybersecurity. Continue Reading
-
News
01 Mar 2021
Chinese threat group 'RedEcho' targeting Indian power grid
The Chinese nation-state actor's targets include 10 different Indian power sector organizations, but Recorded Future said there's no evidence RedEcho triggered blackouts. Continue Reading
-
Podcast
26 Feb 2021
Risk & Repeat: Inside the SolarWinds Senate hearing
This week's Senate Intelligence Committee hearing on SolarWinds tackled the attribution case against Russian state-sponsored hackers, as well as questions for AWS. Continue Reading
-
News
24 Feb 2021
Senate hearing: SolarWinds evidence points to Russia
Executives from Microsoft and FireEye said that there was substantial evidence pointing to Russia's role in the SolarWinds attack and no evidence found leading anywhere else. Continue Reading
-
Tip
24 Feb 2021
How to prevent supply chain attacks: Tips for suppliers
Every company, large and small, must assume it is a target in the supply chain. Suppliers should follow these best practices to keep themselves and their customers protected. Continue Reading
-
News
18 Feb 2021
White House: 100 companies compromised in SolarWinds hack
The White House discussed its response to the SolarWinds attacks, which so far have compromised nine federal agencies and approximately 100 private sector companies. Continue Reading
-
News
17 Feb 2021
DOJ indicts additional WannaCry conspirators
The unsealed indictments accuse three individuals of being part of a hacking group, known as APT38 or Lazarus Group, within a North Korean military intelligence agency. Continue Reading
-
Feature
11 Feb 2021
4 tips for aligning security with business objectives
Today's most effective CISOs develop cybersecurity strategies that fit their organizations' risk appetites and support business growth. Learn how they do it. Continue Reading
-
Tip
02 Feb 2021
Top 11 cloud security challenges and how to combat them
Before jumping feet-first into the cloud, understand the new and continuing top cloud security challenges your organization is likely to face -- and how to mitigate them. Continue Reading
-
News
28 Jan 2021
DOJ charges suspect in NetWalker ransomware attacks
The Department of Justice launched a coordinated effort to disrupt the notorious ransomware operation, which has infected healthcare organizations during the COVID-19 pandemic. Continue Reading
-
News
27 Jan 2021
Emotet taken down in global law enforcement operation
Ukraine's National Police said two citizens of Ukraine face up to 12 years in prison for their role in maintaining and operating Emotet, and other suspects have been identified. Continue Reading
-
Tip
25 Jan 2021
Cloud computing forensics techniques for evidence acquisition
With these tools and methodologies, security teams can provide analysts with the critical pieces required to complete a cloud computing forensics investigations puzzle. Continue Reading
-
News
12 Jan 2021
Capitol building breach poses cybersecurity risks
While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices. Continue Reading
-
Feature
08 Jan 2021
2021 IT priorities require security considerations
AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading
-
Tip
06 Jan 2021
10 cybersecurity best practices and tips for businesses
Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
-
News
17 Dec 2020
CISA: SolarWinds backdoor attacks are 'ongoing'
A joint statement from the FBI, CISA and Office of the Director of National Intelligence says the SolarWinds backdoor attacks are 'ongoing' and have comprised federal agencies. Continue Reading
-
News
11 Dec 2020
FBI, CISA warn of growing ransomware attacks on K-12 schools
The FBI and the Cybersecurity and Infrastructure Security Agency warned that cyber attacks targeting K-12 schools are expected to continue through the 2020 - 2021 school year. Continue Reading
-
Guest Post
11 Dec 2020
3 reasons why CISOs should collaborate more with CFOs
C-suite may not always understand ROI of security efforts, which is why Nabil Hannan suggests that CISOs work more closely with CFOs to learn how to best communicate security's value. Continue Reading
-
Tip
11 Dec 2020
Building an effective security operations center framework
An effective security operations center framework combines monitoring and analysis platforms and threat intelligence services to help organizations respond to risks quickly. Continue Reading
-
News
07 Dec 2020
Russian state-sponsored hackers exploit VMware vulnerability
The NSA issued a cybersecurity advisory warning government agencies to mitigate as soon as possible, as the vulnerability was disclosed and patched last week. Continue Reading
-
Feature
04 Dec 2020
7 SecOps roles and responsibilities for the modern enterprise
Now hiring: As organizations increasingly favor proactive cyber threat hunting and detection over bare-bones prevention, SecOps roles and responsibilities are shifting, too. Continue Reading
-
News
01 Dec 2020
Ransomware attack shuts down Baltimore County schools
Ransomware incapacitated Baltimore County Public Schools' network just before Thanksgiving, but the school system said students' Chromebooks and Google accounts were not impacted. Continue Reading
-
Tip
25 Nov 2020
8 benefits of a security operations center
A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. Here are eight SOC benefits to consider. Continue Reading
-
Tip
23 Nov 2020
10 tips for building a next-generation SOC
Check out 10 tips to help build a next-generation security operations center with the integrated tools to free security analysts to get ahead of and respond to threats fast. Continue Reading
-
Tip
20 Nov 2020
Pair cyber insurance, risk mitigation to manage cyber-risk
The role of cyber insurance may come after a breach, but it remains a useful element in an organization's vulnerability management strategy. Continue Reading
-
Tip
20 Nov 2020
Cyber insurance explained, from selection to post-purchase
Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you. Continue Reading
-
Podcast
20 Nov 2020
Risk & Repeat: Christopher Krebs out as CISA director
This week's Risk & Repeat podcast discusses President Trump's firing of CISA Director Christopher Krebs, which was a controversial move in the infosec community. Continue Reading
-
News
19 Nov 2020
White House questions election security; experts do not
A number of infosec experts, election officials and government agencies say Election Day was free from hacking and cyber attacks, but the White House disagrees. Continue Reading
-
News
18 Nov 2020
President Trump fires CISA director Christopher Krebs
President Trump fired Krebs as director of CISA after the agency pushed back on unfounded accusations about widespread voter fraud and voting system hacks during the election. Continue Reading
-
News
11 Nov 2020
Palo Alto Networks buys Expanse for $800 million
Palo Alto Networks continued its acquisition spree with an agreement to purchase San Francisco-based security vendor Expanse, which specializes in attack surface management. Continue Reading
-
Tip
11 Nov 2020
Note these 5 security operations center best practices
Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives. Continue Reading
-
News
09 Nov 2020
CISA: No election hacking, but plenty of misinformation
Election Day in the U.S. occurred with no evidence of cyber attacks or voting machine hacks, but CISA has its hands full with disinformation and conspiracy theories. Continue Reading
-
Feature
04 Nov 2020
Cybersecurity communication key to addressing risk
As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged. Continue Reading
-
Tip
30 Oct 2020
Benefits of virtual SOCs: Enterprise-run vs. fully managed
A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability. Continue Reading
-
Tip
30 Oct 2020
Security automation tools and analytics reshape SecOps efforts
To transition from being reactive to proactive in terms of cybersecurity threats, check out how SecOps teams can use security analytics and automation tools to make the change. Continue Reading
-
Feature
26 Oct 2020
For cybersecurity training, positive reinforcement is best
Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive reinforcement is the best way to get results. Continue Reading
-
News
21 Oct 2020
NSA issues advisory against Chinese state-sponsored hackers
Among the 25 vulnerabilities listed in the NSA advisory, numerous were critical and carried a CVSS score either at or close to 10, the highest possible. Continue Reading
-
Tip
21 Oct 2020
Evaluating SOC automation benefits and limitations
Security operations center automation can help address the security skills gap by scaling critical analyst responsibilities. But an overreliance on AI introduces other risks. Continue Reading
-
News
20 Oct 2020
After a brief pause, Trickbot rebounds from takedown efforts
Attempts to disrupt the notorious Trickbot botnet, most recently through Microsoft's legal takedown, have proven short-lived as ransomware attacks have resumed. Continue Reading