Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Tip
28 Sep 2023
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
-
Opinion
25 Sep 2023
6 reasons Cisco acquired Splunk
A treasure trove of Cisco and Splunk data, AI and analytics can improve cyber-resilience, accelerate threat detection and response, and enable more intelligent networks. Continue Reading
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
-
News
23 Dec 2021
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
-
Tip
22 Dec 2021
Cybersecurity asset management takes ITAM to the next level
Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
-
Tip
21 Dec 2021
5 ways to automate security testing in DevSecOps
Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading
-
Tip
21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
-
Guest Post
15 Dec 2021
The importance of automated certificate management
Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
-
Guest Post
10 Dec 2021
The business benefits of data compliance
Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
-
Tip
10 Dec 2021
Cybersecurity employee training: How to build a solid plan
Cybersecurity training often misses the mark, while threats continue to grow. Succeed where others have failed by keeping training fresh, current and real. Here's how. Continue Reading
-
Feature
10 Dec 2021
The Bigger Truth: Cybersecurity splurge and who needs 5G?
Commentary on the venture capital cybersecurity splurge, Ericsson's Vonage acquisition and the ESG 2022 Technology Spending Intentions Survey. Steve also asks: Who needs 5G, anyway? Continue Reading
-
News
07 Dec 2021
Google takes action against blockchain-based Glupteba botnet
In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet. Continue Reading
-
Feature
06 Dec 2021
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
-
Tip
06 Dec 2021
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
News
01 Dec 2021
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
-
News
01 Dec 2021
Palo Alto Networks and GTT to launch managed SASE platform
GTT Communications and Palo Alto Networks announced they will partner to offer a managed SASE platform using Prisma Access, Palo Alto's cloud-based security function. Continue Reading
-
Tip
29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
-
Guest Post
23 Nov 2021
How to talk about cybersecurity risks, colloquially
The cybersecurity field is riddled with confusion and complexity. Knowing how to talk about risk and how to manage it is key to building resilience. Continue Reading
-
Tip
22 Nov 2021
Top 5 password hygiene tips and best practices
Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
-
Guest Post
16 Nov 2021
How to create security metrics business leaders care about
Security metrics must be clear, actionable and resonate with business leadership. Learn how to create metrics that business leaders care about and will act upon. Continue Reading
-
Guest Post
16 Nov 2021
3 ways to balance app innovation with app security
New innovations come with an onslaught of risks and vulnerabilities. Use these three concepts to promote innovation, while ensuring web application security. Continue Reading
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
-
News
10 Nov 2021
US targets REvil, DarkSide ransomware with $10M rewards
Infosec experts weigh in on the U.S. government's latest tactic to thwart ransomware operations -- the offering of rewards of up to $10 million for information on operators. Continue Reading
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
-
News
08 Nov 2021
DOJ charges REvil ransomware members, seizes $6.1M
One of the accused cybercriminals, who was directly involved in the ransomware attack on Kaseya earlier this year, was arrested and faces extradition from Poland. Continue Reading
-
Feature
03 Nov 2021
Why chaos engineering testing makes sense for cybersecurity
Using the concept of chaos engineering, teams can determine whether systems perform as intended in time of need. But how does it relate to security? Continue Reading
-
Tip
27 Oct 2021
5 IT security policy best practices
As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
-
News
20 Oct 2021
Chris Krebs weighs in on zero trust, FBI web shell removal
Regarding the FBI action to silently remove web shells from vulnerable Exchange Servers, former CISA director Chris Krebs said he expects to see the action again if appropriate. Continue Reading
-
News
20 Oct 2021
Gartner analysts debate ransomware payments
During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands. Continue Reading
-
Guest Post
20 Oct 2021
5 questions to ask when creating a ransomware recovery plan
These 'five W's of ransomware' will help organizations ask the right questions when creating a ransomware-specific disaster recovery plan. Continue Reading
-
News
18 Oct 2021
FinCEN: 2021 ransomware activity outpaces 2020 in 6 months
The U.S. Treasury's financial crimes bureau has seen a rise in anonymity-enhanced cryptocurrencies like Monero, though Bitcoin remains the most used. Continue Reading
-
News
15 Oct 2021
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year. Continue Reading
-
News
14 Oct 2021
Enterprises ask Washington to step up cyber collaboration
During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats from the federal government. Continue Reading
-
News
11 Oct 2021
Cyber insurance premiums, costs skyrocket as attacks surge
As cyber attacks and losses have increased, so has demand for cyber insurance. But now premiums are reflecting a harsh new reality. Continue Reading
-
News
28 Sep 2021
Ransomware: Has the U.S. reached a tipping point?
The ransomware problem has grown more severe in recent years due to a growing number of attacks against large organizations and the standardization of double-extortion tactics. Continue Reading
-
News
24 Sep 2021
Cybersecurity leaders back law for critical infrastructure
In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA. Continue Reading
-
Feature
23 Sep 2021
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go. Continue Reading
-
Guest Post
16 Sep 2021
7 tips for building a strong security culture
Cybersecurity isn't just IT's responsibility. Use these seven tips to build a security culture where employees and IT work together to keep their organization safe. Continue Reading
-
Feature
14 Sep 2021
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
-
News
08 Sep 2021
CrowdStrike threat report: Breakout time decreased 67% in 2021
CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service. Continue Reading
-
News
19 Aug 2021
CISA offers ransomware response guidelines to organizations
In its new ransomware prevention and response guide, CISA 'strongly discourages paying a ransom,' citing the potential to embolden threat actors and fund illicit activity. Continue Reading
-
Feature
11 Aug 2021
The differences between open XDR vs. native XDR
With extended detection and response, security teams get improved threat analytics and response capabilities. Here's what they need to know to choose the right type of XDR. Continue Reading
-
News
11 Aug 2021
NortonLifeLock and Avast joining forces in $8 billion merger
The combined company from NortonLifeLock and Avast will be dual-headquartered in Arizona and Prague, and will serve 500 million users, including 40 million direct customers. Continue Reading
-
News
05 Aug 2021
Researchers argue action bias hinders incident response
A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Continue Reading
-
News
05 Aug 2021
CISA director announces 'Joint Cyber Defense Collaborative'
The Joint Cyber Defense Collaborative, or JCDC, is a partnership between the public and private sectors to create and implement comprehensive national cybersecurity plans. Continue Reading
-
Feature
27 Jul 2021
Cybersecurity investments surge in 2021 as VCs go all in
Venture capital firms have flooded the cybersecurity market this year with investment dollars for young startups and established vendors alike. What's behind this surge? Continue Reading
-
News
26 Jul 2021
Gartner: 'Weaponized' operational tech poses grave danger
New research by Gartner analyst Wam Voster warns that while attacks in the IT world can lead to loss of information, attacks in the OT world can lead to loss of life. Continue Reading
-
News
22 Jul 2021
US Senate mulling bill on data breach notifications
The Senate Intelligence Committee introduced a bill that would require federal agencies and companies providing critical infrastructure to report network breaches to DHS. Continue Reading
-
News
22 Jul 2021
Kaseya obtained ransomware decryptor from 'trusted third party'
Kaseya told SearchSecurity that for 'confidentiality reasons' it could only confirm that the ransomware decryptor came from a trusted third party and that it was helping customers. Continue Reading
-
News
20 Jul 2021
DHS unveils second round of new pipeline security requirements
New requirements from DHS for oil and gas pipeline operators include the implementation of 'specific mitigation measures' against cyberthreats, specifically ransomware attacks. Continue Reading
-
News
15 Jul 2021
US government launches 'StopRansomware' site
In the latest initiatives to combat ransomware, the new website provides individuals and organizations with services and tools to help reduce the risk of attacks. Continue Reading
-
News
12 Jul 2021
Microsoft to acquire RiskIQ to combat growing cyberthreats
Microsoft has agreed to purchase threat intelligence vendor RiskIQ to bolster its cloud security offerings and help customers address global cyberthreats. Continue Reading
-
News
08 Jul 2021
Kaseya post-attack VSA deployment delayed until Sunday
Kaseya CEO Fred Voccola said in an early Wednesday video update that the VSA deployment delay was 'probably the hardest decision I've had to make in my career.' Continue Reading
-
Guest Post
08 Jul 2021
5 steps to implement threat modeling for incident response
This five-step process to develop an incident response plan from Rohit Dhamankar of Alert Logic includes threat modeling, which is key to thwarting cyber attacks. Continue Reading
-
News
30 Jun 2021
Alleged creator of Gozi banking Trojan arrested in Colombia
Romanian Mihai Ionut Paunescu, known as 'Virus,' was charged with two other supposed creators of the Gozi malware back in 2012, but Paunescu is the only one not to be extradited. Continue Reading
-
News
21 Jun 2021
Biden proposes critical infrastructure safe zones for hacking
The U.S. wants Russia to agree to make critical infrastructure targets off limits to hacking, but some infosec experts are skeptical such an agreement can be enforced. Continue Reading
-
News
17 Jun 2021
SolarWinds response team recounts early days of attack
During a webcast, members of the SolarWinds incident response team explained how a lucky break with a virtual machine aided their investigation into the historic breach. Continue Reading
-
News
16 Jun 2021
6 suspected Clop ransomware gang members arrested in Ukraine
The impact of the arrests is unknown, as Clop's ransomware leak site remains online after the arrests. The scale of the gang's current operation is also unknown. Continue Reading
-
Guest Post
11 Jun 2021
Top 5 benefits of a new cybersecurity market model
Companies are struggling to identify the cybersecurity technology that would actually be useful for their use cases. It's time for a new market model around efficacy instead. Continue Reading
-
News
10 Jun 2021
JBS USA paid $11M ransom to REvil hackers
Last week JBS USA said the ransomware attack was resolved and all facilities were fully operational, but now the company confirmed it paid a huge ransom. Continue Reading
-
Podcast
10 Jun 2021
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack. Continue Reading
-
News
09 Jun 2021
Mandiant: Compromised Colonial Pipeline password was reused
The Colonial Pipeline VPN password was relatively complex, according to Mandiant CTO Charles Carmakal, and likely would have been difficult for DarkSide threat actors to guess. Continue Reading
-
News
08 Jun 2021
FBI used encrypted Anom app in international crime bust
The FBI secretly ran an encrypted chat network that included 12,000 devices and was widely used by criminal organizations across the globe for various illegal dealings. Continue Reading
-
News
08 Jun 2021
FBI seized Colonial Pipeline ransom using private key
After Colonial Pipeline paid a $4.4 million ransom demand in last month's attack, the DOJ announced the majority of the funds have been retrieved by the FBI. Continue Reading
-
News
07 Jun 2021
DOJ charges alleged Trickbot developer
Several of the 19 charges brought against the alleged Trickbot Group developer Alla Witte include bank fraud and aggravated identity theft. Continue Reading
-
Feature
03 Jun 2021
Security observability vs. visibility and monitoring
Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture. Continue Reading
-
News
03 Jun 2021
FireEye and Mandiant part ways in $1.2B deal
FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group. Continue Reading
-
Podcast
01 Jun 2021
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition. Continue Reading
-
Feature
28 May 2021
Inept cybersecurity education and training feed into skills gap
Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap. Continue Reading
-
News
27 May 2021
DHS opens valve on new pipeline security requirements
The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment. Continue Reading
-
News
24 May 2021
Conti ransomware spree draws FBI attention
Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks. Continue Reading
-
News
21 May 2021
Stale sessions, ML poisoning among 2021's top security threats
An all-star security panel at RSA Conference discusses the biggest issues facing companies today and what it thinks will emerge as the top threats in the coming months. Continue Reading
-
Feature
21 May 2021
RSA Conference 2021: 3 hot cybersecurity trends explained
In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE. Continue Reading
-
Feature
20 May 2021
4 ways to handle the cybersecurity skills shortage in 2021
More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how. Continue Reading
-
News
18 May 2021
Neuberger calls for shift in software supply chain security
In an RSA Conference keynote, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said security requires a major "mindset shift." Continue Reading
-
News
18 May 2021
5 ways bad incident response plans can help threat actors
Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks. Continue Reading
-
News
18 May 2021
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days. Continue Reading
-
Feature
17 May 2021
Cyber Defense Matrix makes sense of chaotic security market
The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals. Continue Reading
-
News
13 May 2021
Biden signs executive order to modernize cyberdefenses
Following several high-profile attacks on the federal government, the new executive order seeks to eliminate outdated security practices and improve supply chain security. Continue Reading
-
News
12 May 2021
Cyber insurance firm AXA halts coverage for ransom payments
As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries. Continue Reading
-
News
07 May 2021
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations. Continue Reading
-
Feature
07 May 2021
Despite confusion, zero-trust journey underway for many
Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading
-
Feature
06 May 2021
6 ways to spur cybersecurity board engagement
New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow. Continue Reading
-
Feature
05 May 2021
Buyers must navigate cybersecurity market confusion
Customer confusion in the security market stems from the number of new products designed to deal with a growing number of cyberthreats. Experts look at how to navigate it all. Continue Reading
-
Guest Post
03 May 2021
Cybersecurity contingency planning needs a face-lift
Following the unexpected craziness of 2020, companies need to sit down and revamp their cybersecurity contingency plan to ensure their business continuity. Continue Reading
-
Podcast
30 Apr 2021
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work? Continue Reading
-
Tip
30 Apr 2021
Types of MDR security services: MEDR vs. MNDR vs. MXDR
Organizations considering MDR security services should look into more tightly focused options hitting the market to find the best one for their security program's needs. Continue Reading
-
News
29 Apr 2021
Ransomware Task Force takes aim at cryptocurrencies
The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services. Continue Reading
-
Podcast
15 Apr 2021
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers. Continue Reading
-
News
15 Apr 2021
Applus inspection systems still down following malware attack
Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates. Continue Reading
-
News
14 Apr 2021
FBI removes web shells from infected Exchange servers
The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities. Continue Reading
-
Feature
05 Apr 2021
Can a new DHS cybersecurity strategy help the private sector?
The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated. Continue Reading
-
News
01 Apr 2021
Man indicted in Kansas water facility breach
While the attempted tampering of a Kansas water facility occurred more than two years ago, the Justice Department this week indicted a 22-year-old former employee. Continue Reading
-
News
01 Apr 2021
CISA: U.S. agencies must scan for Exchange Server attacks
CISA has not said whether any federal agencies have been hit by Exchange Server attacks, but the directive requires them to use Microsoft's detection tools to identify threats. Continue Reading
-
News
01 Apr 2021
DHS: Ransomware poses a national security threat
Ransomware is just one threat DHS Secretary Alejandro Mayorkas discusses during an RSA Conference webcast on the cybersecurity challenges facing the U.S. Continue Reading
-
Feature
29 Mar 2021
Ransomware negotiations: An inside look at the process
Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed? Continue Reading
-
News
18 Mar 2021
FBI IC3 report's ransomware numbers are low, experts say
The FBI's Internet Crime Complaint Center reported a massive increase in financial losses from 2020 ransomware attacks, but infosec experts say the problem is worse than statistics say. Continue Reading
-
Feature
17 Mar 2021
Top incident response tools to boost network protection
Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading
-
Guest Post
16 Mar 2021
How attackers counter incident response after a data breach
It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed. Continue Reading
-
News
08 Mar 2021
McAfee sells off enterprise business for $4 billion
Less than six months after its IPO, McAfee has agreed to sell its enterprise business to private equity firm Symphony Technology Group and refocus on consumer cybersecurity. Continue Reading
-
News
01 Mar 2021
Chinese threat group 'RedEcho' targeting Indian power grid
The Chinese nation-state actor's targets include 10 different Indian power sector organizations, but Recorded Future said there's no evidence RedEcho triggered blackouts. Continue Reading