Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Tip
21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
-
News
20 Mar 2023
FBI arrests suspected BreachForums owner in New York
The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
-
Feature
15 May 2019
Women in cybersecurity work to grow voice in US lawmaking
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress. Continue Reading
-
News
10 May 2019
Symantec CEO Greg Clark unexpectedly steps down
Cybersecurity giant Symantec is searching for a new CEO once again after Greg Clark unexpectedly resigned from the vendor after three years at the helm. Continue Reading
-
News
02 May 2019
White Ops: Ad fraud bot activity waning, but threats still loom
A new study from security vendor White Ops shows a decline in digital ad fraud, but the company says the battle against cybercriminals abusing ad platforms is far from over. Continue Reading
-
Feature
01 May 2019
Top cloud security risks that keep experts up at night
Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error. Continue Reading
-
News
22 Apr 2019
Marcus 'MalwareTech' Hutchins pleads guilty to Kronos charges
Marcus 'MalwareTech' Hutchins, known as being an integral player in stopping the WannaCry ransomware outbreak, pleads guilty to conspiring to create and distribute the Kronos banking Trojan. Continue Reading
-
Feature
15 Apr 2019
Challenges and benefits of using the Mitre ATT&CK framework
Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started. Continue Reading
-
Tip
12 Apr 2019
Top 5 reasons for a zero-trust approach to network security
As network perimeters disintegrate and enterprises adopt cloud computing, discover the top reasons organizations are opting for a zero-trust approach to network security. Continue Reading
-
Feature
29 Mar 2019
HPE takes aim at STEM and cybersecurity education, awareness
HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry. Continue Reading
-
Feature
29 Mar 2019
New game provides cybersecurity education for Girl Scouts
A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
-
Tip
28 Mar 2019
Simplify incident response for zero-day vulnerability protection and beyond
Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets. Continue Reading
-
Opinion
26 Mar 2019
2019 RSA Conference bottom line: People are security's strongest asset
People in the security community and beyond are more important and influential than the leading technologies if the talk at the 2019 RSA Conference is any indication. Continue Reading
-
Feature
26 Mar 2019
Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders. Continue Reading
-
Podcast
22 Mar 2019
Risk & Repeat: RSA Conference 2019 in review
This week's 'Risk & Repeat' podcast looks back at RSA Conference and discusses the show's diversity and inclusion efforts as well as the top trends and sessions from the show. Continue Reading
-
News
22 Mar 2019
Chris Wysopal talks blockchain hype and realistic uses
While marketers ride the hype train around blockchain, Chris Wysopal says there are realistic uses for the technology. And there are blockchain risks that need to be considered, as well. Continue Reading
-
Tip
20 Mar 2019
How automated patch management using SOAR can slash risk
Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management. Continue Reading
-
Tip
20 Mar 2019
Automating incident response with security orchestration
Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks. Continue Reading
-
Tip
20 Mar 2019
Plugging the cybersecurity skills gap with security automation
Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder. Continue Reading
-
News
19 Mar 2019
Bobbie Stempfley: Cybersecurity AI has a long way to go
Many cybersecurity vendors have embraced AI and machine learning, but CERT Division's Bobbie Stempfley says more work is needed around testing algorithms and validating results. Continue Reading
-
Tip
06 Mar 2019
How bellwether cybersecurity technologies predict success
Bellwether cybersecurity technologies -- advanced endpoint security, behavioral threat analytics and a trio of cloud-based apps -- are used by successful cybersecurity teams. Find out why. Continue Reading
-
News
22 Feb 2019
Security automation on display in 2019 RSAC Innovation Sandbox
Security automation will be a factor when most innovative startup is chosen at this year's RSAC Innovation Sandbox since almost all finalists use automation to improve security. Continue Reading
-
News
22 Feb 2019
Supply chain cybersecurity is a hot topic for RSAC 2019
Following years of AI climbing the hype wheel at RSA Conference, the topic is no longer one of the most prevalent as supply chain and infrastructure fears take focus at RSAC 2019. Continue Reading
-
Tip
20 Feb 2019
Key steps to put your zero-trust security plan into action
There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
-
News
19 Feb 2019
Palo Alto Networks to acquire SOAR vendor Demisto
Palo Alto Networks announced its plan of acquiring SOAR vendor Demisto for $560 million to accelerate its Application Framework strategy and beef up security operations automation. Continue Reading
-
Feature
01 Feb 2019
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
- 01 Feb 2019
-
Opinion
01 Feb 2019
What a proactive cybersecurity stance means in 2019
Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital. Continue Reading
- 01 Feb 2019
-
Feature
31 Jan 2019
RSAC's diversity and inclusion initiative stresses equality on keynote stage
RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference. Continue Reading
-
Tip
25 Jan 2019
Cybersecurity maturity model lays out four readiness levels
To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches. Continue Reading
-
Podcast
23 Jan 2019
Risk & Repeat: DNC renews election hacking concerns
This week's Risk & Repeat podcast looks at the claims of the Democratic National Committee that Russian hackers tried to breach its network following the midterm elections. Continue Reading
-
Tip
23 Jan 2019
How to defend against malicious IP addresses in the cloud
Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses. Continue Reading
-
News
22 Jan 2019
DerbyCon's Dave Kennedy: The conference 'got too big'
DerbyCon co-founder Dave Kennedy discusses his decision to close down the conference and what he would have done differently. Continue Reading
-
News
18 Jan 2019
This year's DerbyCon conference will be the last
Citing an inability to manage 'negativity, polarization, and disruption' at the conference, DerbyCon organizers unexpectedly announced this year's show will be the last. Continue Reading
-
News
17 Jan 2019
Shutdown of federal security services puts private sector at risk
In addition to putting government agencies at risk, the shutdown has impacted federal security services and resources that the private sector relies on to keep enterprises safe. Continue Reading
-
News
17 Jan 2019
Government cybersecurity at risk as shutdown lingers
As the shutdown continues, experts believe government cybersecurity will become more vulnerable, and government IT staff could leave for the private sector. Continue Reading
-
News
16 Jan 2019
Enterprises betting on SOAR tools to fill security gaps
Security experts sound off on the importance and benefits of automating security, and highlight factors to be considered before implementing SOAR tools. Continue Reading
-
Podcast
16 Jan 2019
Risk & Repeat: Expired certificates loom amid government shutdown
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown. Continue Reading
-
News
11 Jan 2019
Kaspersky Lab aided NSA hacking tools investigation
News roundup: According to a new report from Politico, Kaspersky Lab aided the NSA in catching alleged data thief Harold Martin. Plus, telecoms are selling customer data, and more. Continue Reading
-
News
28 Dec 2018
Government data requests rise, as does Apple's compliance
Apple's latest Transparency Report shows government data requests on the rise around the world, as is Apple's compliance in providing the data being requested by law enforcement. Continue Reading
-
Opinion
27 Dec 2018
How paradigms shifting can alter the goals of attackers and defenders
The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci. Continue Reading
-
News
21 Dec 2018
DOJ indicts two Chinese nationals for APT10 group cyberattacks
The Department of Justice indicted two alleged members of the Chinese state-sponsored hacking group APT10, which hacked managed service providers to steal data from enterprises. Continue Reading
-
News
20 Dec 2018
NASA data breach included employee Social Security numbers
Limited details leave questions surrounding a possible NASA data breach that could have compromised Social Security numbers for current and former employees. Continue Reading
-
News
14 Dec 2018
Initial RSA Conference 2019 keynote lineup released
RSA Conference 2019's diversity and inclusion initiative appears to be paying off, as the initial keynote speaker lineup has equal representation for men and women speakers. Continue Reading
-
Podcast
13 Dec 2018
Risk & Repeat: NRCC breach stokes election security fears
This week's Risk & Repeat podcast looks at the recently disclosed cyberattack on the National Republican Congressional Committee and the questions that remain about it. Continue Reading
-
News
12 Dec 2018
Equifax breach report highlights multiple security failures
An Equifax breach report, based on a government investigation, blamed the incident on multiple security failures and concluded the breach was preventable. Continue Reading
-
Podcast
07 Dec 2018
Risk & Repeat: RSA Conference 2019 eyes diversity improvements
This week's Risk & Repeat podcast looks at RSA Conference's diversity and inclusion initiatives and discusses what they mean for both the event and the infosec industry. Continue Reading
-
Blog Post
30 Nov 2018
Are US hacker indictments more than Justice Theater?
New hacker indictments and U.S.Treasury Department sanctions highlight the disconnect between government action and real world consequences for threat actors. Continue Reading
-
News
30 Nov 2018
RSA Conference launches diversity and inclusion initiative
Following the criticism of the last conference, RSA Conference started a diversity and inclusion initiative that, among many other changes, eliminates all-male panels. Continue Reading
-
News
30 Nov 2018
Spectre v2 mitigation causes significant slowdown on Linux 4.20
News roundup: A Spectre v2 mitigation causes significant performance slowdowns in Linux 4.20. Plus, Dell had to reset user passwords after a data breach, and more. Continue Reading
-
Opinion
30 Nov 2018
Why U.S. election security needs an immediate overhaul
There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen. Continue Reading
-
News
29 Nov 2018
SamSam ransomware actors charged, sanctioned by US government
The FBI indicted two threat actors involved with the SamSam ransomware attacks while the US Treasury sanctioned two others for their role in exchanging Bitcoin earned from attacks. Continue Reading
-
Blog Post
29 Nov 2018
Will cybersecurity safety ever equal air travel safety?
Guaranteeing cybersecurity safety is one of the biggest challenges facing the tech industry, but using aviation safety as a model may help achieve that goal. Continue Reading
-
News
16 Nov 2018
After 2015 OPM data breach, agency failed to update security
News roundup: Three years after the OPM data breach, the agency still hasn't implemented basic security. Plus, seven new Meltdown, Spectre attacks were uncovered, and more. Continue Reading
-
Podcast
08 Nov 2018
Risk & Repeat: MIT CSAIL discusses securing the enterprise
This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec. Continue Reading
-
News
08 Nov 2018
U.S. Cyber Command malware samples to be logged in VirusTotal
The Cyber National Mission Force will share unclassified U.S. Cyber Command malware samples to VirusTotal and one expert hopes there will be more action taken to help researchers. Continue Reading
-
News
06 Nov 2018
Latest Symantec acquisitions target endpoint security
Endpoint security startups Appthority and Javelin Networks are the latest Symantec acquisitions as the cybersecurity giant aims to improve its endpoint protection product. Continue Reading
-
Tip
31 Oct 2018
NIST incident response plan: 4 steps to better incident handling
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step. Continue Reading
-
News
23 Oct 2018
Healthcare.gov breach exposes data on 75,000 people
Malicious actors attacked a back-end insurance system and the resulting Healthcare.gov breach exposed an unknown amount of data on 75,000 people. Continue Reading
-
Answer
22 Oct 2018
What are DMARC records and can they improve email security?
Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson. Continue Reading
-
Podcast
19 Oct 2018
Risk & Repeat: Military cybersecurity scrutinized in GAO report
This week's Risk & Repeat podcast discusses the GAO report on vulnerabilities and weaknesses in modern weapons systems and what they mean for the U.S. military. Continue Reading
-
News
12 Oct 2018
Facebook breach affected 20 million fewer than thought
The recent Facebook breach affected 20 million fewer accounts than was previously thought. The company now says 29 million accounts had data exposed to attackers. Continue Reading
-
News
11 Oct 2018
U.S. weapon systems cybersecurity failing, GAO report says
A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement. Continue Reading
-
Tip
10 Oct 2018
Give your SIEM system a power boost with machine learning
The enterprise SIEM is still essential to IT defenses, but the addition of AI, in the form of machine learning capabilities, gives it even more potential power. Continue Reading
-
News
09 Oct 2018
U.S. government domain officials to start using 2FA
The government domain registrar -- DotGov -- began rolling out two-factor authentication for officials managing .gov domains in order to mitigate against DNS hijacking. Continue Reading
-
News
05 Oct 2018
Compromised Supermicro chips reportedly infiltrated US
News roundup: A Bloomberg report claimed China infiltrated U.S. companies and government agencies through tiny Supermicro chips on motherboards. Plus, a new Telegram flaw and more. Continue Reading
-
Blog Post
01 Oct 2018
FBI, DHS blaming the victims on Remote Desktop Protocol
FBI, DHS call on users to mitigate Remote Desktop Protocol vulnerabilities and handle RDP exploits on their own, even as the "going dark" campaign continues unabated. Continue Reading
-
Opinion
25 Sep 2018
Why a unified local government security program is crucial
When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial. Continue Reading
-
News
21 Sep 2018
White House National Cyber Strategy praised by experts
The new National Cyber Strategy released by the White House details plans for improving cybersecurity and garners positive early reviews from experts for its comprehensiveness. Continue Reading
-
News
21 Sep 2018
Mirai botnet creators avoid jail time after helping the FBI
News roundup: The Mirai botnet creators will not serve time in prison after they worked with the FBI. Plus, the Department of Defense updated its cyber strategy, and more. Continue Reading
-
Podcast
30 Aug 2018
Risk & Repeat: Are the Meltdown and Spectre flaws overhyped?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug. Continue Reading
-
News
30 Aug 2018
Congress wants CVE program changes from DHS and MITRE
In a letter to DHS and MITRE, Congress said CVE program management has been 'insufficient' and called for the program to receive more consistent funding and additional oversight. Continue Reading
-
Feature
28 Aug 2018
Diversity at cybersecurity conferences is too important to ignore
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage. Continue Reading
-
Feature
24 Aug 2018
Innovation Women founder strives to close gender gap at conferences
Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers. Continue Reading
-
News
24 Aug 2018
NSA leaker Reality Winner sentenced to five years in jail
NSA leaker Reality Winner sentenced to 63 months in prison for releasing classified documents detailing an attack by the Russian military against U.S. election systems. Continue Reading
-
News
23 Aug 2018
AI bias and data stewardship are the next ethical concerns for infosec
AI bias and the need for data stewardship to prevent issues surrounding the trend of hoarding data are the next big ethical concerns for infosec, according to Laura Norén. Continue Reading
-
Podcast
23 Aug 2018
Risk & Repeat: Meltdown and Spectre disclosure in review
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new insights -- and questions -- regarding the coordinated disclosure effort for Meltdown and Spectre. Continue Reading
-
Blog Post
17 Aug 2018
DHS cybersecurity rhetoric offers contradictions at DEF CON
The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ... Continue Reading
-
News
14 Aug 2018
Amanda Rousseau talks about computer forensics investigations
Amanda Rousseau, aka Malware Unicorn, discusses her time in computer forensics investigations with the DoD, as well as the joys of reverse engineering malware encryption by hand. Continue Reading
-
News
13 Aug 2018
Lessons learned from Meltdown and Spectre disclosure process
During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre. Continue Reading
-
News
09 Aug 2018
Irregularities discovered in WinVote voting machines
At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections. Continue Reading
-
Podcast
09 Aug 2018
Risk & Repeat: Can Disclose.io help protect vulnerability researchers?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Disclose.io project and what it could mean for the future of security research and vulnerability disclosure. Continue Reading
-
News
09 Aug 2018
Meltdown and Spectre disclosure suffered "extraordinary miscommunication"
During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process. Continue Reading
-
News
03 Aug 2018
Disclose.io launches vulnerability disclosure 'safe harbor'
News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more. Continue Reading
-
News
02 Aug 2018
Black Hat 2018 survey: Cybersecurity staffing, budgets still lacking
According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats. Continue Reading
-
Opinion
01 Aug 2018
Why third-party access to data may come at a price
Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners. Continue Reading
-
Feature
31 Jul 2018
Women in cybersecurity: How to make conferences more diverse
The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap. Continue Reading
-
News
31 Jul 2018
U.S. government making progress on DMARC implementation
The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place. Continue Reading
- 27 Jul 2018
-
News
27 Jul 2018
Senator wants government to stop Adobe Flash use
Senator Ron Wyden wrote a letter to multiple government agencies advocating that the entire U.S. government stop Adobe Flash use on all systems due to security risks. Continue Reading
-
Podcast
19 Jul 2018
Risk & Repeat: Closing the gender gap at cybersecurity conferences
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the under-representation of women at cybersecurity conferences and how it affects the infosec industry. Continue Reading
-
Blog Post
17 Jul 2018
Is the new California privacy law a domestic GDPR?
The difference between data privacy protections afforded to European Union residents and people in the U.S. is more sharply highlighted now that the EU's General Data Protection Regulation has ... Continue Reading
-
Feature
17 Jul 2018
Accenture's Justin Harvey explains why cyber attribution isn't important
Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution. Continue Reading
-
Tip
16 Jul 2018
Fine-tuning incident response automation for optimal results
Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more. Continue Reading
-
Tip
16 Jul 2018
How to integrate an incident response service provider
Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits. Continue Reading
-
Podcast
29 Jun 2018
Risk & Repeat: U.S. government eyes offensive cyberattacks
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the risks of the U.S. Cyber Command engaging in offensive cyberattacks against foreign adversaries. Continue Reading
-
Feature
25 Jun 2018
Accenture's Tammy Moskites on the cybersecurity gender gap
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it. Continue Reading
-
News
21 Jun 2018
Accused CIA leaker charged with stealing government property
The DOJ has officially charged the accused CIA leaker, Joshua Schulte, with theft of government property and gathering national defense information in the Vault 7 case. Continue Reading
-
Podcast
21 Jun 2018
Risk & Repeat: New election security bill introduced
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Protecting American Votes and Elections Act of 2018, which requires paper ballots and audits. Continue Reading
-
News
20 Jun 2018
Constant offensive cyberattacks approved by Pentagon
The Pentagon reportedly approved the use of offensive cyberattacks by the U.S. Cyber Command, and one expert said enterprises should be ready to handle the 'return fire.' Continue Reading
-
Feature
18 Jun 2018
Accenture's Tammy Moskites explains how the CISO position is changing
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
