Advertise

Analytics //

Security Monitoring

News & Commentary

6 Steps for Applying Data Science to Security

Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.

By Steve Zurier Freelance Writer, 5/23/2018

0 comments | Read | Post a Comment

New Survey Shows Hybrid Cloud Confidence

Quick Hits

Executives are mostly confident in their hybrid cloud security, according to the results of a new survey.

By Dark Reading Staff , 4/23/2018

0 comments | Read | Post a Comment

How Measuring Security for Risk & ROI Can Empower CISOs

Vikram Phatak, Chief Executive Officer of NSS Labs

Commentary

For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?

By Vikram Phatak Chief Executive Officer of NSS Labs, 3/28/2018

1 Comment | Read | Post a Comment

Latest Comment: AnnaEverson, Thanks a lot for such incredible article) I think it is really usefull...

The Containerization of Artificial Intelligence

Hamid Karimi, VP of Business Development at Beyond Security

Commentary

AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.

By Hamid Karimi VP of Business Development at Beyond Security, 3/16/2018

1 Comment | Read | Post a Comment

Latest Comment: AnnaEverson, You need more example - nothing to analyse(

Critical Start to Buy Advanced Threat Analytics

Quick Hits

Firms previously had teamed up in SOC services.

By Dark Reading Staff , 3/15/2018

1 Comment | Read | Post a Comment

Latest Comment: AnnaEverson, What is that for ?

Security Worries? Let Policies Automate the Right Thing

Commentary

By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.

By John De Santis CEO, HyTrust, 12/20/2017

7 comments | Read | Post a Comment

Latest Comment: JohnTMoran, That's the key though; the goal of automation should be to support people,...

Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence

Adam Meyers, VP of Intelligence, CrowdStrike

Commentary

CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.

By Adam Meyers VP of Intelligence, CrowdStrike, 12/19/2017

1 Comment | Read | Post a Comment

Latest Comment: DoothCom, So what would the learning curve look like for older companies adjusting...

Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps

Commentary

By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.

By Justin Monti CTO, MKACyber, 12/5/2017

0 comments | Read | Post a Comment

The Looming War of Good AI vs. Bad AI

Derek Manky, Global Security Strategist, Fortinet

Commentary

The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.

By Derek Manky Global Security Strategist, Fortinet, 11/28/2017

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, First thought - Glinda to Dorothy "Are you a good AI or a bad AI?" I'm...

121 Pieces of Malware Flagged on NSA Employee's Home Computer

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/16/2017

6 comments | Read | Post a Comment

Latest Comment: DavidLycope, Is this a joke ? how can you be so greedy ? 9.95$ huh

Death of the Tier 1 SOC Analyst

News

Say goodbye to the entry-level security operations center (SOC) analyst as we know it.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/16/2017

3 comments | Read | Post a Comment

Latest Comment: rkjensrud, Very informative and you make some great points!

Deception Technology: Prevention Reimagined

Ofer Israeli, CEO & Founder, Illusive Networks

Commentary

How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.

By Ofer Israeli CEO & Founder, Illusive Networks, 11/15/2017

1 Comment | Read | Post a Comment

Latest Comment: Oliver.Rochford, Deception is definitely coming of age. I have long been a proponent of using...

Siemens Teams Up with Tenable

News

ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/8/2017

0 comments | Read | Post a Comment

Advanced Analytics + Frictionless Security: What CISOS Need to Know

Commentary

Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.

By Saryu Nayyar CEO, Gurucul, 10/25/2017

0 comments | Read | Post a Comment

Unstructured Data: The Threat You Cannot See

Charles Fullwood, Software Practice Director at Force 3

Commentary

Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.

By Charles Fullwood Software Practice Director at Force 3, 10/10/2017

0 comments | Read | Post a Comment

How to Live by the Code of Good Bots

Ido Safruti, Founder and CTO at PerimeterX

Commentary

Following these four tenets will show the world that your bot means no harm.

By Ido Safruti Founder and CTO at PerimeterX, 9/27/2017

0 comments | Read | Post a Comment

7 SIEM Situations That Can Sack Security Teams

SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.

By Dawn Kawamoto Associate Editor, Dark Reading, 9/27/2017

2 comments | Read | Post a Comment

Latest Comment: donnaksmith, Covers everything that I've run into!

Security Orchestration & Automation: Parsing the Options

Commentary

Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.

By Dario Forte CEO, DFLabs, 9/15/2017

1 Comment | Read | Post a Comment

Latest Comment: kevinluther111, Your blog inspires me every time when I read it. I love reading blogs. I don't...

What CISOs Need to Know about the Psychology behind Security Analysis

Kumar Saurabh, CEO and co-founder of LogicHub

Commentary

Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.

By Kumar Saurabh CEO and co-founder of LogicHub, 8/14/2017

1 Comment | Read | Post a Comment

Latest Comment: Mariasalvy, Make the link between psychology and analytics is a good thing, it can explain...

Using AI to Break Detection Models

Ericka Chickowski, Contributing Writer, Dark Reading

News

Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/25/2017

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by AnnaEverson

What is that for ?

In reply to: What is that for?
Post Your Own Reply

Posted by AnnaEverson

You need more example - nothing to analyse(

In reply to: Analys
Post Your Own Reply

Posted by AnnaEverson

Thanks a lot for such incredible article) I think it is really usefull and suitable as for me

In reply to: Interesting
Post Your Own Reply

Posted by mwatson1920

Mike Anders...I just saw this comment of yours from 3 years ago. Amazing still just as relevant and elusive today. I am a Cyber Intel instructor, may I use your "Cyber intel...more than the sum of all threat...

In reply to: Re: Cyber Intelligence and knowing what you know!
Post Your Own Reply

Posted by rkjensrud

Very informative and you make some great points!

In reply to: Re: reply
Post Your Own Reply

Posted by antivirussupport12

For better protection from Spyware, malware, and Virus, you can use Panda Antivirus which provide best Panda Customer Service to their user.

In reply to: Re: Feshop2017 Criminal Hackers, Carders forums, Dumps and Fullz CVV, and Identity Theft
Post Your Own Reply

Posted by Ashely

This is an area that requries added attention and has been noted it is on the rise with increased progress in technology. It has called for added attention and re-assessment of strategies by most lawyers near me. We need...

In reply to: Re: Change in the Horizon - www.lawyersoflasvegas.com
Post Your Own Reply

Posted by JohnTMoran

That's the key though; the goal of automation should be to support people, not to replace them. When the goal is to replace them, you are almost always setting yourself up for failure.

In reply to: Re: People are weakest link
Post Your Own Reply

Posted by deua16eex

lbert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient...

In reply to: Feshop2017 Criminal Hackers, Carders forums, Dumps and Fullz CVV, and Identity Theft
Post Your Own Reply

Posted by JohnGiordani

The reality is that very few IT administrators have an accurate picture of what is actually happening in the network and do not have automated tools that can quickly identify, interpret and act on threats. Network visibility...

In reply to: Visibility tools
Post Your Own Reply

Posted by DoothCom

So what would the learning curve look like for older companies adjusting to this CTI campaign? Would it be possible or is this all a young company game now?

In reply to: Threat Intelligence
Post Your Own Reply

Posted by REISEN1955

First thought - Glinda to Dorothy "Are you a good AI or a bad AI?" I'm just a girl. Glinda points down to Toto "Well is that an AI?" (Toto is probably smarter than anybody by this poin...

In reply to: I could not resist - again
Post Your Own Reply

More Conversations

Products & Releases

Tripwire Debuts Cybersecurity Suite for Protecting Industrial Control Systems (ICS)

Respond Software Powers Self-Driving SOC

Exabeam Secures $30 Million in Series C Funding to Disrupt SIEM market

Thycotic Acquires Cyber Algorithms

FireMon Welcomes New President & CEO, Satin H. Mirchandani

LogRhythm Closes $50 Million Financing to Extend Global Leadership in Security Intelligence and Analytics

PacketSled Secures $5M in Series A Financing

EventTracker Adds Unlimited Acquisition Model for Log Manager

More Products & Releases

Hot Topics

Editors' Choice

New Mexico Man Sentenced on DDoS, Gun Charges

Dark Reading Staff 5/18/2018

'Roaming Mantis' Android Malware Evolves, Expands Targets

Dark Reading Staff 5/21/2018

Google to Delete 'Secure' Label from HTTPS Sites

Kelly Sheridan, Staff Editor, Dark Reading, 5/21/2018

Webinars

Improving Enterprise Authentication: Taming the Password Beast

Malicious Insiders: Real Defense for Real Businesses

Dark Reading Virtual Event: Why Cybercriminals Attack

Webinar Archives

White Papers

Phishing Attack Bypasses Two-Factor Authentication

Mobile Devices: The New Support Frontier for IT (IDG Report)

Cyber-Attack Security Guide

2018 Security Report

Advanced Networking and Security In a Cloud-Native World With VMare NSX

More White Papers

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Download Now!

[Strategic Security Report] Assessing Cybersecurity Risk

0 comments

New Best Practices for Secure App Development

0 comments

Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2017-2598
PUBLISHED: 2018-05-23

Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).

CVE-2018-1124
PUBLISHED: 2018-05-23

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution ...

CVE-2018-1126
PUBLISHED: 2018-05-23

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

CVE-2018-11396
PUBLISHED: 2018-05-23

ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

CVE-2018-8176
PUBLISHED: 2018-05-23

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.

Terms of Service
Privacy Statement
Legal Entities