Analytics

News & Commentary
New Research Seeks to Shorten Attack Dwell Time
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Breakout Time: A Critical Key Cyber Metric
Scott Taschler, Director of Product Marketing for CrowdStrikeCommentary
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
By Scott Taschler Director of Product Marketing for CrowdStrike, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Better Use Data in Security
Steve Zurier, Freelance Writer
Use these five tips to get your security shop thinking more strategically about data.
By Steve Zurier Freelance Writer, 5/5/2018
Comment3 comments  |  Read  |  Post a Comment
10 Security Innovators to Watch
Curtis Franklin Jr., Senior Editor at Dark Reading
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark ReadingNews
Industry insiders discuss how threat intelligence has changed and what may happen as the market becomes increasingly saturated.
By Kelly Sheridan Staff Editor, Dark Reading, 4/23/2018
Comment2 comments  |  Read  |  Post a Comment
New Survey Shows Hybrid Cloud Confidence
Dark Reading Staff, Quick Hits
Executives are mostly confident in their hybrid cloud security, according to the results of a new survey.
By Dark Reading Staff , 4/23/2018
Comment0 comments  |  Read  |  Post a Comment
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Palo Alto Networks Buys Secdo for Endpoint Detection
Dark Reading Staff, Quick Hits
The acquisition is intended to ramp up Palo Alto's endpoint detection capabilities with new tech and talent.
By Dark Reading Staff , 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
How Measuring Security for Risk & ROI Can Empower CISOs
Vikram Phatak, Chief Executive Officer of NSS LabsCommentary
For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?
By Vikram Phatak Chief Executive Officer of NSS Labs, 3/28/2018
Comment1 Comment  |  Read  |  Post a Comment
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Cybercrime is becoming a more boring business, a new report shows, and that's a huge problem for victims and law enforcement.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/20/2018
Comment3 comments  |  Read  |  Post a Comment
The Containerization of Artificial Intelligence
Hamid Karimi, VP of Business Development at Beyond SecurityCommentary
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
By Hamid Karimi VP of Business Development at Beyond Security, 3/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Critical Start to Buy Advanced Threat Analytics
Dark Reading Staff, Quick Hits
Firms previously had teamed up in SOC services.
By Dark Reading Staff , 3/15/2018
Comment1 Comment  |  Read  |  Post a Comment
AI and Machine Learning: Breaking Down Buzzwords
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts explain two of today's trendiest technologies to explain what they mean and where you need them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/13/2018
Comment2 comments  |  Read  |  Post a Comment
Better Security Analytics? Clean Up the Data First!
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 2/12/2018
Comment1 Comment  |  Read  |  Post a Comment
5 Questions to Ask about Machine Learning
Anup Ghosh, Chief Strategist, Next-Gen Endpoint, at SophosCommentary
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
By Anup Ghosh Chief Strategist, Next-Gen Endpoint, at Sophos, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Endpoint and Mobile Top Security Spending at 57% of Businesses
Dark Reading Staff, Quick Hits
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
By Dark Reading Staff , 1/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Meet Chronicle: Alphabet's New Cybersecurity Business
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
By Kelly Sheridan Staff Editor, Dark Reading, 1/24/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by IrishKanagy
Current Conversations Nice
In reply to: Nice
Post Your Own Reply
Posted by AnnaEverson
Current Conversations What is that for ?
In reply to: What is that for?
Post Your Own Reply
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8010
PUBLISHED: 2018-05-21
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerabilit...
CVE-2018-8012
PUBLISHED: 2018-05-21
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.