Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
What's So Great About XDR?
XDR is a significant advance in threat detection and response technology, but few enterprises understand why. Omdia identifies four catalysts driving the emergence of XDR.
Advice From Security Experts: How to Approach Security in the New Normal
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Watch Out for These Cyber-Risks
It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
4 Open Source Tools to Add to Your Security Arsenal
Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities.
Data Bias in Machine Learning: Implications for Social Justice
Take historically biased data, then add AI and ML to compound and exacerbate the problem.
Moving from DevOps to CloudOps: The Four-Box Problem
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Security Operations in the World We Live in Now
Despite the challenges of remote work, security operations teams can position themselves well for the future.
The CIO's Shifting Role: Improving Security With Shared Responsibility
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
How Personally Identifiable Information Can Put Your Company at Risk
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
What a Federal Data Privacy Law Would Mean for Consumers
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
Prioritizing Application & API Security After the COVID Cloud Rush
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
Disrupting the Cybercriminal Supply Chain
It is time to turn the tables on cybercriminals and use their own tactics against them.
Data Protection Is a Group Effort
When every employee is well-versed in customer data privacy principles, the DPO knows the enterprise's sensitive data is in good hands.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
How Us Shady Geeks Put Others Off Security
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
Women's History Month: Making Mentorship Meaningful
This month is a perfect opportunity for us to take a step back and think about what role we want to play as women in the technology sector.
Beware the Package Typosquatting Supply Chain Attack
Attackers are mimicking the names of existing packages on public registries in hopes that users or developers will accidentally download these malicious packages instead of legitimate ones.
What CISOs Can Learn From Big Breaches: Focus on the Root Causes
Address these six technical root causes of breaches in order to keep your company safer.
COVID, Healthcare Data & the Dark Web: A Toxic Stew
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
Enterprises Wrestle With Executive Social Media Risk Management
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
Best Practices for Securing Service Accounts
While service accounts solve many of the challenges presented by automation, they can also create serious problems when it comes to cybersecurity.
Combating Call Center Fraud in the Age of COVID
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Name That Toon: Something Seems Afoul
Dark Reading's March cartoon caption contest is here, along with a few new feathered friends.
How to Choose the Right Cybersecurity Framework
Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
Power Equipment: A New Cybersecurity Frontier
Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
Actionable Tips for Engaging the Board on Cybersecurity
Up your game with your company's board of directors to help them understand your cybersecurity priorities.
5 Steps for Investigating Phishing Attacks
Phishing is a common and effective cybercrime tool, but even the most sophisticated threat actors make mistakes that you can leverage in your investigations.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Three steps to fight this increasingly vexing problem.
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.
Dark Reading 'Name That Toon' Winner: Gather 'Round the Campfire
And the winner of Dark Reading's February cartoon caption contest is ...
COVID-19 Contact-Tracing Apps Signal Broader Mobile App Security Concerns
The rapid launch of contract-tracing apps to control COVID-19's spread opened the door to multiple security and privacy vulnerabilities.
Look to Banking as a Model for Stopping Crime-as-a-Service
The first step toward prevention is understanding the six most common CaaS services.
Why Data Privacy Should Be on President Biden's Agenda for His First 100 Days
The new administration is in an excellent position to make significant progress on data privacy -- not just because it's needed, but also because it's time.
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.
Make Sure That Stimulus Check Lands in the Right Bank Account
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.
Secure Laptops & the Enterprise of the Future
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
Why We Need More Blue Team Voices at the Table
The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
How SolarWinds Busted Up Our Assumptions About Code Signing
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
Design, Security, Tech Is the New Stack You Should Be Building
Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
Building a Next-Generation SOC Starts With Holistic Operations
The proper template for a modernized SOC team is one that operates seamlessly across domains with a singular, end-to-end view.
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
