Security operations and management

Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.

Top Stories

Tip 14 Apr 2025
How to conduct ransomware awareness training for employees

As your organization's first line of defense, hold regular employee training on how to prevent, detect and respond to ransomware attacks. Continue Reading
By
- Sharon Shea, Executive Editor
Tutorial 14 Apr 2025
How to create custom sudo configuration files in /etc/sudoers

Sudo offers administrators a lot of flexibility. Creating custom sudo configurations can go a long way toward easing management and service upgrade challenges. Continue Reading
By
- Damon Garn, Cogspinner Coaction

Tip 27 Apr 2022
Best practices for creating an insider threat program

A thorough insider threat program includes plan preparation, threat assessment, and plan review and renewal. Learn how to implement this three-step model to protect your company. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Feature 22 Apr 2022
Unethical vulnerability disclosures 'a disgrace to our field'

The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
By
- Alissa Irei, Senior Site Editor
Tip 21 Apr 2022
7 best practices for Web3 security risk mitigation

Tech builders and businesses evaluating decentralized technologies should keep these seven Web3 security best practices in mind to help mitigate traditional and novel cyber threats. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Feature 21 Apr 2022
10 critical people skills today's CIOs and IT leaders need

Learn about 10 of the most important soft skills -- from communication to empathy -- and why they are critical to successful technology leadership. Continue Reading
By
- Carolyn Heinze
News 15 Apr 2022
Corvus: Ransomware costs, ransom payments declining

Cyber insurance provider Corvus examined how the cost of ransomware attacks declined over the past year and a half and what it means for different industries moving forward. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Tip 14 Apr 2022
The benefits and challenges of managed PKIs

Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 12 Apr 2022
Synopsys: Enterprises struggling with open source software

To curb open source risk, Synopsys advises enterprises to keep a comprehensive inventory of all software within its environment and to understand that securing open source requires strong management. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Apr 2022
6 enterprise secure file transfer best practices

Employees can share files with the click of a button -- but don't let the efficiency fool you. Use these secure file transfer best practices to avoid exposing confidential data. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 11 Apr 2022
Apple Security Bounty improves, but problems remain

Security researchers told SearchSecurity that Apple Security Bounty improved its communication earlier this year, which had been a key issue for participants. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 07 Apr 2022
Should companies ask for a SaaS software bill of materials?

Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 07 Apr 2022
Pen testing guide: Types, steps, methodologies and frameworks

Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards. Continue Reading
By
- Paul Kirvan
Feature 05 Apr 2022
How effective is security awareness training? Not enough

Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program. Continue Reading
By
- Isabella Harford, TechTarget
Feature 31 Mar 2022
The importance of HR's role in cybersecurity

HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
Feature 31 Mar 2022
Why CISOs need to understand the business

While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
By
- Isabella Harford, TechTarget
Tip 29 Mar 2022
How to put cybersecurity sustainability into practice

Cybersecurity sustainability practices involve mitigating cyber-risk without burning out people -- or burning through resources. Explore what that looks like on the ground. Continue Reading
By
- Diana Kelley, SecurityCurve
- Deepayan Chanda, Cubic Consulting
Feature 29 Mar 2022
Cryptocurrency cyber attacks on the rise as industry expands

Consumers, businesses and governments are finding new ways to use cryptocurrency, but a recent string of cyber attacks has highlighted security risks and shortcomings. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 28 Mar 2022
The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
By
- Manjunath Bhat
Tip 25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Definition 25 Mar 2022
PA-DSS (Payment Application Data Security Standard)

Payment Application Data Security Standard (PA-DSS) is a set of requirements intended to help software vendors develop secure payment applications for credit card transactions. Continue Reading
By
- Katie Terrell Hanna
- Maggie Sullivan, SEO/Content Specialist
Tip 24 Mar 2022
How to overcome GDPR compliance challenges

As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
By
- Paul Kirvan
News 24 Mar 2022
Okta provides new details on Lapsus$ attack

The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients. Continue Reading
By
- Shaun Nichols
News 23 Mar 2022
NPM 'protestware' raises questions on open source security

The deliberate sabotage of an NPM package to protest war in Ukraine worsens the already complex threat of software supply chain attacks, open source and security experts said. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 22 Mar 2022
Biden: Russia exploring cyber attacks against US

President Joe Biden's warning of potential Russian attacks against U.S. critical infrastructure is the latest call to action for the private sector to fortify its cyberdefenses. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Mar 2022
3 benefits of sustainable cybersecurity in the enterprise

Sustainable cybersecurity means taking the long view on cyber-risk mitigation. Explore the technical, financial, societal and reputational wins it can net for the enterprise. Continue Reading
By
- Diana Kelley, SecurityCurve
- Deepayan Chanda, Cubic Consulting
News 14 Mar 2022
Cyber insurance war exclusions loom amid Ukraine crisis

Changes in insurance exemptions for acts of war reflect an increase in damages caused to enterprises related to state-sponsored cyber attacks. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Mar 2022
How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
By
- Paul Kirvan
Guest Post 11 Mar 2022
How to build a security champions program

Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps. Continue Reading
By
- Nabil Hannan
Answer 10 Mar 2022
Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 07 Mar 2022
Top DevSecOps certifications and trainings

Check out some of the top DevSecOps certifications and trainings that can help professionals learn how to shift security left in the software development lifecycle. Continue Reading
By
- Isabella Harford, TechTarget
Feature 28 Feb 2022
Tips for creating a cybersecurity resume

Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume. Continue Reading
By
- Isabella Harford, TechTarget
- Manning Publications Co.
Feature 28 Feb 2022
How to manage imposter syndrome in cybersecurity

The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice. Continue Reading
By
- Isabella Harford, TechTarget
Guest Post 25 Feb 2022
4 tips for selecting cybersecurity insurance

Choosing a cybersecurity insurance provider can be a daunting and complex task. Follow this advice to select the best policy -- and provider -- for your business. Continue Reading
By
- Nate Smolenski
News 25 Feb 2022
(ISC)2 study finds long remediation times for Log4Shell

An (ISC)2 survey of cybersecurity professionals found Log4Shell remediation for many organizations took several weeks or more than a month, requiring work on weekends and holidays. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Tip 24 Feb 2022
Pave a path to cybersecurity and physical security convergence

Physical security doesn't get the attention cybersecurity does, but that gap poses significant risks. Find out what you can do to better protect your organization's assets. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Tip 22 Feb 2022
Top 6 critical infrastructure cyber-risks

Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here. Continue Reading
By
- Paul Rostick
Opinion 17 Feb 2022
Shifting security left requires a GitOps approach

Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
By
- Melinda Marks, Practice Director
News 17 Feb 2022
SonicWall: Ransomware attacks increased 105% in 2021

While 2021 represented a turning point for law enforcement and government action against ransomware, SonicWall still observed massive growth in attacks. Continue Reading
By
- Shaun Nichols
News 16 Feb 2022
Apache Cassandra vulnerability puts servers at risk

Certain non-default configurations of the Apache Cassandra database software could leave the door open for remote code execution attacks, according to JFrog researchers. Continue Reading
By
- Shaun Nichols
News 10 Feb 2022
DEF CON bans social engineering expert Chris Hadnagy

Hadnagy, an influential figure at the DEF CON security conference, was permanently banned following allegations of misconduct at the annual Las Vegas gathering. Continue Reading
By
- Shaun Nichols
Guest Post 09 Feb 2022
How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
By
- Tim Callan
Tip 09 Feb 2022
How to successfully scale software bills of materials usage

Companies must plan properly when implementing software bills of materials at scale. Accomplish these three goals to keep SBOMs updated, accurate and actionable, despite complexity. Continue Reading
By
- Ed Moyle, SecurityCurve
News 08 Feb 2022
DOJ recovers $3.6B from 2016 Bitfinex hack

A couple was arrested Tuesday morning after the DOJ traced 120,000 bitcoin to a digital wallet containing funds stolen during the 2016 hack of cryptocurrency platform Bitfinex. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 07 Feb 2022
Wormhole offers $10M to Ethereum thieves

Wormhole also offered $10 million to anyone who provided 'information leading to the arrest and conviction of those responsible' for last week's heist. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Feb 2022
DHS forms first-ever Cyber Safety Review Board

The new initiative is one in a string of many by the Biden administration to push public and private collaboration in addressing cyber threats such as Log4j vulnerabilities. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 03 Feb 2022
The importance of a policy-driven threat modeling approach

An expanding threat landscape, combined with increasing cloud use and a cybersecurity skill shortage, is driving the need for a policy-driven threat modeling approach. Continue Reading
By
- Altaz Valani
News 03 Feb 2022
Juniper Networks launches Secure Edge firewall as a service

Secure Edge, the as-a-service version of Juniper's SRX firewalls, is managed through the Security Director Cloud platform for SASE released last May. Continue Reading
By
- Madelaine Millar, TechTarget
News 01 Feb 2022
Ransomware attacks continue to plague public services

Ransomware this year has picked up right where 2021 left off, with several local governments, schools and health services across the U.S. suffering attacks. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Feature 31 Jan 2022
Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 28 Jan 2022
4 data privacy predictions for 2022 and beyond

Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
By
- Isabella Harford, TechTarget
Feature 27 Jan 2022
How to use Nmap to scan specific ports

One of Nmap's primary functions is conducting port scans. In this walkthrough, learn how to launch a default scan, along with other options that affect Nmap port scan behavior. Continue Reading
By
- Sharon Shea, Executive Editor
- Packt Publishing
Guest Post 27 Jan 2022
How AI can help security teams detect threats

AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading
By
- Rohit Dhamankar
News 25 Jan 2022
Bernalillo County ransomware attack still felt weeks later

A ransomware attack in early January disrupted government systems in New Mexico's largest county, which stalled operations at county offices and the county detention center. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Tip 18 Jan 2022
4 software supply chain security best practices

The increasing complexity of software supply chains makes it difficult for companies to understand all its components. Learn how to find vulnerabilities before attackers. Continue Reading
By
- Ed Moyle, SecurityCurve
Guest Post 11 Jan 2022
Endpoint security is nothing without human operators

The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
By
- Kevin Hanes
News 10 Jan 2022
VMware ESXi 7 users vulnerable to hypervisor takeover bug

A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7. Continue Reading
By
- Shaun Nichols
Tip 10 Jan 2022
3 areas privacy and cybersecurity teams should collaborate

Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021

As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
By
- Isabella Harford, TechTarget
Guest Post 28 Dec 2021
How to make security accessible to developers

Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
By
- Aakash Shah, Om Vyas
Feature 28 Dec 2021
Top infosec best practices, challenges and pain points

Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
By
- Isabella Harford, TechTarget
News 23 Dec 2021
ManageEngine attacks draw warning from FBI

The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
By
- Shaun Nichols
Tip 22 Dec 2021
Cybersecurity asset management takes ITAM to the next level

Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Tip 21 Dec 2021
5 ways to automate security testing in DevSecOps

Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability

The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
By
- Michael Cobb
Guest Post 15 Dec 2021
The importance of automated certificate management

Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
By
- Tim Callan
Guest Post 10 Dec 2021
The business benefits of data compliance

Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
By
- Mitesh Athwani
Feature 10 Dec 2021
The Bigger Truth: Cybersecurity splurge and who needs 5G?

Commentary on the venture capital cybersecurity splurge, Ericsson's Vonage acquisition and the ESG 2022 Technology Spending Intentions Survey. Steve also asks: Who needs 5G, anyway? Continue Reading
By
- Jamison Cush, Senior Executive Editor
News 07 Dec 2021
Google takes action against blockchain-based Glupteba botnet

In a legal complaint made public Tuesday, Google said that it "has been and continues to be directly injured" by the actions of the Glupteba botnet. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 06 Dec 2021
Passwordless authentication issues to address before adoption

The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 06 Dec 2021
How to get started with attack surface reduction

Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
By
- Diana Kelley, SecurityCurve
News 01 Dec 2021
CISA taps CrowdStrike for endpoint security

The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
By
- Shaun Nichols
News 01 Dec 2021
Palo Alto Networks and GTT to launch managed SASE platform

GTT Communications and Palo Alto Networks announced they will partner to offer a managed SASE platform using Prisma Access, Palo Alto's cloud-based security function. Continue Reading
By
- Madelaine Millar, TechTarget
Tip 29 Nov 2021
How SBOMs for cybersecurity reduce software vulnerabilities

With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks. Continue Reading
By
- Ed Moyle, SecurityCurve
Guest Post 23 Nov 2021
How to talk about cybersecurity risks, colloquially

The cybersecurity field is riddled with confusion and complexity. Knowing how to talk about risk and how to manage it is key to building resilience. Continue Reading
By
- Todd Inskeep
Guest Post 16 Nov 2021
How to create security metrics business leaders care about

Security metrics must be clear, actionable and resonate with business leadership. Learn how to create metrics that business leaders care about and will act upon. Continue Reading
By
- Jeffrey Wheatman
Guest Post 16 Nov 2021
3 ways to balance app innovation with app security

New innovations come with an onslaught of risks and vulnerabilities. Use these three concepts to promote innovation, while ensuring web application security. Continue Reading
By
- Mark Ralls
Guest Post 15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
By
- Kayne McGladrey
News 10 Nov 2021
US targets REvil, DarkSide ransomware with $10M rewards

Infosec experts weigh in on the U.S. government's latest tactic to thwart ransomware operations -- the offering of rewards of up to $10 million for information on operators. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 10 Nov 2021
4 concepts that help balance business and security goals

The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
By
- Mark Pierpoint
News 08 Nov 2021
DOJ charges REvil ransomware members, seizes $6.1M

One of the accused cybercriminals, who was directly involved in the ransomware attack on Kaseya earlier this year, was arrested and faces extradition from Poland. Continue Reading
By
- Shaun Nichols
Definition 04 Nov 2021
vulnerability disclosure

Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware. Continue Reading
By
- Katie Terrell Hanna
- Linda Rosencrance
Feature 03 Nov 2021
Why chaos engineering testing makes sense for cybersecurity

Using the concept of chaos engineering, teams can determine whether systems perform as intended in time of need. But how does it relate to security? Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 27 Oct 2021
5 IT security policy best practices

As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
By
- Diana Kelley, SecurityCurve
News 20 Oct 2021
Chris Krebs weighs in on zero trust, FBI web shell removal

Regarding the FBI action to silently remove web shells from vulnerable Exchange Servers, former CISA director Chris Krebs said he expects to see the action again if appropriate. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Oct 2021
Gartner analysts debate ransomware payments

During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 20 Oct 2021
5 questions to ask when creating a ransomware recovery plan

These 'five W's of ransomware' will help organizations ask the right questions when creating a ransomware-specific disaster recovery plan. Continue Reading
By
- Dustin Milberg
News 18 Oct 2021
FinCEN: 2021 ransomware activity outpaces 2020 in 6 months

The U.S. Treasury's financial crimes bureau has seen a rise in anonymity-enhanced cryptocurrencies like Monero, though Bitcoin remains the most used. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Oct 2021
Accenture sheds more light on August data breach

The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year. Continue Reading
By
- Shaun Nichols
News 14 Oct 2021
Enterprises ask Washington to step up cyber collaboration

During CISA's National Cybersecurity Summit, critical infrastructure companies said they need better information on cyberthreats from the federal government. Continue Reading
By
- Arielle Waldman, News Writer
News 11 Oct 2021
Cyber insurance premiums, costs skyrocket as attacks surge

As cyber attacks and losses have increased, so has demand for cyber insurance. But now premiums are reflecting a harsh new reality. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Sep 2021
Ransomware: Has the U.S. reached a tipping point?

The ransomware problem has grown more severe in recent years due to a growing number of attacks against large organizations and the standardization of double-extortion tactics. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Sep 2021
Cybersecurity leaders back law for critical infrastructure

In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA. Continue Reading
By
- Makenzie Holland, Senior News Writer
Feature 23 Sep 2021
Experts debate XDR market maturity and outlook

Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go. Continue Reading
By
- Alissa Irei, Senior Site Editor
Definition 17 Sep 2021
security policy

A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets. Continue Reading
By
- Ben Lutkevich, Site Editor
Guest Post 16 Sep 2021
7 tips for building a strong security culture

Cybersecurity isn't just IT's responsibility. Use these seven tips to build a security culture where employees and IT work together to keep their organization safe. Continue Reading
By
- Perry Carpenter
Feature 14 Sep 2021
Why companies should use AI for fraud management, detection

AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
By
- Isabella Harford, TechTarget
News 08 Sep 2021
CrowdStrike threat report: Breakout time decreased 67% in 2021

CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Aug 2021
CISA offers ransomware response guidelines to organizations

In its new ransomware prevention and response guide, CISA 'strongly discourages paying a ransom,' citing the potential to embolden threat actors and fund illicit activity. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Aug 2021
NortonLifeLock and Avast joining forces in $8 billion merger

The combined company from NortonLifeLock and Avast will be dual-headquartered in Arizona and Prague, and will serve 500 million users, including 40 million direct customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Aug 2021
Researchers argue action bias hinders incident response

A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Aug 2021
CISA director announces 'Joint Cyber Defense Collaborative'

The Joint Cyber Defense Collaborative, or JCDC, is a partnership between the public and private sectors to create and implement comprehensive national cybersecurity plans. Continue Reading
By
- Alexander Culafi, Senior News Writer