Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Tip
20 Nov 2024
4 types of access control
Access management is the gatekeeper, making sure a device or person can gain entry only to the systems or applications to which they have been granted permission. Continue Reading
-
Tip
20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM
Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
- 01 Feb 2019
-
Feature
31 Jan 2019
RSAC's diversity and inclusion initiative stresses equality on keynote stage
RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference. Continue Reading
-
Tip
25 Jan 2019
Cybersecurity maturity model lays out four readiness levels
To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches. Continue Reading
-
Podcast
23 Jan 2019
Risk & Repeat: DNC renews election hacking concerns
This week's Risk & Repeat podcast looks at the claims of the Democratic National Committee that Russian hackers tried to breach its network following the midterm elections. Continue Reading
-
Tip
23 Jan 2019
How to defend against malicious IP addresses in the cloud
Cybercriminals have found a way to use the cloud to mask their locations. Expert Rob Shapland looks at the options organizations have to deal with malicious IP addresses. Continue Reading
-
News
22 Jan 2019
DerbyCon's Dave Kennedy: The conference 'got too big'
DerbyCon co-founder Dave Kennedy discusses his decision to close down the conference and what he would have done differently. Continue Reading
-
News
18 Jan 2019
This year's DerbyCon conference will be the last
Citing an inability to manage 'negativity, polarization, and disruption' at the conference, DerbyCon organizers unexpectedly announced this year's show will be the last. Continue Reading
-
News
17 Jan 2019
Shutdown of federal security services puts private sector at risk
In addition to putting government agencies at risk, the shutdown has impacted federal security services and resources that the private sector relies on to keep enterprises safe. Continue Reading
-
News
17 Jan 2019
Government cybersecurity at risk as shutdown lingers
As the shutdown continues, experts believe government cybersecurity will become more vulnerable, and government IT staff could leave for the private sector. Continue Reading
-
News
16 Jan 2019
Enterprises betting on SOAR tools to fill security gaps
Security experts sound off on the importance and benefits of automating security, and highlight factors to be considered before implementing SOAR tools. Continue Reading
-
Podcast
16 Jan 2019
Risk & Repeat: Expired certificates loom amid government shutdown
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown. Continue Reading
-
News
11 Jan 2019
Kaspersky Lab aided NSA hacking tools investigation
News roundup: According to a new report from Politico, Kaspersky Lab aided the NSA in catching alleged data thief Harold Martin. Plus, telecoms are selling customer data, and more. Continue Reading
-
News
28 Dec 2018
Government data requests rise, as does Apple's compliance
Apple's latest Transparency Report shows government data requests on the rise around the world, as is Apple's compliance in providing the data being requested by law enforcement. Continue Reading
-
Opinion
27 Dec 2018
How paradigms shifting can alter the goals of attackers and defenders
The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci. Continue Reading
-
News
21 Dec 2018
DOJ indicts two Chinese nationals for APT10 group cyberattacks
The Department of Justice indicted two alleged members of the Chinese state-sponsored hacking group APT10, which hacked managed service providers to steal data from enterprises. Continue Reading
-
News
20 Dec 2018
NASA data breach included employee Social Security numbers
Limited details leave questions surrounding a possible NASA data breach that could have compromised Social Security numbers for current and former employees. Continue Reading
-
News
14 Dec 2018
Initial RSA Conference 2019 keynote lineup released
RSA Conference 2019's diversity and inclusion initiative appears to be paying off, as the initial keynote speaker lineup has equal representation for men and women speakers. Continue Reading
-
Podcast
13 Dec 2018
Risk & Repeat: NRCC breach stokes election security fears
This week's Risk & Repeat podcast looks at the recently disclosed cyberattack on the National Republican Congressional Committee and the questions that remain about it. Continue Reading
-
News
12 Dec 2018
Equifax breach report highlights multiple security failures
An Equifax breach report, based on a government investigation, blamed the incident on multiple security failures and concluded the breach was preventable. Continue Reading
-
Podcast
07 Dec 2018
Risk & Repeat: RSA Conference 2019 eyes diversity improvements
This week's Risk & Repeat podcast looks at RSA Conference's diversity and inclusion initiatives and discusses what they mean for both the event and the infosec industry. Continue Reading
-
Blog Post
30 Nov 2018
Are US hacker indictments more than Justice Theater?
New hacker indictments and U.S.Treasury Department sanctions highlight the disconnect between government action and real world consequences for threat actors. Continue Reading
-
News
30 Nov 2018
RSA Conference launches diversity and inclusion initiative
Following the criticism of the last conference, RSA Conference started a diversity and inclusion initiative that, among many other changes, eliminates all-male panels. Continue Reading
-
News
30 Nov 2018
Spectre v2 mitigation causes significant slowdown on Linux 4.20
News roundup: A Spectre v2 mitigation causes significant performance slowdowns in Linux 4.20. Plus, Dell had to reset user passwords after a data breach, and more. Continue Reading
-
Opinion
30 Nov 2018
Why U.S. election security needs an immediate overhaul
There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen. Continue Reading
-
News
29 Nov 2018
SamSam ransomware actors charged, sanctioned by US government
The FBI indicted two threat actors involved with the SamSam ransomware attacks while the US Treasury sanctioned two others for their role in exchanging Bitcoin earned from attacks. Continue Reading
-
Blog Post
29 Nov 2018
Will cybersecurity safety ever equal air travel safety?
Guaranteeing cybersecurity safety is one of the biggest challenges facing the tech industry, but using aviation safety as a model may help achieve that goal. Continue Reading
-
News
16 Nov 2018
After 2015 OPM data breach, agency failed to update security
News roundup: Three years after the OPM data breach, the agency still hasn't implemented basic security. Plus, seven new Meltdown, Spectre attacks were uncovered, and more. Continue Reading
-
Podcast
08 Nov 2018
Risk & Repeat: MIT CSAIL discusses securing the enterprise
This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec. Continue Reading
-
News
08 Nov 2018
U.S. Cyber Command malware samples to be logged in VirusTotal
The Cyber National Mission Force will share unclassified U.S. Cyber Command malware samples to VirusTotal and one expert hopes there will be more action taken to help researchers. Continue Reading
-
News
06 Nov 2018
Latest Symantec acquisitions target endpoint security
Endpoint security startups Appthority and Javelin Networks are the latest Symantec acquisitions as the cybersecurity giant aims to improve its endpoint protection product. Continue Reading
-
Tip
31 Oct 2018
NIST incident response plan: 4 steps to better incident handling
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step. Continue Reading
-
News
23 Oct 2018
Healthcare.gov breach exposes data on 75,000 people
Malicious actors attacked a back-end insurance system and the resulting Healthcare.gov breach exposed an unknown amount of data on 75,000 people. Continue Reading
-
Answer
22 Oct 2018
What are DMARC records and can they improve email security?
Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson. Continue Reading
-
Podcast
19 Oct 2018
Risk & Repeat: Military cybersecurity scrutinized in GAO report
This week's Risk & Repeat podcast discusses the GAO report on vulnerabilities and weaknesses in modern weapons systems and what they mean for the U.S. military. Continue Reading
-
News
12 Oct 2018
Facebook breach affected 20 million fewer than thought
The recent Facebook breach affected 20 million fewer accounts than was previously thought. The company now says 29 million accounts had data exposed to attackers. Continue Reading
-
News
11 Oct 2018
U.S. weapon systems cybersecurity failing, GAO report says
A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement. Continue Reading
-
Tip
10 Oct 2018
Give your SIEM system a power boost with machine learning
The enterprise SIEM is still essential to IT defenses, but the addition of AI, in the form of machine learning capabilities, gives it even more potential power. Continue Reading
-
News
09 Oct 2018
U.S. government domain officials to start using 2FA
The government domain registrar -- DotGov -- began rolling out two-factor authentication for officials managing .gov domains in order to mitigate against DNS hijacking. Continue Reading
-
News
05 Oct 2018
Compromised Supermicro chips reportedly infiltrated US
News roundup: A Bloomberg report claimed China infiltrated U.S. companies and government agencies through tiny Supermicro chips on motherboards. Plus, a new Telegram flaw and more. Continue Reading
-
Blog Post
01 Oct 2018
FBI, DHS blaming the victims on Remote Desktop Protocol
FBI, DHS call on users to mitigate Remote Desktop Protocol vulnerabilities and handle RDP exploits on their own, even as the "going dark" campaign continues unabated. Continue Reading
-
Opinion
25 Sep 2018
Why a unified local government security program is crucial
When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial. Continue Reading
-
News
21 Sep 2018
White House National Cyber Strategy praised by experts
The new National Cyber Strategy released by the White House details plans for improving cybersecurity and garners positive early reviews from experts for its comprehensiveness. Continue Reading
-
News
21 Sep 2018
Mirai botnet creators avoid jail time after helping the FBI
News roundup: The Mirai botnet creators will not serve time in prison after they worked with the FBI. Plus, the Department of Defense updated its cyber strategy, and more. Continue Reading
-
Podcast
30 Aug 2018
Risk & Repeat: Are the Meltdown and Spectre flaws overhyped?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug. Continue Reading
-
News
30 Aug 2018
Congress wants CVE program changes from DHS and MITRE
In a letter to DHS and MITRE, Congress said CVE program management has been 'insufficient' and called for the program to receive more consistent funding and additional oversight. Continue Reading
-
Feature
28 Aug 2018
Diversity at cybersecurity conferences is too important to ignore
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage. Continue Reading
-
Feature
24 Aug 2018
Innovation Women founder strives to close gender gap at conferences
Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers. Continue Reading
-
News
24 Aug 2018
NSA leaker Reality Winner sentenced to five years in jail
NSA leaker Reality Winner sentenced to 63 months in prison for releasing classified documents detailing an attack by the Russian military against U.S. election systems. Continue Reading
-
News
23 Aug 2018
AI bias and data stewardship are the next ethical concerns for infosec
AI bias and the need for data stewardship to prevent issues surrounding the trend of hoarding data are the next big ethical concerns for infosec, according to Laura Norén. Continue Reading
-
Podcast
23 Aug 2018
Risk & Repeat: Meltdown and Spectre disclosure in review
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new insights -- and questions -- regarding the coordinated disclosure effort for Meltdown and Spectre. Continue Reading
-
Blog Post
17 Aug 2018
DHS cybersecurity rhetoric offers contradictions at DEF CON
The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ... Continue Reading
-
News
14 Aug 2018
Amanda Rousseau talks about computer forensics investigations
Amanda Rousseau, aka Malware Unicorn, discusses her time in computer forensics investigations with the DoD, as well as the joys of reverse engineering malware encryption by hand. Continue Reading
-
News
13 Aug 2018
Lessons learned from Meltdown and Spectre disclosure process
During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre. Continue Reading
-
News
09 Aug 2018
Irregularities discovered in WinVote voting machines
At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections. Continue Reading
-
Podcast
09 Aug 2018
Risk & Repeat: Can Disclose.io help protect vulnerability researchers?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Disclose.io project and what it could mean for the future of security research and vulnerability disclosure. Continue Reading
-
News
09 Aug 2018
Meltdown and Spectre disclosure suffered "extraordinary miscommunication"
During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process. Continue Reading
-
News
03 Aug 2018
Disclose.io launches vulnerability disclosure 'safe harbor'
News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more. Continue Reading
-
News
02 Aug 2018
Black Hat 2018 survey: Cybersecurity staffing, budgets still lacking
According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats. Continue Reading
-
Opinion
01 Aug 2018
Why third-party access to data may come at a price
Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners. Continue Reading
-
Feature
31 Jul 2018
Women in cybersecurity: How to make conferences more diverse
The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap. Continue Reading
-
News
31 Jul 2018
U.S. government making progress on DMARC implementation
The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place. Continue Reading
- 27 Jul 2018
-
News
27 Jul 2018
Senator wants government to stop Adobe Flash use
Senator Ron Wyden wrote a letter to multiple government agencies advocating that the entire U.S. government stop Adobe Flash use on all systems due to security risks. Continue Reading
-
Podcast
19 Jul 2018
Risk & Repeat: Closing the gender gap at cybersecurity conferences
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the under-representation of women at cybersecurity conferences and how it affects the infosec industry. Continue Reading
-
Blog Post
17 Jul 2018
Is the new California privacy law a domestic GDPR?
The difference between data privacy protections afforded to European Union residents and people in the U.S. is more sharply highlighted now that the EU's General Data Protection Regulation has ... Continue Reading
-
Feature
17 Jul 2018
Accenture's Justin Harvey explains why cyber attribution isn't important
Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution. Continue Reading
-
Tip
16 Jul 2018
Fine-tuning incident response automation for optimal results
Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more. Continue Reading
-
Tip
16 Jul 2018
How to integrate an incident response service provider
Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits. Continue Reading
-
Podcast
29 Jun 2018
Risk & Repeat: U.S. government eyes offensive cyberattacks
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the risks of the U.S. Cyber Command engaging in offensive cyberattacks against foreign adversaries. Continue Reading
-
Feature
25 Jun 2018
Accenture's Tammy Moskites on the cybersecurity gender gap
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it. Continue Reading
-
News
21 Jun 2018
Accused CIA leaker charged with stealing government property
The DOJ has officially charged the accused CIA leaker, Joshua Schulte, with theft of government property and gathering national defense information in the Vault 7 case. Continue Reading
-
Podcast
21 Jun 2018
Risk & Repeat: New election security bill introduced
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Protecting American Votes and Elections Act of 2018, which requires paper ballots and audits. Continue Reading
-
News
20 Jun 2018
Constant offensive cyberattacks approved by Pentagon
The Pentagon reportedly approved the use of offensive cyberattacks by the U.S. Cyber Command, and one expert said enterprises should be ready to handle the 'return fire.' Continue Reading
-
Feature
18 Jun 2018
Accenture's Tammy Moskites explains how the CISO position is changing
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
-
News
15 Jun 2018
EU institutes Kaspersky ban, calls software 'malicious'
News roundup: Following a vote by the European Parliament to implement a Kaspersky ban in the EU, Kaspersky announced it would halt ties with the No More Ransom project and Europol. Continue Reading
-
Podcast
13 Jun 2018
Risk & Repeat: What do Google's AI principles mean for cybersecurity?
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Google's new principles for artificial intelligence and how they may impact the use of AI for cybersecurity. Continue Reading
-
News
08 Jun 2018
New MalwareTech indictment adds four more charges
The U.S. government added four new charges against Marcus Hutchins in the MalwareTech indictment, but questions have surfaced about the legal standing of the new charges. Continue Reading
-
Podcast
07 Jun 2018
Risk & Repeat: More trouble for federal cybersecurity
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent federal cybersecurity report, which found the majority of agencies have significant security gaps. Continue Reading
-
News
01 Jun 2018
Federal cybersecurity report says nearly 75% of agencies at risk
The 'Federal Cybersecurity Risk Determination Report and Action Plan' shows the majority of federal agencies are at risk, and DHS suggests a lack of leadership may be to blame. Continue Reading
-
News
30 May 2018
Apple transparency report shows national security requests rising
The latest semiannual Apple transparency report showed national security requests on the rise and one expert questioned whether Apple could do more to be open about requests. Continue Reading
-
News
29 May 2018
Threat hunting technology is on the rise, so are threats
Detection of advanced threats is the top challenge for 55% of security operations centers, according to a new survey, as more companies explore threat hunting programs. Continue Reading
-
Tip
29 May 2018
Building an effective security program for beginners
Charles Kao explains why continuous learning, observation of merit and appreciation of others are key elements for an effective security program -- and for preventing cyberattacks. Continue Reading
-
News
24 May 2018
VPNFilter malware infects 500,000 devices for massive Russian botnet
New malware, dubbed 'VPNFilter' by Cisco Talos, infects 500,000 devices and triggers action from Justice Department, which seized and sinkholed the botnet's domain. Continue Reading
-
Tip
17 May 2018
How security operations centers work to benefit enterprises
One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
-
News
16 May 2018
Vault 7 leak suspect is a former CIA employee already in custody
The U.S. government has identified a man already in custody on unrelated charges as the suspect in the Vault 7 leak, but it is unclear how much evidence supports the case. Continue Reading
-
Tip
16 May 2018
How to prevent cloud cryptojacking attacks on your enterprise
As the value of bitcoin has risen over the last year, so has the prevalence of cloud cryptojacking attacks. Expert Rob Shapland explains how enterprises can prevent these attacks. Continue Reading
-
News
11 May 2018
Georgia governor vetoes controversial cybersecurity bill
News roundup: A controversial cybersecurity bill was vetoed by Georgia's governor this week after pressure from Microsoft and Google. Plus, IBM banned USB drives, and more. Continue Reading
-
Tip
08 May 2018
How security automation and orchestration impacts enterprises
The use of security automation and orchestration systems is on the rise, as they have the ability to provide automatic responses to threats. Learn how this benefits the enterprise. Continue Reading
-
Podcast
03 May 2018
Risk & Repeat: RSAC 2018 recap, part two
In this week's Risk & Repeat podcast, SearchSecurity editors discuss more trends and takeaways from RSA Conference 2018, from incident response services to AI and automation. Continue Reading
-
News
27 Apr 2018
SentinelOne CEO: Endpoint security market full of 'noise and confusion'
In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital investments have affected the endpoint security space. Continue Reading
-
News
27 Apr 2018
Atlanta ransomware attack cost city more than $5 million
The bill for remediating the Atlanta ransomware attack that took some government systems offline in March was released, and totals more than $5 million and counting. Continue Reading
-
News
26 Apr 2018
Philip Tully: AI cyberattacks, AI arms race are coming
Malicious actors are working on AI cyberattacks and other ways to augment threat activity with AI. Philip Tully discusses how that can work and if enterprise security can keep pace. Continue Reading
-
Podcast
26 Apr 2018
Risk & Repeat: Hacking back, GDPR and more from RSAC
In this week's Risk & Repeat podcast, SearchSecurity editors discuss some of the major themes and debates from RSA Conference, from hacking back to GDPR compliance. Continue Reading
-
News
26 Apr 2018
Philip Tully: AI models are cost prohibitive for some enterprises
Philip Tully discusses the expensive and time-consuming work of building AI models and how those models can become the target of cyberattacks by malicious actors. Continue Reading
-
News
20 Apr 2018
Government hacking tactics questioned at OURSA
The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance techniques and the limited scope of search warrants. Continue Reading
-
News
20 Apr 2018
Experts describe how hacking back can be done right
A panel of experts at the RSA Conference all expressed support for the idea of hacking back against threat actors, but each offered caveats in hopes of minimizing collateral damage. Continue Reading
-
News
19 Apr 2018
Schneier talks cyber regulations, slams U.S. lawmakers
Speaking at RSA Conference 2018, Bruce Schneier slammed U.S. lawmakers and Facebook in discussions on internet security regulations and technology policy. Continue Reading
-
Blog Post
17 Apr 2018
FedRAMP security requirements put a premium on automation
Matt Goodrich, director for the Federal Risk and Authorization Management Program, detailed FedRAMP security requirements and automation at RSA's Cloud Security Alliance Summit. Continue Reading
-
Podcast
17 Apr 2018
Risk & Repeat: Breaking down the Verizon DBIR 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the '2018 Verizon Data Breach Investigations Report' and its findings about ransomware, phishing and more. Continue Reading
-
News
17 Apr 2018
ISACA: Cybersecurity skills gap still hurting enterprises
ISACA's State of Cybersecurity 2018 report offered good news and bad news about the cybersecurity skills gap and also shed light on gender disparity in the infosec profession. Continue Reading
