Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Podcast
23 Dec 2024
Risk & Repeat: The state of ransomware in 2024
Ransomware made major headlines in 2024, from the massive Change Healthcare attack to the creative takedown of the notorious LockBit ransomware-as-a-service gang. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Dec 2024
10 of the biggest cybersecurity stories of 2024
Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Feb 2024
Operation Cronos dismantles LockBit ransomware gang
An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
15 Feb 2024
firewall as a service (FWaaS)
Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis capabilities to customers as part of an overall cybersecurity program. Continue Reading
By- Paul Kirvan
- Mike Chapple, University of Notre Dame
-
News
15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues
In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs
Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
13 Feb 2024
How to conduct a social engineering penetration test
Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
By -
News
13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised
Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
By- Rob Wright, Senior News Director
-
Guest Post
13 Feb 2024
How passwordless helps guard against AI-enhanced attacks
With all the potential of generative AI comes a major downfall: malicious actors using it in attacks. Shifting from password-based authentication can help solve the challenge. Continue Reading
By- Andrew Shikiar
-
Feature
13 Feb 2024
Ransomware preparedness kicks off 2024 summit series
BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
By- Alicia Landsberg, Senior managing Editor
-
News
12 Feb 2024
CISA warns Fortinet zero-day vulnerability under attack
CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Feb 2024
cyberterrorism
Cyberterrorism is usually defined as any premeditated, politically motivated attack against information systems, programs, and data that threatens violence or results in violence. Continue Reading
-
News
07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years
A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
06 Feb 2024
Close security gaps with attack path analysis and management
Traditional cybersecurity approaches alone can fall short. Comprehensive attack path analysis and management map out vulnerabilities and help organizations protect key assets. Continue Reading
By -
Definition
05 Feb 2024
SOAR (security orchestration, automation and response)
SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. Continue Reading
By- Sharon Shea, Executive Editor
-
News
02 Feb 2024
Cloudflare discloses breach related to stolen Okta data
Cloudflare initially believed it contained an attempted cyberattack last October by a threat actor using an access token stolen in a breach of Okta's customer support system. Continue Reading
By- Rob Wright, Senior News Director
-
News
31 Jan 2024
Ivanti discloses new zero-day flaw, releases delayed patches
While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
31 Jan 2024
security operations center (SOC)
A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
-
Feature
31 Jan 2024
9 secure email gateway options for 2024
Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at some current market leaders and their standout features. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tip
30 Jan 2024
Why organizations need risk-based vulnerability management
As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Definition
30 Jan 2024
What is incident response? A complete guide
Incident response is an organized, strategic approach to detecting and managing cyberattacks in ways that minimize damage, recovery time and total costs. Continue Reading
By- Alissa Irei, Senior Site Editor
- Sharon Shea, Executive Editor
-
News
29 Jan 2024
Citizen Lab details ongoing battle against spyware vendors
At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
29 Jan 2024
indicators of compromise (IOC)
Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor. Continue Reading
By- Robert Sheldon
- Madelyn Bacon, TechTarget
-
Tip
29 Jan 2024
Top 4 incident response certifications to consider in 2025
Cybersecurity professionals pursuing an incident response track should consider the following certifications to bolster their knowledge and advance their career. Continue Reading
By -
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tip
29 Jan 2024
How to rank and prioritize security vulnerabilities in 3 steps
Vulnerability management programs gather massive amounts of data on security weaknesses. Security teams should learn how to rank vulnerabilities to quickly fix the biggest issues. Continue Reading
By- Mike Chapple, University of Notre Dame
-
News
26 Jan 2024
Microsoft: Legacy account hacked by Russian APT had no MFA
Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
By- Alexander Culafi, Senior News Writer
- Rob Wright, Senior News Director
-
Definition
26 Jan 2024
digital forensics and incident response (DFIR)
Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
-
News
25 Jan 2024
HPE breached by Russian APT behind Microsoft hack
HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
25 Jan 2024
Top benefits and challenges of SOAR tools
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Jessica Groopman, Kaleido Insights
-
Tip
24 Jan 2024
The 9 best incident response metrics and how to use them
To solve a problem, one first has to know it exists. In incident response, that means knowing how long it takes to respond to and remediate threats, using these key metrics. Continue Reading
By- John Burke, Nemertes Research
-
News
23 Jan 2024
Attacks begin on critical Atlassian Confluence vulnerability
Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
By- Arielle Waldman, News Writer
-
News
22 Jan 2024
Microsoft breached by Russian APT behind SolarWinds attack
Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
19 Jan 2024
Chinese threat group exploited VMware vulnerability in 2021
After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploitation began in late 2021. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
17 Jan 2024
How to conduct incident response tabletop exercises
Have an incident response plan but aren't running incident response tabletop exercises? These simulations are key to knowing if your plan will work during an actual security event. Continue Reading
By -
Feature
17 Jan 2024
How to create a CSIRT: 10 best practices
The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
17 Jan 2024
Incident management vs. incident response explained
While even many seasoned cybersecurity leaders use the terms 'incident management' and 'incident response' interchangeably, they aren't technically synonymous. Continue Reading
By -
Tip
17 Jan 2024
Top 6 SOAR use cases to implement in enterprise SOCs
Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Jessica Groopman, Kaleido Insights
-
News
16 Jan 2024
Ivanti zero-day flaws under 'widespread' exploitation
Volexity confirmed that multiple threat actors have exploited two critical Ivanti zero-day vulnerabilities, with 1,700 devices compromised so far. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
16 Jan 2024
13 incident response best practices for your organization
An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best practices can help get your organization on track fast. Continue Reading
By- Charles Kolodgy, Security Mindsets
-
News
11 Jan 2024
Ivanti confirms 2 zero-day vulnerabilities are under attack
Volexity reported the vulnerabilities to Ivanti after discovering that suspected Chinese nation-state threat actors created an exploit chain to achieve remote code execution. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Jan 2024
Ransomware prevention a focus for storage stewards in 2024
In 2024, generative AI and machine learning, along with employee education, are important tools to prevent the spread of ransomware throughout the enterprise. Continue Reading
By- Tim McCarthy, News Writer
-
News
09 Jan 2024
Amsterdam arrest leads to Babuk Tortilla ransomware decryptor
A joint effort by Cisco Talos, Avast and Dutch law enforcement results in an all-encompassing Babuk ransomware recovery key and the arrest of a threat actor. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Jan 2024
sandbox
A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading
-
Feature
09 Jan 2024
Top incident response tools: How to choose and use them
The OODA loop helps organizations throughout the incident response process, giving insight into the incident response tools needed to detect and respond to security events. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Feature
04 Jan 2024
10 of the biggest zero-day attacks of 2023
There were many zero-day vulnerabilities exploited in the wild in 2023. Here's a look at 10 of the most notable and damaging zero-day attacks last year. Continue Reading
By- Rob Wright, Senior News Director
-
News
27 Dec 2023
Another Barracuda ESG zero-day flaw exploited in the wild
On Christmas Eve, Barracuda disclosed that a China-nexus threat actor had resumed attacks against its Email Security Gateway appliance using a new zero-day vulnerability. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Dec 2023
FBI leads Alphv/BlackCat takedown, decrypts victims' data
The latest law enforcement effort to halt the surge of ransomware attacks was successful in disrupting one of the most active ransomware-as-a-service groups. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
19 Dec 2023
CISO (chief information security officer)
The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
18 Dec 2023
Akamai discloses zero-click exploit for Microsoft Outlook
During research into an older Microsoft Outlook privilege escalation vulnerability, Akamai discovered two new flaws that can be chained for a zero-click RCE exploit. Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Dec 2023
Russian APT exploiting JetBrains TeamCity vulnerability
The Russian hackers behind the SolarWinds attacks are the latest nation-state group to exploit a critical TeamCity vulnerability to gain initial access to victims' servers. Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Dec 2023
Splunk: AI isn't making spear phishing more effective
While new research shows AI tools won't make it easier for adversaries to conduct successful phishing attacks, social engineering awareness should remain a priority. Continue Reading
By- Arielle Waldman, News Writer
-
Tutorial
08 Dec 2023
Kali vs. ParrotOS: 2 versatile Linux distros for security pros
Network security doesn't always require expensive software. Two Linux distributions -- Kali Linux and ParrotOS -- can help enterprises fill in their security gaps. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
Feature
06 Dec 2023
A primer on storage anomaly detection
Storage admins should continuously monitor systems to identify and act upon unusual behavior. Anomaly detection can proactively address issues before they become serious problems. Continue Reading
-
Definition
05 Dec 2023
offensive security
Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity. Continue Reading
By -
News
04 Dec 2023
Fancy Bear hackers still exploiting Microsoft Exchange flaw
Microsoft and Polish Cyber Command warned enterprises that Russian nation-state hackers are exploiting CVE-2023-23397 to gain privileged access to Exchange email accounts. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
04 Dec 2023
The reality behind bypassing EDR attempts
Attackers have their work cut out for them when it comes to bypassing EDR. Learn about the difficulty of EDR evasion and how to ensure EDR tools catch all threats. Continue Reading
By- Kyle Johnson, Technology Editor
-
Feature
04 Dec 2023
How EDR systems detect malicious activity
Endpoint detection and response tools help SOCs separate benign events from malicious activity. Learn how this EDR function works. Continue Reading
By- Kyle Johnson, Technology Editor
- No Starch Press
-
News
30 Nov 2023
ScamClub spreads fake McAfee alerts to ESPN, AP, CBS sites
Malwarebytes said the malicious affiliate behind the fake virus alerts and other malvertising attacks has been flagged many times over the years, but McAfee has yet to take action. Continue Reading
By- Rob Wright, Senior News Director
-
News
28 Nov 2023
Europol, Ukraine police arrest alleged ransomware ringleader
Europol and Ukraine's National Police arrested the alleged leader of a ransomware gang last week, along with four accomplices, dismantling the cybercrime group. Continue Reading
By- Arielle Waldman, News Writer
-
News
27 Nov 2023
Threat actors targeting critical OwnCloud vulnerability
Researchers observed exploitation attempts against a vulnerability affecting OwnCloud's Graph API app, highlighting threat actors' continued focus on file-sharing products. Continue Reading
By- Arielle Waldman, News Writer
-
News
22 Nov 2023
CISA relaunches working group on cyber insurance, ransomware
Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Nov 2023
CISA, FBI warn of LockBit attacks on Citrix Bleed
The latest advisory on exploitation of the Citrix Bleed vulnerability confirmed that the LockBit ransomware group perpetrated the attack on Boeing. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
17 Nov 2023
An introduction to IoT penetration testing
IoT systems are complex, and that makes checking for vulnerabilities a challenge. Penetration testing is one way to ensure your IoT architecture is safe from cyber attacks. Continue Reading
By- Laura Vegh, Laura Vegh Creative
-
Tip
17 Nov 2023
SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags
Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
16 Nov 2023
CISA, FBI issue alert for ongoing Scattered Spider activity
The government advisory follows several high-profile attacks attributed to Scattered Spider, which uses advanced social engineering techniques like SIM swapping. Continue Reading
By- Arielle Waldman, News Writer
-
News
15 Nov 2023
LockBit observed exploiting critical 'Citrix Bleed' flaw
The Financial Services Information Sharing and Analysis Center warned that LockBit ransomware actors are exploiting CVE-2023-4966, also known as Citrix Bleed. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Nov 2023
Lace Tempest exploits SysAid zero-day vulnerability
SysAid urged users to patch a zero-day vulnerability in its on-premises software, which is being exploited by the threat actor behind the MoveIt Transfer ransomware attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
09 Nov 2023
emergency communications plan (EC plan)
An emergency communications plan (EC plan) is a document that provides guidelines, contact information and procedures for how information should be shared during all phases of an unexpected occurrence that requires immediate action. Continue Reading
By- Rahul Awati
- Paul Crocetti, Executive Editor
-
News
08 Nov 2023
Atlassian Confluence vulnerability under widespread attack
Atlassian's Confluence Data Center and Server products are under attack again as reports of widespread exploitation roll in just days after CVE-2023-22518 was publicly disclosed. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
08 Nov 2023
call tree
A call tree is a layered hierarchical communication model used to notify specific individuals of an event and coordinate recovery if necessary. Continue Reading
By- Rahul Awati
- Paul Crocetti, Executive Editor
-
Definition
03 Nov 2023
cybersecurity asset management (CSAM)
Cybersecurity asset management (CSAM) is the process created to continuously discover, inventory, monitor, manage and track an organization's assets to determine what those assets do and identify and automatically remediate any gaps in its cybersecurity protections. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
02 Nov 2023
Microsoft launches Secure Future Initiative to bolster security
In the wake of several significant attacks, Microsoft announced new initiatives to address software development and vulnerability mitigation, among other security risks. Continue Reading
By- Arielle Waldman, News Writer
-
News
31 Oct 2023
Dual ransomware attacks on the rise, but causes are unclear
While the FBI warned enterprises of an increase in dual ransomware attacks, infosec experts said there's insufficient data to consider the threat a trend. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
27 Oct 2023
How to create a cybersecurity awareness training program
Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
-
Podcast
26 Oct 2023
Risk & Repeat: Okta under fire after support system breach
This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
26 Oct 2023
Top 7 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on the configuration of cloud resources and assets. These best practices can keep you safe from attackers and other malicious activities. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
24 Oct 2023
Cisco IOS XE instances still under attack, patch now
In the days since Cisco's initial disclosure, the networking giant found a second Cisco IOS XE zero-day as well as new evasion techniques being utilized by threat actors. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Oct 2023
Okta customer support system breached via stolen credentials
During the latest breach against the identity and access management vendor, attackers took advantage of the system intended to provide support for Okta customers. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
23 Oct 2023
Top 10 tips for employees to prevent phishing attacks
Share this list of phishing techniques, detection and prevention tips, and best practices to help employees avoid falling victim to phishing schemes. Continue Reading
By- Sharon Shea, Executive Editor
-
News
19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability
While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 Oct 2023
CISA, NSA, FBI publish phishing guidance
In its guidance, CISA focused on two primary goals of phishing attacks: obtaining login credentials, often via social engineering, and installing malware on target systems. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Oct 2023
antispoofing
Antispoofing is a technique for identifying and dropping packets that have a false source address. Continue Reading
By- Paul Kirvan
- Sharon Shea, Executive Editor
-
News
18 Oct 2023
Mandiant: Citrix zero-day actively exploited since August
Exploitation against CVE-2023-4966 is ongoing, and Mandiant CTO Charles Carmakal warned patching alone is insufficient against potential attacks that leverage MFA bypass techniques. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
18 Oct 2023
Cybersecurity vs. cyber resilience: What's the difference?
Companies need cybersecurity and cyber-resilience strategies to protect against attacks and mitigate damage in the aftermath of a successful data breach. Continue Reading
By -
News
17 Oct 2023
Cisco IOS XE zero-day facing mass exploitation
VulnCheck said its public scanning for CVE-2023-20198 revealed that 'thousands' of internet-facing Cisco IOS XE systems have been compromised with malicious implants. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
16 Oct 2023
SEO poisoning (search poisoning)
SEO poisoning, also known as 'search poisoning,' is a type of malicious advertising (malvertising) in which cybercriminals create malicious websites and then use search engine optimization (SEO) techniques to cause the sites' links to show up prominently in search results, often as ads at the top of the results. Continue Reading
-
News
16 Oct 2023
Cisco working on fix for critical IOS XE zero-day
Cisco designated the bug, CVE-2023-20198, with a CVSS score of 10 and said it was working on a patch, but advised customers to apply mitigations in the meantime. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Oct 2023
Ransomware gang targets critical Progress WS_FTP Server bug
The vulnerability used in the failed ransomware attack, CVE-2023-40044, is a .NET deserialization vulnerability in Progress Software's WS_FTP Server with a CVSS score of 10. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
12 Oct 2023
Risk & Repeat: Rapid Reset and the future of DDoS attacks
This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Oct 2023
'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability
Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
By- Linda Tucci, Industry Editor -- CIO/IT Strategy
-
Tip
10 Oct 2023
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
By -
News
06 Oct 2023
MGM faces $100M loss from ransomware attack
MGM's 8-K filing revealed some personal customer data was stolen during the September attack and said the company expects cyber insurance to sufficiently cover the losses. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 Oct 2023
IBM launches new AI-powered TDR Services
IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
05 Oct 2023
risk assessment
Risk assessment is the process of identifying hazards that could negatively affect an organization's ability to conduct business. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
04 Oct 2023
Okta debuts passkey support to combat account compromises
The identity and access management vendor introduced products and features that addressed new social engineering techniques that require additional security measures beyond MFA. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
04 Oct 2023
What is ransomware? How it works and how to remove it
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
-
News
02 Oct 2023
Openwall patches 3 of 6 Exim zero-day flaws
The Openwall Project urged users to upgrade to the latest version of Exim, but there have been timely patching struggles with the message transfer agent software in the past. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Sep 2023
Cisco patches zero-day vulnerability under attack
Cisco said its Advanced Security Initiatives Group discovered the zero-day flaw while investigating attempted attacks on the vendor's Group Encrypted Transport VPN feature. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Sep 2023
Dallas doles out $8.5M to remediate May ransomware attack
The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
22 Sep 2023
Google and Mandiant flex cybersecurity muscle at mWISE
End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.