New research out in the past few weeks show that false positives and alert fatigue continue to plague security operations centers (SOCs) worldwide. And, according to the research, it's killing the SOC's ability to keep teams intact and to respond quickly to threats.
All about Virtualization and Cloud Security | Recent Articles:
Security summer camp is upon us as the cybersecurity industry convenes on Las Vegas this week for Black Hat and Def Con. In addition to presenting a ton of important research on new vulnerabilities and exploit methods, many security researchers will be sharing with attendees a smorgasbord of new and updated open source tools. Between speaker tracks at both shows, Black Hat Arsenal, and DEF CON Demo Days, presenters will unveil and demo dozens of freebies designed to help their colleagues with a range of offensive and defensive security activities.
The cost of data breaches keeps increasing for companies, and new research indicates that the financial impact can continue to sap company coffers for years after the incident occurs. Released this week, the 2019 Cost of a Data Breach Report from Ponemon Institute showed that the average data breach now costs companies $3.92 million globally. This represents a 12% rise in breach costs over the last five years.
A few weeks ago, the U.S. federal bureaucrats from the NASA Office of the Inspector General’s audit division put together a thorough document detailing the security woes at NASA Jet Propulsion Laboratory (JPL). The details come together in a classic “what not to do” anti-case study that many security professionals are probably familiar with at this point. It’s a good read for security people interested in learning from the mistakes of others.
Many cybersecurity leaders today express greater levels of confidence than ever before in their cloud security posture. Cloud security tools have greatly matured over the last few years and that, combined with the inevitability of cloud dominance in modern IT, has helped them reach a wary acceptance of the new normal. Nevertheless, recent research indicates that security pros are still dealing with some significant cloud risk factors that justifiably give them heart palpitations now and again.
Last year the OWASP Top 10 committee was prophetic in at least one of its inclusions in the update to its industry benchmark list. For the first time, the group included insecure APIs as one of the most common attack vectors that developers need to avoid adding to their code when creating software. Looking back on 2018, you can see why they sounded the warning.
This year’s online holiday shopping season was kicked off to tremendous fanfare, as deal hunters went crazy last week with record-breaking spending. According to USA Today, holiday sales on Cyber Monday topped $7.9 billion in just the US alone. Meanwhile, mega retailer Amazon reported that Cyber Monday was the single biggest global shopping day in its company history—people ordered more than 18 million toys from Amazon on Cyber Monday and Black Friday combined.
Enterprise software is drowning in vulnerabilities and even organizations highly motivated to fix security flaws in their applications struggle to do it in a timely fashion.
As enterprises look toward the 2019 budget cycle, CISOs and other IT executives are increasingly pushing cloud security to the top of the cybersecurity budgetary priority list.
The annual State of DevOps report is out for 2018 and the study offered up some very strong proof points for the tight relationship between mature DevOps practices and improved security operations.
The importance of a strong enterprise cybersecurity culture to the overall effectiveness of an IT security department can't be understated. It's consistently named by executives as a crucial, if ephemeral, ingredient for cyber risk management success.