While most enterprises recognize the critical role that security operation centers (SOC) play in cybersecurity activities, very few are able to perfect a SOC approach that meets their ultimate satisfaction. A new study out on attitudes toward SOC efficacy shows that organizations are spending millions each year to run their SOCs, but that many are unhappy with the ROI from this investment.
All about Virtualization and Cloud Security | Recent Articles:
A protocol little known by executives outside of the networking world may put the future safety of enterprise IoT at extreme risk if organizations don't take action to secure their connections. New research out last week found that the way that many large organizations are using the Long Range Wide Area Networking (LoRaWAN) protocol is making them susceptible to hacking that could cause civic disruption and even put people at risk.
The role of the application programmable interface (API) keeps rising in prominence within the enterprise. And as that happens, so does the risk of APIs as an enterprise attack surface. According to security experts, API security will be a top concern for many cybersecurity organizations in the coming year.
API security is no longer a problem of the future—widespread API proliferation is already here, after all. According to a report earlier this year from Akamai, a full 83% of web traffic today is now API traffic. There are a number of factors that are increasing the prevalence—and the importance-- of APIs within organizations both large and small.
A new study out conducted among the DevSecOps community shows that Kubernetes use is rapidly growing within the enterprise, and not just within test or development environments. As organizations try to catch their breath with the rapid adoption rate, the security community is scrambling to adapt to containers and cloud native architectures as the new normal.
The holiday season is kicking into full gear, and so is the annual holiday cybercrime surge. As gift givers scour the web to seek out the best deals, cybercrooks put in extra work to profit off of the holiday shopping frenzy.
While most individual security analysts today are still overworked and battling burnout, the good news is that the process and organizational support they need is improving across the industry. A new report out last week shows that security programs are growing more mature and performing better as the number of organizations with formal security operations centers (SOC) experiences a huge spike.
New research out in the past few weeks show that false positives and alert fatigue continue to plague security operations centers (SOCs) worldwide. And, according to the research, it's killing the SOC's ability to keep teams intact and to respond quickly to threats.
Security summer camp is upon us as the cybersecurity industry convenes on Las Vegas this week for Black Hat and Def Con. In addition to presenting a ton of important research on new vulnerabilities and exploit methods, many security researchers will be sharing with attendees a smorgasbord of new and updated open source tools. Between speaker tracks at both shows, Black Hat Arsenal, and DEF CON Demo Days, presenters will unveil and demo dozens of freebies designed to help their colleagues with a range of offensive and defensive security activities.
The cost of data breaches keeps increasing for companies, and new research indicates that the financial impact can continue to sap company coffers for years after the incident occurs. Released this week, the 2019 Cost of a Data Breach Report from Ponemon Institute showed that the average data breach now costs companies $3.92 million globally. This represents a 12% rise in breach costs over the last five years.
A few weeks ago, the U.S. federal bureaucrats from the NASA Office of the Inspector General’s audit division put together a thorough document detailing the security woes at NASA Jet Propulsion Laboratory (JPL). The details come together in a classic “what not to do” anti-case study that many security professionals are probably familiar with at this point. It’s a good read for security people interested in learning from the mistakes of others.
Many cybersecurity leaders today express greater levels of confidence than ever before in their cloud security posture. Cloud security tools have greatly matured over the last few years and that, combined with the inevitability of cloud dominance in modern IT, has helped them reach a wary acceptance of the new normal. Nevertheless, recent research indicates that security pros are still dealing with some significant cloud risk factors that justifiably give them heart palpitations now and again.
Last year the OWASP Top 10 committee was prophetic in at least one of its inclusions in the update to its industry benchmark list. For the first time, the group included insecure APIs as one of the most common attack vectors that developers need to avoid adding to their code when creating software. Looking back on 2018, you can see why they sounded the warning.