Latest

►

Cybercrime

Troy Hunt: Why Data Breaches Persist

Mathew J. Schwartz  •  June 20, 2019

Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.

►

Cybercrime

The Pervasive Problem of Phishing

Nick Holland  •  June 20, 2019

Phishing attacks are becoming actively evasive, says Lior Kohavi of Cyren, who discusses countermeasures.

►

Incident & Breach Response

Best Practices for Cyberattack Prevention and Response

Mathew J. Schwartz  •  June 20, 2019

Organizations that want to ensure they have a solid cybersecurity strategy must ensure they rigorously pursue best practices, monitor their infrastructure, eliminate vulnerabilities as well as prepare for the worst, says Andrew Gogarty of Secon Cyber.

►

Governance

4 Bug Bounty Myths Dispelled

Mathew J. Schwartz  •  June 20, 2019

Bug bounty myths: All such programs must be public, run nonstop, pay cash to bug-spotters and allow anyone to join. But HackerOne's Laurie Mercer says such programs often run as private, invitation-only and time-limited endeavors, sometimes offering only swag or public recognition.

►

Next-Generation Technologies & Secure Development

Cybersecurity's Automation Imperative

Mathew J. Schwartz  •  June 20, 2019

With cybersecurity becoming ever more difficult to monitor and manage, and product and data overload triggering cyber fatigue among cybersecurity professionals, organizations must embrace more autonomous approaches, says Censornet's Richard Walters.

►

Governance

The Need for a 'Zero Trust' Approach

Nick Holland  •  June 20, 2019

The perimeter is now both external and internal, which is why organizations must move to a "zero trust" model, says Pete Nourse of Veriato.

►

Governance

Act Fast: Best Practices for Arresting Spoofed Domains

Mathew J. Schwartz  •  June 20, 2019

Organizations are increasingly relying on threat intelligence to help them better identify malicious behavior before it hits the network - or users encounter it - including using domain name system analysis to track emerging campaigns, says Corin Imai of DomainTools

►

Artificial Intelligence & Machine Learning

Step Away From the Artificial Intelligence

Mathew J. Schwartz  •  June 19, 2019

Why does everyone keep mislabeling machine learning - a proven technique for helping organizations to improve their security posture - as artificial intelligence? "I'm so tired of the AI buzzword bingo," says John Matthews, CIO of ExtraHop Networks.

►

Governance

Cisco on Cybersecurity: Targeting Optimal Protection

Mathew J. Schwartz  •  June 19, 2019

Defending organizations against attackers is more challenging than ever. "The complexity and sophistication of the threats has increased," says Cisco's Mark Weir. "What we're seeing a lot of at the moment as well is intellectual property theft."

►

Advanced SOC Operations / CSOC

Network Security Policy Management: Seeking Visibility

Mathew J. Schwartz  •  June 19, 2019

Visibility, or a lack thereof, continues to challenge organizations as they attempt to protect their businesses by knowing which systems, applications and data they have, says AlgoSec's Jeffrey Starr. He discusses how centralized visibility, control and automation can help.

►

Security Operations

The State of the SOC

Nick Holland  •  June 19, 2019

Managing a security operations center is fraught with challenges, says Stephen Moore of Exabeam, who outlines the findings of a new "State of the SOC" report.

►

Application Security

Cloud and Container Adoption: The Visibility Imperative

Mathew J. Schwartz  •  June 19, 2019

As organizations pursue digital transformation initiatives backed by new application deployment techniques, they must ensure that security, operations and development teams fully coordinate, says Marco Rottigni of Qualys.