The MITRE ATT&CK Framework is widely recognized as instrumental in providing a common language and framework for describing attack techniques and effectively sharing information across organizations. However, we’re just starting to see the potential benefits this matrix can provide when integrated directly into security tools. Uptycs recently announced a major release of its product that […]
There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application Security Testing, the Gartner Magic Quadrant focuses on Application Security Testing as a whole, […]
The Solarwinds Orion SUNBURST attack has been in the news for weeks. We’re starting to get great details into the actual attack, especially after FireEye released the initial set of indicators of compromise. But the question I want answered is why didn’t anyone discover this attack before the breach. What defenses are we missing to […]
Last fall we discussed what security data do I really need to collect and analyze. We know we don’t need it all, but this was only the sensor part of the discussion. Now that we have that data identified and those sensors in place, what brain do I need to collect and analyze it? There […]
Security Awareness training has been a challenge for decades. Annual training programs have never been highly effective in training users on how to avoid or report security incidents, including phishing. More frequent training creates too much friction with productivity. We’ve seen lots of new training solutions come into the market, yet we have not seen […]
The news is flooded with updates regarding the COVID-19 vaccine. Cyberattacks are targeting the vaccine supply chain. Phishing attacks are exploiting sign-ups for the vaccine. There are even attacks to get access to vaccine data. Sounds a lot like our enterprises every day! We’re all learning about human immunology from the headlines, but what are […]
The growth of application development, DevOps, containers, and cloud has fueled the growth of application security tools. We now have static analysis, software composition analysis, interactive analysis, dynamic analysis, container scanning, infrastructure as code scanning, and a number of runtime application security products. That’s a lot of testing data, but how do we integrate it […]
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
