Category: Security Intelligence

Read the original article: Data Visibility and Management When Selecting or Working with an MSSP Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even…

Read more →

Read the original article: Update on Widespread Supply-Chain Compromise SolarWinds has announced a cyberattack on its systems that compromised specific versions of the SolarWinds Orion Platform, a widely used network management tool. SolarWinds reports that this incident was likely the…

Read more →

Read the original article: E-Commerce Skimming is the New POS Malware As the holiday shopping season shifts into high gear, the COVID-19 pandemic is accelerating an ongoing trend: shoppers are opting to buy online. Rather than flooding brick-and-mortar stores — and…

Read more →

Read the original article: IBM Trusteer Exposes Massive Fraud Operation Facilitated by Evil Mobile Emulator Farms IBM Security Trusteer’s mobile security research team has recently discovered a major mobile banking fraud operation that managed to steal millions of dollars from…

Read more →

Read the original article: Security Management: Why Companies Need a Unified Cloud Platform We must adapt the way we secure data to today’s needs. Working from home has increased, forcing entities and their employees to rely more on virtual private networks…

Read more →

Read the original article: How Open Security Can Make Threat Management More Efficient Security operations center (SOC) teams struggle with an array of challenges. Too many tools can make the work too complex; and recruiting and retaining personnel can be…

Read more →

Read the original article: A Reminder to Stay Vigilant This year has been a challenging one for organizations that faced data breaches, intrusions and ransomware attacks at the hands of cyber criminals and nation-state attackers. Cybersecurity firm FireEye announced on…

Read more →

Read the original article: Data Visibility and Management When Selecting or Working with an MSSP Hybrid and multicloud solutions have created and will continue to offer great benefits for businesses. However, this means security experts will need to pay even…

Read more →

Read the original article: Centralizing Data Encryption Keys With Key Management Standards Many people already know data encryption can help secure sensitive business data. But, because organizations have adopted it so widely, IT and security teams now must manage growing numbers…

Read more →

Read the original article: Centralizing data encryption keys with key management standards Many people already know data encryption can help secure sensitive business data. But, because organizations have adopted it so widely, IT and security teams now must manage growing numbers…

Read more →

Read the original article: Simplify Data Encryption With Key Management Many people already know data encryption can help secure sensitive business data. But, because organizations have adopted it so widely, IT and security teams now must manage growing numbers and types…

Read more →

Read the original article: Break Down Walls in the SOC for Better Data Security Data provides businesses the edge they need to unlock their full potential. In turn, employees seek access to data to drive better customer outcomes, become more…

Read more →

Read the original article: Data Encryption: Simplifying Enterprise Key Management Data encryption can help prevent malicious users and rogue processes from taking control of sensitive data. According to the 2020 Cost of a Data Breach report, the use of encryption is a…

Read more →

Read the original article: SIEM Security Myths Debunked: SOC Hero or Zero? Security information and event management (SIEM) is still integral to digital security. However, newer entrants to the market claim SIEM as we know it is dead. If this…

Read more →

Read the original article: How to Transform From DevOps to DevSecOps DevOps is a mindset as well as a business tactic. It’s a cultural shift that merges operations with development and employs a linked toolchain to create change. In turn,…

Read more →

Read the original article: Reaching Strategic Outcomes With An MDR Provider: Part 3 This is the third in a five-part blog series on managed detection and response as it drives strategic security outcomes for businesses. In this multipart blog series,…

Read more →

Read the original article: 5 Ways to Accelerate Security Confidence for AWS Cloud Today’s cloud services customers are looking beyond the basic benefits of the cloud, such as ease of scale and payment options. Now, they want the cloud to…

Read more →

Read the original article: IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that…

Read more →

Read the original article: Why You Might Need to Outsource Your Privileged Access Management Program The crown jewels of cybercrime are the level of access privileged users have to your company’s most critical data and assets. Therefore, monitoring them with…

Read more →

Read the original article: SIEM Trends: What to Look for in a Security Analytics Provider The authors of The Forrester Wave™ turn to a quote from ‘The Empire Strikes Back’ to sum up the direction of SIEM: “You truly belong…

Read more →

Read the original article: The Future of Cybersecurity: How to Prepare for a Crisis in 2020 and Beyond When it comes to the future of cybersecurity, an ounce of prevention is worth far more than a pound of cure. According…

Read more →

Read the original article: Improving Data Security in Schools Part 1: Hybrid Learning This is the first piece in a series about education security challenges in 2020-2021. Education has been an underrated and understated hotbed for cybersecurity threats. School officials…

Read more →

Read the original article: Chaos Engineering: Building the Next Generation of Cyber Ranges In one of our past posts on the same subject, we discussed how to apply chaos engineering principles to cyber war-games and team simulation exercises in broad…

Read more →

Read the original article: How a Cybersecurity Training Program Can Recruit From Inside Your Business The cybersecurity industry is facing a shortage of trained and experienced professionals. Schools, universities and organizations are doing amazing things to encourage the next generation…

Read more →

Read the original article: Shadow IT: Addressing the Risks in Remote Work Environments Shadow IT can cause big problems for cybersecurity. The trouble is in the name: these connections exist in the shadows outside of IT (information technology) and security…

Read more →

Read the original article: Be Prepared for Increased DDoS Attacks Ahead of Black Friday Black Friday is prime time for distributed denial-of-service (DDoS) attacks, especially as retail goes online even more than usual in 2020. Forecasters predict e-commerce sales will…

Read more →

Read the original article: Security Culture: Putting Digital Literacy First in Your Company Building a security-first culture is as important for cybersecurity as investing in the right tech or creating and enforcing the right policies.  Defense systems cannot provide 100% of the…

Read more →

Read the original article: IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have As the chief information security officer (CISO) for IBM, I’m often asked by peers and colleagues, “What do you think of…

Read more →

Read the original article: IBM Works With Cisco to Exorcise Ghosts From Webex Meetings COVID-19 has changed the way many people work, as organizations have shifted to remote work to slow the spread. In early May, more than 100 million…

Read more →

Read the original article: Ransomware Response: Time is More Than Just Money The initial actions an organization takes in the moments after discovering a ransomware attack can have profound implications on how the attack ends. Virtually every security professional will…

Read more →

Read the original article: Cybersecurity Framework: How To Create A Resilience Strategy A cyber resilience framework, or cybersecurity framework, is a crucial component of modern-day business. In the face of rising threats from malware, phishing and high-tech threat actors, a…

Read more →

Read the original article: Data Destruction: Importance and Best Practices As discussed in an earlier piece, data should be treated as a valuable currency. But there is another aspect to data handling that needs to be considered: data as a…

Read more →

Read the original article: Stay Calm: Your Supply Chain Cybersecurity Is Solid A little over 50 years ago, on July 20, 1969, humans first landed on the moon. Among the many amazing feats involved, it took just over eight years…

Read more →

Read the original article: How AI Can Make Cybersecurity Jobs Less Stressful and More Fulfilling Words for health and the human body often make their way into the language we use to describe IT. Computers get viruses; companies manage their…

Read more →

Read the original article: Unified Endpoint Management for the New Normal The COVID-19 pandemic has changed the world forever. Following regional stay-at-home orders, the number of full-time home-based workers in the U.S. grew from roughly 7% (according to 2019 research…

Read more →

Read the original article: Reaching Strategic Outcomes With a Managed Detection and Response Service Provider: Part 2 This is the second in a five-part blog series on managed detection and response as it drives strategic security outcomes for businesses. In this…

Read more →

Read the original article: Data Security: Building for Today’s Hybrid Cloud World When it comes to data security, do you feel you have the full story? And if you do, is that full story captured in one book or across…

Read more →

Read the original article: A Quick Guide to Effective SIEM Use Cases Part of successfully setting up your security operations center (SOC) is defining your SIEM use cases.  Use cases help and support security analysts and threat monitoring goals. What…

Read more →

Read the original article: Implement Cloud Security Best Practices With This Guide As more employees opt for remote work, organizations rely on cloud computing options for easy access to corporate data and applications. This dependence on the cloud also puts…

Read more →

Read the original article: Assessing Security Operation Centers Using a Balanced Scorecard Measuring the effectiveness of a security operations center (SOC) can be a daunting task, but a balanced scorecard approach can make the task easier. Existing SOC best practice…

Read more →

Read the original article: Data Security by the Numbers: How a Smarter Approach Saves Time and Money It’s well-known in business that you need to balance money spent versus money saved. The most effective, cost-cutting data security solutions have one…

Read more →

Read the original article: Sailing in the Sea of IoT It’s the kind of story many of us grew up hearing: “Someday, your fridge will know what you need from the store before you do.” We didn’t worry about things…

Read more →

Read the original article: WannaCry: How the Widespread Ransomware Changed Cybersecurity If I had polled cybersecurity experts on their way to work on May 12, 2017, most of them would have said they knew a major cybersecurity event loomed. Yet,…

Read more →

Read the original article: Threat Analysis: How the Rapid Evolution of Reporting Can Change Security With the advancements in data reporting gleaned from security information and event management (SIEM) tools and adjacent solutions, every security team today can face information overload…

Read more →

Read the original article: What’s My Priority? The Key Pillars of Threat Intelligence Often, in the world of information security and risk management, the question facing threat intelligence teams is amidst this sea of vulnerability disclosures, which ones matter the…

Read more →

Read the original article: Don’t Torpedo Your Data Security Program: 5 Best Practices to Consider If you are like most security leaders responsible for protecting your company’s crown jewels, you’ve certainly asked: Can malicious insiders access my organization’s sensitive and…

Read more →

Read the original article: Reaching Strategic Outcomes With A Managed Detection and Response Service Provider: Part 1 This is the first in a five-part blog series on Managed Detection and Response as it drives strategic security outcomes for businesses. If…

Read more →

Read the original article: WannaCry: How the Widespread Ransomware Changed Cybersecurity If I had polled cybersecurity experts on their way to work on May 12, 2017, most of them would have said they knew a major cybersecurity event loomed. Yet,…

Read more →

Read the original article: Cybersecurity Strategy: Building Trust on Shifting Sands This is the first in a blog series about building and maintaining brand trust.  Transforming the enterprise for digital business requires a change in technology, process and culture. Along…

Read more →

Read the original article: Connected Data Stores Elevate the Requirements of Data Security and Governance Platforms Since it is highly unlikely that my wife will read a blog on data security, I think I can safely share that she is…

Read more →

Read the original article: What’s New in 2020: Gartner Market Guide for SOAR Solutions In a security environment burdened by too many tools, a shortage of skilled staff and an increasing number of cyberattacks, automation benefits that help bring efficiency…

Read more →

Read the original article: Ensuring Your Security Operations Center is Ready for Operational Technology The mission of the security operations center (SOC) has evolved over the years. Building a security operations center used to involve onboarding as many device feeds…

Read more →

Read the original article: Supply Chain Risks in Healthcare: Time to Increase Security The theme for National Cybersecurity Initiative‘s annual Cybersecurity Awareness Month for 2020 is Do Your Part #BeCyberSmart. For the healthcare sector, this means shedding light on the…

Read more →

Read the original article: How to Secure Microservices Architecture The use of microservices-based architecture to realize complex, evolving solutions is growing in popularity. Microservices make it much easier to replace or upgrade components mid-flight. It also allows multiple developers to…

Read more →

Read the original article: Account Fraud is Killing Streaming Services: What Providers Can Do The use of online streaming services was already burgeoning well before most of the world started spending so much time at home. The current explosion in…

Read more →

Read the original article: Training Trainers: How IBM Uses Data Breach Simulations to Build Real-World Competency Threat intelligence and response teams need to be ready to respond to an increasing barrage of risks and changes. To be exact, this is where…

Read more →

Read the original article: Crisis and an Incontestable Need for Security — A Business Viewpoint Data, data, data.  We have plenty of it, and in the eyes of some, it’s considered too much of a good thing. In practical terms, too…

Read more →

Read the original article: New Vizom Malware Discovered Targets Brazilian Bank Customers with Remote Overlay Attacks IBM Security Trusteer researchers have discovered a new malware code and active campaign targeting online banking users in Brazil. The malware, coined “Vizom” by…

Read more →

Read the original article: Facing a Privacy Breach Under Growing GDPR-inspired Laws Can Pose Challenges for Companies Almost everyone at this point has heard about the European Union’s (EU) General Data Protection Regulation (GDPR). You’ve probably received an email from…

Read more →

Read the original article: Modernizing Your Security Operations Center for the Cloud Several factors are converging to exert pressure on how security operations centers (SOCs) traditionally function. Evolving information technology (IT) infrastructure, such as cloud migration, serverless services and endpoints…

Read more →

Read the original article: Modernizing Your Security Operations Center for the Cloud Several factors are converging to exert pressure on how security operations centers (SOCs) traditionally function. Evolving information technology (IT) infrastructure, such as cloud migration, serverless services and endpoints…

Read more →

Read the original article: Are Bug Bounty Programs Worth It? Bug bounty programs are on the rise, and participating security researchers earned big bucks as a result. According to a report released by HackerOne in February 2020, hackers had collectively…

Read more →

Read the original article: How Cybersecurity Threat Intelligence Teams Spot Attacks Before They Start A thorough cybersecurity threat intelligence team can turn a threat into a tool for future protection. Their job is to conduct background research on threat groups’…

Read more →

Read the original article: IBM Named a CIAM Leader in the Forrester Wave Report Not all leading identity and access management (IAM) vendors can also be successful as consumer identity and access management (CIAM) vendors. But with the right identity…

Read more →

Read the original article: Autonomous Vehicle Security Needs From A Hacker’s Perspective With connected cars becoming more common, the industry has more standards and options when it comes to autonomous vehicle security.  Adam Laurie, known in hacker circles as Major…

Read more →

Read the original article: Cybersecurity Awareness: 6 Myths And How To Combat Them National Cybersecurity Awareness month is upon us. And, so is the opportunity to look at what common C-suite misconceptions could be handcuffing security awareness efforts.  As we enter the…

Read more →

Read the original article: Thinking Outside the Dox: What IT Security Can Learn From Doxing Doxing is rightfully regarded as a dangerous threat, potentially exposing personal information where it shouldn’t be. But, defenses derived from doxing may strengthen corporate cybersecurity…

Read more →

Read the original article: Web Application Security Best Practices: A Developer’s Guide Digital adoption is only increasing in today’s world. It brings with it the challenges of safeguarding financial and personal data against potential threat actors. Including web application security…

Read more →

Read the original article: Cybersecurity Today: The Intersection of Technology and Behavior In the movie “Back to the Future II,” protagonist Marty McFly travels forward to the year 2015. During a quick stop at Café 80s, Marty encounters two children, confused…

Read more →

Read the original article: Cybersecurity Risk Management: Protecting Our Most Valuable Currency Cybersecurity risk management can be a unifying conversation throughout your organization. Few things are more challenging in the cybersecurity business than getting stakeholders to speak in the same…

Read more →

Read the original article: Ransomware 2020: Attack Trends Affecting Organizations Worldwide Ransomware is one of the most intractable — and common — threats facing organizations across all industries and geographies. And, incidents of ransomware attacks continue to rise. Meanwhile, ransomware…

Read more →

Read the original article: 3 Biggest Factors in Data Breach Costs and How To Reduce Them The cost of a data breach has increased slightly in the last six years on average. Costs are up 10% since 2014 to $3.86…

Read more →

Read the original article: Security-First Culture: Break Company Barriers With a Language That Works A security-first culture means conveying cybersecurity needs throughout the enterprise, but it isn’t easy to maintain. Communication can be hard no matter who you’re working with.…

Read more →

Read the original article: Automotive Cybersecurity: New Regulations in the Auto Industry Connected car data security becomes key as automakers enable advanced communications and safety features. With this increased connectivity comes greater automotive cybersecurity risks, too. In fact, the number…

Read more →

Read the original article: A Recipe for Reducing Medical Device Internet of Things Risk You may recall this blog post from March 2020. It highlighted the importance of factoring in clinical, organizational, financial and regulatory impact when determining which medical…

Read more →

Read the original article: CORS: How to Use and Secure a CORS Policy with Origin CORS (Cross-Origin Resource Sharing) enables resource sharing that pulls data from a lot of different sources. Like any relatively open aspect of the internet, it…

Read more →

Read the original article: Uncover Return on Investment From Using a SOAR Platform When a cybersecurity attack happens, people may be tempted to react impulsively. Instead, security leaders should take a proactive approach. Carefully considering the long-term effects of actions…

Read more →

Read the original article: Today’s Risk Assessment Goes Beyond Prediction to Intelligence Risk assessment helps organizations identify, reduce and manage risks to prevent their re-occurrence. To do this, they need to spend a large amount of their IT budget on technologies…

Read more →

Read the original article: Taking the Risk Out of Mergers and Acquisitions In the post-COVID-19 economy, cyber risk and cybersecurity will play a central role in unlocking mergers and acquisitions (M&A) deal valuations. While economic uncertainty has contributed to a…

Read more →

Read the original article: Creating Brand Trust: A Key Currency for Business This is the first in a blog series about building and maintaining brand trust.  Brand trust has always been valuable for business, but the ways to develop it…

Read more →

Read the original article: A New Botnet Attack Just Mozied Into Town A relatively new player in the threat arena, the Mozi botnet, has spiked among Internet of things (IoT) devices, IBM X-Force has discovered. This malware has been active…

Read more →

Read the original article: Risk Management: How Security Can Learn to Do the Math Risk management is an important element in using data to get ahead of cybersecurity risks before they happen. The costs of protecting an enterprise of any…

Read more →

Read the original article: Back to Basics: Creating a Culture of Cybersecurity at Work The importance of security culture can be seen now more than ever. Many of us work remotely; there are app concerns; and the lines between personal and…

Read more →

Read the original article: Jackpotting Reveals Openings in Proprietary Software Jackpotting, an older ATM theft technique, could show security operations team members what to look out for when it comes to Internet of things (IoT) attacks in general, and even…

Read more →

Read the original article: Creating a Cybersecurity Culture Starts With Your Team As cyberattacks become more prevalent and sophisticated, companies must put more faith in their employees to make sure they don’t put data at risk or fall victim to…

Read more →

Read the original article: Data Breach Protection Must Include Physical Security If most of your business’ data and workloads are handled on public clouds, it can be easy to forget about the onsite servers. With office buildings empty, employees may…

Read more →

Read the original article: Ransomware Attacks: How to Protect your Data With Encryption Cybercriminals are making headlines using ransomware to block organizations from accessing their own critical business data to extort ransoms. Recently, the University of California San Francisco fell…

Read more →

Read the original article: Incident Response: 5 Steps to Prevent False Positives False positive alerts in your threat intel platform can leave your team scrambling. It’s like driving to the wrong address. You reach a place, but also waste time…

Read more →

Read the original article: Under Attack: How Threat Actors are Exploiting SOCKS Proxies From the basic building blocks of the internet to cryptocurrency mining on a supercomputer, SOCKS sits at the core of computing. A SOCKS proxy can be used…

Read more →

Read the original article: SOC 2.0: A Guide to Building a Strong Security Ops Team In a security operations center (SOC), your cybersecurity tools are only as good as the people using them and your SOC’s culture. What are the…

Read more →

Read the original article: CIAM: Building Blocks to Consumer IAM Success Consumer identity and access management (CIAM) is the connective technology between consumers and brands. CIAM is an important consideration when navigating routes to market for your products and services.…

Read more →

Read the original article: Learn How to Secure Personally Identifiable Information, Now As more work shifts to remote, organizations continue dealing with security challenges. Employees are now connecting to internal network resources from varied devices, and many may be connecting…

Read more →

Read the original article: 4 Steps to Consider When Starting a New Cybersecurity Career At a time when layoffs are painfully common, now might not seem like a great time to look for a new job or switch careers. Or,…

Read more →

Read the original article: Leverage Automation Successfully as Part of a Broader SOAR Strategy In a previous article, we explored common misconceptions about automation and the realities of using automation to improve security. This article discusses automation best practices as…

Read more →

Read the original article: Cybersecurity Operations: 5 Ways to Cut Costs Without Pain Cybersecurity frameworks are notoriously expensive to build and maintain. And, business leaders are frequently dissatisfied with their effectiveness. According to research conducted by the Ponemon Institute, enterprises spend…

Read more →

Read the original article: How Can Enterprises Protect Personally Identifiable Information? With data breaches often appearing in the news, customers and enterprise leaders alike may be concerned that the enterprise isn’t doing enough to protect customers’ personally identifiable infomation (PII).…

Read more →

Read the original article: When Your Heartbeat Becomes Data: Benefits and Risk of Biometrics Knowing who your users are today is more important than ever. This explains, in part, why integrating biometric usage into identity and access management (IAM) appears…

Read more →

Read the original article: Digital Transformation: Breaking Down Silos for Better Data Security Today, enterprises are under pressure to improve the power and reduce the cost of running mission-critical business applications by migrating to modern software architectures. By breaking down…

Read more →

Read the original article: Your Newest Cybersecurity Professional Is Already in Your Company The cybersecurity talent gap is real. The 2019/2020 Official Annual Cybersecurity Jobs Report predicts that there will be 3.5 million security jobs left unfilled globally by 2021.…

Read more →

Read the original article: New Vulnerability Could Put IoT Devices at Risk Society relies so heavily on technology that the number of internet connected devices used globally is predicted to grow to 55.9 billion by 2025. Many of these devices…

Read more →