Below you will find reports with the source of “Cyentia Institute” Quantifying the financial savings Protective DNS (PDNS) brings to the UK public sector This report provides an analysis of the DNS queries blocked by Protective DNS, finds commonalities among the end users that are protected, and uses a financial model to estimate the value of the threat prevention provided by Protective DNS to the UK economy. (more available) Added: May 11, 2022 IRIS Risk Retina - Nonprofit This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector. (more available) Added: March 21, 2022 The Size and Shape of Workforce Risk A deep dive into the profiles of workforce members, identifying the characteristics of greater and less cyberrisk. Added: March 9, 2022 State of Software Security v12 This report looks at the entire history of active applications, not just the activity associated with the application over one year. (more available) Added: February 10, 2022 Prioritization to Prediction Volume 8: Measuring and Minimizing Exploitability We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. (more available) Added: January 20, 2022 Security Outcomes Study Vol. 2 Over 5,100 IT and security professionals across 27 countries were asked about their organizations’ approaches to updating and integrating security architecture, detecting and responding to threats, and staying resilient when disaster strikes. (more available) Added: December 7, 2021 IRIS Tsunami We identified 50 of the largest multi-party cyber incidents over the past several years in an effort to understand their causes and consequences from beginning to end. (more available) Added: October 19, 2021 Ripples Across the Risk Surface: 2021 A continued look at “ripple events” - multi-party security events - examining the size and frequency of these events, firmographics, as well as the velocity of spread of such events. (more available) Added: September 21, 2021 The State of the State of Application Exploits in Security Incidents A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents. Added: July 22, 2021 State of Software Security v11: Open Source Edition Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely. (more available) Added: June 22, 2021 Security Outcomes Study: Endpoint Edition Endpoint security is the last line of defense. Now more than ever, effective endpoint protection is essential to the success of any cybersecurity program. (more available) Added: May 24, 2021 Prioritization to Prediction Volume 7: Establishing Defender Advantage Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. (more available) Added: May 13, 2021 Elevating Human Attack Surface Management Every year, enterprises spend millions on security technology and training — only to be caught on the hamster wheel of responding to incidents caused by recurrent human errors. (more available) Added: May 12, 2021 From Uncertainty to Understanding Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available) Added: May 11, 2021 The 2021 Security Outcomes Study – Small and Midsize Business Edition What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available) Added: April 19, 2021 Internt of Tip-offs (IoT) An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles. Added: January 26, 2021 Internet Risk Surface in the Financial Sector A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available) Added: December 9, 2020 The 2021 Security Outcomes Study Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes. (more available) Added: December 1, 2020 Prioritization to Prediction: Volume 6 - The Attacker-Defender Divide This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available) Added: November 18, 2020 IRIS 20/20 Xtreme The IRIS 20/20 Xtreme is a follow-up to the IRIS 20/20 study earlier this year, this time focusing on the 100 largest cyber incidents of the last five years, totaling $18 billion in reported losses and 10 billion compromised records. (more available) Added: November 10, 2020 State of Third-Party Risk Management 2020 A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available) Added: November 5, 2020 «« « 1 2 3 » »»
Quantifying the financial savings Protective DNS (PDNS) brings to the UK public sector This report provides an analysis of the DNS queries blocked by Protective DNS, finds commonalities among the end users that are protected, and uses a financial model to estimate the value of the threat prevention provided by Protective DNS to the UK economy. (more available) Added: May 11, 2022
IRIS Risk Retina - Nonprofit This free public report from the Cyentia IRIS Risk Retina series clears away the fog of FUD, providing parameters for frequency and loss of publicly discoverable cyberevents in the nonprofit sector. (more available) Added: March 21, 2022
The Size and Shape of Workforce Risk A deep dive into the profiles of workforce members, identifying the characteristics of greater and less cyberrisk. Added: March 9, 2022
State of Software Security v12 This report looks at the entire history of active applications, not just the activity associated with the application over one year. (more available) Added: February 10, 2022
Prioritization to Prediction Volume 8: Measuring and Minimizing Exploitability We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. (more available) Added: January 20, 2022
Security Outcomes Study Vol. 2 Over 5,100 IT and security professionals across 27 countries were asked about their organizations’ approaches to updating and integrating security architecture, detecting and responding to threats, and staying resilient when disaster strikes. (more available) Added: December 7, 2021
IRIS Tsunami We identified 50 of the largest multi-party cyber incidents over the past several years in an effort to understand their causes and consequences from beginning to end. (more available) Added: October 19, 2021
Ripples Across the Risk Surface: 2021 A continued look at “ripple events” - multi-party security events - examining the size and frequency of these events, firmographics, as well as the velocity of spread of such events. (more available) Added: September 21, 2021
The State of the State of Application Exploits in Security Incidents A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents. Added: July 22, 2021
State of Software Security v11: Open Source Edition Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely. (more available) Added: June 22, 2021
Security Outcomes Study: Endpoint Edition Endpoint security is the last line of defense. Now more than ever, effective endpoint protection is essential to the success of any cybersecurity program. (more available) Added: May 24, 2021
Prioritization to Prediction Volume 7: Establishing Defender Advantage Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. (more available) Added: May 13, 2021
Elevating Human Attack Surface Management Every year, enterprises spend millions on security technology and training — only to be caught on the hamster wheel of responding to incidents caused by recurrent human errors. (more available) Added: May 12, 2021
From Uncertainty to Understanding Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight. (more available) Added: May 11, 2021
The 2021 Security Outcomes Study – Small and Midsize Business Edition What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available) Added: April 19, 2021
Internt of Tip-offs (IoT) An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles. Added: January 26, 2021
Internet Risk Surface in the Financial Sector A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains. (more available) Added: December 9, 2020
The 2021 Security Outcomes Study Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes. (more available) Added: December 1, 2020
Prioritization to Prediction: Volume 6 - The Attacker-Defender Divide This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. (more available) Added: November 18, 2020
IRIS 20/20 Xtreme The IRIS 20/20 Xtreme is a follow-up to the IRIS 20/20 study earlier this year, this time focusing on the 100 largest cyber incidents of the last five years, totaling $18 billion in reported losses and 10 billion compromised records. (more available) Added: November 10, 2020
State of Third-Party Risk Management 2020 A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors. (more available) Added: November 5, 2020