In this report, the findings show that in order to resolve the attack surface management challenges facing organizations, IT and security teams need to invest in solutions that automate and centralize monitoring of internet-facing assets and provide greater insights into vulnerabilities. (more available)

CISOs aren’t alone in recognizing the need for new threat detection and response strategies. In fact, security technology providers are championing a new technology initiative dubbed eXtended Detection and Response (XDR). (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

“In late 2018 and early 2019, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted its third annual research product focused on the lives and experiences of cybersecurity professionals. (more available)

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. (more available)

Abstract: Enterprises increasingly operate in a digitally interconnected world where third parties like suppliers, customers, channel partners, and others are often directly connected to their internal IT systems, and where their underlying IT infrastructure may be owned and managed by an outside organization. (more available)

In late 2017 and early 2018, the Enterprise Strategy Group (ESG) completed a research survey of 413 IT and cybersecurity professionals with knowledge of, or responsibility for, the planning, implementation, and/or operations of their organization’s security policies, processes, or technical safeguards. (more available)

This report seeks to provide answers to many questions related to the failures of endpoint security that are occuring even though there has been a shift in technology and strategy. (more available)

This report concludes that, security operations is fraught with people, process, and technology challenges, that improvement is a high priority, organizations are embracing security orchestration, and orchestration is becoming a centralized platform. (more available)

In early 2016, Hexadite commissioned the Enterprise Strategy Group (ESG) to complete a study of 100 IT and cybersecurity professionals with knowledge of or responsibility for incident response (IR) processes and technologies at their organizations. (more available)

This report presents the results of a survey run by ESG and commissioned by Seclore. They analyze information related to data, data security, and collaboration. (more available)

This report seeks to offer insight into the cybersecurity world and to analyze the dangers and pitfalls of the transition in the profession. (more available)

There are many reasons to archive data. For too many organizations, “archiving” is immediately presumed to be a cumbersome, unattainable, legacy process that IT had previously deprioritized, while erroneously believing that a “backup copy” held for an extended period of time was a sufficient alternative. (more available)

In Threat Stack Cloud Security Report 2017: Security at Speed & Scale, they set out to determine how Operations, Security, and DevOps professionals are dealing with increasingly complex environments, using limited resources, as they seek to satisfy internal and external security demands along with compliance requirements. (more available)

This paper examines the life of those in the cybersecurity profession, and seeks to provide answers to the high turnover rate in the field. (more available)

The data presented here illustrates an escalating and dangerous game of cyber security “cat and mouse.” Cyber- adversaries continue to develop creative tactics, techniques, and procedures (TTPs) for attacks. (more available)