Tenable Research takes that approach to equip our customers and the industry at large with the tools, awareness and intelligence to effectively reduce risk. To further those goals, SRT has complied this 2020 Threat Landscape Retrospective, which offers both a macro look at the trends that shaped the year as well as the detailed compendium of key vulnerabilities. The insights and data provided in these pages are designed to help cyber defenders learn from the past in order to build cybersecurity strategies that protect critical infrastructures, supply chains and data while respecting privacy.

Our goal with this report is to help demystify the ransomware ecosystem by exploring the key players involved, as well as the techniques and tactics utilized by ransomware operations and their affiliates to infiltrate organizations and distribute ransomware payloads. We also provide a list of the most common vulnerabilities likely to be exploited as part as a ransomware attack, to help security practitioners prioritize remediation.

The study, conducted by Opinion Matters on behalf of Tenable, surveyed 1,500 professionals representing roles in cybersecurity, DevOps and IT engineering. The study offers insights into what organizations perceive as the greatest risks and reward of investing in the metaverse and the level of development required to take such as major step safely.

Tenable’s Security Response Team (SRT) continuously monitors the threat landscape throughout the year, putting us at the forefront of trending vulnerabilities and security threats. From this vantage point, we complied and categorized our data from this annual report. In a year marked by tense geopolitics, hacktivism, ransomware and attacks targeting critical infrastructure - all alongside a turbulent macroeconomic environment - organizations struggled to keep pace with the demands on their cybersecurity teams and resources.

The goal of this report is to help defenders understand the fulls cope of today’s modern attack surface so they can continue to refine their cybersecurity strategies and reduce risk. In this report, we explore the most notable vulnerabilities of the year and how they were used in attack chains, with specific focus on the value of Active Directory to threat actors.

A survey of 416 security and 425 business executives, combined with telephone interviews of five business and security executives to explore the strategies and practices and medium and large enterprises. Covers board level visibility, explaining the company’s risk posture, risk management, and the role of cybersecurity in business strategy.

Covers the long tail of vulnerability patching, whereby vulnerabilities that are not fixed soon after detection can linger for months or more before being addressed. Makes the case for better prioritization mechanisms.

this report t explores the vulnerability-to-exploit (V2E) cybercrime and cybersecurity supply chain, outlines the players in the different market segments and provides insights into the related economic drivers.

This technical whitepaper explains the challenges cybersecurity professionals face, how they’re prioritizing vulnerabilities today and how they can dramatically improve cyber risk management with Predictive Prioritization – the process of re-prioritizing vulnerabilities based on the probability that they will be leveraged in an attack.

This report offers insights and guides into the new Help America Vote Act.

This report measures the difference in days between when an exploit for a vulnerability becomes publicly available (Time to Exploit Availability) and when a vulnerability is first assessed (Time to Assess). A negative delta indicates that the attacker has an opportunity to exploit a vulnerability before the defender is even aware of the risk. The sample set used for this analysis is based on the 50 most prevalent vulnerabilities from nearly 200,000 unique vulnerability assessment scans.

In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML) algorithm to identify four distinct strategies, or “styles.” These are based on five VA key performance indicators (KPIs) which correlate to VA maturity characteristics. This study specifically focuses on key performance indicators associated with the Discover and Assess stages of the five-phase Cyber Exposure Lifecycle. During the first phase – Discover – assets are identified and mapped for visibility across any computing environment. The second phase – Assess – involves understanding the state of all assets, including vulnerabilities, misconfigurations, and other health indicators. While these are only two phases of a longer process, together they decisively determine the scope and pace of subsequent phases, such as prioritization and remediation. The actual behavior of each individual enterprise in the data set, in reality, exhibits a mixture of all VA Styles. For the purposes of this work, enterprises are assigned to the specific style group with which they most closely align. We provide the global distribution of VA Styles, as well as a distribution across major industry verticals.

This report is based on the results of a comprehensive online survey of 437 cybersecurity professionals conducted from June through August 2018 to gain deep insights into the latest application security threats faced by organizations and the solutions to prevent and remediate them. The respondents range from executives to managers and IT security practitioners. They represent organizations of varying sizes across many industries.

Measuring & Managing the Cyber Risks to Business Operations, which was sponsored by Tenable and conducted by Ponemon Institute, reveals global trends in how organizations are assessing and addressing cybersecurity risks. We conclude from the findings that current approaches to understanding cyber risks to business operations are failing to help organizations minimize and mitigate threats. We surveyed 2,410 IT and IT security practitioners in the United States, United Kingdom, Germany, Australia, Mexico and Japan. All respondents have involvement in the evaluation and/or management of investments in cybersecurity solutions within their organizations. The consolidated global findings are presented in this report.

In this report, they provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. they analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice - not just in theory.

This report, is based on a survey of 338 IT and security professionals in the US. The goal of the survey was to quantify adoptions of security frameworks.

A survey-based report of over 700 individuals. The survey and resulting analysis was perfomed by CyberEdge.

An Annual Showcase of Data Breaches.

“The objective of this inaugural Tenable Network Security research study is to measure how enterprise IT security professionals view their organization’s ability to assess cybersecurity risks and to mitigate threats that can exploit those risks. In doing so, Tenable has developed the industry’s first Global Cybersecurity Assurance Report Card, which assigns indices and grades to responding organizations globally, by country, and by industry based on the responses of the security practitioners themselves.”