This report examines trends in vulnerabilities, exploits and threats in order to better align your security strategy with the current threat landscape. Incorporating such intelligence to vulnerability management programs begins to put vulnerabilities in risk–based context and helps to focus remediation on vulnerabilities most likely to be used in an attack. This is an update to a report published in January 2018 to reflect mid–year trends. All statistics for 2018 reflect data from the first half of the year — January 1, 2018 through June 30, 2018.

In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML) algorithm to identify four distinct strategies, or “styles.” These are based on five VA key performance indicators (KPIs) which correlate to VA maturity characteristics. This study specifically focuses on key performance indicators associated with the Discover and Assess stages of the five-phase Cyber Exposure Lifecycle. During the first phase – Discover – assets are identified and mapped for visibility across any computing environment. The second phase – Assess – involves understanding the state of all assets, including vulnerabilities, misconfigurations, and other health indicators. While these are only two phases of a longer process, together they decisively determine the scope and pace of subsequent phases, such as prioritization and remediation. The actual behavior of each individual enterprise in the data set, in reality, exhibits a mixture of all VA Styles. For the purposes of this work, enterprises are assigned to the specific style group with which they most closely align. We provide the global distribution of VA Styles, as well as a distribution across major industry verticals.

This report offers 14 tips to fortify your public cloud environment. From the report, “This edition of RedLock’s Cloud Security Trends marks the report’s one year anniversary, and it’s been a sobering year in terms of public cloud breaches, disclosures and attacks. This report highlights key learnings from these incidents along with research by the RedLock Cloud Security Intelligence (CSI) team to shed light on the trends that we can expect this year.”

This report takes a look at the threat intelligence of organizations surveyed in 2018. Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats.

Scalar’s study of the cyber resilience of Canadian organizations finds there is a new normal across the threat landscape. Cyber security incidents – whether they be exfiltration, infiltration, or denial of service – are now occurring on a regular basis. To address this, the focus of cyber security efforts is shifting from an emphasis on protection against attacks, to improving the detection of malicious actors on the network, and responding to and recovering from incidents as quickly as possible. The findings of the 2019 Scalar Security Study reflect on these new trends and introduce cyber resilience as a security theme that emphasizes the importance of business continuity and the need for organizations to return to normal operations and a trusted state after an incident has occurred

From the report, “Before we begin the 2018 Black Report in earnest, it’s important to understand who our respondents are. Last year, we focused on people who referred to themselves as hackers or professional penetration testers. This year, we broadened our survey to include incident responders. These guys deal first-hand with hackers and the aftermath of data breaches. And as you’ll see, their perspective provided a tremendously valuable contribution to the results of the survey.” Read on to find out more.

In 2016, Rapid7 Labs launched the National Exposure Index in order to get a measurable, quantitative answer to a fairly fundamental question: What is the nature of internet exposure—services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet—and where, physically, are these exposed services located? Now in our third year, we continue this ongoing investigation into the risk of passive eavesdropping and active attack on the internet, and offer insight into the continuing changes involving these exposed services. We’ve also added a third dimension for exposure, “amplification potential,” in the wake of the disastrous memcached exposure uncovered in 2018.

From the report, “This quarter’s report covers three main areas of concern for the modern IT defender: • First, credential theft, reuse, and subsequent suspicious logins are—today— the most commonly reported significant incident we’re seeing across both small (<1,000 endpoints) and large organizations (≥1,000 endpoints). • Second, the DDoS landscape just got a lot more interesting with the debut of a new technique using misconfigured—and plentiful—memcached servers. • Finally, we take a look at the increasing levels of SMB and Cisco SMI attacker probes and attacks, where the former continues to define the “new normal” level of background malicious behavior around Windows networking, and the latter begins to bring shape to this relatively new attack vector targeting core router infrastructure.” Read on to find out more.

At Splunk, we’re working on shaping the future. Our experts are embracing new developments, focusing on the future of artificial intelligence (AI) and machine learning (ML), IT operations, security and IoT. Pulling together insights from our thousands of customers and our dedicated research teams, our experts have assembled a shortlist of the top predictions for 2019.

At Splunk, our experts don’t read palms, but they do look into the future. The future of artificial intelligence (AI) and machine learning (ML), IT operations, security, and IoT. Join us once again as we connect with our renowned experts to capture their predictions for the next big thing in their fields.

This helpful guide provides insight into the settings you should maintain on all of the major social networks. Read on to learn more.

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach.

This report offers research on analysis and lifecycle of an attack on critical infrastructure. It discusses command and control, internal reconnaissance, lateral movement, and targeting the ICS and SCADA infrastructure.

The 2018 RSA Conference Edition of the Vectra Attacker Behavior Industry Report provides a first-hand analysis of active and persistent attacker behaviors inside cloud, data center and enterprise environments of Vectra customers from August 2017 through January 2018.

This White Paper attempts to paint a comprehensive picture of the file-borne threat crisis facing health insurance companies due to the tight connection with medical institutions and the immense number of files shared and transferred between the two sectors, as well as explain why current security systems and industry regulations fail to adequately meet this sophisticated threat, and what measures can be taken to guard against it without investing in security infrastructure.

This report includes detailed technical information discovered during our analysis of the forensics artifacts collected from the affected systems by the AIR Module. The report provides detailed information about the key processes used by AIR to review the malicious activity and detect the infection quickly. We also break down the encoding techniques, the registry operation, and the protection and communication mechanisms used by Kovter.

From the report, “Over the past few year’s attackers have exploited this opportunity, and as documented in our Anatomy of an Attack (AOA) report, have compromised a wide variety of manufacturing control systems. This report documents five case studies which show how cyber attackers could gain access to manufacturing and utility facilities. We also detail the progression of the attacks which in some cases disabled operations for an extended period. In one of our case studies, losses were catastrophic with the impacted entity suffering losses of over 800,000 euro per day. This report will explain how the attacks happen, and once established, how the attackers can extend these command and control points to breach the institution’s records, blackmail and extort funds, or worse, disable ongoing operations of the facility over an extended period.” Read on to find out more.

Online Journey Hijacking, a client-side phenomenon where unauthorized ads are injected into consumer browsers, is a growing yet invisible problem for eCommerce sites. This issue is widespread across the web — yet the eCommerce industry has only been made aware of its existence in recent years.

This guide provides some important considerations to keep in mind when investigating a cloud security platform that can address today’s realities and tomorrow’s cloud-first or cloud only end goals.

From the report, “We live in incredible times, where we trust more of our lives to machines that are becoming ever more powerful. We cannot leave the doors to our “digital kingdoms” wide open. Adversaries, both nation-states and for-profit malicious actors, have access to a seemingly unlimited supply of “all access keys”. Our responsibility is to revoke and disable these keys or to at least make that access as difficult as possible through thoughtful defense-in-depth security controls. These controls should not just rely solely on the “next gen” version of a well-known technology. Truly different types of protection and detection technologies need to be layered in order to create the strongest possible defense.” Read on to find out more.

From the report, “With endpoint security products continuing to be at the tip of the spear of cyber defenses for years to come, the question is how to ensure the best possible security posture. No matter which way an endpoint security buyer turns, there is no one magic bullet. It is likely that a layered approach with multiple different technologies working together is required.” Read on to find out why.