This paper navigates decision-makers through the issues surrounding a specific technology or business case, explores the business value of adoption, and recommends the range of considerations and concrete next steps in the decision-making process.

Security automation architecture can improve organizations’ security posture by augmenting or replacing human intervention in the identification and containment of cyber exploits or breaches through the use of such technologies as artificial intelligence, machine learning, analytics and orchestration. Sponsored by Juniper, the purpose of this research is to understand the challenges companies face when deciding how, when and where to implement the right automation capabilities in order to improve productivity, reduce costs, scale to support cloud deployments and ultimately strengthen the security posture of the business. Ponemon Institute surveyed 1,859 IT and IT security practitioners in Germany, France, the United Kingdom and the United States. All participants in this research are in organizations that presently deploy or plan to deploy security automation tools or applications and are familiar with their organizations use of security automation and have some responsibility for evaluating and/or selecting security automation technologies and vendors.

In mid-2018, VansonBourne conducted research on behalf of Nutanix to gain insight into enterprise plans for adopting private, hybrid, and public clouds. The respondent base spanned multiple industries, business sizes, and geographies, which included the Americas; Europe, the Middle East, and Africa (EMEA); and AsiaPacific (APJ) regions.

In 2018, our global Services team focused resources, intelligence and technology to detect and disrupt future attacks. We’ve analyzed the massive amounts of security data collected from every engagement this year and we’ve gained new insights into what challenges organizations face and how they can better prepare for the next wave of threats. This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends Examples of ill-prepared organizations and the devastating effects of the breaches they suffered Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.

This report provides a summary of OverWatch’s findings from intrusion hunting during the first half (January through June) of 2018. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. OverWatch specifically hunts for targeted adversaries. Therefore, this report’s findings cover state-sponsored and targeted eCrime intrusion activity, not all forms of attacks.

Long gone are the simple days of malware threats only being associated with the computers on our desks or at our business offices. Today, we’ve all become accustomed to malware infiltrating our homes and pockets across a variety of platforms, be that our telephones, tablets, smart TV or even ‘connected’ devices such as our fridges. Whilst malware can be tailored for different platforms and differ in their abilities or functionality, the overall taxonomy remains very much the same. Back in the ‘halcyon’ days many malware authors released their wares for fun, ‘lulz’ in modern parlance, today most are criminally motivated and driven by financial gain, ideology, revenge and nation state doctrine. The objective of these attacks, and the compromised devices or networks, are typically similar and result in the threat actor gaining access, leading to the theft of confidential and personal information, or disrupting the operations and functionality.

This report takes a look at the “Key Reinstallation Attack” VULN that works against all modern protected Wi-Fi- networks.

This paper offers insight into QR code usage and user interest and suggests that organizations should take time to consider and familiarize themselves with the potential security ramifications.

This report offers a helpful look at Mobile Banking Trojans.

This paper aims to provide help in understanding how to better the cybersecurity culture in an organization.

From the report, “While the developers of this Guide strongly support the important role that governments play in convening a diverse ecosystem, the imposition of prescriptive, compliance-focused regulatory requirements will inhibit the security innovation that is key to staying ahead of today’s sophisticated threats. Moreover, earlier policy efforts were based on utopian solutions to these threats, premised on the notions that internet service providers (ISPs) can simply shut down all botnets, or that manufacturers can make all devices universally secure. Instead, dynamic, flexible solutions that are informed by voluntary consensus standards, driven by market demands, and implemented by stakeholders throughout the global digital economy, are the better answer to these evolving systemic challenges.”

“Threat intelligence has become a significant weapon in the fight against cybersecurity threats, and a large majority of organizations have made it a key part of their security programs. Among the key findings of the report are that organizations are leveraging threat intelligence data for a number of use cases, and many rate themselves fairly competent in their use of threat intelligence to identify and remediate cyber threats. The most common benefits of threat intelligence platforms include better threat analysis, faster detection and response, more efficient security operations, and better visibility into threats.”

Consumers rely on their mobile devices on an ever‐growing basis to keep them connected. Smartphones and tablets provide them with access to each other through email, messaging, and social media while also putting financial services and shopping in the palm of their hands. And each and every one of these activities holds value for criminals in search of account credentials and personally identifiable information (PII) to sell or misuse. Unfortunately, for all of the potential that mobile devices represent, the apathy of every mobile stakeholder is undermining the security of mobile devices and the accounts of their users. Protecting Android, iOS, and Windows mobile device users from fraud will require a concerted effort by all stakeholders to eliminate vulnerabilities, encourage security‐minded behaviors, and to leverage all the security benefits that mobile devices have to offer.

Digital businesses must manage, govern, and secure customers’ access to systems without hurting the customer experience. As firms increase the digital channels for customer interaction, they also increase the number of potentially confusing consumer authentication experiences. As a result, they’re hemorrhaging customers and suffering increased support costs related to password and authentication. This report outlines 10 barriers to authentication success — and how S&R pros can improve online security without sacrificing experience.

To better understand the mindset and priorities of those who make security decisions for mobile devices in the workplace, Ping Identity conducted a mobility survey in partnership with Gatepoint Research. The results shed light on four main insights into the top challenges and motivations for enterprise mobile initiatives.

Creating an Authentication Framework: The Future of Authentication Strategy, commissioned by Nok Nok Labs and produced by Aite Group, explores current attitudes and trends in developing an organization-wide consumer authentication strategy.

These days, IAM is a moving target being moved by the forces of cloud, mobile and increasingly connected consumers. By keeping these five trends in mind, and understanding the security and access control needs of your enterprise, you can make decisions that’ll benefit you today, while providing a good foundation for future evolution.

What the Internet of Things means for consumer privacy discusses the findings of an Economist Intelligence Unit (EIU) research programme, sponsored by ForgeRock, that explores the privacy concerns and priorities of global consumers stemming from the Internet of Things (IoT) and related technologies.

Almost every individual and every business now has a cyberpresence that needs to be secured. Digital transformation has also created a growing supply of security targets in the form of information-rich storehouses of data. Identity and access management (IAM) platforms offer one way to tackle this problem. IAM platforms provide a set of solutions to identify users and control their access within an IT environment. However, modern identity isn’t just about security, privacy, or even convenience. The key value of an identity platform is enablement, in that it allows an organization to securely provide services to end users. It is all “Yes you can … but only you can.”

This white paper examines challenges for healthcare organizations and presents how the key to effective endpoint and server protection lies in the ability to dynamically analyze behavior in order to recognize malicious software by its actions, not its appearance. Intelligent response at machine speed is required to prevent, contain and mitigate potential threats. Success in this mission results in a major benefit for providers and payers: the ability to keep IT systems operation so medical and non-medical personnel can stay focused on patient care.

“This is the first in an annual report that looks at the candidate’s view of acquisition and retention. Where do candidates look for IT jobs, what makes them apply, why do they leave and why do they stay? Talent acquisition is often viewed from the recruiters perspective, but it can be revealing to view it from the other side of the table - the candidate - and analyse the differences. For example, in-house recruiters invest much in social media, listing it in 3rd place for the amount of time and money they spend. Yet it’s not the first port of call for IT candidates. As Chart I shows, few respond to IT jobs on Facebook or Twitter.”