In this report we analyze real-world end-user vulnerability assessment (VA) behavior using a machine learning (ML) algorithm to identify four distinct strategies, or “styles. (more available)

RiskIQ uses its repository of scanned mobile application stores to perform analysis on threat trends in the mobile application space. Q3 showed a nearly 220 percent increase in blocklisted apps over Q2. (more available)

In this report, you’ll learn how many DevOps servers may be exposed based on a study done by the IntSights research team, how cyber criminals typically access open DevOps servers, and what you can do to protect yourself and your data from a DevOps cyber attack. (more available)

This report offers insight into how you can use the theory of 8 degrees of separation in threat research.

Ponemon Institute is pleased to present the findings of Assessing the DNS Security Risk, sponsored by Infoblox. The purpose of this study is to understand the ability of organizations to assess and mitigate DNS risks. (more available)

This report offers insight into the Cylance methodology of endpoint protection.

This paper provides information about a comprehensive identity governance strategy. It offers a unique perspective on how an enterprise can gauge their identity strategy, and reduce risk in the organization. (more available)

Spyglass Consulting Group conducted a primary research study to identify the market opportunities and challenges for healthcare provider organizations to leverage an enterprise-class secure communications platform to address the communications requirements associated with complex clinical workflows. (more available)

From the Report, “Through analysis of billions of anonymized cloud events across a broad set of enterprise organizations*, we can determine the current state of how the cloud is truly being used, and where our risk lies. (more available)

This report provides new intelligence by the NCSC on two tools used by the Turla group to target the UK. It contains IOCs and signatures for detection by network defenders. (more available)

“Many businesses and government agencies have embraced supervisory control and data acquisition (SCADA) systems or industrial control systems (ICS) in recent years, but the technologies face major security challenges. (more available)

This e-book seeks to help you understand all of the many details necessary for succesful network management.

IBM Security and Ponemon Institute are pleased to release the 2018 Cost of Data Breach Study: Global Overview1. They conducted interviews with more than 2,200 IT, data protection, and compliance professionals from 477 companies that have experienced a data breach over the past 12 months. (more available)

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. (more available)

This is a threat advisory for betFIRST mobile apps

This global study examines 383 companies in 12 countries. It finds that $4 million is the average total cost of a data breach. (more available)

In partnership with the Information Security Community, Bitglass surveyed over 570 cybersecurity and IT professionals to learn how organizations are approaching cloud security. (more available)

In this report, they examine two factors that affected the financial consequences of a data breach. The first is executive involvement in their organization’s IT security strategy and response to data breaches. (more available)

In Threat Stack Cloud Security Report 2017: Security at Speed & Scale, they set out to determine how Operations, Security, and DevOps professionals are dealing with increasingly complex environments, using limited resources, as they seek to satisfy internal and external security demands along with compliance requirements. (more available)

This paper provides insight into specific fines that will occurr due to the GDPR.

The Stuxnet and Ukranian power grid attacks give us clear ideas about how much damage a determined adversary can inflict not only on the business or operation concerned, but also on the general public. (more available)