The Sysdig 2024 Cloud‑Native Security and Usage Report comes at an exciting time after a year of cybersecurity making headlines worldwide. This is indicative of how broad the security landscape has grown in a short amount of time, thanks to the cloud. This report looks at real‑world data to draw conclusions about the state of cloud security. From our perspective, we see that organizations continue to struggle with the shift‑left concept. Although runtime threat prioritization has greatly reduced vulnerabilities, there remains an urgency for powerful and speedy cloud threat detection and response (TDR).

Process for Attack Simulation and Threat Analysis (PASTA) is a threat modeling methodology, co-developed by VerSprite’s CEO Tony UcedaVelez. It provides a process for simulating attacks to applications, analyzing cyberthreats that originate them, and mitigating cybercrime risks that these attacks and threats pose to organizations. The process is employed by security professionals across industries to prioritize risks and develop a mature cybersecurity framework that is woven into the business culture and the application development process.

Organizations are developing new applications as part of an overall movement toward digitally transforming business operations. Many executives and board members still consider these purely technology problems, but this perception is greatly mistaken. Given the potential business impact, they should accept these as business issues. Ensuring system security and resilience must be addressed as part of business planning, risk management, and operations.

A recent ThoughtLab study revealed the top cybersecurity challenges that are top-of-mind for IT leaders. This ebook will discuss how those challenges can poison your ability to protect your business why automating security operations is the antidote, and why 80% of organizations that use automation say they can respond to vulnerabilities in a shorter timeframe.

Cobalt’s 5th edition of The State of Pentesting explores this question, tapping into data from 3,100 pentests and over 1,000 responses from security practitioners in the United States, the United Kingdom, and Germany. Disruption, transformation, volatility — Top 5 most prevalent security issues whichever keyword fits your style, it all points to one fact: change is the constant security teams have had to live by for years.

The 2021 Insider Threat Report reveals the latest trends and challenges facing organizations in this new environment. The report explores how IT and cybersecurity professionals deal with risky insiders and how organizations are preparing to protect their critical data and IT infrastructure better.

Today, data is a company’s most valuable asset, leading many to invest in Insider Risk Management programs. Recent trends around employee turnover and remote work have created unprecedented challenges for security teams to protect valuable data from leaving the company. There needs to be most investments around educating the Broad, training employees, and increasing visibility to data movement.

This report aims to capture hard data on the experiences of stakeholders who are impacted by IAM processes and technologies, and the impact of current IAM practices on security risks and business operations.

A survey of over 1,500 CIOs, CISO, and Chief Procurement Officers on their concerns and actions for supply chain management. This is a US specific version of the main report.

A survey of 416 security and 425 business executives, combined with telephone interviews of five business and security executives to explore the strategies and practices and medium and large enterprises. Covers board level visibility, explaining the company’s risk posture, risk management, and the role of cybersecurity in business strategy.

This report goes into the general state of cyber resilience. At a glance, Innovation investment is growing, Cybersecurity basics are better, and leading organizations are getting better at preventing and fixing breaches.

This is a study on third party risk from Gartner. It covers how third party risks are changing, how companies are managing third party risks, and taking an iterative approach to third party risks.

Ponemon Institute surveyed 627 IT and IT security practitioners in the United States to understand how well organizations are addressing cyber risks associated with attackers who may already be residing within the perimeter, including insiders that might act maliciously. In this study, these are referred to as “post-breach” or “resident” attackers. The findings consistently show that organizations do not fully understand the risks associated with this type of threat, are unprepared for resident attackers, and have little ability to discover and remove them.

This report identifies challenges and perceptions that enterprises, midmarket companies, and SMBs face across seven industry verticals including manufacturing, financial, and healthcare. The goal is to help readers to understand the common issues and where they are doing a better or worse job than others. Ultimately, the report will help readers understand how to handle threats better, no matter where they stand now.

In multiple areas of cyber security, time is currently working in favor of the attackers — and time is the strategic advantage that the defenders need to regain. In a recent report, Aberdeen Group leveraged Verizon Data Breach Investigations Report data to uncover the distribution of attacker “dwell times,” i.e., the total time in days from attacker compromise to defender detection.

Outsourcing is a fact of life for healthcare organizations, from routine functions such as food services and laundry to regulatory compliance and clinical activities. Large numbers of vendors must be properly managed in order to reduce clinical, financial and regulatory risk. This paper discusses how to reduce complexity in third-party vendor risk management, and how to turn uncertainty and confusion into efficiency and confidence.

MuleSoft commissioned independent market research company Vanson Bourne to survey 650 IT leaders from global enterprises to discover: › What is the state of today’s digital transformation initiatives? › How is the role of IT evolving in the customer-centric era? › What are the top challenges IT organizations face? › Which strategies are enterprises adopting to get ahead of the market?

In this paper, a depp look into existing cybersecurity practices, their shortcomings, and the urgent need to avoid breaches altogether and not just mitigate them after the fact.

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. Additionally, we provide survey data (Portfolio Coverage, Pen Test Frequency) from 75 respondents in security, management, operations, DevOps, product, and developer roles. All data has been anonymized to protect the privacy of our contributors.

From the report, “This technical whitepaper presents and discusses the concept of “Connectivity as Code”, a complementary concept to “Infrastructure as Code” (IaC), and we will explain how it can be incorporated into the DevOps lifecycle for a more agile application delivery. We will also describe how empowering the developer to define the application’s connectivity requirements will bridge the gap between developers and network security, and help to automate the application delivery process end-to-end. The solution presented in this whitepaper seamlessly weaves network connectivity into the DevOps methodology, while ensuring continuous compliance, so that automation does not compromise security.”

This report posits the following, “When effectively harnessed, AI and ML can form the core of a dynamic predictive IT system, saving money, streamlining operations, and raising productivity as organizations become more adept at avoiding operational, and security issues that could affect their bottom line.”