This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.

This paper discusses the top five Cybersecurity Technology Buying Trends.

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole.

The Worldwide Semiannual Security Spending Guide examines the security spending opportunity from a country, industry, and technology perspective. This comprehensive database delivered via pivot table format or IDC’s Customer Insights query tool allows users to easily extract meaningful information about the core and next-generation security markets by viewing data trends and relationships and making data comparisons.

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy?” That root sprouted into a four-part blog series and a panel discussion a year later where we analyzed 25 years of session titles in honor of the 25th anniversary of RSA Conference.”

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. The second volume sought to apply and test that theoretical model using empirical data collected on billions of observed vulnerabilities. We ended the last report by analyzing vulnerability remediation timeframes across a sample of 12 firms. This third volume picks up where we left off and expands the analysis to roughly 300 organizations of different types and sizes. We leverage a technique called survival analysis to draw out important lessons about remediation velocity and capacity, concepts we explore and define during the course of this report. Overall, our goal is to understand what it means to survive—nay thrive—in the race of vulnerability remediation.” Read on to find out more.

This report shares findings from a survey conducted of more than 3,100 IT, security and other non-technical professionals. It explores their learning habits, levels of personal and organizational preparedness, and factors that improve their confidence and defensive capabilities. If the key findings below resonate with challenges facing your organization, then you will definitely want to add this to the top of your reading list.

State of Cybersecurity 2019 reports the results of the annual ISACA global State of Cybersecurity Survey, conducted in November 2018. While some findings pointed to unforeseen trends, many survey results reinforce previous years’ findings—specifically that the need for trained and experienced cybersecurity professionals vastly outweighs the supply. State of Cybersecurity 2019 provides a distinctive view of cybersecurity from the perspective of those who define the field—cybersecurity managers and practitioners. This is the first report based on the survey, which focuses on the current trends in cybersecurity workforce development, staffing, budget and gender diversity.

This report reveals findings around the cybersecurity landscape. To inform this report they surveyed ,3,200 security leaders asking questions in three categories, Set Up - how do you set yourself up for success, Architecture - what is your approach to vender/solution selection, and finally Breach Readiness and Response.

From the report, “All three of our stories in this issue of the State of the Internet / Security report are about things most organizations aren’t examining. Whether the cause is that organizations don’t perceive some issues as important to their environment, if they don’t have tooling to monitor these issues, or if the resources to monitor this traffic are not available, this traffic is often being overlooked.”

Nominet commissioned Osterman Research to conduct a survey of 408 CISOs overseeing security for organisations with a mean average of 8,942 employees. This comprises 207 companies in the USA and 201 companies in the UK, spread across a range of sectors. The objective was to collect and analyse a large enough dataset to make valid conclusions into the opinions, behaviours and mindset of those making cyber security decisions at large organisations.

The State of Manual Reviews: 2018 Report, brought to you by Kount and Paladin Group, provides survey results about manual review trends and best practices in the card-not-present (CNP) payments environment. It includes key performance indicators (KPIs) and demographic details related to participating merchants. In addition, participants in the survey shared insights about the tools, services, and solutions they employ for their manual review process.

As the end of 2018 approaches and the last year of the decade dawns, the challenges faced by cyber security teams are a blend of “more of the same” and “let’s change the approach”.

This guide provides some important considerations to keep in mind when investigating a cloud security platform that can address today’s realities and tomorrow’s cloud-first or cloud only end goals.

From the report, “Machine Learning (ML) is based around the idea machines can learn from data. ML techniques have been around for a very long time. In recent years, their use has exploded thanks to advancements in elastic cloud computing and big data. Now, ML is commonly used in fields as diverse as medical research, fraud detection, smart cars, online search and electronic commerce personalization and recommendations, to name just a few. ML has recently become the shiny new object for security and is the foundational pillar of products such as next-generation antivirus (NGAV) and User and Entity Behavior Analytics (UEBA). While most of these products have promised to be a “silver bullet” against malware, complete protection remains illusive. In fact, for a number of reasons, ML is more likely to detect and cure cancer than to stop all of today’s advanced threats. As far-fetched as this may sound, a detailed look at the distinctions between cancer detection and malware detection quickly demonstrate why this statement is true. Let’s have a look at why ML will only get you so far and what you can do about it. ” Read on to find out more.

To stop phishing attacks, it helps to see them coming. So we asked an array of CofenseTM experts for 2019 predictions. What trends in phishing and malware threats should you anticipate? To be better prepared to defend your organization, read on.

By the end of this report, you’ll have a better understanding of today’s approaches to evading detection tools and the trajectory of evasion into the next year. This way, you’ll have a better sense regarding your endpoint security architecture and your plans for maintaining or improving its effectiveness.

From the report, “Threat actors are increasing their use of fileless malware for one simple reason: most organizations aren’t prepared to detect it. Education is the first step in determining what threat these new attacks pose and what IT and security teams can do to detect and stop fileless malware attacks. READ THIS PAPER to understand how fileless malware is quickly evolving to avoid detection, the techniques currently employed to prevent infection and the strategies security teams need to consider when determining how to stop future fileless breaches.”

IntSights provides the industry’s most comprehensive view into internal and external threats facing the Gaming and Leisure industry. This report will demonstrate and classify threats that are actively underway, or being planned. This will enable security teams to better resource and fortify their infrastructure against attacks.

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

From the report, “In this paper, we discuss that while ML has proven to be a powerful tool in detecting malware for many years, the reality is that true AI does not yet exist. The marketing tricks of next-gen vendors are simply making matters all the more confusing for IT decision makers who need to build robust cyber security defences at a time when the threat landscape is becoming all the more precarious.”