This tenth annual Flexera 2021 State of the Cloud Report (previously known as the RightScale State of the Cloud Report) delves into the details of what respondents had to say to reveal what’s happening with all things cloud—from spend allocation to cost management to strategies. Leveraging this data can help IT professionals plan the next steps of their cloud journey. The report explores the thinking of 750 global cloud decision-makers and users about the public, private and multi-cloud market. It shares their current and future cloud strategies, often showing year-over-year (YoY) changes to help identify trends.

In our third State of the Cybersecurity Attack Surface report, we continue to see enterprises struggle with many of the same issues they’ve been grappling with—they are blind to IT assets missing endpoint protection, patch management, and, as we now include in this report, vulnerability management. “Stale” IT assets continue to proliferate across corporate networks. Organizations are unnecessarily paying for unused licenses while facing budget cuts and economic challenges.

The purpose of our research is to raise awareness of the CISA KEV catalog and understand how many of these vulnerabilities are under active exploitation so that organizations can take action against their risk. In our research, we relied on the CISA KEV catalog, a notable source of information regarding vulnerabilities actively exploited in the wild. We analyzed the common vulnerabilities and exposures (CVEs) using GreyNoise and other resources and found the attack surface in the past and present.

For the report, Marsh McLennan paired its extensive proprietary dataset of cyber claims with the results from Marsh Cybersecurity Self-Assessment (CSA) questionnaires, which are composed of hundreds of questions and responses from individual organizations. When combined, the two datasets allow for deep insights into which cybersecurity controls have the greatest effect on the likelihood of an organization experiencing a cyber event. Such innovative use of data and analytics can help companies identify which controls to prioritize. In turn, this can help position an insured favorably during cyber insurance underwriting.

The goal of this survey was to understand the current state of SaaS security and misconfigurations. The survey was conducted online by CSA from January to February 2022 and received 340 responses from IT and security professionals from various organization sizes and locations. CSA’s research team performed the data analysis and interpretation for this report.

This whitepaper explains a new vulnerability in Windows Server that is highly exploitable.

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities.

The 2020 edition of this annual survey based report on cloud adoption, migration, and security trends. Drawn from a pool of 750 global respondents with roles in evaluatng, purchasing, and managing cybersecurity products and with a high level of familiarity of their organizaiton’s public cloud use.

Q1 2020 was an extremely turbulent time as the world dealt with the spread of COVID-19 and many businesses shifted to a fully remote work environment for the first time. The Threat Stack Security Operations Center has had a first-hand look at the impact this has had on Threat Stack customers through our regular work investigating suspicious behavior, triaging alerts, and providing recommendations on how to proactively reduce risk and remediate incidents.

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

The data in this survey suggests that the role of the firewall in network security remains critical even as the network security landscape undergoes significant evolution and expansion. Within the enterprise, organizational and departmental roles and responsibilities with respect to network security in the new technology landscape remain in flux. At the same time, parameters that bound traditional definitions of ‘firewall’ are subject to change as emerging platforms and devices acquire characteristics that were previously in the domain of traditional firewalls. The totality of this complexity overlays and exacerbates pre-existing challenges in managing firewalls rules and protocols and points to the need for innovative solutions to reign in complexity and ease the burdens on overextended network security professionals.

FireMon is proud to present its 3rd Annual State of the Firewall Report based on 437 survey responses collected between November 16, 2016 and December 6, 2016. Respondents included IT security practitioners representing a range of professional roles, organization sizes and industry verticals. Survey participants were asked 26 questions about their current firewall infrastructure and management challenges as well as questions about adoption and impact of emerging technologies such as SDN, cloud, microsegmentation and Internet of Things (IoT).

IT security organizations today are judged on how they enable business transformation and innovation. They are tasked with delivering new applications to users and introducing new technologies that will capture new customers, improve productivity and lower costs. They are expected to be agile so they can respond faster than competitors to changing customer and market needs.

From the report, “This technical whitepaper presents and discusses the concept of “Connectivity as Code”, a complementary concept to “Infrastructure as Code” (IaC), and we will explain how it can be incorporated into the DevOps lifecycle for a more agile application delivery. We will also describe how empowering the developer to define the application’s connectivity requirements will bridge the gap between developers and network security, and help to automate the application delivery process end-to-end. The solution presented in this whitepaper seamlessly weaves network connectivity into the DevOps methodology, while ensuring continuous compliance, so that automation does not compromise security.”

From the report, “For the past six years, Puppet has produced the annual State of DevOps Report1 and collected more than 27,000 responses from technical professionals around the world, making it the longest-running and most comprehensive study on the topic of DevOps today. One of the most common requests we’ve gotten over the years is for segmentation of the data by region, industry and company size. In this special report, we’ve segmented the 2017 State of DevOps survey data to dive deeper into trends and patterns we’re seeing in each of these segments.”

From the report, “The Puppet 2018 State of DevOps Report took a new tack this year, seeking prescriptive guidance for teams to follow. We designed our survey to learn how organizations progress through their DevOps journeys, and after analyzing the data, we found that the successful ones go through specific stages. Our research also revealed a set of core practices — we call them “foundational practices” — that are critical to success throughout the entire DevOps evolution. In this paper, we’ll take you through an in-depth description of these foundational practices, and offer you our advice for how to begin instituting them in the way that makes most sense for your organization, based on our findings.”

From the report, “This year we designed our DevOps survey to reveal what successful organizations actually do as they progress on their DevOps journeys. We discovered that they experience five distinct stages of DevOps evolution, which we have shared in full detail in our 2018 State of DevOps Report. This CIO guide digests our research into a report that’s just for you. We want to help you quickly understand what successful organizations do at each stage of DevOps evolution; which practices must be established at each stage (we call these the defining practices); and how you can best support your team throughout its DevOps journey to assure continuing progress and success.”

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware.

Many federal agencies have begun adoption of modern, agile approaches to software delivery, with the goal of building higher quality services faster and more cheaply. While there are significant barriers to the adoption of this paradigm in the federal government, this paper offers specific principles and practices that have already achieved success.

As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. Cloud workload security (CWS) solutions provide automated and layered controls to secure configurations, network, applications, and storage of hybrid cloud hypervisors and workloads. this report provides S&r pros with an overview of the CWS vendor landscape, critical selection criteria, and key vendor differentiation.

Keeping track of databases, and the associated data they host, turns out to be a significant challenge. This white paper presents a detailed approach to understanding the difficulties related to database discovery, and some solutions to those problems.