FireEye has been detecting and responding to cyber attacks every day for over 15 years. The release of M-Trends® 2020 marks 11 years of providing the cyber security community with insights gained from the frontlines of those attacks.

A survey of over 250 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

An analysis of threat actors and key action patterns based upon CrowdStrike’s threat hunting human analyst team over the first half of 2019.

In this report they explore: • Why AI-enabled cybersecurity is increasingly necessary • How organizations are benefitting from AI in cybersecurity • Where organizations should focus their cybersecurity initiatives • Building a roadmap for implementing AI in cybersecurity

This year’s SANS survey saw an increase in usage and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continues to grow, there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs. This survey focuses on how and why CTI is being used, how it is helping defenders, what data sources are being leveraged, and how data is converted into usable intelligence.

This alert contains two recommendations directing actions Federal Emergency Management Agency (FEMA) should take to safeguard both Personally Identifiable Information (PII) and Sensitive Personally Identifiable Information (SPII) of disaster survivors and prevent additional privacy incidents similar to one we identified during our ongoing audit of FEMA’s Transitional Sheltering Assistance (TSA) program. FEMA concurred with both recommendations.

Bitglass’ fifth annual Healthcare Breach Report analyzes the data from the US Department of Health and Human Services’ “Wall of Shame.” The database contains information about breaches of PHI that affected more than 500 individuals.

From the report, “Robotic telepresence is a next-generation technology that allows a person in one location to replicate himself in another. The remote person can see you, hear you, interact with you, and move all around your location. But wait a second! What if the person behind the robot is not who you think he is? What if the robot gets compromised, and now the attacker is watching you and your surroundings? In this whitepaper, all the findings learned while security testing a telepresence robot are presented, as well as the countermeasures implemented by the vendor.”

This year’s Global Threat Report: “Adversary Tradecraft and the Importance of Speed,” addresses the quickening pace and increasing sophistication in adversary tactics, techniques and procedures (TTPs) over the past year — and in particular, highlights the critical importance of speed in staying ahead of rapidly evolving threats.

In this paper, a depp look into existing cybersecurity practices, their shortcomings, and the urgent need to avoid breaches altogether and not just mitigate them after the fact.

From July 2017 through June 2018, Secureworks CTU researchers analyzed incident response outcomes and conducted original research to gain insight into threat activity and behavior across 4,400 companies. This report offers answers and insights from their key findings. Read on to learn more.

FireMon is proud to present its 2nd Annual State of the Firewall Report based on a November 2015 survey of 600 IT security practitioners, representing a range of professional roles, organization sizes and industry verticals. Survey participants were asked 21 questions about their current firewall infrastructure and management challenges as well as questions about adoption and impact of emerging technologies such as NGFW, SDN and cloud. When compared with results from the 2015 study, the responses revealed three trends that this report will explore further: 1) Firewalls remain an extremely valuable part of the network security infrastructure; 2) Next-generation firewalls continue to see broad adoption, adding complexity to security management; and 3) Awareness around SDN and its impact on network security has increased.

From the report, “For years, the Finance industry has been a trailblazer in managing the risk posed by vendors, suppliers, and business partners. As we have also detailed in previous BitSight Insights reports2 over the last four years, this industry has maintained a strong security posture in comparison to others. Given that the Finance industry is a leader in managing third-party cyber risk, how secure is their supply chain, and where do weak links lie? Are the companies in their supply chain meeting the same security standards they hold for their own organization? These questions are relevant not only for Finance organizations, but for all organizations that need to reduce third-party cyber risk. To answer these questions, BitSight researchers looked at the security performance of more than 5,200 Legal, Technology, and Business Services global organizations whose security ratings are tracked and monitored by hundreds of Finance firms using the BitSight Security Rating platform. The organizations across these industries represent a set of critical vendors and business partners in Finance’s supply chain, consisting of: legal organizations, accounting and human resources firms, management consulting and outsourcing firms, and information technology and software providers.”

A review of the observed (externally facing) security practices of the Fortune 1000 firms.

From the report, “The report also looks at the trends in the usage by fraudsters of specific methods or directions of attack (e.g. location manipulation, account takeover, etc.). This is to provide insight into the various techniques commonly employed by today’s savvy fraudster. The increased sophistication of the online criminal underworld, where a huge and connected marketplace exists to provide numerous services that make theft easier (and where stolen data can be found easily and cheaply following the massive data breaches of the last few years), means that fraudsters have direct access to the tools and information they need to commit online fraud. This has lowered the barrier to entry for new fraudsters to enter, and enabled experienced fraudsters to increase the scale, sophistication and speed of their attacks. This report is designed to reflect the current patterns in that scene and help merchants to understand further and prepare for the attacks they are seeing or are likely to face.” Read on to find out more.

From the report, “As such, Forter creates a biannual Fraud Attack Index to highlight these changes as they affect e-commerce and mobile merchants and to provide anti-fraud professionals with the context they need to succeed. This report leverages Forter’s data to examine the trends in online fraud attacks across industries, comparing the different fraud experienced by different verticals. The report also looks at the prevalence of specific fraud methods or directions of attack (e.g. location manipulation, botnets, etc.). This is to provide insights into the various techniques commonly employed by today’s cunning fraudsters.” Read on to find out more.

Using an important analogy from Star Wars, this report provides insight into threat intelligence. May the Force Be With You.

The 2019 SIEM Survey Report represents one of the most comprehensive surveys on SIEM to date, designed to explore the latest trends, key challenges, and solution preferences for SIEM.

The 2019 SIEM Survey Report represents one of the most comprehensive surveys on SIEM to date, designed to explore the latest trends, key challenges, and solution preferences for SIEM.

From the report, “DOur objective was to (1) summarize unclassified and classified reports issued and testimonies made from the DoD oversight community and the Government Accountability Office (GAO) between July 1, 2017, and June 30, 2018, that included DoD cybersecurity issues; (2) identify cybersecurity risk areas for DoD management to address based on the five functions of the National Institute of Standards and Technology (NIST), “Framework for Improving Critical Infrastructure Cybersecurity,” April 16, 2018 (Cybersecurity Framework); and (3) identify the open DoD cybersecurity recommendations. This summary report also addresses the Federal Information Security Modernization Act of 2014 (FISMA) requirement to provide an annual independent evaluation of the agency’s information security program by using the identified findings to support the responses made in our assessment.”

How to make threat intelligence relevant to executives, business stakeholders, security operations and incident responders