The purpose of this white paper is to help users understand how CrowdStrike ® uses ML to protect endpoints. To get there, we must first clarify what ML is and how it works. Then we will describe how Crowdstrike implements ML, specifically in the area of malware detection. Finally, we will discuss the benefits and limitations of applying ML in cybersecurity. In the end, the reader will get a better understanding of ML and how — when used correctly — it can help defend against cyber threats.

Based on extensive use of CrowdStrike’s next generation endpoint protection platform to detect and prevent sophisticated attacks against large organizations, CrowdStrike’s in house team of security experts, adversary hunters, intelligence analysts and incident responders have pooled their knowledge to produce this valuable guidebook and checklist for proactively enhancing your corporate information security procedures while avoiding common mistakes and pitfalls.

This brief whitepaper offers some thoughts on why endpoint security should move to the cloud.

This report offers a checklist for surviving a Cyber Attack.

This report discusses a key issue in a Malware-centric defense approach; it will leave you vulnerable to attacks that don’t leverage malware. Read on to learn more.

This white paper seeks to explore more fully how traditional AV has had its day, and how the principles of big data are now applicable to both detecting and preventing IT security threats.

In this survey of 40 CISO’s from major financial institutions, revealed trends in lateral movement, counter incident response, integrity attacks and the most concerning threat actors organizations face.

This paper provides insight into the tools an IT security pro needs to rapidly hunt, find and investigate dynamic threat indicators.

In this research, Digital Shadows assessed the sensitive data exposed from some of the most ubiquitous file sharing services across the Internet. We found over twelve petabytes of publicly available data across open Amazon S3 buckets, rsync, SMB, FTP servers, misconfigured websites, and NAS drives.

This report provides a summary of OverWatch’s findings from intrusion hunting during the first half (January through June) of 2018. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. OverWatch specifically hunts for targeted adversaries. Therefore, this report’s findings cover state-sponsored and targeted eCrime intrusion activity, not all forms of attacks.

This report, prepared by CyberInt, summarises the currently known information regarding the recent breach at Deloitte, one of the ‘big four’ accounting firms, and includes a timeline of events, what is known of the breach itself as well as the aftermath.

Consumers rely on their mobile devices on an ever‐growing basis to keep them connected. Smartphones and tablets provide them with access to each other through email, messaging, and social media while also putting financial services and shopping in the palm of their hands. And each and every one of these activities holds value for criminals in search of account credentials and personally identifiable information (PII) to sell or misuse. Unfortunately, for all of the potential that mobile devices represent, the apathy of every mobile stakeholder is undermining the security of mobile devices and the accounts of their users. Protecting Android, iOS, and Windows mobile device users from fraud will require a concerted effort by all stakeholders to eliminate vulnerabilities, encourage security‐minded behaviors, and to leverage all the security benefits that mobile devices have to offer.

This report provides insight into the state of cybersecurity in Healthcare.

The Law Firm Cybersecurity Scorecard is issued quarterly and is part of their commitment to thoroughly study, understand, and report on the imminent amount and magnitude of threats faced by law firms today as well as the steps they are taking to mitigate the threat. To that point, per a recent Law 3603 report, law firm Managing Partners list cybersecurity as their number three priority, behind financial profits and generating revenue. Even though cybersecurity seems to be an area of particular focus, this scorecard will illustrate that law firms continue to struggle with making operational investments and instituting practices that do not provide a quantifiable financial return. Thus, they jeopardize their reputations, client relationships, and in some cases, financial well-being.

We live in a new era of network attacks. Increasing frequency and varieties, together with the latest regulations which have global impact, makes 2018 the most important year in recent times for public and private sector organizations.

You can use container security tools to secure critical applications, speed development efforts, and tamperproof your containers. But to access these benefits, you’ll first have to select from a diverse set of vendors — vendors that vary by size, functionality, geography, and vertical market focus. Security pros should use Forrester’s Now Tech report to understand the value they can expect from a container security provider and select vendors based on size and functionality.

Cyber espionage actors, now designated by FireEye as APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. FireEye assesses that APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests.

In mid-November 2017, the Dragos, Inc. team discovered ICS-tailored malware deployed against at least one victim in the Middle East. The team identifies this malware as TRISIS because it targets Schneider Electric’s Triconex safety instrumented system (SIS) enabling the replacement of logic in final control elements. TRISIS is highly targeted and likely does not pose an immediate threat to other Schneider Electric customers, let alone other SIS products. Importantly, the malware leverages no inherent vulnerability in Schneider Electric products. However, this capability, methodology, and tradecraft in this very specific event may now be replicated by other adversaries and thus represents an addition to industrial asset owner and operators’ threat models.

Malware utilizing known Lazarus group tools was used in a heist of a Taiwan bank. This Malware was later uploaded to several repositories. This post analyses and summarizes the uploaded Malware from the repositories.

“For the (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study), we talked to cybersecurity pros as well as IT pros who spend at least 25% of their time working on cybersecurity activities. This report explores the findings of that research, illuminating the cybersecurity skills gap by revealing the trends, elements, and impact, all of which can be used to inform the steps organizations and individual cybersecurity pros can take to address this troubling progression.”

This paper is a simple yet practical guide to understanding and becoming GDPR Compliant.