For this survey, we surveyed 426 security professionals directly responsible for managing cyber vulnerabilities in their day-to-day work. The survey was conducted online via Pollfish using organic sampling. What we found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think.

In this years report, we’ll focus attention on how organizations are moving past problem identification and mitigating cyber risk challenges within supply chain vendors. We’ll also explore the challenges identified by this year’s respondents in establishing internal and third-party sourced functions and technologies for supply chain risk mitigation.

The 2022 Managed Security Report reveals the latest trends and attitudes toward managed security, answering why organizations invest in security outsourcing, what challenges they are facing, and what requirements companies are prioritizing. This report is based on the results of a comprehensive online survey of IT and cybersecurity professionals conducted in 2022.

This report reveals the latest application security trends, how organizations protect critical applications, and what tools and best practices cybersecurity professionals prioritize to find, fix and prevent vulnerabilities in next-gen applications.

The 2022 Vulnerability Management Report is based on a comprehensive survey of over 390 cybersecurity professionals in September 2022 to gain insights into the latest trends, key challenges and solutions preferences for vulnerability management.

In this report, the findings show that in order to resolve the attack surface management challenges facing organizations, IT and security teams need to invest in solutions that automate and centralize monitoring of internet-facing assets and provide greater insights into vulnerabilities.

This report dives into major security challenges, while also providing guidance for how enterprises can close the gap between what attackers see and what defenders think they’re protecting. They surveyed 398 IT and security decision-makers in the U.S. and Canada, and discovered that enterprises are struggling to keep up with a rapidly changing threat landscape due to process challenges that are overwhelming security staff.

For the fourth year in a row, we asked DevOps teams to tell the truth about their practices and processes, their challenges and their careers. With a global pandemic swirling, we were surprised when nearly 4,300 people took time to do just that this past February. In 2021, teams are poised to step out of the DevOps “culture” battle and into the real work of technology implementation and (surprisingly) upbeat results.

In this report, Bulletproof looks back on a fascinating year in the world of cyber security and compliance, with a keen eye on emerging patterns for what to expect in 2022 and beyond. Assessing data from our SIEM platform, honeypots, penetration testing and compliance services gives us a great insight into new cyber security threats and the state of cyber defenses across various industries.

The report surfaces the most significant data we’re seeing in our threat detection and response effort, curates that data into trends that can impact your cybersecurity posture, and offers resilience recommendations to protect your organization.

These reports provide data and insights on the attack we’re seeing, how to spot them, and the top ways you can protect your organization. These trends are based on incidents our security operations center (SOC) identifies through investigations into alerts, emails submissions, and threat hunting leads in the second quarter (Q2) of 2022. We analyzed incidents across our customer base, spanning organizations of various shapes, sizes, and industries, from April 1, 2022 to June 30, 2022.

When it comes to security, there is a paradox. Security can enable businesses to scale and grow, but confusion around security and overly rigid practices can introduce unnecessary red tape. Our survey reveals that startups struggle to find the balance between managing risks and prioritizing security.

The goal of the SANS 2021 Cloud Security Survey is to provide additional insights into how organizations are using the cloud today, the threats security teams are facing in the cloud, and what they’re doing to improve security posture in the cloud.

The information included in this report is summary data from the pentesting performed in 2018. Additionally, we provide survey data from respondents in security, management, operations, DevOps, product, and developer roles.

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. The scope of his exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications.

The State of Pentesting 2022 Report focuses on issues and stats that are relevant to both security and development teams: to separate these two inextricably linked groups would only yield a partial picture of the security landscape.

As ransomware operators were attacking state and municipal networks alongside hospitals and schools, a global pandemic response to COVID-19 necessitated a move to remote work for a significant portion of the economy. Many security teams were forced to suspend wide-ranging analyses around the adoption of remote work policies and instead focus on a supply chair attack from a trusted platform.

The Secureworks Counter Threat Unit (CTU) research team analyzes security threats and helps organizations protect their systems. During September and October 2021, CTU researchers observed notable developments in threat behaviors, the global threat landscape, and security trends, and identified lessons to consider.

This report is an in-depth analysis of tens of thousands of threats detected across our customers’ environments, this research arms security leaders and their teams with a unique understanding of the threats they’re facing.

This report looks at the entire history of active applications, not just the activity associated with the application over one year. By doing so, we can view the full life cycle of applications, which results in more accurate metrics and observations. Aside from looking at the past, this report also imagines the future by considering practices that might help improve application security.

PlexTrac sponsored research with CyberRisk Alliance to better understand how cybersecurity teams are using emerging strategies like adversary emulation and purple teaming to combat growing ransomware threats. This report details the findings of a survey of 315 IT and cybersecurity decision-makers and influencers.