Measuring & Managing the Cyber Risks to Business Operations, which was sponsored by Tenable and conducted by Ponemon Institute, reveals global trends in how organizations are assessing and addressing cybersecurity risks. We conclude from the findings that current approaches to understanding cyber risks to business operations are failing to help organizations minimize and mitigate threats. We surveyed 2,410 IT and IT security practitioners in the United States, United Kingdom, Germany, Australia, Mexico and Japan. All respondents have involvement in the evaluation and/or management of investments in cybersecurity solutions within their organizations. The consolidated global findings are presented in this report.

Security automation architecture can improve organizations’ security posture by augmenting or replacing human intervention in the identification and containment of cyber exploits or breaches through the use of such technologies as artificial intelligence, machine learning, analytics and orchestration. Sponsored by Juniper, the purpose of this research is to understand the challenges companies face when deciding how, when and where to implement the right automation capabilities in order to improve productivity, reduce costs, scale to support cloud deployments and ultimately strengthen the security posture of the business. Ponemon Institute surveyed 1,859 IT and IT security practitioners in Germany, France, the United Kingdom and the United States. All participants in this research are in organizations that presently deploy or plan to deploy security automation tools or applications and are familiar with their organizations use of security automation and have some responsibility for evaluating and/or selecting security automation technologies and vendors.

This report provides a “data-driven analysis of vulnerabilities in our industrial and critical infrastructure.”

In our 24-criterion evaluation of the emerging managed security services providers (MSSPs) market, we identified the 10 most significant providers, and researched, analyzed, and scored them. This report shows how each provider measures up to help security leaders make the right choice.

In this report, they provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. they analyze vulnerability prevalence in the wild, based on the number of affected enterprises, to highlight vulnerabilities that security practitioners are dealing with in practice - not just in theory.

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). One thing we’ve always wanted to understand better, though, is how quickly these organizations are actually fixing flaws once they’ve been identified in application security scans. This year, we turned our data analysis up a notch by working with the data scientists at Cyentia Institute, so that we could gain better visibility into the factors that go into fixing flaws. Readers will find valuable insight on how factors like flaw severity, business criticality of applications, and exploitability of the flaws change the rate at which certain vulnerabilities are fixed.”

The goal of this report is to shed some light on the current threat landscape for organizations, assess the strengths and weaknesses of current vulnerability evaluation systems such as CVSS, (Common Vulnerability Scoring System) and explore additional metrics for determining the risk of a vulnerability.

This Infographic lays out details of the State of Security Operations. It reveals data that discusses how much time and budget are being spent on cybersecurity issues.

There is already a wealth of research that highlights the unending growth in security alerts, a widening security skills gap, and the ensuing fatigue that is heaped upon understaffed security teams. Demisto conducted a large study to delve deeper into these issues, their manifestations, and possible solutions. Their results yielded fascinating insights into the state of cybersecurity in businesses of all sizes.

This report, based on responses from nearly 200 IT and security practitioners surveyed, explores the current state of vulnerability risk management, the challenges that directly impact the remediation process, and the outlook for improvement in the coming year. In addition, compliance drivers and executive awareness of information security threats are considered to demonstrate their influence on effective vulnerability risk management.

This guide provides some thoughts about implementing a Vulnerability Disclosure Program.

Keeping track of databases, and the associated data they host, turns out to be a significant challenge. This white paper presents a detailed approach to understanding the difficulties related to database discovery, and some solutions to those problems.

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

The purpose of this research is to examine trends in the benefits of threat intelligence and the challenges companies face when integrating threat intelligence with existing security platforms and technologies.

Details research regarding the company Recorded Future. Shows how this company aided in the effeciency of dealing with cyber attacks and threats.

This paper was written to help Enterprises prioritize cyber security activities in real time based on potential financial loss.

Learn easy and effective ways for IT pros to manage help desk tickets and simplify the job of supporting end-users.

This paper seeks to discuss the weaknesses of cybersecurity management.

On behalf of the National Institute of Justice (NIJ) and as part of the Priority Criminal Justice Needs Initia- tive, the RAND Corporation, in partnership with the Police Executive Research Forum, organized a workshop in May 2017 on Challenges with Law Enforcement Access to Digital Evidence Held in Remote Data Centers. Discussions focused on ambiguities in U.S. law and procedure, challenges associated with using the Mutual Legal Assistance Treaty (MLAT) process, issues stemming from inadequate cooperation between law enforcement and service providers (the companies and organizations providing remote storage, communication, and computing services), and technical issues related to evidence residing in the cloud.

From the report, “When it comes to the increasing cybersecurity risk faced by commercial companies, leaders in government, private enterprise and academia express varying opinions. However, a common thread is a shared sense that leaders feel overwhelmed by the growing threats and see a lack of focus and commitment to basic — but often difficult — principles across their operations. Many people, including those at organizations’ highest levels, assume cybersecurity has become a problem we cannot fix. But we can.”

This whitepaper outlines the unique challenges that business-driven financial SOCs deal with, and provides tools and tips on how to manage and resolve these challenges.