This survey, representing the voice of 2,076 IT professionals, demonstrates that DevSecOps practices continue to mature rapidly and that, once automated, security is difficult to ignore.

From the report, “In the cyber security industry, we’re so frequently working around-the-clock for days at a time that we often forget when one year ends and another begins. It’s a shame, too, because the end of the year is a very important time. It provides a moment to reflect on what we observed and experienced over the past 12 months, and to consider how best to address the challenges we have been facing. Perhaps more critical to our line of work, it offers an opportunity to note what developed into a trend, and what might develop into a trend as we move into the next year and beyond.”

From the report, “In 2019 and beyond, the biggest trends expected to have an impact on technology and security are the advances in artificial intelligence and machine learning brought about by the ever-growing volume of data that can be processed and analyzed; the continued adoption of cloud computing by enterprises the world over; and the developments in smart devices, homes, and factories — to say nothing of the looming 2020 rollout of 5G, the latest phase of mobile communications geared toward further increasing internet speeds. Furthermore, 2019 will be an important year for political developments including the finalization of Brexit and the holding of landmark elections in several countries. These technological and sociopolitical changes will have a direct impact on security issues in 2019.”

It’s harvest time (at least here in the United States), and as we prepare to reap the bounties of the land, so too have we seen attackers make good use of the exploits they’ve sown and infrastructure they’ve co-opted. The credential compromises and remote access attempts of Q2 have ripened into suspicious service logins and lateral movement actions involving credentials, along with increases in the presence of malware on systems.

To gain insight into what’s happening in the healthcare industry when it comes to cybersecurity, Kaspersky Lab issued a survey. The research provides insight into the perceptions of healthcare employees in North America regarding cybersecurity in their workplace, including awareness of cybersecurity breaches, protection of sensitive information, cybersecurity awareness and training, and more. Kaspersky Lab commissioned the research firm Opinion Matters to conduct a survey of 1,758 employees based in healthcare organizations in the United States and Canada. Through this research, the company aims to create a dialogue among businesses and IT staff in healthcare about the current state of awareness of cybersecurity among their employees, along with providing suggested proactive steps that can be taken to prioritize cybersecurity awareness through trainings and consistent education, aiming to prevent or minimize the next cybersecurity issue.

While popular out-of-the-box SaaS products like Salesforce, Box, Dropbox, and Office 365 are becoming common in the workplace, many enterprises have business needs that require custom-made applications.

The “Impact of Cloud on ERP” survey report was designed to assess the impact of ERP solutions on organizations and better understand cloud preparation and data migration needs to implement ERP solutions in the cloud. Features and benefits gained, security and privacy challenges, and time to deploy for an ERP Solution in a cloud environment were explored.

This is the first in a series of books tracking changes and discoveries within the DevSecOps Community. The stories are by people who have been sloshing around in the swamps of software development for years, figuring out how things work, and most importantly, why things didn’t work.

From the report, “This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends, Examples of ill-prepared organizations and the devastating effects of the breaches they suffered, Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution. This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.”

From the report, “The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. That’s why we’ve developed this incident response guide. We’ve collected and curated decades of infosec war stories and intelligence — from across the galaxy — so that you’re better armed in the fight against cybercrime. You’ll have an insider’s perspective on how to build an incident response plan and team, and what tools and training you can use to arm those team members.”

In the summer of 2018, AT&T Business and Spiceworks performed a research study with 250 IT leaders. The research revealed that 99% of organizations have a security risk management strategy. However, there is a sharp performance divide between the organizations confident in their risk management strategies (42% called the “Confident Investors”) and organizations who are not (57% called the “Unconfident Investors”).

From the Report, “A new study by IDG shows 86% of organizations have suffered repercussions, including increased security breaches and data loss, due to lack of collaboration between Network & Cybersecurity teams.”

Sonatype’s 4th annual report on managing open source components to accelerate innovation.

The goal of this white paper is to bring clarity to cyber threat intelligence. It explains the different categories of CTI and discusses some use cases to illustrate ways it can be applied and utilized to augment security teams’ efficiency and gain an edge over the attackers. Finally, it discusses CrowdStrike’s approach to threat intelligence.

The purpose of this white paper is to help users understand how CrowdStrike ® uses ML to protect endpoints. To get there, we must first clarify what ML is and how it works. Then we will describe how Crowdstrike implements ML, specifically in the area of malware detection. Finally, we will discuss the benefits and limitations of applying ML in cybersecurity. In the end, the reader will get a better understanding of ML and how — when used correctly — it can help defend against cyber threats.

Based on extensive use of CrowdStrike’s next generation endpoint protection platform to detect and prevent sophisticated attacks against large organizations, CrowdStrike’s in house team of security experts, adversary hunters, intelligence analysts and incident responders have pooled their knowledge to produce this valuable guidebook and checklist for proactively enhancing your corporate information security procedures while avoiding common mistakes and pitfalls.

This brief whitepaper offers some thoughts on why endpoint security should move to the cloud.

This report offers a checklist for surviving a Cyber Attack.

Cybersecurity has emerged as a key risk factor to be weighed during the due diligence process of any merger and acquisition. How should organizations on both sides approach the process? Steve Chabinsky of CrowdStrike shares his thoughts on strategy for assessing cyber risk during the M&A due diligence process.

The big-name breaches have made us all sensitive to the loss of personal and competitive data. But are we overlooking the real risks? Shawn Henry of Crowdstrike offers insight on how we need to evolve our core defenses.

This report discusses a key issue in a Malware-centric defense approach; it will leave you vulnerable to attacks that don’t leverage malware. Read on to learn more.