This newly released SANS survey suggests the need to broaden the definition of endpoint to include the user. The two most common forms of attacks reported are browser-based attacks and social engineering, both of which are directed at users, not technology. Download this survey report to learn other key issues surrounding endpoint protection.

This report provides a walkthrough of creating an Incident Response Plan.

This is a Quarterly Report that looks at Cyber security issues in New Zealand and around the world.

This Quarterly report offers key takeaways from the first Quarter of 2016. Those takeaways come from Email, Exploit Kits, Web-Based Attacks, and Social Media and Domain Research.

This paper offers insight into an exploration of network cybersecurity in the U.S. Federal Government.

This report focuses on software vulnerabilities, software vulnerability exploits, malware, and unwanted software. It is the hope that readers find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.

In the Akamai State of the Internet - Security Report, you’ll get detailed cloud security insights about DDoS and web application attack trends observed across the Akamai Intelligent Platform™ for Q3 2016.

Whether it’s referred to as threat hunting or hunt teaming, companies are increasingly taking a proactive approach to security by looking for evidence of threats that are already in their environments. Organizations have realized that waiting for antivirus, SIEMs and other security solutions to trigger an alert is not a practical approach to detecting sophisticated and stealthy adversaries since they know how to evade these tools. Hunting enables security teams to proactively answer the question “Am I under attack?”

This threat advisory offers insight into the ROPEMAKER Email Exploit.

This paper takes a look at the best way to prevent breaches, by detecting and mitigating leaks.

This Threat Report takes a look at some of the events of Early 2017. Specifically, it looks at how weak and outdated software enabled breaches, threats leveraged legitimate features, threat groups targeted organizations for espionage, and Shamoon wiper malware re-emerged.

This paper is intended to give a high-level view on the insider threat for those looking to implement a defensive programme. It considers the types of attack that may take place and some of the common weaknesses that aid insider attacks. It also covers some of the policies and controls that can be implemented to detect, deter or defend against the insider threat. This paper is intended to be a summary, however, the final section details further reading and resources that provide more in-depth information.

This report provides statistics on attacks performed against web applications during the fourth quarter of 2017.

This paper discusses the top 20 Center for Internet Security (CIS) Critical Security Controls (CSC) come into play, providing organizations with 20 key controls that they can implement to mitigate some of the threats they are facing.

This is an infographic that can help your organization understand and win the war on Ransomware.

Verizon’s annual report on all data breaches in 2015

The Forcepoint 2016 Global Threat Report is a definitive breakdown of many of today’s most impactful cybersecurity threats with far-reaching technical, operational and cost impacts on affected organizations. Each section of this report closes with guidance from the Forcepoint Security Labs team on how to best address the outlined threat(s).

The object of this report is to answer the question, what will happen in 2018?

The goal of the SonicWall Annual Threat Report is to define the cybersecurity battlefield in order to enable companies and individuals around the world to mount an impenetrable defense in 2017 and beyond.

From the report, “When we set out to develop a report based on our 163 incident response client engagements over the course of the first half (H1) of 2016, we captured empirical data on type of threats, affected industries, and initial access vectors that threats use. However, we went back to the drawing board to ask ourselves, “What do organizations challenged by cyber threats and cyber risk actually need to know?” As a result, this report takes the form of an advisory aimed at jarring Security and C-Suite leaders just enoug to evoke positive action and a recalibration of their approaches to security.”

This report takes a look at the last 20 years of IT development, and the issues and trends that have taken place in 2017.