This report offers an analysis into current trends in vulnerability risk management. It examines the attributes of security vulnerabilities viewed through a variety of lenses: Attributes of vulnerabilities published since 2002 versus those only recently published, Attributes of all vulnerabilities published in the National Vulnerability Database (NVD) in contrast with only those uploaded into our platform by our clients, Vulnerabilities broken down by industry vertical, CVSS score, product vendor and active exploitation in the wild.

This group takes a look at Threat Hunting and examines how organizations are moving to a pro-active approach to cybersecurity.

This e-book seeks to help you understand all of the many details necessary for succesful network management.

The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has since re-emerged. This paper provides an overview.

The goal of this book is to clarify the most frequently encountered concepts of inline security and be a resource as you develop your network security architecture. For each of the 20 terms included, they provide a simple definition, common use cases, and important considerations for deployment.

This paper is based on the findings of a worldwide study.

From the Report, “This year’s GTIR utilizes the Center for Internet Security’s Critical Security Controls to identify controls that can be effective at each stage of the Lockheed Martin Cyber Kill Chain® (CKC) . By ensuring that controls exists for each stage of the CKC, organizations can increase their ability to disrupt attacks . We’ve dedicated an entire section and case study to a Practical Application of Security Controls to the Cyber Kill Chain.”

This paper details the history and abilities of Ransomware, and where it is headed in the coming years.

This report discusses the proper workflows in Security Optimization.

In early 2016, Hexadite commissioned the Enterprise Strategy Group (ESG) to complete a study of 100 IT and cybersecurity professionals with knowledge of or responsibility for incident response (IR) processes and technologies at their organizations. This research project was intended to assess the current practices and challenges associated with incident response processes and technologies. Furthermore, respondents were asked about their future strategic plans intended to improve the efficacy and efficiency of IR activities. This paper presents the details of those findings.

This report helps detail the importance of monitoring suspicious domain registrations to protect a brand from being destroyed by cyber criminals.

In 2013, ISMG and FireEye teamed up to survey security leaders about advanced threats and breach response. Among the findings: Only 20 percent of respondents rated their incident response programs “very effective,” and they were most concerned about their abilities to detect and contain APT/malware quickly and completely.

This study, analyzes cyber threats from the years 2014 through 2016.

This report discusses the Security Operations Center and how it is being architected in organizations with some consensus on what should be done. The paper details the issues and problems that need to be resolved as this area of expertise continues to grow.

The Blackmoon Banking Trojan was thought to be shut down in 2016. However, it has re-emerged. This paper provides a brief analysis of the revamped trojan.

As the threatscape continues to evolve rapidly in both sophistication and scale, the need to protect organizations’ intellectual property, operations, brand and shareholder value, in addition to their customers’ data, is ever more critical. But how do organizations build controls for the security risks they don’t even know about yet?

This report deals with predicting the cyber threat landscape for 2016 through 2020. It does this by looking back 5 years, and analyzing the past, and also talking to folks who make predictions for the 5 years in the future.

This report reviews the cyber security threats that occurred in the first half of 2017.

This report provides detailed information about Iranian Threat, Extended Supply Chain Threats, Critical Infrastructure, Advanced Persistent Threats, Miner Malware, and Ransomware.

This initial paper explores how digital organizations are leveraging new technology safeguards to build a cybersecurity and privacy program that jumpstarts success—and creates a truly differentiating business capability.

This is a good report to read if you are interested in learning how to properly, and succesfully, report risks and vulnerabilities to boardmembers and executives.