The goal of this report is to share our knowledge about the most commonly used attack techniques and their use cases, so that security teams can adopt a more threat- centric approach and prioritize threat prevention, detection, and response efforts.

The new look at the workforce revealed that the percentage of women in cybersecurity is roughly 24%. While men continue to outnumber women in cybersecurity and pay disparity still exists, women in the field are buoyed by higher levels of education, and are finding their way to leadership positions in higher numbers.

The eleventh annual Flexera 2022 State of the Cloud Report (previously known as the RightScale State of the Cloud Report) explores the thinking of 753 respondents from a survey conducted in late 2021. It highlighted year-over-year (YoY) changes to help identify trends. The respondents global cloud decision-makers and users-revealed their experiences and insights about the public, private and multi-cloud market.

This 2022 Cloud Security Report, based on a comprehensive global survey of cybersecurity professionals, reveal these security challenges and offers insights on the state of the cloud and cloud security today. The study reviews organizations’ choices and responses as they try to gain more confidence in securing their cloud environments.

The Red Report 2021 reveals an increase in the number of average malicious actions per malware. Another key finding of the report is that T1059 Command and Scripting Interpreter is the most prevalent ATT&CK technique, utilized by a quarter of all the malware samples analyzed. This report also reveals that five of the top ten ATT&CK techniques observed are categorized under the TA005 Defense Evasion tactic.

The report evaluates the responses of 465 global IT professionals who manage, advise, and participate in ITAM, SAM, and HAM activities in organizations of 1,000 or more employees. The insights gleaned from these responses provide vision into the strategic initiatives across these ITAM practices and practitioners.

For the sixth annual State of Application Services survey, F5 heard from nearly 2,600 respondents globally— across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. Their responses provide a unique view of the trends shaping the application landscape and how organizations around the world are transforming to meet the ever-changing demands of the digital economy.

A survey-based report covering 704 cybersecurity professionals from organization with more than 500 employees. This edition has a special focus on the impact of 5G technologies for security professionals.

As more organizations move to the cloud and public cloud platforms gain more users and offer more services, cybercriminals will find ways to launch attacks and profit from compromise. As we’ve demonstrated in this research, misconfiguration in cloud services opens an organization to risks like cryptojacking, e-skimming, and data exfiltration. Container technologies in the cloud, when exposed, also pose similar risks. Finally, mismanagement of credentials and other secrets have costs that can grow as threats move across the cloud stack.

This report provides exactly what its title offers, 10 predictions for developers in 2019.

The data in this survey suggests that the role of the firewall in network security remains critical even as the network security landscape undergoes significant evolution and expansion. Within the enterprise, organizational and departmental roles and responsibilities with respect to network security in the new technology landscape remain in flux. At the same time, parameters that bound traditional definitions of ‘firewall’ are subject to change as emerging platforms and devices acquire characteristics that were previously in the domain of traditional firewalls. The totality of this complexity overlays and exacerbates pre-existing challenges in managing firewalls rules and protocols and points to the need for innovative solutions to reign in complexity and ease the burdens on overextended network security professionals.

FireMon is proud to present its 3rd Annual State of the Firewall Report based on 437 survey responses collected between November 16, 2016 and December 6, 2016. Respondents included IT security practitioners representing a range of professional roles, organization sizes and industry verticals. Survey participants were asked 26 questions about their current firewall infrastructure and management challenges as well as questions about adoption and impact of emerging technologies such as SDN, cloud, microsegmentation and Internet of Things (IoT).

FireMon is proud to present its 2nd Annual State of the Firewall Report based on a November 2015 survey of 600 IT security practitioners, representing a range of professional roles, organization sizes and industry verticals. Survey participants were asked 21 questions about their current firewall infrastructure and management challenges as well as questions about adoption and impact of emerging technologies such as NGFW, SDN and cloud. When compared with results from the 2015 study, the responses revealed three trends that this report will explore further: 1) Firewalls remain an extremely valuable part of the network security infrastructure; 2) Next-generation firewalls continue to see broad adoption, adding complexity to security management; and 3) Awareness around SDN and its impact on network security has increased.

“It’s difficult to make forecasts, especially about the future,” mused movie mogul, Samuel Goldwyn. With the rapid changes in digital transformation, 2019 is likely to surprise us in significant ways. But one thing is certain: IT predictions for 2019 will include swift expansion into the cloud and solutions for the myriad challenges of providing security, compliance and business continuance across the growing on premise and cloud estates.

In this whitepaper, they look at three categories of approaches taken by malware to evade sandboxes and explore techniques associated with each approach.

From the report, “Much like DevOps itself, pervasive automation is equal parts process, tooling, and culture. Taking the journey represents a collective commitment by the entire organization, one where the goal is realizing the competitive advantage offered by software automation. Leadership builds the strategy, managers plan how to get there, and then it’s up to the teams to sustain an ongoing effort. New challenges will arise as new technologies are released: cloud services, containers, and server-less computing for example. Automating processes to adapt to tomorrow’s technology means staying on the path toward pervasive automation. Then, deliver the business value and agility it promises. While it’s impossible to get to an “absolutely” automated state, this journey keeps you as close as possible by continuously leveraging the latest DevOps and automation practices across your organization.”

While popular out-of-the-box SaaS products like Salesforce, Box, Dropbox, and Office 365 are becoming common in the workplace, many enterprises have business needs that require custom-made applications.

In the summer of 2018, AT&T Business and Spiceworks performed a research study with 250 IT leaders. The research revealed that 99% of organizations have a security risk management strategy. However, there is a sharp performance divide between the organizations confident in their risk management strategies (42% called the “Confident Investors”) and organizations who are not (57% called the “Unconfident Investors”).

In mid-2018, VansonBourne conducted research on behalf of Nutanix to gain insight into enterprise plans for adopting private, hybrid, and public clouds. The respondent base spanned multiple industries, business sizes, and geographies, which included the Americas; Europe, the Middle East, and Africa (EMEA); and AsiaPacific (APJ) regions.

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware.

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. In recent months, Unit 42 has observed a number of attacks that we attribute to this group. Multiple new variants of the previously discussed sysget malware family have been observed in use by DragonOK. Sysget malware was delivered both directly via phishing emails, as well as in Rich Text Format (RTF) documents exploiting the CVE-2015-1641 vulnerability (patched in MS15-033) that in turn leveraged a very unique shellcode. Additionally, we have observed instances of the IsSpace and TidePool malware families being delivered via the same techniques. While Japan is still the most heavily targeted geographic region by this particular actor, we also observed instances where individuals or organizations in Taiwan, Tibet, and Russia also may have been targeted.