In April-May 2019, ESI ThoughtLab surveyed 467 firms to gain insights into their latest cybersecurity perspectives, plans, and practices. With limited budgets, and cyber risks mushrooming, it is paramount that organizations understand the ROI of cybersecurity so that they invest in those efforts that will result in the optimal outcome.

This technical whitepaper explains the challenges cybersecurity professionals face, how they’re prioritizing vulnerabilities today and how they can dramatically improve cyber risk management with Predictive Prioritization – the process of re-prioritizing vulnerabilities based on the probability that they will be leveraged in an attack.

From the report, “After working with hundreds of security professionals and covering over 1 million assets at some of the world’s most innovative brands, the team at Axonius has identified 5 things that security teams discover when they automate cybersecurity asset management. In this short paper, we’ll review each of these findings, discuss their security implications, and show how automating asset management can both find and resolve these challenges.”

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. Their research also reveals best practices exhibited by exemplary open source software projects and exemplary commercial application development teams.

Positive Technologies experts regularly perform security analysis of mobile applications. This report summarizes the findings of their work performing security assessment of mobile apps for iOS and Android in 2018.

The Irdeto Global Connected Industries Cybersecurity Survey polled 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing plus IT and technology* (who manufacture IoT devices) industries about cyberattacks targeting their organization, concerns about the types of attacks that could target their organization, security measures currently in place and much more. The research surveyed both manufacturers and users of IoT devices in five countries – China, Germany, Japan, the UK and the US. The research was fielded online by Vanson Bourne from March – April 2019.

Bromium Insights Report is designed to help our customers become more aware of emerging threats and trends and to equip security teams with knowledge and tools to combat today’s attacks and anticipate evolving threats to manage their security posture.

This report outlines the findings from extensive primary research analyzing more than six million enterprise devices over a one year period. Our analysis led to a stunning discovery: much of endpoint security spend is voided because tools and agents fail, reliably and predictably. The clear conclusion is that increasing security spending does not increase safety. In fact, every additional security tool only increases the probability of failure and decay. The data in this report provides evidence that merely investing in more endpoint security tools is ineffective, and a new approach is needed. To secure the endpoint, the security tools already in place must be made resilient.

Cloud is the center of IT and increasingly, the foundation for cyber security. Understanding how threat vectors are shifting in cloud is fundamental to making the necessary updates to your security program and strategy. Symantec’s CSTR shines a light on how to secure the digitally transformed, virtual organization of today and tomorrow.

This report promises to allow you to use the vast insights and hard data contained in the report to help bolster your security posture and better understand the nature of the threats we face today.

This report details the Industry Average detection efficacy of the leading MTD solutions used against malicious applications, network attacks and device vulnerabilities. During testing, the Quality of Experience (QoE) and Total Cost of Ownership (TCO) of each MTD solution was also assessed to determine the overall value of each product.

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. A significant number of these vulnerabilities are exploitable and have remote code execution capabilities, changing their status from a potential threat to an active and live cyber risk exposure point. While our findings naturally focus on the most recent data, the report includes more than 20 years of data from 1996 through 2018, allowing us to see long-term trends.

From the report, “For our 4th Year running, welcome to the edgescan Vulnerability Stats Report. This report aims to demonstrate the state of full stack security based on edgescan data for 2018. The edgescan report has become a reliable source for truly representing the global state of cyber security. This year we took a deeper look at vulnerability metrics from a known vulnerability (CVE) and visibility standpoint. We still see high rates of known/patchable vulnerabilities which have working exploits in the wild, which possibly demonstrates it is hard to patch production systems effectively on a consistent basis.”

This e-book provides a practical guide for security teams to “unlock” the power of intelligence.

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole.

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.

The 2018 Managed Security Report is based on the results of a comprehensive online survey of IT and cybersecurity professionals conducted in July and August of 2018.

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers.

To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence via the 2019 SonicWall Cyber Threat Report.

This quarterly threat report offers insight into the DDoS attacks that occurred in the 4th quarter of 2018.