In this first-ever SCAR report, we analyzed over 370 million cyber assets, findings, and policies across almost 1,300 organizations to better understand today’s cyber asset landscape. The data in this report helps security operations, engineers, practitioners and leaders understand cyber assets, liabilities, attack surfaces, and there relationships to each other in the modern enterprise.

In the 2023 State of Cyber Assets Report (SCAR), we analyzed over 291 million cyber assets and attributes across organizations of all sizes. These findings will help you to understand how security teams discover cyber assets, understand asset relationships, and secure their attack surfaces.

This paper seeks to introduce some of the new knowledge sources and actionable data, along with a data-driven approach that puts custom cyber intelligence at the center of the process seeking to deliver the tools to help the organization stay as close to the front of the race as possible.

In the two years since our inaugural State of Observability report, we’ve seen the number of organizations getting started with observability rise substantially, and a whopping 87% of respondents now employ specialists who work exclusively on observability projects. There are plenty of good reasons so many businesses are jumping on the observability bandwagon. We surveyed 1,750 observability practitioners, managers and experts to examine that state of observability - from the success of today to the ambitions of tomorrow.

In this white paper, you’ll learn how to combat unwanted privilege escalation by reverse engineering the tactics that cybercriminals use. By seeing the world through the eyes of a hacker you’ll be able to identity the red flags of privileged-account attacks. And, you’ll know which techniques and tools to use to mitigate them.

For the last eight years, we’ve produced the State of DevOps report, hearing from over 33,000 professionals worldwide. We’ve outlined the DevOps practices that drive successful software delivery and operational performance, with a deep focus on security for the 2022 report.

Our annual survey is an opportunity to see where teams are succeeding with DevSecOps and where they might be struggling. Second, by capturing trends and movement in this market, we hope to give software development teams — from individual contributors to executives — insight into how to get the most out of their DevSecOps investments. This year’s survey respondents offered their views against the backdrop of a growing set of macroeconomic influences.

With a steady increase in cyberattacks each year and a constantly evolving threat landscape, more organizations are turning their attention to building long-term cyber resilience: the ability of the workforce to adapt, respond, and recover from cybersecurity incidents, not merely the ability to detect and prevent them. To learn more about the state of cyber resilience, we surveyed senior security and risk leaders and found that cyber resilience indeed tops their list of strategic and spending priorities for organizations in 2023, driven largely by concerns about ransomware, supply chain and third-party attacks, and coding vulnerabilities.

This report is different in that we’re focusing on explicit relationships that are manually configured by organizations using RiskRecon’s platform. In other words, we’re examining curated portfolios of vendors and suppliers tracked as part of organizations’ third-party risk management program. We started with a dataset extracted from RiskRecon’s platform consisting of over 100,000 primary organizations and more than 300,000 monitored third-party relationships. We’re focusing on direct relationships in this report, but the data supports the analysis of indirect (fourth- to nth-party) relationships.

The April 2023 report details a continued rise in Russian state-sponsored threat actors, the shutdown of a widely used hacker marketplace, “shadow ban” attacks against Twitter users, and the emergence of several new high and critical vulnerabilities, including a zero-day exploit against Google Chrome. It also provides updates to the metrics and information on the most impactful vulnerabilities and malware strains in the wild today and includes information on some of the top phishing sites observed over the month.

The goal of this paper is to help decision-makers and entities who can protect systems from ransomware at scale, such as the security industry, governments, and policymakers, to form defensive strategies on how best to make an impact on the ransomware ecosystem. While this paper does not focus on hands-on technical defenses that an enterprise would look to for deployment, it does aim to provide decision-makers with methods for understanding the level of risk that an organization faces from this threat.

In this latest edition of the Invicti AppSec Indicator, we asked development and security practitioners how they deal with all the excess AppSec noise in the face of relentless pressure to deliver business-critical software on time without compromising security.

In our bi-annual AppSec Indicator report, we uncover insights and trends to guide best practices in vulnerability identification and remediation. For this year’s Spring edition of the Invicti AppSec Indicator, we analyzed data from 1.7 million scans conducted by the 1,700 customers that use our cloud dynamic application security testing (DAST) offering, representing approximately half of our entire customer base.

The industrial cyber threat landscape is constantly changing with new adversaries, vulnerabilities, and attacks that put operations and safety at risk. The 6th annual Dragos Year in Review summarizes what you need to know about your threats and benchmark your OT cybersecurity posture.

Dragos is excited to present the fifth year of the annual Dragos Year In Review report on Industrial Control System (ICS)/Operational Technology (OT) cyber threats, vulnerabilities, assessments, and incident response observations. This report captures how a portion of the industrial community is performing and progressing, and highlights the areas that need improvement to provide safe, reliable operations into 2022 and beyond.

FortiGuard Labs experts leverage Fortinet’s large global footprint to continually monitor the threat landscape and the major geopolitical events that influence it. This report presents findings and insights from six months of intense research, with recommendations for leaders and practitioners to better prepare and protect your organization.

This report is based on our research and experience from the past year in securing enterprise cloud environments. We chose to focus on novel, notable, and high-impact risks that we believe you should be familiar with and include in your cloud security strategy for 2022.

The report is based on threat intelligence observations from the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams. It provides actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever evolving threats. In this and future threat intelligence reports, Google will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.

This report aims to demonstrate the state of full stack security based on thousands of full stack assessments globally, delivered by the Edgescan SaaS during 2019. This report is still a joy to do as it gives decent insight into what’s going on from a trends and statistics perspective and overall state of cyber security. This report provides a glimpse of a global snapshot across dozens of industry verticals how to prioritize on what is important, as not all vulnerabilities are equal.

The Edgescan report has become a reliable source for truly representing the global state of cyber security vulnerability management. This is becoming more evident as our unique dataset is now also part of other annual security analysis reports, such as the Verizon DBIR (we are happy contributors for many years now). This year we examined vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems. We also take a look at how quick we are fixing various vulnerabilities based on risk.

A recent ThoughtLab study revealed the top cybersecurity challenges that are top-of-mind for IT leaders. This ebook will discuss how those challenges can poison your ability to protect your business why automating security operations is the antidote, and why 80% of organizations that use automation say they can respond to vulnerabilities in a shorter timeframe.