Information security programs continue to rely not just on security policies, but also the controls that ensure they get enforced. Unfortunately, such controls begin degrading the moment they're put in place, sometimes rapidly, says Josh Mayfield, director of security strategy at Absolute Software.
Every security leader wants visibility into the potential attack surface. But that surface is changing in vast new ways, owing to the cloud and connected devices. Mario Vuksan of ReversingLabs defines what visibility truly means today.
In a keynote address at the RSA Conference 2019, RSA President Rohit Ghai encouraged attendees to work in the coming years to "implement a security program with machines and humans working together. Humans asking questions; machines hunting answers."
As companies push more data to the cloud, large enterprises such as MGM Resorts International are balancing what it takes to complete their digital transformation journey and securing data that is rapidly moving off premises.
Identity and access management is more complicated when organizations rely on a cloud infrastructure, says Brandon Swafford, CISO at Waterbury, Connecticut-based Webster Bank, who describes the challenges in an interview.
Facebook is edging closer to launching its own cryptocurrency, with a rollout expected this year, The New York Times reports. But some critics argue that the project seems more like a trendy and unnecessary redressing of a PayPal-like system with a blockchain.
Just days after Drupal warned of a "highly critical" flaw in its web services modules, hackers came calling, exploiting the content management system vulnerability to install cryptocurrency miners and other malicious software on sites, security experts warn.
Every threat hunt starts with intelligence. As one of the industry's most comprehensive knowledge bases for adversary behavior, ATT&CK provides a structure for hunters to build their hypotheses and search for threats.