_Experts-Operations

Agencies, It’s Time to Get Creative on Cybersecurity

When is the last time your company truly thought about the security of your network, devices and data? If this answer isn’t “yesterday” or “today,” then your agency, and the client data it is entrusted with, might be at risk. Dror Liwer, CISO of Coronet, outlines what agencies can do to get serious about cybersecurity.

What SOCs Can Learn from the Industrial Revolution

With hundreds, if not thousands of security alerts per day pouring into Security Operations Centers (SOC), security professionals are fighting a losing battle. Fortunately, tried-and-true manufacturing techniques can turn the tide. Heather Hixon of DFLabs outlines two techniques that can help even the playing field between SOCs and their adversaries.

Predictions: The Next-Gen SIEM Will Be Very Different

In 2019, security teams will start using more technologies to achieve detection and response versus simply relying only on standard SIEM alone. But deploying more and more technologies is not enough. SVP strategy at CyberInt Itay Yanovski explains why organizations need to look at Security Operations Centers (SOC) in a different way.

8 Security Operations Center Essentials

Whether you’re building a security operations center or ensuring that your existing security operations team has all its bases covered, you must ensure that you’re properly protecting your digital assets. Jorge Alago, cybersecurity architecture lead at Veristor, provides a quick rundown of 8 essential components that should be core to your security efforts.

A Widespread Need To Modernize Security Operations

There is a widespread need for organizations to modernize their security operations. Why? It creates the structure to eliminate distractions caused by chasing compliance mandates and the latest “shiny technology objects” and allows security organizations to reduce enterprise risk. Mark Maxey of Optiv outlines how to get started on modernizing operations.

The Benefit of a Software-Defined Perimeter

This article introduces the concept of a Software Defined Perimeter (SDP) as a progressive security model. Don Boxley, co-founder and CEO of DH2i, explains how an SDP overcomes today’s most prevalent data security challenges – especially as cloud adoption continues to soar – while presenting numerous, previously unattainable benefits.

Gamification: The ‘Secret Sauce’ For Your Software Security Program

With security often seen as an obstacle in the path of innovation, adhering to project delivery deadlines and staying agile, it can be something of a dirty word in the software industry. Pieter Danhieux, CEO of Secure Code Warrior, explains how to engage developers to code securely, bridge the gap between the development and security functions of the business, and strive for a higher build standard of software.

Can SMBs Do Something to Prevent Ransomware? (Yes!) - Part 2

Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 2 of this two-part series, Dave Moore, founder of Internet Safety Group, walks the reader through a well-crafted response plan and reviews of the top backup programs.

3 Strategies for Overcoming Security Burnout

With the problematic talent shortage in security, organizations are consistently operating understaffed and team members are forced to pick up the slack, which results in job fatigue and stress. Eric Sheridan, Chief Scientist at WhiteHat Security, offers three strategies for overcoming security burnout.

Can SMBs Do Something to Prevent Ransomware? (Yes!) - Part 1

Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 1 of this two-part series, Dave Moore, founder of Internet Safety Group, explains why and how SMBs need to make Internet safety training a top priority.

Productivity or Cybersecurity? Now You Can Have Both

When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.

The Impact Of The GDPR On Employees: The Payroll Process

With the GDPR now in effect, businesses across Europe are adjusting to a new regulatory environment. David McLeod of activpayroll examines the GDPR's impact on the payroll landscape, and how employers might boost their compliance performance.

Employees Need Trust, Not Toys

When Remotive.io founder Rodolphe Dutel tweeted “Tech companies must offer trust, not toys, to attract and retain talent,” it went viral. Rather than offering toys – ping pong tables, beer fridges, etc. – to lure in more candidates, Rodolphe outlines what organizations should offer instead to attract the best talent, and why.

6 Reasons Why SIEMs Aren’t a Security Analytics Tool

Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.

How to Measure the ROI of Cybersecurity Investments

Regularly measuring the effectiveness of cybersecurity efforts is challenging but essential to avoid security incidents. The ROI of security investments should be based on how much loss the organization could avoid due to the investment. In this article, Netwrix CEO Steve Dickson covers a combination of quantitative and qualitative methods to evaluate the return on security investments (ROSI).

Organizations Cannot Keep Up With Software Patches

99% of successful attacks involve vulnerabilities that have been known to cybersecurity professionals for at least one year. Nollaig Heffernan describes the issues that exist today with applying software patches, primarily at the application layer, and advises on how to mange the patching effort and where priorities should lie for organizations.

2018 Patch Status: Complex Updates But Limited Attacks

We kicked off 2017 with a lot of excitement around a nasty set of SMB vulnerabilities which led to the devastatingly successful WannaCry and NotPetya attacks, and 2018 started off with a similar level of excitement concerning the Spectre and Meltdown vulnerabilities. Ivanti’s Chris Goettl discusses which trends have surfaced and what to watch for during the rest of the year.

Spotting The Breach: What Are The Indicators Of Compromise?

What are the signs of a breach? Are you catching them all or do you have a false sense of security (yes, pun intended) when it comes to all things cyber within your organization? Sean Martin reaches out to the community of experts to help him identify some ways to spot the signs of a breach that might not be immediately evident.

Wouldn’t You Like To Know How To Prevent Security Alert Fatigue?

Organizations of all sizes are vulnerable to cybersecurity threats, and they need to be able to detect indicators of compromise in order to address risks and respond to attacks. Integrating SIEM and SOAR combines the power of each to create a more robust, efficient and responsive security program – which ultimately allows security teams to avoid alert fatigue.

Strategic Advice To Help CISOs Win The Battle Of The Budget

Today’s CISOs have one thing in common: the pressing need for funding to keep their security programs vital. Worldwide IT security spending jumped nearly 8 percent in the past year to top $90 billion, and it’s forecast to climb above $113 billion by 2020, but despite these numbers, executive decision-makers now want InfoSec costs inexorably linked to business value and return on investment.