EXCLUSIVE

Security Services April 14, 2021

An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target

In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we…

Data Poisoning: When Attackers Turn AI and ML Against You

Stopping ransomware has become a priority for many organizations. So, they are turning to artificial intelligence (AI) and machine learning (ML) as their defenses of choice. However, threat actors are also turning to AI and ML to launch their attacks. One specific…

Security & Analytics April 21, 2021

Cloud Native Tools Series Part 3: Get the Right Tools

As we near the end of our journey into cloud native tools, let’s take a look at visibility. In a previous post, I discussed how business entities need to understand their end of the Amazon Web Services (AWS) shared security…

Security Intelligence & Analytics April 20, 2021

‘Inbox Zero’ Your Threat Reports: How to Combat Security Alert Fatigue

At best, a new cybersecurity alert should trigger immediate action. But we all know in practice that work is not always clear cut. A new alert can find itself as just the latest un-addressed number in the inbox. In an…

Application Security April 20, 2021

Progressive Web Apps and Cookies: Taking a Bite Out of Security

To prevent cookie theft, have cyber defense baked in. With progressive web apps (PWA) and other relatively new protective efforts in place, how can you be sure you’re defending against today’s attackers? Here’s what enterprise needs to know about the…

Cloud Security April 19, 2021

Cloud-Native IAM Controls Part 2: An Approach for Governance

Some organizations with multicloud environments opt for a cloud service provider with native identity access management (IAM). However, these same people often struggle when it comes to adding the cloud-native controls into a larger enterprise IAM program. In part 1…

Timeline

State and Local Government Cyberattacks Timeline

State and local governments face malicious actors who target personal information and key services, endangering both citizens and critical infrastructure. Explore this timeline for a sense of the evolving landscape, attack patterns and prevention best practices.

Explore the timeline

How VPNs Are Changing to Manage Zero Trust Network Access

What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the…

Identity & Access April 18, 2021

Why Business Password Management Remains a Struggle

How secure is your password? Everyone has a favorite. Savvy people, of course, know better than to use something that can be easily guessed, like 12345 or ‘Password.’ But, once you latch on to a password you really like and…

Security Intelligence & Analytics April 16, 2021

How AI in Cybersecurity Addresses Challenges Faced by Today’s SOC Analysts

Today’s security operations centers (SOC) have to manage data, tools and teams dispersed across the organization, making threat detection and teamwork difficult. There are many factors driving complex security work. Many people now work from home with coworkers in far-away…

Security Intelligence & Analytics April 16, 2021

Combating Sleeper Threats With MTTD

During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019.…

Risk Management April 16, 2021

Ransomware Attacks in 2021: Information Meets Emotion

“If you want to go quickly, go alone, but if you want to go far, go together.” This African proverb opens the Sophos 2021 Threat Report, and in view of recent cybersecurity events, its meaning is very important when it…

Latest Podcast

Season 1 |Episode 4

Developing a Cloud Security Strategy

Playlist 3 |Episode 19

Training with Chaos Engineering

Playlist 3 |Episode 18

Time Is (Still) Money and Other Findings from the 2020 Cost of a Data Breach Report

Playlist 3 |Episode 17

Contextualizing Zero Trust

Playlist 3 |Episode 16

Recent Activity from ITG16, a North Korean Threat Group

Playlist 3 |Episode 15

Consumer Identity and Access Management (CIAM): Reducing Friction Without Reducing Security

Playlist 3 |Episode 14

Exploring the Impact of the ITG08 Threat Group

Playlist 3 |Episode 13

Creating AI Without Bias

Playlist 3 |Episode 12

Current Trends in the Threat Intelligence Landscape

Playlist 3 |Episode 11

Verify to Simplify: Demystifying Zero Trust