Resources

One of the biggest concerns is not the threats of today, but the threats of tomorrow. DHS is seeing emerging threats outpacing our businesses which is unacceptable.

For the past two years, Sumo Logic has produced the first and only industry report that quantitatively defines the state of the Modern App Stack. Working with our customers, we continue to see rapid advances in tools and processes used by various enterprise personas to build, run and secure modern applications. This third annual report extends our analysis to DevSecOps, a new and innovative trend that is rapidly growing amongst our customers.

Organizations around the world are adopting, building or shifting resources, applications and workloads to the cloud to take advantage of the inherent competitive, economic and agility gains that can be achieved in this environment. However many of these organizations are finding that their legacy network and security tools are not able to provide them with the scalability and insights they need, to continue tightly managing their security and compliance requirements in the cloud.

The following report, sponsored by Sumo Logic, is based on a global survey of 316 IT security professionals responsible for environments with significant investment in both cloud and on-prem infrastructure. The goal of this survey was to quantify current experiences with adopting traditional security methods in the cloud, with a focus on both organizations and tools.

What Really Drives Security Procurements and Decisions

Hidden Lake Technology has contracted with DLT Solutions to provide professional services in support of DLT’s Amazon Web Services customer base. These engineering services will support the Amazon Web Services platform and related customer challenges including consulting, migrations, security and cloud optimization. This strategic partnership brings a top services delivery team into the DLT Partner Network, expanding capabilities and maximizing value for customers.

Insider cybersecurity threats are much more prevalent than most of us realize. IBM estimates that 60% of all cyberattacks are perpetrated by those with insider access1; McAfee cites enterprise insiders as a major source of Personally Identifiable Information (PII) sold on the dark web, particularly in the healthcare industry; and at least two-thirds of major corporations reported insider threat incidents in 20163 ranging from file theft and destruction to selling passwords and deliberately sabotaging critical systems. Over 40% of U.S. government agencies report such incidents every year. It's a serious—yet incredibly overlooked—risk.

Year after year, investigations performed after breaches and other security incidents reveal that the majority of security incidents occur because well-known security controls and practices were not implemented or were not working as organizations had assumed. And the major problem in cyber security remains a lack of defined and repeatable processes for selecting, implementing and monitoring the security controls that are most effective against real-world threats.

Security and compliance remain at the forefront of concerns facing security leaders today. Tackling the challenge of finding and addressing risks in the enterprise while demonstrating compliance with increasingly demanding regulations requires the maturity and discipline to adopt and follow a complete security risk and compliance lifecycle.

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the internet and other networks for business, operations and research. Information about citizens, banking and finance, research and development, and many other federal connected systems transmit data outside the federal networks—and their security compliance standards. So it makes sense that FISMA would adapt to address more than the original scope of perceived threats and specifically address systems and data security that inter-agency networks, vendors, contracts and supply chain puts at risk.

Tripwire solutions have a history with government agencies, offering an 'ironclad defense,' or foundation for a layered compliance and security strategy.

When a high-profile cyberattack grabs the headlines, your first instinct may be to funnel resources into purchasing a shiny new tool to defend your organization. But often, that’s not what’s really needed.

Tripwire's integrated suite of products build on their core capabilities to deliver critical capabilities for breach detection and remediation, and address nearly every compliance standard—PCI DSS, NIST, FISMA, NERC, HIPAA, ISO/IEC 27002, DISA, SOX, and many others.

In today’s world of complex, modern web applications, accurate and automated Dynamic Application Security Testing (DAST) tools are rare, but do exist. What characteristics should you look for in a DAST tool to give you greater accuracy and ease of use?

It’s time to break down silos and drive secure innovation, together. The practice of SecOps creates an alliance between Security, IT, and DevOps to make security an inherent outcome of all business innovation and operations. The Rapid7 Insight platform equips you with the visibility, analytics, and automation you need to unite your teams and amplify your efficiency.