Security operations and management
Cybersecurity operations and management are vital to protect enterprises against cyber threats. Learn how to create and manage infosec programs and SOCs, perform incident response and automate security processes. Also read up on security laws and regulations, best practices for CISOs and more.
Top Stories
-
Feature
16 Oct 2024
How to build an incident response plan, with examples, template
With cyberthreats and security incidents growing by the day, every organization needs a solid incident response plan. Learn how to create one for your company. Continue Reading
-
Feature
16 Oct 2024
How to define cyber-risk appetite as a security leader
In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
-
Podcast
11 Oct 2024
SecOps from the IT infrastructure operations perspective
The CrowdStrike outage capped a decade of deepening divide between SecOps and the rest of IT ops -- and should bring about its end, according to one industry veteran. Continue Reading
-
Definition
10 Oct 2024
What is threat intelligence?
Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization. Continue Reading
-
Definition
10 Oct 2024
What is extended detection and response (XDR)?
Extended detection and response (XDR) is a technology-driven cybersecurity process designed to help organizations detect and remediate security threats across their entire IT environment. Continue Reading
-
Podcast
08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?
Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
-
Tip
07 Oct 2024
How to use security as code to achieve DevSecOps
Security as code helps organizations achieve DevSecOps and shift-left security. Learn about SaC's benefits, challenges and implementation best practices. Continue Reading
-
News
03 Oct 2024
Microsoft SFI progress report elicits cautious optimism
Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
-
Podcast
03 Oct 2024
Microsoft security overhaul offers blueprint for SecOps
Better late than never: Microsoft lags major cloud competitors in making security a top priority. But other enterprises might learn from how the company is catching up. Continue Reading
-
News
01 Oct 2024
T-Mobile reaches $31.5M breach settlement with FCC
After suffering several breaches, T-Mobile agreed to pay a $15.75 million civil penalty and make a $15.75 million investment to bolster its security over the next two years. Continue Reading
-
Podcast
30 Sep 2024
Risk & Repeat: Inside the Microsoft SFI progress report
The first Secure Future Initiative progress report highlighted improvements to Microsoft's security posture. But the company still faces major SecOps challenges. Continue Reading
-
Podcast
26 Sep 2024
The double-edged swords of cloud security and AI
DevSecOps expert Kyler Middleton examines the ways modern technologies such as cloud computing and AI both enable and complicate the future of SecOps. Continue Reading
-
Tutorial
24 Sep 2024
How to use tcpreplay to replay network packet files
The suite of tools that comprise tcpreplay offers administrators a variety of network security options. Learn some of the benefits of this free utility. Continue Reading
-
Tip
23 Sep 2024
How to prepare a system security plan, with template
To help keep your systems and applications secure, a system security plan is essential. Learn how to create a plan and keep it up to date. Continue Reading
-
News
23 Sep 2024
Microsoft issues first Secure Future Initiative report
In the first progress report since the launch of its Secure Future Initiative, Microsoft said it's made key improvements to identity and supply chain security. Continue Reading
-
Feature
20 Sep 2024
How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to easily break current encryption algorithms. Learn why and how to start making quantum security preparations. Continue Reading
-
Podcast
19 Sep 2024
SecOps' new frontier in the remote work era: HR
A CISO shares the story of how his SOC staff caught and contained a North Korean agent posing as a software engineer, saying he hopes to raise awareness of a growing threat. Continue Reading
-
Tip
16 Sep 2024
Explaining cybersecurity tabletop vs. live-fire exercises
Tabletop games and live-fire exercises are two ways to test the effectiveness of enterprise security controls and defenses. Discover how each works and how they differ. Continue Reading
-
Tip
16 Sep 2024
Microsoft Copilot for Security: 5 use cases
Copilot for Security can assist security pros -- from managers and CISOs to incident responders and SOC members -- in maintaining security posture and addressing security gaps. Continue Reading
-
Tip
10 Sep 2024
8 key aspects of a mobile device security audit program
Auditing is a crucial part of mobile device security, but IT admins must ensure their approach is thorough and consistent. Learn what aspects make up a mobile device audit program. Continue Reading
-
Tip
09 Sep 2024
How to create an AI acceptable use policy, plus template
With great power comes -- in the case of generative AI -- great security and compliance risks. Learn how an AI acceptable use policy can help ensure safe use of the technology. Continue Reading
-
Podcast
09 Sep 2024
An expert's big-picture view of the state of SecOps
In this first episode of 'IT Ops Query' Season 2, a SANS institute instructor and 20-year cybersecurity veteran assesses the past, present and future of SecOps. Continue Reading
-
Tip
06 Sep 2024
Threat hunting frameworks, techniques and methodologies
Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, methodologies and techniques that make it so effective. Continue Reading
-
Definition
06 Sep 2024
What is identity threat detection and response (ITDR)?
Identity threat detection and response (ITDR) is a collection of tools and best practices aimed at defending against cyberattacks that specifically target user identities or identity and access management (IAM) infrastructure. Continue Reading
-
Definition
06 Sep 2024
What is MXDR, and do you need it?
Managed extended detection and response (MXDR) is an outsourced service that collects and analyzes threat data from across an organization's IT environment. Continue Reading
-
Tip
05 Sep 2024
What is threat hunting? Key strategies explained
If you are ready to take a more proactive approach to cybersecurity, threat hunting might be a tactic to consider. Here's what security teams should know. Continue Reading
-
News
28 Aug 2024
Infosec experts applaud DOJ lawsuit against Georgia Tech
The Department of Justice joined a whistleblower lawsuit against Georgia Tech for allegedly misleading the Department of Defense about its cybersecurity posture. Continue Reading
-
Opinion
28 Aug 2024
Why is SecOps becoming both easier and more difficult?
While SecOps has become easier in some ways, enterprises still struggle with areas such as data volumes, threat intelligence analysis and security alert volume and complexity. Continue Reading
-
Tutorial
27 Aug 2024
How to use Tor -- and whether you should -- in your enterprise
The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise? Continue Reading
-
News
27 Aug 2024
Port of Seattle grappling with 'possible cyberattack'
A possible cyberattack against Washington's Port of Seattle has caused significant service disruptions to airline travel at the Seattle-Tacoma International Airport. Continue Reading
-
Definition
27 Aug 2024
What is LDAP (Lightweight Directory Access Protocol)?
LDAP (Lightweight Directory Access Protocol) is a software protocol used for locating data about organizations, individuals and other resources, such as files and devices, on public and corporate networks. Continue Reading
-
Tip
26 Aug 2024
How to use the NIST CSF and AI RMF to address AI risks
Companies are increasingly focused on how they can use AI but are also worried about their exposure to AI-fueled cybersecurity risks. Two NIST frameworks can help. Continue Reading
-
News
22 Aug 2024
CrowdStrike exec refutes Action1 acquisition reports
A CrowdStrike vice president said the cybersecurity giant had an exploratory group conversation with Action1 and then 'disengaged after a surface level conversation.' Continue Reading
-
Tip
19 Aug 2024
Guide to data detection and response (DDR)
Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools. Continue Reading
-
Tip
19 Aug 2024
Too many cloud security tools? Time for consolidation
Does your organization need every cloud security platform and service currently in use? Tool consolidation can reduce the chances of coverage gaps and increase security. Continue Reading
-
Tip
19 Aug 2024
CrowdStrike outage lessons learned: Questions to ask vendors
In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur. Continue Reading
-
Tip
19 Aug 2024
EDR vs. MDR vs. XDR: Key differences
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
-
News
13 Aug 2024
What the Delta-CrowdStrike lawsuit may mean for IT contracts
The recent exchange of allegations between Delta and CrowdStrike reveals legal arguments Delta could use to recover the massive losses suffered in the CrowdStrike outage. Continue Reading
-
News
13 Aug 2024
Law enforcement disrupts Radar/Dispossessor ransomware group
The now-disrupted Radar/Dispossessor ransomware gang was launched in August 2023, and its members have targeted dozens of SMBs across critical sectors via dual extortion. Continue Reading
-
Tip
13 Aug 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
-
Podcast
12 Aug 2024
Risk & Repeat: Recapping Black Hat USA 2024
Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology. Continue Reading
-
Tip
12 Aug 2024
How to fix Windows 11 desktops after CrowdStrike outage
IT administrators had to jump into action after the CrowdStrike outage to recover faulty desktops. Learn how to use the Microsoft Recovery Tool to fix Windows 11 issues. Continue Reading
-
Tip
12 Aug 2024
How to conduct a mobile app security audit
To keep corporate and user data safe, IT must continuously ensure mobile app security. Mobile application security audits are a helpful tool to stay on top of data protection. Continue Reading
-
News
12 Aug 2024
Flashpoint CEO: Cyber, physical security threats converging
Although Flashpoint is known for their cybersecurity threat intelligence services, the vendor also provides physical security intelligence to its clientele. Continue Reading
-
Tip
12 Aug 2024
EDR testing: How to validate EDR tools
Cutting through an EDR tool's marketing hype is difficult. Ask vendors questions, and conduct testing before buying a tool to determine if it solves your organization's pain points. Continue Reading
-
News
08 Aug 2024
CrowdStrike, AI dominate conversation at Black Hat USA 2024
Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion. Continue Reading
-
News
07 Aug 2024
CISA: Election infrastructure has never been more secure
CISA Director Jen Easterly emphasized at Black Hat 2024 that election stakeholders cannot be complacent because 'the threat environment has never been so complex.' Continue Reading
-
News
07 Aug 2024
CrowdStrike details errors that led to mass IT outage
CrowdStrike's investigation into the recent defective update found that a 'confluence' of issues led to the release of the channel file last month, causing a mass IT outage. Continue Reading
-
News
06 Aug 2024
Security framework to determine whether defenders are winning
Columbia University researcher and longtime security practitioner Jason Healey will present at Black Hat USA a new framework to determine defensive advantage. Continue Reading
-
News
05 Aug 2024
CrowdStrike fires back at Delta over outage allegations
After Delta Air Lines said it would seek damages against CrowdStrike over last month's IT outage, the cybersecurity vendor's legal counsel warned it would 'respond aggressively.' Continue Reading
-
News
01 Aug 2024
InfoSec community sounds off on CrowdStrike outage, next steps
Security experts offered their thoughts on the recent IT outage, praising CrowdStrike's response time but saying the outage highlights issues in the software updating process. Continue Reading
-
Tip
01 Aug 2024
How to assess SOC-as-a-service benefits and challenges
While in-house SOCs are costly and complex to build and maintain, SOC as a service provides a more affordable, cloud-based alternative. Explore benefits and challenges. Continue Reading
-
Definition
31 Jul 2024
What is cyber attribution?
Cyber attribution is the process of tracking and identifying the perpetrator of a cyberattack or other cyber operation. Continue Reading
-
News
30 Jul 2024
Microsoft, SecOps pros weigh kernel access post-CrowdStrike
Microsoft will explore alternatives to direct kernel access for partners following the CrowdStrike outage. But some IT pros worry that change could do more harm than good. Continue Reading
-
Opinion
29 Jul 2024
5 key capabilities for effective cyber-risk management
Faced with relentless cyberattacks, organizations need to shore up their cyber-risk management programs by updating legacy tools and checking out new vendor options. Continue Reading
-
News
26 Jul 2024
CrowdStrike outage underscores software testing dilemmas
Experts say efforts to avoid incidents such as last week's CrowdStrike outage will face time-honored tradeoffs between velocity, stability, access and security. Continue Reading
-
Opinion
26 Jul 2024
CISO advice for addressing cyber-risk management challenges
Cyber-risk management is simple in concept and difficult in practice. CISOs weigh in on some potential ways to reign in the chaos, educate executives and mitigate cyber-risks. Continue Reading
-
News
26 Jul 2024
BitLocker workaround may offer aid for CrowdStrike customers
CrowdStrike customers grappling with blue screens of death from the recent IT outage may be able to sidestep BitLocker encryption schemes and recover their Windows systems. Continue Reading
-
News
26 Jul 2024
CrowdStrike: 97% of Windows sensors back online after outage
While most Windows systems are back online after last week's outage, CrowdStrike CEO George Kurtz said the vendor remains 'committed to restoring every impacted system.' Continue Reading
-
Opinion
25 Jul 2024
CrowdStrike disaster exposes a hard truth about IT
Growing third-party dependencies mean more CrowdStrike-like disasters ahead. Preventing these requires a commitment to quality from vendors and robust backup plans from users. Continue Reading
-
Feature
25 Jul 2024
The differences between open XDR vs. native XDR
Extended detection and response tools are open or native. Learn the differences between them, and get help choosing the right XDR type for your organization. Continue Reading
-
News
24 Jul 2024
CrowdStrike: Content validation bug led to global outage
CrowdStrike said last week's global outage was caused by a bug in the Falcon platform's content validator, which missed a defective configuration update for its Windows sensor. Continue Reading
-
Tip
24 Jul 2024
Types of MDR security services: MEDR vs. MNDR vs. MXDR
Considering MDR security services? There's more than one option available; learn how to find the best for your organization's security needs. Continue Reading
-
Podcast
23 Jul 2024
Risk & Repeat: Faulty CrowdStrike update causes global outage
Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more. Continue Reading
-
Feature
23 Jul 2024
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks. Continue Reading
-
Tip
19 Jul 2024
Why mobile security audits are important in the enterprise
Mobile devices bring their own set of challenges and risks to enterprise security. To handle mobile-specific threats, IT should conduct regular mobile security audits. Continue Reading
-
News
19 Jul 2024
Defective CrowdStrike update triggers mass IT outage
A faulty update for CrowdStrike's Falcon platform crashed customers' Windows systems, causing outages at airlines, government agencies and other organizations across the globe. Continue Reading
-
Answer
19 Jul 2024
How to protect port 139 from SMB attacks
Keeping port 139 open is perfectly normal -- but only for good reason. Without the proper protections, it can present a major security risk. Continue Reading
-
News
18 Jul 2024
Judge tosses most of SEC's lawsuit against SolarWinds
A judge dismissed many of the charges in the U.S. Securities and Exchange Commission's lawsuit against SolarWinds and its CISO, Timothy Brown, though some charges remain. Continue Reading
-
Tutorial
18 Jul 2024
How to use Pwnbox, the cloud-based VM for security testing
Pwnbox offers users the chance to hone their skills about security concepts and tools without having to build a costly lab environment. Continue Reading
-
News
18 Jul 2024
Amazon CISO discusses the company's cautious approach to AI
At the recent AWS re:Inforce 2024 conference, Amazon CISO CJ Moses spoke about the risks and threats associated with new AI technology and how the cloud giant addresses them. Continue Reading
-
Opinion
09 Jul 2024
CISOs on how to improve cyberthreat intelligence programs
Organizations need to take a focused approach to gain visibility into targeted threats for cyber-risk mitigation and incident response. Continue Reading
-
Feature
08 Jul 2024
How AI-driven SOC tech eased alert fatigue: Case study
Alert fatigue is real, and it can cause big problems in the SOC. Learn how generative AI can improve security outcomes and reduce analysts' frustration in this case study. Continue Reading
-
Feature
03 Jul 2024
RSA security conference video roundup: 2024 perspectives
We chatted on camera with attendees and presenters at RSAC 2024. To get the highlights of one of the world's major cybersecurity conferences, check out this video collection. Continue Reading
-
News
28 Jun 2024
TeamViewer breached by Russian state actor Midnight Blizzard
TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials. Continue Reading
-
Tutorial
28 Jun 2024
How to use Social-Engineer Toolkit
Testing system components for vulnerabilities is just one part of the network security equation. What's the best way to measure users' resilience to social engineering threats? Continue Reading
-
News
25 Jun 2024
CISA discloses breach of Chemical Security Assessment Tool
The breach, which CISA first disclosed in March, stemmed from Ivanti zero-day vulnerabilities that a Chinese nation-state threat actor first exploited in January. Continue Reading
-
Definition
25 Jun 2024
digital signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or software. Continue Reading
-
News
21 Jun 2024
Biden administration bans Kaspersky Lab products in US
The Biden administration announced a ban on Kaspersky Lab products inside the United States due to the antivirus vendor's ties with the Russian government. Continue Reading
-
News
20 Jun 2024
How Amazon's decision to ditch Active Directory paid off
Amazon's decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move. Continue Reading
-
Podcast
18 Jun 2024
Risk & Repeat: Microsoft under fire again over Recall
Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing. Continue Reading
-
News
17 Jun 2024
Alex Stamos on how to break the cycle of security mistakes
In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI. Continue Reading
-
News
14 Jun 2024
Congress grills Microsoft president over security failures
Microsoft President Brad Smith testifies on a wide range of issues, including Chinese and Russian nation-state attacks, the controversial AI-powered Recall feature and more. Continue Reading
-
Guest Post
14 Jun 2024
The enduring importance of digital trust
Digital trust is an increasingly important issue, yet confusion remains about what exactly it is, how to achieve it and how to get started. Continue Reading
-
News
12 Jun 2024
AWS touts security culture, AI protections at re:Inforce 2024
AWS executives highlighted the company's longstanding security, which evoked comparisons to its chief cloud rival Microsoft and the recent Cyber Safety Review Board report. Continue Reading
-
Tip
05 Jun 2024
How to write a useful cybersecurity incident report
Reacting to a cybersecurity event is just half the battle. An incident report can help companies understand why the attack occurred and how to avoid future security issues. Continue Reading
-
Opinion
30 May 2024
RSA Conference wrap-up: The state of cybersecurity disconnect
The cybersecurity industry isn't prepared for massive changes in play. It needs to focus more on the mission rather than cybersecurity technology widgets. Continue Reading
-
Tip
29 May 2024
How to converge networking and security teams: Key steps
Companies can reap a lot of benefits by merging their networking and security teams. But it takes careful planning to make it work. Continue Reading
-
Feature
23 May 2024
The 10 most common ERP security issues and ways to fix them
Today's ERP systems are exposed like never before. Learn about the most common ERP security issues companies are facing and how IT and security teams can address them. Continue Reading
-
News
23 May 2024
CISA executive director discusses CIRCIA, incident reporting
CISA Executive Director Brandon Wales speaks with TechTarget Editorial to discuss CIRCIA and the importance of incident reporting to the larger cybersecurity ecosystem. Continue Reading
-
News
22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'
Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
-
Tip
21 May 2024
5 Mitre ATT&CK framework use cases
The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity. Continue Reading
-
Feature
17 May 2024
How AI-driven patching could transform cybersecurity
At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
-
Definition
15 May 2024
out-of-band authentication
Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a separate communication channel along with the typical ID and password. Continue Reading
-
Opinion
14 May 2024
AI PCs need apps with broad use cases to gain traction
There are many ways local AI on PC hardware can help users, but the broader use cases aren't there yet. Learn about the emerging AI PC market and where it still needs to grow. Continue Reading
-
News
14 May 2024
SonicWall CEO talks transformation, security transparency
SonicWall's CEO said that following a string of serious vulnerabilities the company responded to in 2021, product development and quality assurance operations were overhauled. Continue Reading
-
News
10 May 2024
US officials optimistic on AI but warn of risks, abuse
Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
-
News
09 May 2024
'Secure by design' makes waves at RSA Conference 2024
Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects. Continue Reading
-
News
08 May 2024
Experts highlight progress, challenges for election security
Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape. Continue Reading
-
News
08 May 2024
Microsoft touts expansion of Secure Future Initiative
At RSA Conference 2024, Microsoft vice president Vasu Jakkal discussed some of the criticisms leveled against the company and how the Secure Future Initiative will address them. Continue Reading
-
Tip
07 May 2024
How to detect deepfakes manually and using AI
Deepfakes rely on AI to generate realistic but counterfeit content. A variety of automated tools and manual hints can help organizations pinpoint deepfake videos and images. Continue Reading
-
Tutorial
07 May 2024
How to configure sudo privilege and access control settings
Learn how to use the sudo command for access control configurations, from granting full administrative privileges to delegating roles. Continue Reading