Free Cybersecurity Research, Whitepapers, Reports | SC Media

This infographic highlights the distinct roles and responsibilities crucial to managing cloud computing effectively. The CIO leads the cloud strategy, ensuring alignment with business goals, while the CISO focuses on embedding security into adoption processes, assessing compliance, and managing incident response. IT Operations handles the technica...

Cloud security remains a top priority for organizations transitioning to cloud technologies, as they face the dual challenge of innovation and protecting sensitive assets. For Chief Information Security Officers (CISOs), managing cloud environments within the shared responsibility model requires careful attention to safeguarding both provider infr...

Insights from frontline professionals Small and medium-sized businesses (SMBs) bear the brunt of the cybersecurity skills gap. Based on the insights of 5,000 frontline IT/cybersecurity professionals, this report reveals the frontline impact of the resourcing shortage. It includes: How and why SMBs are disproportionately impacted by the cybersecur...

Best practices for using tabletop exercises to prepare for cyberattacks Based on the Sophos Cybersecurity team’s own approach, this guide aims to help organizations prepare for potential attacks. It covers: The different types of security tabletop exercises Examples of cybersecurity scenario themes we have run at Sophos 17 best practices fo...

The National Renewable Energy Laboratory (NREL)’s Clean Energy Cybersecurity Accelerator™ (CECA) program performed an evaluation of the runZero Platform that accurately identified and inventoried all OT and IT IP-addressable assets through proprietary active scanning and passive traffic sampling in the test environment. The CECA evaluations ...

As a leading CAASM platform, runZero has a unique perspective on the state of asset security. Our research team recently analyzed tens of millions of sample data points to better understand today’s attack surfaces, exposure patterns, and emerging threats — and the results were surprising! Download the inaugural runZero Research Report to see...

Insights from frontline professionals Small and medium-sized businesses (SMBs) bear the brunt of the cybersecurity skills gap. Based on the insights of 5,000 frontline IT/cybersecurity professionals, this report reveals the frontline impact of the resourcing shortage. It includes: How and why SMBs are disproportionately impacted by the cybersecur...

Lessons from IT and Cybersecurity Leaders Better understand the complex relationship between cyber defenses and cyber insurance in this report based on a global survey of 5,000 IT/cybersecurity leaders. It includes: Factors driving organizations to take out cyber coverage The impact of cyber defense investments on insurability Incident payouts, i...

The 2024 LevelBlue Futures report captures the growing risks businesses face and the variety of challenges that get in the way of cyber resilience. For example: Compliance with regulations often demands unattainable information. Cyber resilience is frequently not prioritized across the entire organization. Lack of clarity over responsibilities po...

The 2024 LevelBlue Futures report unpacks the different concerns and objectives of C-Suite executives (CIOs, CTOs and CISOs), how those differences can come into conflict and how to find common ground on the path to cyber resilience to more effectively balance innovation, compliance and risk management. This storybook distills the key insights int...

Network security controls are no longer reliable or sufficient. They are easily evaded, prone to false positives, and feed a costly ecosystem of alert management and incident response. According to pen testing by Positive Technologies, an external attacker can breach a network perimeter in 93% of cases. This is unacceptable, and you no longer need...

Organizations recognize the potential in adopting AI both for general use and for their security platforms in general. Many see AI tools as a possible way to streamline everyday tasks, freeing up administrators and security professionals to focus on broader, long-term strategic matters. There are, however, concerns around just how difficult it wil...

By adhering to clear access policies and lever- aging tools like Multi-Factor Authentication (MFA) and Just-In-Time (JIT) access, organizations can streamline security while minimizing risks. This infographic outlines what that looks like, using insights compiled by a CyberRisk Collaborative task force formed to address the complexities faced by C...

In October 2024, members of the CyberRisk Collaborative organized a task force to address the complexities faced by CISOs in implementing and optimizing identity security. This task force aimed to develop a shared understanding of the challenges around identity security, create a framework for a mature program, and provide practical steps and t...

If you are wondering where to start your passwordless journey, this eBook is for you. While focusing on best practices in securing both the workforce and high-risk users, it explores different options for passwordless authentication, the specific security and compliance tradeoffs they entail and the long-term benefits gained by going passwordless....

Find out why MSSPs must integrate comprehensive security awareness training into their services to continue to ensure effective cybersecurity for their clients

Read the Case Study about FutureSafe, a Check Point MSSP, offering a carefully curated selection of top-tier cybersecurity services.

Why MSSPs Should Transition from Fear-Based Sales Strategies to a Value Centric Approach

Discover the top 10 advantages of leveraging cybersecurity managed services, from enhanced threat detection and proactive risk management to cost-effective solutions that ensure round-the-clock protection of critical business assets.

Enabling MSSPs to Boost Growth and Enrich their Services. Learn about our Top Tier Security through a simple, scalable and profitable program.

With Security Orchestration, Automation, and Response (SOAR) solutions, what you see isn’t always what you get. D3’s new whitepaper exposes the hidden costs and frustrations of legacy SOAR tools that often lead to abandoned implementations and wasted resources. Drawing from real-world experiences and breaking down common pitfalls, this...

D3’s 2024 MSSP Survey provides a comprehensive snapshot of the managed security service provider industry, straight from the professionals on the front lines. This groundbreaking report reveals the current state of MSSPs, their challenges, growth strategies, and the transformative impact of automation on their operations.Download the survey ...

The 2024 SANS SOC Survey delivers comprehensive insights into the operations of modern Security Operations Centers (SOCs), based on feedback from over 1,500+ security experts. This report explores the current landscape, identifying obstacles and strategies for optimizing security operations. Read this report to learn about: Enhancing SOC capabili...

Gain insights into the challenges facing SOCs and discover the most effective strategies for increasing efficiency and reducing analyst burnout. Security Operations Centers (SOCs) are struggling to keep pace with escalating alert volumes, sophisticated threats, and analyst burnout. This 2024 report from Osterman Research, sponsored by Dropzone AI,...

Discover how AI can enhance your SOC by reducing alert overload, improving response times, and focusing your team on real threats. SOCs are overwhelmed by an ever-growing number of alerts, complex cyberattacks, and a shortage of skilled analysts. The CISO Guide to Leveraging AI in Security Operations provides clear insights into how AI can tackle ...

Learn how AI can transform your SOC by automating alert investigations, improving response times, and allowing your team to focus on the most critical threats. SOCs are inundated with an overwhelming number of alerts, and keeping up can be difficult. The Strategic Buyer’s Guide to AI Solutions for SOCs provides actionable insights on how AI ...

ManageEngine’s PAM Buyer’s Guide provides essential insights to help you choose the right PAM solution based on factors like critical capabilities, implementation timeline, compliance, cyber insurance, and ROI. Whether you are just getting started with privileged access management or switching from another solution, this guide will hel...

ManageEngine’s PAM maturity model will help you understand the level of PAM capabilities that you need and give you insights on how to move ahead in your PAM journey based on your identity security policies, enterprise environment, IT priorities, and more—regardless of which industry vertical you belong to. Empowered by ManageEngine’s ...

Cybersecurity technology goes hand in hand with policy-based governance. One of the first steps to Privileged Access Management (PAM) success is defining clear and consistent policies that everyone who uses and manages privileged accounts understands and accepts. You can use this sample policy as a starting point to build a PAM policy for your org...

As consumer technology brands and the FIDO Alliance create demand for passwordless authentication, you’re bound to hear that your employees expect the same type of seamless login experience at work. However, workplaces have complex technology and process requirements that are tied to traditional password-based authentication. Plus, even if y...

An estimated 80% of breaches involve privileged access abuse (according to Forrester Research). Such violations include highly visible supply chain breaches at Solar Winds, Microsoft Exchange, and Colonial Pipeline. Along with an Executive Order from the Biden administration in the U.S., this has brought zero trust into the spotlight. While there ...

2nd Edition: Updated and Expanded for 2024 Cyber insurance isn’t a legal term, nor even a standard insurance term. There are hundreds, if not thousands, of cyber insurance policies from insurance companies worldwide. Each one tries to provide a unique offering to gain an advantage over the competition, which can make identifying the right po...

A fast, easy read to get up to speed on Privileged Access Management (PAM) and security basics With so many recent high-profile breaches accomplished through the compromise of passwords on privileged accounts, it’s time all cybersecurity stakeholders got educated. This free, 24-page book, Privileged Access Management (PAM) for Dummies, gives...

In today’s dynamic hybrid-cloud work from anywhere environments, traditional IAM falls short as any user can become highly privileged while accessing sensitive data or taking high-value actions. Modern IAM is crucial, offering intelligent privilege controls for security-first access. Delve into modern IAM approaches within Identity Security ...

This guide will explore the NIST functions relevant to TPRM, the scale for determining how mature your NIST implementation is, supply chain requirements included in NIST CSF and the platform functionality that can help a team meet those requirements. TPRM professionals evaluate vendors from a variety of industries and geographies, often from strik...

This white paper will explore the process of prioritizing third parties for incident response, building and distributing an incident-response questionnaire, and reporting on an organization’s risk status after a threat has been identified and evaluated. Organizations are overwhelmed by the many indicators of compromise (IoCs) they are alerte...

This month’s Cybersecurity Buyer Intelligence Report is based on an online survey conducted in September 2024 among 192 security and IT leaders and executives, practitioners, administrators, and compliance professionals in North America from CRA’s Business Intelligence research panel. The objective of this study was to explore various topics...

As cyber threats grow more sophisticated, securing the software pipeline has become critical. This article explores the importance of using zero CVE (Common Vulnerabilities and Exposures) images in containerized environments to mitigate risks early in the development lifecycle. By selecting a well-supported operating system, leveraging curated bas...

Optimizing your cybersecurity tool stack can often be a daunting exercise fraught with vulnerabilities, misconfigurations and too much or too little control. Innovation is key to staying ahead in cybersecurity, but sometimes chasing the ‘next big thing’ doesn’t lead you to the right destination. While it can seem essential to...

Optimizing your cybersecurity tool stack can often be a daunting exercise fraught with vulnerabilities, misconfigurations and too much or too little control. Innovation is key to staying ahead in cybersecurity, but sometimes chasing the ‘next big thing’ doesn’t lead you to the right destination. While it can seem essential to...

In today’s complex cybersecurity landscape, CISOs are tasked with building and maintaining tool stacks that not only defend against evolving threats but also drive efficiency and resilience. However, the strategic selection and optimization of these tools is far from straightforward. Common challenges, such as vendor sprawl, sunk cost fallacy, and...

There’s one certainty when it comes to your attack surface – it’s changing constantly. New vulnerabilities are disclosed hourly, new exploits for old vulnerabilities are publicly released and threat actors are updating their techniques continuously. Keeping up with the changing threat landscape while prioritizing your security re...

Dark Reading’s latest report reveals why an end-to-end defense strategy is essential to protecting your organization against the relentless wave of cyber threats. See why our OPSWAT and F5 combined solution enables organizations to enhance their overall cybersecurity posture. Get Data-Backed Intel on Key Topics Including: Lack of Preparedne...

Post-breach investigations often show that attackers exploit excessive privileges to move laterally within networks, accessing sensitive data. CISOs should counter this threat with a least privilege security model, granting users only the permissions they need for their job, and only for the time they need it. Despite being a long-standing best pr...

Tired of traditional SIEM solutions creating more headaches for you? You’re not alone. While SIEMs were built to gather and correlate data and streamline your IT operations, most have become too noisy and complex to manage. From false positives to the need for specialized management—not to mention skyrocketing costs as your data intake grows...

Application security is more important than ever, yet at the same time organizations are asking their developers to address a growing number of threats with smaller teams over larger landscapes. In many cases, respondents of our August 2024 Cybersecurity Buyer Intelligence survey said that smaller teams are tasked with securing the code of more...

In August 2024, members of the CyberRisk Collaborative organized a task force to address the complexities faced by CISOs in implementing and optimizing incident response programs. This task force aimed to develop a shared understanding of the challenges around incident response, create a framework for a mature incident response program, and pr...

In August 2024, members of the CyberRisk Collaborative organized a task force to address the complexities faced by CISOs in implementing and optimizing their business continuity, disaster recovery and incident response programs. This task force aimed to develop a shared understanding of the challenges around business continuity, disaster recov...

In the rapidly evolving field of cybersecurity, assessing and prioritizing vulnerabilities is crucial for protecting systems and data. The Common Vulnerability Scoring System (CVSS) is widely used to provide a standardized way to rate the severity of vulnerabilities. Over the years, CVSS has evolved through several versions—CVSS2, CVSS3, and the a...

When it comes to achieving more effective vulnerability management, CISOs from the CyberRisk Collaborative recommend following this framework:

In May 2024, members of the CyberRisk Collaborative organized a task force to address the complexities faced by CISOs in implementing and maturing GRC programs. This task force aimed to develop a shared understanding of GRC, create a framework for a mature GRC program, and provide practical steps and tools for organizations at various st...

In May 2024, members of the CyberRisk Collaborative organized a task force to address the complexities faced by CISOs in implementing and maturing GRC programs. This task force aimed to develop a shared understanding of GRC, create a framework for a mature GRC program, and provide practical steps and tools for organizations at various stages of th...

A security metric is only valuable when it meets certain conditions. Here are the key factors that make a security metric useful to a cybersecurity program:

A security metric is defined by the following characteristics:

In September 2022, members of the CyberRisk Collaborative organized a task force to share information about their use of security metrics and develop guidance for new members on how to develop and use these metrics to improve their cybersecurity programs. By March 2023, a standing security metrics task force was initiated to develop the CyberRi...

In 2024, identity is everything everywhere all at once. Our digital identities, specifically, help us navigate the complexities of an increasingly connected world. From mobile banking apps, online shopping and social media to video streaming services, patient health portals or AirBnB reservations, digital identities are what make it possible fo...

In the fast-paced realm of cybersecurity, the gap between detecting a threat and effectively responding to it can be critical. This year, incident response teams are facing unprecedented challenges that go beyond the cyber threats themselves. Widespread burnout and resource shortages are compounding the difficulties of managing and mitigating secu...

It’s no secret security operations are growing to be more complex than they were two years ago. From the massive pressure to detect and respond to threats to the persistent need to improve visibility and scalability, security professionals need to optimize their SOCs to ultimately keep organizational risk minimized.Download this in-depth eBo...

Bill, the CISO of a mid-size organization, is looking forward to a day at the ballpark, watching his daughter’s team, the Penguins, play for the city softball championships. Little did he know that his perfect day would be his worst day yet.In this ebook, learn how an Open XDR platform would have changed the outcome. “If I didn’t...

The long-awaited 2024 final Post Quantum Cryptography (PQC) selection process by NIST will formally activate the largest, global cryptographic transition in the history of computing affecting the data, systems, devices, and networks we rely on daily. Don’t panic, plan wisely. Understanding the security architecture of your networks, and the ...

Legacy data-security practices are inadequate for rapid cloud expansion and skyrocketing volumes of information. Paul Wagenseil looks at new ways to keep data accessible and secure.

There are several sequential steps that should be taken as part of an overall DSPM deployment, with the implementation of a DSPM tool as one of the final stages:

IT systems are more critical and more vulnerable than ever in today’s digital world. Yet, investors must be able to evaluate a company’s cyber risk management approach to make a reasonable investment decision.The SEC has recognized this, rolling out cybersecurity disclosure regulations that went into effect in December 2023 for all pub...

What does it take to achieve excellent attack surface management in the age of digital transformation?Protecting complex attack surfaces is difficult and often requires cyber tools that have complementary capabilities. Good cyber hygiene, effective configuration management that enforces cybersecurity policies, and continuous monitoring of cyber to...

Managing and protecting the thousands of devices that are connected to your network has never been more challenging. Cyber insurance is a key tool to mitigate the associated risks.However, the underwriting process can be burdensome and result in missed opportunities for both the insured and the insurer.To alleviate this burden, Tanium has partnere...

Explore quantitative and qualitative benefits identified by the 2024 Forrester Consulting Total Economic Impact™ (TEI) study of the Tanium Converged Endpoint Management (XEM) platform. Learn the cost savings and business benefits experienced by IT and security leaders working in a variety of industries; outcomes like these and more:· Reduced softw...

Enterprise IT teams are adapting to a new IT landscape with a workforce mostly or entirely remote indefinitely. More applications and storage are moving to the cloud. And cybercriminals, watching these changes unfold, are focusing their attention on new targets and new forms of attack.The inside-out enterprise: redefining IT SecOps for today’...

Endpoint security and management teams both share the goal of reducing risk, yet they often work in a segregated fashion. Consequently, they choose tech products that support their individual functions rather than products that support both, missing opportunities to serve the greater organization better. IDC research reveals a solution that struct...

Effectively coordinating software and patch deployments across an environment requires that IT ops and security teams be aligned, collaborative and accountable. This requires that key systems be in place and shared workflows be clearly defined. Learn the crucial role that cyber hygiene plays in this process in The ultimate guide to cyber hygiene. ...

Identity orchestration makes it possible for anyone — not just coding experts — to create, test, and deploy secure user experiences from registration and sign-on to the resource itself. It is a new foundation for Zero Trust architecture that bridges individual technologies for end-to-end user journey visibility. In this eBook, we look ...

In the eBook “Active adversaries: Who they are and how they’re targeting your organization,” we explored the threats posed by active adversaries — highly skilled, well-paid cybercriminals equipped with sophisticated software and networking skills, who are often part of a professional cybercriminal network dedicated to all m...

AI promises to significantly enhance the effectiveness and efficiency of TPRM teams. AI-driven analytics tools for the assessment process can sift through vast amounts of data, identifying patterns and correlations that would be impossible for humans to detect manually. This analysis can help identify potential risks in real-time, allowing organiz...

When it comes to third-party risk management (TPRM), most organizations today face a significant challenge: the sheer volume of third parties has exploded while organizational resources have not kept pace. This surge in third-party relationships pushes the capacity of traditional risk management practices to their limits, leading to a widening TPR...

Starting your identity and access management (IAM) journey is a challenging task. As the digital world is becoming even more complex, ad hoc solutions are not enough to ensure that sensitive data is protected and access to APIs, apps and websites is secured.Luckily, there are standard protocols in place to help avoid data leaks, comply with regula...

This white paper covers the key TPRM metric your team needs to track its effectiveness over time, the processes for gathering these metrics and tips for building a business case for your program. Third-party risk management (TPRM) teams often have to justify the cost of their programs to executive leadership, especially if they want to advocate fo...

The Federal Risk and Authorization Management Program (FedRAMP) is a cloud-specific cybersecurity program for the federal government. For a cloud solution provider (CSP) to do business in the federal space, their cloud service offering (CSO) must be FedRAMP certified. All cloud-based solutions procured by federal agencies must be compliant with Fe...

Review more vendors faster and more consistently with the help of AI technology. Third-party policy evidence reviews can be tedious, time consuming and labor intensive, leading many analysts to take shortcuts or skip some vendors all-together. As organizations’ third-party ecosystems continue to grow, analyst teams are increasingly strained ...

Identity compromise may feel inevitable, but thankfully there are strategic moves organizations can make to greatly reduce risk. In this whitepaper, you’ll learn how to build a multi-layered approach to comprehensively secure employees’ and external B2B users’ identities as they access enterprise resources, such as applications a...

Threat actors are targeting the users who contribute daily to organizations’ key cloud and digital initiatives – many of whom have more access than needed, with credentials that are insufficiently protected. And these attackers are finding new ways to work around traditional access tools that often aren’t designed to secure identities ...

APIs have in recent years grown to be essential to the digital strategy of the modern organization. To ensure that digital assets are securely distributed, and that privacy is maintained at all times, proper access management needs to be in place. Keeping APIs, and the data provided through them, safe and only available to the intended user is a m...

Leveraging the insights of 2,974 organizations that were hit by ransomware in the past year, this report examines the impact of compromised backups on ransomware outcomes including: The frequency of successful backup compromise across a range of industries The impact of backup compromise on ransom demands, ransom payment rates, and ransom amounts...

Cybersecurity professionals are a core element of an organization’s cyber defense. Yet there has been very little focus on how to best set them up for success. This analysis explores whether organizational structure affects cybersecurity outcomes. It looks at cybersecurity experiences through the lens of the organizational structure deployed...

This year, new stressors entered the fray. Many organizations expanded cloud partnerships and platforms to satisfy business requirements, inadvertently creating more blind spots and misconfiguration errors for IT security teams to track. Limited visibility into cloud-based inventory and lack of familiarity with multiple platforms have raised the s...

From key fobs to biometric readers, our digital world relies on identity and access management (IAM) to ensure security. However, with increasing cyber threats like phishing and deepfakes, the battle to protect access is intensifying. A recent survey of over 200 IT security professionals highlights progress in IAM implementation, but also heighten...

HOW TO REDUCE COSTS, REPORT RISK TO THE BOARD AND LEVERAGE MANPOWER Designed for the forward-thinking CISO, our comprehensive eBook dives deep into strategies to reduce costs, effective reporting of risk to the board, how to leverage manpower, and actionable steps for building a resilient cybersecurity posture. Learn how to: Reduce annual costs ...

The State of Enterprise Security Controls report by Veriti Research offers an unprecedented look into the challenges and opportunities facing organizations today. With insights derived from an extensive analysis of over 715 million logs and more than 100 different security controls, this report is your guide to taking your cybersecurity strategy t...

HOW TO REDUCE RISK EXPOSURE AND GET AWAY WITH IT Mastering risk reduction in cybersecurity demands a focus on the details and a proactive approach. Our whitepaper explores Automated Security Control Assessments (ASCA) as a pivotal tool for professionals who seek to address risk exposure reduction systematically and preempt threats. What You’...

Don’t expect the government to come charging to the rescue if your factory, power plant or rail yard is hit by a cyberattack. Instead, harden your systems against an attack before it happens, and train your staff to properly respond when the attack comes. Here’s a set of best practices to beef up the security of your OT systems.

The security of operational technology systems is generally years behind IT security, but government and industry are taking steps to close the deficit. Paul Wagenseil explores the biggest challenges facing OT security and explains the best practices to make yours as robust as possible.

Determining where and how to best allocate financial and human resources for cybersecurity initiatives is a complicated decision. It can be made even more fraught for those operating within the Department of Defense (DoD) supply chain, including contractors and subcontractors, who must ensure compliance with any number of regulatory frameworks tha...

The world keeps filling with more endpoints, spread across geographies: laptops, smartphones and tablets where users mix business and personal pursuits and open endless doors for ransomware gangs and other bad actors. One answer to the challenge is a context-sensitive defense, where the endpoint security solution automatically adapts to the contex...

Every minute of every day, security teams face an array of active adversaries — highly skilled, well-paid cybercriminals equipped with sophisticated software and networking skills. They are often part of a professional cybercriminal network, dedicated to infiltrating organizations’ systems, evading detection and continuously adapting t...

According to a recent survey, despite all the known identity risks and the protection afforded by multifactor authentication (MFA), 38% of organizations still don’t make MFA mandatory for their entire workforce, and 43% say at least 1 in 4 workforce identities are insufficiently secured. When set up right, MFA helps enterprises better protec...

How to choose a customer identity and access management solution that supports your most critical business objectives.

As online business expands, the amount and types of customer data you must protect have also grown exponentially. The way companies have handled authorization in the past is no longer sucient to prevent fraud and comply with privacy regulations.

What’s the best way to stop a cyberattack from turning into a full breach? Prepare in advance. Often, after an organization experiences a breach, they’ll realize they could have avoided a lot of cost, pain, and disruption if they had an incident response plan in place. This incident response guide will help you to: Gain a deep un...

66% of organizations were hit by ransomware in the last year. Is your endpoint protection solution optimally configured to protect against these devastating attacks? Get practical guidance on configuring your endpoint solution to provide optimum protection in this guide, and: Learn how ransomware attacks work Discover the six endpoint-protecti...