Over the past few years, the concept of vulnerability management has grown beyond crucial network scans to include the security of applications and a growing number of endpoints. It’s the cornerstone of a proactive security strategy that incorporates the best of both offensive and defensive security tactics.
We...
Cymulate has raised $70 million to strengthen its presence in new areas such as attack surface management and continuous automated red teaming. The company plans to deepen its wallet share among midmarket customers by working more closely with managed security service providers.
In today's dynamic threat environment, security teams must adopt a risk-based approach, prioritizing the most important areas of their organization. They also should not be afraid to seek outside help. Murtaza Hafizji of Bugcrowd discusses the merits of crowdsourced security.
HelpSystems acquired Dutch red-teaming startup Outflank to help critical infrastructure firms more effectively prepare for cyberattacks. The buying of Outflank will provide clients with a broader range of red-teaming software and services thanks to Outflank's tight integration with Cobalt Strike.
Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.
CISOs have enough tools to identify security weaknesses, says Yoran Sirkis, but they need a way to make the information those tools gather more accessible and to streamline the remediation process. The CEO of Seemplicity discusses how its platform can help security leaders manage remediations.
Last year, Rowland Johnson took on the role of president of CREST, the international not-for-profit membership body representing the global cybersecurity industry. Over the past 12 months, he says, he's taken time to "pause and reflect" and "define a new vision and mission" for CREST.
Web application attacks are one of the top causes of data breaches. Learn how to bolster the security of your applications with this comprehensive guide to penetration testing, based on two decades of experience and thousands of engagements.
Whether you’re embarking on your first application pen test, or you’ve...
A well-managed multi-cloud strategy "is a sensible approach" because it allows organizations to move different workloads between providers, but it gets a "bit more complicated when you start thinking about workload portability," says Lee Newcombe, security director, Capgemini U.K.
How do you figure out whether you’re ready for a pen test, a Red Team engagement, or a combination? One in five organizations do not test their software for security vulnerabilities, and even more aren't aware that you can combine both of these strategies to assess your network's security from all angles. Stop...
Supply chain risk must be part of an enterprisewide risk management program framework, says information security manager Matt Marciniak of financial service firm Quantile. Reducing risk requires an agile approach to supplier management, he says.
Vulnerabilities do not provide a comprehensive threat landscape but allow companies to feed their own risk analysis or an initial risk assessment. To provide insight into the threat landscape for ICS, Verve’s research team looked at updating the analytical comparison completed last year regarding the trend of ICS...
In today’s dynamic environment, with the proliferation of a wide array of different security products and the high chance for misconfigurations, testing security is more imperative than ever, says Scott Register, vice president of security solutions at Keysight.
“The only way to see if all these products have...
With cybercrime on the rise, unpublished vulnerabilities are the unknown menace threatening organizations today. This guide explores the different ways a company can use a black box fuzzing tool, to keep control of their software, products, and devices.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
