Organizations are increasingly tapping behavioral analytics to help incident responders "correlate data from multiple sources and save time in the response workflow" - in other words, to more quickly detect and mitigate breaches, says Nick Bilogorskiy at Juniper Networks.
Attackers continue to shift their tactics to help evade improvements in defenses, says Rick McElroy, security strategist for Carbon Black. Recent trends include fileless attacks, shifting from PowerShell to WMI, plus cryptojacking and credential harvesting.
To increase the effectiveness of security information and event management tools, while lowering the rate of false positives, organizations need to bring in more context about user behavior, says Derek Lin of Exabeam.
Michael Jones of Domain Tools says that studying domain ownership information gives organizations "contextual data around domains that may be attacking them," thus allowing them to better block attacks, avoid malicious sites and combat phishing campaigns.
A health system's decision to reportedly suspend about a dozen employees for apparently snooping at health records related to the tragic death of a co-worker spotlights the many challenges involved with preventing and detecting insider breaches.
Electric car manufacturer Tesla has sued a former employee for sabotage, alleging that he "unlawfully hacked the company's confidential and trade secret information" and gave it to third parties while leaving a trail designed to implicate other employees. The ex-employee, however, claims he's a whistleblower.
Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.
We need to talk about ransomware, says James Lyne, global research adviser at Sophos: "It's not the big, sexy security topic that it once was, but there's some really interesting evolution in their tactics." Lyne rounds up the latest tactics and describes how machine learning is offering new defensive hope.
Recent failures of IT systems at some major airports and banks are a reminder that as an organization launches a digital transformation project, or seeks to move more of its processes to the cloud, those efforts won't necessarily proceed smoothly or securely, says Skybox Security's Justin Coker.
To stop malware, it helps to spot it as fast as possible and keep tabs on what it might be trying to do. "We all know that a well-funded, patient, creative attacker - there's no way to keep them out," says Lastline's Patrick Bedwell.
The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any technical detail or present solid facts or alternatives to suspect technology, says Jaya Baloo, CISO of KPN Telecom.
When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.
Driven by the EU's General Data Protection Regulation and other regulations, as well as the move to the cloud, more organizations are turning to data classification to help them silo and protect their most sensitive information, says Tony Pepper, CEO of Egress.