Vulnerability Prioritization & the Magic 8 Ball

October 10, 2024 at 07:08AM The CVE program, celebrating 25 years, has significantly advanced vulnerability management despite persistent challenges like inconsistency in CVE issuance, subjective severity scoring, and the automation of CVE creation. Effective patching requires a nuanced approach, prioritizing critical systems to mitigate risks from potential attacks across all system layers. ### Meeting Takeaways … Read more

Top 5 Myths of AI & Cybersecurity

October 2, 2024 at 10:10AM The global rise of sophisticated cybercrimes presents daily challenges for the cybersecurity industry, driving the integration of AI into security measures. However, the belief in AI as the sole solution for cybersecurity is debunked through various myths, emphasizing the importance of a balanced approach that combines AI with traditional security … Read more

Why Identity Teams Need to Start Reporting to the CISO

August 30, 2024 at 10:09AM CISOs face growing pressure as data breaches dominate headlines. The SEC’s new disclosure requirements put more accountability on them, recognizing identity management as crucial. IAM should report to CISOs and separate from IT to ensure effective governance. Implementing identity protection and micro-segmentation can mitigate breaches. CISOs need more organizational power … Read more

Vanta Raises $150 Million at $2.45 Billion Valuation

July 24, 2024 at 08:39AM Vanta, a security and compliance solutions provider, has raised $150 million in a Series C funding round, bringing their total funding to $353 million. The latest funding, led by Sequoia Capital, values the company at $2.45 billion. Vanta plans to use the funds for expansion and accelerating AI product innovation. … Read more

Is CISA’s Secure by Design Pledge Toothless?

May 10, 2024 at 02:28PM At the 2024 RSA Conference, tech giants like Microsoft, Amazon Web Service, IBM, and Fortinet have voluntarily agreed to meet a set of seven cyber security objectives outlined by the US’s cyber authority, CISA. The initiative lacks legal enforcement but aims to foster good security practices and investments across industries, … Read more

Education is the foundation of modern cyber defence

November 27, 2023 at 05:07AM SANS offers high-quality cyber security training in three different modalities: in-person, live online, and on-demand. The courses cover a range of topics including network security, incident handling, digital forensics, security architecture, and cloud security. Prospective students can preview courses with free hour-long demos to determine their level and evaluate the … Read more

SolarWinds: SEC ‘lacks the competence’ to regulate cybersecurity

November 9, 2023 at 12:12PM SolarWinds has strongly defended itself against the Securities and Exchange Commission’s (SEC) lawsuit over the 2020 SUNBURST cyberattack. The company called the SEC’s claims “fundamentally flawed” and stated that it had appropriate cybersecurity controls in place before the attack. SolarWinds accused the SEC of overreaching and lacking the authority to … Read more

Who’s Experimenting with AI Tools in Your Organization?

October 23, 2023 at 02:09PM The growth of AI productivity tools like ChatGPT has made AI accessible to all employees, but it poses challenges for IT and security teams. Nudge Security helps organizations understand and manage the risks associated with AI tools by discovering and inventorying the tools employees are using, accelerating security reviews, detecting … Read more