Opinion
Opinion
-
How organizations can learn from cloud security breaches
Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management. Continue Reading
-
Amazon IAM announcements at re:Invent 2023
At AWS re:Invent 2023, Amazon announced several new features around machine and human identities designed to improve identity and access management. Continue Reading
-
5 network security predictions for 2024
Check out network security trends for 2024 from Enterprise Strategy Group, from SaaS security and rising DDoS attacks to network and endpoint convergence. Continue Reading
-
Security continues to lag behind cloud app dev cycles
Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible. Continue Reading
-
Security highlights from KubeCon + CloudNativeCon 2023
KubeCon + CloudNativeCon provided valuable insights for security teams supporting cloud-native development, including securing GenAI, platform engineering and supply chains. Continue Reading
-
Research points to 5 ways to improve cybersecurity culture
Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture. Continue Reading
-
How to overcome the beginner cybersecurity career Catch-22
The workforce gap constantly makes headlines, but that doesn't mean breaking into the field is easy. Get advice on how to start on an entry-level cybersecurity career path. Continue Reading
-
Collaborate with third parties to ensure enterprise security
Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly. Continue Reading
-
Cloud-native app security? Ignore acronyms, solve problems
When building a cloud-native application security strategy, avoid new acronym and product category confusion. Look for products that effectively address top challenges instead. Continue Reading
-
Cloud-native firewalls are the next step in network security
The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls. Continue Reading
-
SailPoint extends identity security platform with data security
With DAS, privilege access management, AI and other features, SailPoint moves Atlas from an identity governance platform to an identity security platform. Continue Reading
-
Takeaways from Oktane23: Okta AI, universal logout and more
New game-changing security features from Okta speed threat detection and response times, enabling IT pros to log all users out of applications during a cyber attack. Continue Reading
-
Transitioning to single-vendor SASE will take time
New Enterprise Strategy Group research reveals enterprises are interested in single-vendor SASE -- but with multiple tools on hand, the transition will take planning and time. Continue Reading
-
CrowdStrike makes a breakout move
CrowdStrike's annual user conference emphasized the company's future vision for AI, automation and an integrated security IT approach. Continue Reading
-
6 reasons Cisco acquired Splunk
A treasure trove of Cisco and Splunk data, AI and analytics can improve cyber-resilience, accelerate threat detection and response, and enable more intelligent networks. Continue Reading
-
Google and Mandiant flex cybersecurity muscle at mWISE
End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution. Continue Reading
-
Strong identity security could've saved MGM, Caesars, Retool
Three cyber attacks that featured vishing led to compromised identities, data loss and the interruption of operations. Passwordless authentication could have prevented all three. Continue Reading
-
What to consider when creating a SaaS security strategy
Securing SaaS applications is more important and confusing than ever. Consider visibility, UX and workflow when creating a SaaS security strategy and adopting tools. Continue Reading
-
Google Cloud Next focuses on generative AI for security
Google discussed its vision for applying generative AI to cybersecurity at its Google Cloud Next conference in August, with announcements about new features and capabilities. Continue Reading
-
Time for an identity security revolution
Identity needs to be the foundational component of the cybersecurity stack, because attackers are primarily after an organization's data. Continue Reading
-
Identity needs a seat at the cybersecurity table
The shift to the cloud and remote work, combined with the rise of phishing and other identity-related attacks, puts identity security at the forefront of cybersecurity concerns. Continue Reading
-
Security hygiene and posture management: A work in progress
Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
-
Using defense in depth to secure cloud-stored data
To better secure cloud-resident data, organizations are deploying cloud-native tools from CSPs and third-party tools from MSPs to achieve a defense-in-depth strategy. Continue Reading
-
For stronger public cloud data security, use defense in depth
The amount of cloud-resident data is increasing -- and so are the number of challenges to sufficiently secure it, especially within multi-cloud environments. Continue Reading
-
AI helps humans speed app modernization, improve security
Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity. Continue Reading
-
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
-
App development trends and their security implications
Enterprise Strategy Group analysts look at how organizations are modernizing software development processes and how security teams can support the growth and scale. Continue Reading
-
New AWS security tools, updates help IT protect cloud apps
AWS released a slew of updates to improve security as IT pros develop and deploy more enterprise applications via public cloud services. Continue Reading
-
Cisco releases new security offerings at Cisco Live 2023
At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security. Continue Reading
-
Closing the book on RSA Conference 2023
AI, cloud security, SOC modernization and security hygiene and posture management were all hot topics at RSAC in San Francisco this year. Continue Reading
-
Protect against current and future threats with encryption
Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
-
2023 RSA Conference insights: Generative AI and more
Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
-
Addressing the confusion around shift-left cloud security
To clarify how shift-left security should work in terms of cloud-based application development, Enterprise Strategy Group analyst Melinda Marks dives deep into the process. Continue Reading
-
Cloud-native security metrics for CISOs
Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness. Continue Reading
-
10 hot topics to look for at RSA Conference 2023
RSA Conference 2023 promises another exciting year of cybersecurity discussions and hyperbole. Enterprise Strategy Group's Jon Oltsik shares what he hopes to see at the show. Continue Reading
-
Top RSA Conference 2023 trends and topics
Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
-
Why enterprise SecOps strategies must include XDR and MDR
Adopting extended detection and response and employing managed detection and response services may be the missing pieces of the SOC modernization puzzle. Continue Reading
-
Research examines security operations proficiency issues
Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least proficient. Learn where and how to fix it. Continue Reading
-
Accurately assessing the success of zero-trust initiatives
Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult. Continue Reading
-
Top takeaways from first CloudNativeSecurityCon
TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security. Continue Reading
-
DevSecOps needs to improve to grow adoption rates, maturity
Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
-
6 data security predictions for 2023
New tools are proliferating to secure data wherever it lives. Six data security trends -- ranging from AI washing to new data security platforms -- are in the forefront for 2023. Continue Reading
-
4 identity predictions for 2023
Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more. Continue Reading
-
Understanding the importance of data encryption
Encryption is a foundational element of cybersecurity. Organizations should implement encryption to counter the ever-growing threat of data breaches. Continue Reading
-
5 ways to enable secure software development in 2023
Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task. Continue Reading
-
6 cybersecurity buzzwords to know in 2023
Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
-
3 enterprise network security predictions for 2023
It's shaping up to be another banner year for network security. 2023 may see decryption-less threat detection, connected home-caused enterprise breaches and new SASE drivers. Continue Reading
-
XDR definitions don't matter, outcomes do
Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
-
7 steps to implementing a successful XDR strategy
There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading
-
Secure development focus at KubeCon + CloudNativeCon 2022
The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon. Continue Reading
-
Multichannel communications need more than email security
To remain protected against social engineering attacks in all communication channels, enterprises need new security strategies that extend beyond email to new collaboration tools. Continue Reading
-
Security hygiene and posture management requires new tools
Using multiple tools to address security hygiene and posture management at scale is costly and difficult. A new converged security technology category may be the answer. Continue Reading
-
How Sheltered Harbor helps banks navigate cyber-recovery
Banks must be able to recover quickly from a cyber attack -- a difficult task, given the volume and sophistication of attacks. The not-for-profit Sheltered Harbor aims to help. Continue Reading
-
Multifactor authentication isn't perfect, passwordless is better
Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy. Continue Reading
-
5 ways to improve your cloud security posture
With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why. Continue Reading
-
How data security posture management complements CSPM
Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading
-
How to start developing a plan for SASE implementation
From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap. Continue Reading
-
Data security as a layer in defense in depth against ransomware
Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack. Continue Reading
-
Why 2023 is the year of passwordless authentication
Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
-
What's driving converged endpoint management and security?
Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG. Continue Reading
-
Top cloud security takeaways from RSA 2022
Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG. Continue Reading
-
ESG analysts discuss how to manage compliance, data privacy
ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture. Continue Reading
-
Data security requires DLP platform convergence
Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features. Continue Reading
-
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective. Continue Reading
-
Shifting security left requires a GitOps approach
Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
-
IaC security options help reduce software development risk
The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk. Continue Reading
-
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
-
Hybrid workforce model needs long-term security roadmap
From SASE to ZTNA to EDR to VPNs, enterprises need to deploy the technologies to develop a secure hybrid workforce model now that can work into the future. Continue Reading
-
Cybersecurity for remote workers: Lessons from the front
Tackle the security challenges COVID-19 wrought by using this playbook from an experienced disaster-zone responder. Continue Reading
-
AI in cybersecurity ups your odds against persistent threats
AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle. Continue Reading
-
Develop internal cybersecurity talent to build your dream team
Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development. Continue Reading
-
The case for cybersecurity by design in application software
Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading
-
Importance of cybersecurity awareness never greater
Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training. Continue Reading
-
Why nation-state cyberattacks must be top of mind for CISOs
Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why. Continue Reading
-
Plan now for the future of network security
How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future. Continue Reading
-
Bot management drives ethical data use, curbs image scraping
Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience. Continue Reading
-
The future of facial recognition after the Clearview AI data breach
The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition? Continue Reading
-
RSA 2020 wrap-up: VMware Carbon Black integrations; MAM for BYOD; how to handle non-employees
RSA is always full of interesting things to learn about, so here are a few more vendors I sat down with. Continue Reading
-
Idaptive adds new remote employee onboarding option & passwordless authentication to Next-Gen Access
Seeing more and more vendors jump on the passwordless train makes my heart swell! Continue Reading
-
RSA 2020 day 1: Windows 10X & secured core PCs; Hysolate updates; LastPass passwordless login
Security-focused conferences are my time to shine--and geek out on the latest in security news. Continue Reading
-
Idaptive is taking machine learning for authentication and applying it to authorization
We’ve seen AI/ML/analytics used for figuring out if a user is who they say they are. Now, how about if they’re doing what they should? Continue Reading
-
2 components of detection and threat intelligence platforms
Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading
-
Fresh thinking on cybersecurity threats for 2020
It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses. Continue Reading
-
Where does 1Password Enterprise Password Manager fit in the EUC landscape?
Reduce the chance of a breach due to poor password habits with password vaulting. Continue Reading
-
Shared responsibility model transparency boosts cloud security
The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture. Continue Reading
-
Login.gov starts to fill the gap between social logins and enterprise identities
Access federal services with a service designed for governmental use but that uses common standards. Continue Reading
-
What's the answer for 5G security?
Learn about the planning of 3GPP in developing specifications for 5G security in this synopsis of 5G Americas' white paper, 'The Evolution of Security in 5G.' Continue Reading
-
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
-
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
-
How to go passwordless if not all your apps support modern authentication standards
We want to eliminate passwords ASAP, unfortunately, some older apps can stand in the way of progress—thankfully, some identity providers devised solutions. Continue Reading
-
Okta competing with Microsoft, Google, and others in passwordless offerings
While giants Microsoft and Google try leading the passwordless charge, Okta also plans to help organizations cut down on password use. Continue Reading
-
NIST offers a handy vendor-neutral overview of zero trust architecture
Curious about zero trust but don’t understand it yet or how to achieve it, then NIST is here to help you. Continue Reading
-
Okta is making big investments in on-premises identity
Okta is also working to bring more context into access decisions. Continue Reading
-
How far is Google going in eliminating passwords?
We looked at Microsoft, let’s see how a couple other vendors are doing as well, starting with Google. Continue Reading
-
When will we finally ditch passwords? Here’s Microsoft’s 4-step plan
Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap? Continue Reading
-
A look at ID proofing: bootstrapping a digital ID using a mobile device and physical ID
For the moment, it’s more for B2C than for employees, but it’s poised to keep spreading. Continue Reading
-
Securing IoT involves developers, manufacturers and end users alike
Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures? Continue Reading
-
How does Menlo Security’s remote browser compare in an ever more crowded space?
There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare? Continue Reading
-
IoT botnets reach new threshold in Q2 of 2019
Defending against the rising number and increasing sophistication of IoT botnet attacks isn't an easy task. Learn about the latest threats and the techniques to mitigate them. Continue Reading
-
The must-have skills for cybersecurity aren't what you think
The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change. Continue Reading