Kroll Names Managing Director Benedetto Demonte North America Leader for Cyber Security and Investigations Practice
Leidos Joins Forces with IBM, Unisys, and Verizon to Pursue the U.S. Navy's Next Generation Enterprise Networks Re-compete Service Management, Integration and Transport Program
Global Data Sentinel and Mice360 join forces as GDS360 to capitalize on increasing demand for Data Security solutions for Financial Markets and Blockchain
BETHESDA, Md., Jan. 24, 2018 -- Cyber threat intelligence (CTI) is becoming more useful overall, especially to security operations teams that are working hard to integrate intelligence into their prevention, detection and response actions, according to results of the CTI survey to be released by SANS Institute in a two-part webcast on Tuesday, February 6, 2018 and Wednesday, February 7, 2018.
"As the threat landscape continues to change, and with more advanced attackers than ever, security teams need all the help they can get to more effectively prevent, detect and respond to threats," says the survey's author, Dave Shackleford, SANS Analyst and Senior Instructor.
In one of the clearest trends SANS has seen over the past three years, respondents have increasingly stated that CTI is improving their prevention, detection and response capabilities:
- In this new survey (2018), 81% of respondents affirmed that CTI is helping, compared to 78% in 2017 and 64% in 2016.
- In addition, the number of respondents who answered "unknown" (in other words, they didn't feel they could answer the question confidently) has steadily decreased from 34% in 2016 to 21% in 2017, and now to only 15% in 2018.
- Moreover, 73% of respondents reported improved visibility into threats and attack methodologies impacting their systems.
"Fortunately, many organizations are sharing details about attacks and attackers, and numerous open source and commercial options exist for collecting and integrating this valuable intelligence all of which have resulted in improvements in organizations' abilities to improve security operations and detect previously unknown attacks," Shackleford continues.
As a result of their CTI program efforts, respondents report better visibility and improved security operations. For example, 71% indicated overall satisfaction with visibility into threats and indicators of compromise (IoCs). When specifying improvements, 70% of participants reported improved security operations, while 66% cited improved ability to detect previously unknown threats.
Shackleford summarized the results this way: "These results reinforce the trends we're seeing that indicate CTI is being primarily aligned with the SOC and is tying into operational activities such as security monitoring, threat hunting and incident response."
Register to learn more about the full survey results during a two-part webcast. Part 1, on Tuesday, February 6 at 1 PM Eastern, will focus on the current state of CTI and its usefulness. Part 2, held on Wednesday, February 7 at 1 PM Eastern, will explore how the growing use of CTI impacts cyber security skills and best practices. Both webcasts, which are hosted by SANS, are sponsored by Anomali, DomainTools, IntSights, Rapid7 and ThreatConnect.
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst, Senior Instructor and CTI expert, Dave Shackleford.
@daveshackleford presents SANS 2018 CTI Survey results on two-part webcast | Feb 6 www.sans.org/webcasts/105810 | Feb 7 www.sans.org/webcasts/105815
Integrating threat intelligence | SANS Survey results released | @daveshackleford presents Feb 6 webcast | www.sans.org/webcasts/105810
How does CTI improve cyber security tools and best practices? | Get @daveshackleford's thoughts in a Feb 7 live webcast| Register at www.sans.org/webcasts/105815
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
Responding to Cyber Attacks: LegalCIO 2018 Roundtable Offers Practical Advice for Law Firms and Legal IT Professionals
, -- , a global provider of cyber security and risk management services, announced today that it will host a roundtable on incident response best practices on as part of the LegalCIO conference. The conference is held in conjunction with Legalweek New York 2018 January 29 – at the New York Hilton Midtown. experts John Hawley, VP of Product Strategy and , Manager, ActiveResponse, will lead a discussion on, "Is Your Organization Prepared for a Cyber Attack? Key Takeaways from Real-Life Incidents."
and Cook will share learnings from recent incident response engagements with participants, along with insights on best practices. Other topics of discussion will include:
NEW YORK, Jan. 22, 2018 – CA Technologies (NASDAQ:CA) today revealed results following the second phase of a global survey of more than 1,200 IT leaders around the topic of secure software development. Conducted by IT industry analyst firm Freeform Dynamics, the new report entitled, “Integrating Security into the DNA of Your Software Lifecycle,” highlights the influence of an organization’s culture on its ability to integrate security practices into their software development initiatives, a practice and approach commonly known as DevSecOps.
Today’s digital economy is fueled by software. When software is developed with security integrated from the start, the risk of data breaches is greatly diminished, providing users with heightened levels of confidence and trust when engaging with applications and services that are so ubiquitous in our online world.
According to survey respondents, the majority confirmed that software development supports growth and expansion, helps businesses compete and drives digital transformation. And yet, the findings show that, as software becomes more critical to business success in the digital economy, security concerns are exponentially on the rise. In fact, 74% of respondents agreed that security threats due to software and code issues is a growing concern. CA Veracode’s State of Software Security Report 2017 found that vulnerabilities continue to crop up in previously untested software at alarming rates, with 77% of apps having at least one vulnerability on initial scan.
Creating a culture of secure software development is a major challenge, according to the survey findings. An overwhelming 58% of respondents cited existing culture and lack of skills as hurdles to being able to embed security testing and evaluation within software development processes. Only 24% strongly agreed that the organization’s culture and practices supported collaboration across development, operations and security. On top of cultural limitations, less than a quarter of respondents strongly agreed that senior management would sacrifice time to market in order to have sufficient time to assess and repair software security vulnerabilities.
“Security is a key principle in any Modern Software Factory. While our survey findings confirm an overarching recognition in the importance of ensuring that data and systems are built and maintained securely, there is still a lack of cultural adoption within organizations around this pressing issue,” said Ayman Sayed, president and chief product officer, CA Technologies. “When coupled with security, Intelligent IT – the use of AI, machine learning and analytics to make better, more informed decisions – can dramatically change the way that business is done.”
The report showcases characteristics of “Software Security Masters” (the top 34% of respondents), which are organizations that have been able to fully integrate security into their software development lifecycles. This includes conducting early and continuous application testing for security vulnerabilities, as well as embracing the practice of DevSecOps.
In fact, when compared with the mainstream, respondents from the Software Security Masters were over two times more likely to strongly agree that they viewed security as an enabler of new business opportunities. These organizations also exhibited the following attributes:
● 50% higher profit growth
● 40% higher revenue growth
● Are 2.6x more likely to have security testing keep up with frequent app updates
● Are 2.5x more likely to be outpacing their competitors
“The organizations labeled as Software Security Masters are the beacons of hope in today’s digital economy. Not only do they exemplify and represent the cultural mindset necessary to adapt and thrive in today’s dynamic market, they are influencing change within the industry while shaping the workplace of the future,” concluded Sayed.
The global online survey of 1,279 senior IT and business executives was sponsored by CA Technologies and conducted by industry analyst firm Freeform Dynamics in July 2017. It was augmented by in-depth telephone interviews with key industry executives. For full survey methodology details, please see the report, “Integrating Security into the DNA of Your Software Lifecycle.”
Download the full report and other supporting materials:
● Report: Integrating Security into the DNA of Your Software Lifecycle
● Ayman Sayed Blog: The Competitive Edge of DevSecOps
About Freeform Dynamics
Freeform Dynamics is an IT industry analyst firm. Through research and insights, the firm aims to help busy IT and business professionals get up to speed on the latest technology developments, and make better-informed investment decisions. For more information, and access to a library of free research, please visit www.freeformdynamics.com.