Security News

Shadow admins pose a threat to organizations because these accounts have privileged access to perform limited administrative functions on Active Directory objects. Threat actors seek shadow admin accounts because of their privilege and the stealthiness they can bestow upon attackers.

While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system of systems. In short, threat modeling answers questions as "Where am I most vulnerable to attacks?", "What are the key risks?", and "What should I do to reduce these risks?".

Threat detection and response solutions provider Vectra AI on Thursday announced that it has raised $130 million at a valuation of $1.2 billion, which makes the company the latest cybersecurity unicorn. The funding, which brings the total raised by the firm to $350 million, was led by Blackstone Growth, with participation from existing investors.

The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a cyber criminal. The data may be published before a victim can respond to an extortion attempt, and the threat actors may not provide complete records of what was taken even if the victim pays up.

Much of SecurityWeek's CISO Conversations series discusses how to be a leader. This begs a fundamental question: what makes a good leader - is a good leader born or bred? That's one of the questions we asked our two CISOs - Jennifer Watson of Raytheon Intelligence & Space and Mary Haigh of BAE Systems - for this issue of CISO Conversations dealing with the defense sector.

Navy SEAL platoons are beefing up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence. Ten years after they found and killed Osama bin Laden, U.S. Navy SEALs are undergoing a major transition to improve leadership and expand their commando capabilities to better battle threats from global powers like China and Russia.

Whatever unit of measurement you use, it's clear that more and more enterprise computing is happening in the cloud - which also means the cloud is an ever-growing target for cyber attackers. SANS Institute has expanded its line-up of cloud-focused security courses, adding six freshly minted courses, with a seventh one currently in beta testing phase.

CrowdStrike announced a series of integrations with CrowdStrike Security Cloud that correlates the CrowdStrike Falcon platform's enriched endpoint and workload telemetry with network telemetry for greater end-to-end visibility and contextual insights to combat threats. These integrations with leaders in network detection and response and network threat analytics help mutual customers build a cohesive platform tailored to protect and defend against any threats across all enterprise software components, wherever those threats are encountered.

Ermetic announced a new version of the Ermetic platform that continually monitors the access behavior of user and machine identities to detect suspicious activity and prevent security threats. The new capabilities enable organizations to protect against unusual data access, suspicious configuration changes, privilege escalation and more, in multicloud environments.

F5 announced enhancements to its application security portfolio. "To help today's customers succeed, security must be native to applications and APIs, continuous, applied in real time, and powered by data and AI.".