#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Attack Surface | Breaking Cybersecurity News | The Hacker News

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI

Feb 29, 2024 Attack Surface / Incident Response
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your cybersecurity investments? Let's take a closer look at the trends that are impacting organizations today, including the growing reach of data breaches and the increase in cybersecurity spending, and explore how you can get the most out of your cybersecurity resources, effectively securing your digital assets and maintaining your organization's integrity in the face of ever-evolving cyber threats. Successful data breaches In 2022, the number of people affected by data breaches increased significantly. According to the  Identity Theft Resource Center's 2022 Data Breach Report , more than 1,80
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

Feb 12, 2024 Threat Intelligence / Cyber Resilience
Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you're still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely the pinpointing of compromised user accounts that were used to spread in your network - unfortunately remains unattended. This task proves to be the most time-consuming for IR teams and has become a challenging uphill battle that enables attackers to earn precious time in which they can still inflict damage.  In this article, we analyze the root cause of the identity of IR blind spots and provide sample IR scenarios in which it acts as an inhibitor to a rapid and efficient process. We then introduce Silverfort's Unified Identity Protection Platform and show how its real-time MFA and ident
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
Why the Right Metrics Matter When it Comes to Vulnerability Management

Why the Right Metrics Matter When it Comes to Vulnerability Management

Feb 01, 2024 Vulnerability Management / Cyber Hygiene
How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working? And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to communicate any risks to the rest of the business. So how do you know what to focus on? Cyber hygiene, scan coverage, average time to fix, vulnerability severity, remediation rates, vulnerability exposure… the list is endless. Every tool on the market offers different metrics, so it can be hard to know what is important. This article will help you identify and define the key metrics that you need to track the state of your vulnerability management program, the progress you've made, so you can create audit-ready reports that: Prove your security posture Meet vulnerability remediation SLAs an
cyber security

NIST Cybersecurity Framework: Your Go-To Cybersecurity Standard is Changing

websiteArmorPointCybersecurity / Risk Management
Find everything you need to know to prepare for NIST CSF 2.0's impending release in this guide.
What is Nudge Security and How Does it Work?

What is Nudge Security and How Does it Work?

Jan 24, 2024 SaaS Security / Endpoint Security
In today's highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world's first and only solution to address  SaaS security and governance  at scale by working  with  employees—not against them. Unlike legacy solutions that attempt to block employees' access to unsanctioned SaaS applications, Nudge Security helps IT and security leaders adapt and align to the needs of the business. The platform orchestrates SaaS administration without sacrificing visibility, centralized governance, or control over the organization's cloud and SaaS security posture. How Nudge Security works Nudge Security discovers all SaaS accounts ever created by anyone in your organization within minutes of starting a free
Getting off the Attack Surface Hamster Wheel: Identity Can Help

Getting off the Attack Surface Hamster Wheel: Identity Can Help

Jan 10, 2024 Attack Surface / Cybersecurity
IT professionals have developed a sophisticated understanding of the enterprise attack surface – what it is, how to quantify it and how to manage it.  The process is simple: begin by thoroughly assessing the attack surface, encompassing the entire IT environment. Identify all potential entry and exit points where unauthorized access could occur. Strengthen these vulnerable points using available market tools and expertise to achieve the desired cybersecurity posture.  While conceptually straightforward, this is an incredibly tedious task that consumes the working hours of CISOs and their organizations. Both the enumeration and the fortification pose challenges: large organizations use a vast array of technologies, such as server and endpoint platforms, network devices, and business apps. Reinforcing each of these components becomes a frustrating exercise in integration with access control, logging, patching, monitoring, and more, creating a seemingly endless list of tasks.  However
Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface

Jan 08, 2024 Cyber Security / Zero Trust
Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact,  Gartner  identified attack surface expansion as a major trend to watch. So, it is not surprising that External Attack Surface Management (EASM) is a growing priority for organizations. But traditional castle-and-moat-based security architectures are ineffective at protecting enterprises against today's sophisticated attacks, which increasingly leverage AI and as-a-service models to maximize speed and damage. Zero trust security is the best way to minimize the attack surface, prevent compromise, eliminate lateral movement, and stop data loss. Register here  and join Apoorva Ravikrishnan, Senior Manager of P
5 Ways to Reduce SaaS Security Risks

5 Ways to Reduce SaaS Security Risks

Jan 03, 2024 Attack Surface / SaaS Security
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised identities, including cloud and SaaS credentials. Given this reality, IT security leaders need practical and effective  SaaS security solutions  designed to discover and manage their expanding SaaS footprint. Here are 5 key ways Nudge Security can help. Close the visibility gap Knowing the full scope of SaaS apps in use is the foundation of a modern IT governance program. Without an understanding of your entire SaaS footprint, you cannot say with confidence where your corporate IP is stored (Did someone sync their desktop to Dropbox?), you cannot make assumptions about your customer data (Did s
Think Your MFA and PAM Solutions Protect You? Think Again

Think Your MFA and PAM Solutions Protect You? Think Again

Sep 18, 2023 Identity Threat / Attack Surface
When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity threats. As well, service accounts – which are typically beyond the scope of protection of these controls – are alarmingly exposed to malicious compromise. These findings and many more can be found in  "The State of the Identity Attack Surface: Insights Into Critical Protection Gaps ,"  the first report that analyzes organizational resilience to identity threats.  What is the "Identity Attack Surface"?  The identity attack surface is any organizational resource that can be accessed via username and password. The main way that attackers target this attack surface is through the use of compromi
Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface

Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface

Sep 05, 2023 Attack Surface / Identity Threats
In today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions to confidential data storage. While organizations have quickly adopted tools like Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and service account protection, a pressing question remains: Are these measures truly sufficient? With the rise of identity threats, the real battleground has shifted. It's no longer just about firewalls or encryptions but the very identities that access these digital assets. Every day, attackers devise new strategies to compromise user identities to find that weak link to gain malicious access. The tools we've come to rely on might not be as foolproof as we once believed. Many organizations remain unaware of vast security gaps, exposing them to pot
These 6 Questions Will Help You Choose the Best Attack Surface Management Platform

These 6 Questions Will Help You Choose the Best Attack Surface Management Platform

Jul 17, 2023 Attack Surface Management
The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business? For anyone ready to find an  attack surface management (ASM) vendor , review these six questions before getting started to understand the key features to look for in an ASM platform and the qualities of the vendor who supports it. Refer to these as your quick guide for interviewing vendors to walk away with the most suitable ASM platform for your needs.  Checklist: 6 Questions to Ask Attack Surface Management Vendors  Does your platform have the capability to discover the unknown?  How do you prevent alert fatigue, prioritize alerts and remove false positives?  Can you track attack surface changes over time?  How do you plan to evolve the platform going forward? What services related to ASM do you offer? Can we demo or test run the pl
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

Mitigate the LastPass Attack Surface in Your Environment with this Free Tool

Jan 05, 2023 Password Management / IT Breach
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there are very few organizations in which these practices are truly enforced. This puts security teams in the worst position, where exposure to compromise is almost certain, but pinpointing the users who created this exposure is almost impossible.  To assist them throughout this challenging time, Browser Security solution LayerX has launched a free offering of its platform, enabling security teams to gain visibility into all browsers on which the LastPass extension is installed and mitigate the potential impacts of the LastPass breach on their environments by informing vulnerable users and require t
Cybersecurity Resources