Tag: metric
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Building Trust in AI SOC Analyst Solutions: A UK and EU CISO Perspective
Tags: access, ai, best-practice, ciso, control, data, endpoint, framework, GDPR, governance, incident response, international, metric, nis-2, privacy, risk, socBy Brett Candon, VP International at Dropzone AI Trust has always been critical in security operations, but in the UK and Europe it carries significant regulatory weight. GDPR, NIS2 and similar related data”‘protection frameworks shape far more than legal risk, they directly influence architectural decisions, supplier selection, and how security data can be accessed, processed…
-
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
Tags: access, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, detection, exploit, firewall, incident, incident response, infrastructure, insurance, ISO-27001, metric, mfa, monitoring, network, office, phishing, ransomware, regulation, resilience, risk, risk-management, service, siem, soc, stuxnet, supply-chain, tool, vpn, vulnerability, zero-dayWhy everyone knows it’s burning, but nobody pulls the fire alarm: When I talk to OT managers, production leads or plant engineers, I rarely hear, “We didn’t know we had a problem.” Far more often, it’s, “We know it’s critical, but we can’t just shut it down.” This gap between awareness and action is the…
-
4 ways to prepare your SOC for agentic AI
Tags: access, ai, attack, automation, best-practice, cloud, compliance, control, cybersecurity, data, defense, detection, edr, framework, governance, guide, identity, injection, intelligence, least-privilege, metric, mitre, radius, RedTeam, risk, siem, skills, soar, soc, threat, toolBuild capabilities for AI governance, content and quality: Upskilling existing analysts alone is not enough. As AI agents begin operating across tools, making decisions and triggering actions with minimal human involvement, the demands on the SOC will extend well beyond traditional analyst capabilities, experts say.Content engineering, for instance, is one emerging requirement. In an AI-enabled…
-
TDL – Defense Before Offense: Leadership, Risk, and the Cost of Bad Decisions – Steven Elliott
From the Battlefield to the Boardroom: Lessons in Defense In the latest episode of The Defender’s Log, host David Redekop sits down with Steven Elliott, CFO of Adam Networks, to explore the surprising parallels between military operations, financial management, and cybersecurity. A Journey of Unpredictable Paths Elliott’s background is anything but linear. From a small…
-
NDSS 2025 Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition
Session 14D: Autonomous Vehicles Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University of California, Irvine) PAPER Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems…
-
NDSS 2025 On The Realism Of LiDAR Spoofing Attacks Against Autonomous Driving Vehicle
Session 14D: Autonomous Vehicles Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University of California, Irvine) PAPER Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems…
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
Fairwinds Insights Release Notes: Kyverno Integration GPU Metrics
<div cla Over the last several months, we’ve expanded Fairwinds Insights to give platform and operations teams deeper visibility into both policy posture and infrastructure metrics and costs. Our releases focused on enhancing the Kyverno integration and introducing GPU”‘aware metrics and cost data to support better scheduling and rightsizing decisions. First seen on securityboulevard.com Jump…
-
A scorecard for cyber and risk culture
Tags: access, automation, awareness, breach, business, compliance, control, credentials, cyber, finance, governance, identity, jobs, metric, mitigation, phishing, risk, service, strategy, tool, trainingWhen someone asks for an exception.When a change goes in late.When an alert fires at 2 a.m.When a junior analyst spots something odd and wonders if it’s worth escalating.When an executive wants speed, and the team wants safety. Ownership means people act like the risk is partly theirs. They don’t outsource judgment to “security.” They…
-
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities
Tags: ai, attack, cyber, data, data-breach, intelligence, metric, service, software, supply-chain, threat, vulnerabilityThe 2026 State of DevSecOps report reveals a critical tension between development velocity and security. While organizations rapidly adopt AI-assisted coding, many fail to manage dependencies properly, leaving their software supply chains highly vulnerable to threat actors.”‹ Threat Intelligence Data Threat Vector Key Metric Security Impact Deployed Services 87% of organizations have known vulnerabilities”‹. High…
-
Boards don’t need cyber metrics, they need risk signals
Tags: access, advisory, ai, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, framework, governance, intelligence, metric, phishing, riskThe seduction of counting: Even when metrics are not too technical and align with business impact, another problem emerges: What gets counted can crowd out what matters.Wendy Nather, a longtime CISO who is now an advisor at EPSD, cautions against equating measurement with understanding. “When you are reporting to the board, there are some things…
-
From Inflated Metrics to Trusted Data: How a Premium Retail Brand Restored Analytics Integrity
Discover how a premium retail brand achieved 40% better analytics accuracy and eliminated 2,000 more daily bot sessions by switching to DataDome’s bot protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/from-inflated-metrics-to-trusted-data-how-a-premium-retail-brand-restored-analytics-integrity/
-
How to Strengthen App Performance Without Slowing Innovation
Tags: metricLearn how to strengthen app performance without slowing innovation using metrics, observability, scalability planning, and disciplined release strategies. First seen on hackread.com Jump to article: hackread.com/strengthen-app-performance-without-slow-innovation/
-
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are First seen on thehackernews.com…
-
NDSS 2025 NDSS 2025 BARBIE: Robust Backdoor Detection Based On Latent Separability
Session 12D: ML Backdoors Authors, Creators & Presenters: Hanlei Zhang (Zhejiang University), Yijie Bai (Zhejiang University), Yanjiao Chen (Zhejiang University), Zhongming Ma (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER BARBIE: Robust Backdoor Detection Based On Latent Separability Backdoor attacks are an essential risk to deep learning model sharing. Fundamentally, backdoored models are different from benign…
-
NDSS 2025 NDSS 2025 BARBIE: Robust Backdoor Detection Based On Latent Separability
Session 12D: ML Backdoors Authors, Creators & Presenters: Hanlei Zhang (Zhejiang University), Yijie Bai (Zhejiang University), Yanjiao Chen (Zhejiang University), Zhongming Ma (Zhejiang University), Wenyuan Xu (Zhejiang University) PAPER BARBIE: Robust Backdoor Detection Based On Latent Separability Backdoor attacks are an essential risk to deep learning model sharing. Fundamentally, backdoored models are different from benign…
-
Discipline is the new power move in cybersecurity leadership
Tags: automation, cyber, cybersecurity, data, group, incident response, intelligence, metric, risk, risk-management, service, siem, soc, technology, threat, tool, update, vulnerability, vulnerability-managementHow to do more with less: 1. Review contracts, renegotiate them or change the operations to a new partner Scope, service-level agreements and performance metrics should be revisited because many contracts were established under different risk profiles, urgency and pricing conditions. Modernizing contracts to focus on outcomes rather than activities, revalidating pricing and service assumptions…
-
Security Metrics That Actually Predict a Breach
Identity drift, stale access paths, alert fatigue, and risky change patterns are the security metrics most likely to predict a breach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/security-metrics-that-actually-predict-a-breach/
-
Noodlophile Malware Authors Use Fake Job Ads and Phishing Schemes to Evolve Tactics
Hey folks in the threat”‘hunting world looks like our coverage of the Noodlophile infostealer has struck a nerve with its creators. The operators used inflated engagement metrics and fake popularity scores to lure victims into downloading malicious ZIP archives. Once executed, these payloads quietly harvested user credentials, crypto”‘wallet data, browser information, and more all exfiltrated through Telegram…
-
Finding a common language around risk
Tags: ceo, cio, ciso, corporate, cyber, cybersecurity, defense, framework, governance, guide, intelligence, lessons-learned, metric, monitoring, phishing, ransomware, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, training, updateBuilding one culture from three languages: The Organizational Risk Culture Standard (ORCS) offers something most frameworks miss: it treats culture as the foundation, not the afterthought. You can’t bolt culture onto existing processes and call it done. Culture is how people actually think about risk when no one is watching. It’s the shared beliefs that…
-
From MSSP to Autonomous SOC: Replacing Linear Headcount with Infinite Compute
MSSPs optimize for SLA metrics, not security outcomes. Autonomous SOC platforms like Morpheus can replace them at 10x lower cost. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/from-mssp-to-autonomous-soc-replacing-linear-headcount-with-infinite-compute/