Tag: metric
-
6 critical mistakes that undermine cyber resilience (and how to fix them)
Tags: attack, automation, backup, best-practice, business, compliance, cyber, cybersecurity, data, detection, edr, endpoint, guide, identity, intelligence, malware, metric, network, ransomware, resilience, risk, soc, strategy, threat, tool, update, vulnerabilityGuide to Managing Strong Personalities During a Cybercrisis. Mistake 2: Fragmented asset and risk views: Fragmented asset and risk views make it difficult for teams to understand what is actually in their environment and where the most pressing exposures reside. When devices, configurations, and identity data live in separate tools or are maintained inconsistently, gaps…
-
6 metrics IT leaders can’t afford to ignore for business resilience
Tags: access, attack, automation, awareness, backup, business, cloud, compliance, credentials, cyber, cybersecurity, data, detection, endpoint, identity, incident response, metric, monitoring, network, resilience, risk, soar, soc, theft, threat, tool, update, vulnerability2. Mean time to respond (MTTR): From triage to containment : It’s not enough to spot threats”, you have to contain them fast. MTTR tracks how quickly your team can isolate and neutralize incidents. Integrated SOAR (Security Orchestration, Automation, and Response) workflows now drive a 500% year-over-year increase in orchestrated alert response actions, according to our latest SOC report. The difference? Teams leveraging automation have moved from after-the-fact…
-
Board-Ready Security Metrics That Actually Matter
<div cla TL;DR Board-ready security metrics translate technical capabilities into financial risk and business outcomes. Boards need visibility across three dimensions: risk exposure, incident response capability, and governance compliance. Runtime application security contributes meaningful data points to these broader metrics, helping security leaders present more complete organizational risk assessments. First seen on securityboulevard.com Jump to…
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
-
Mutation testing for the agentic era
Tags: ai, api, authentication, blockchain, framework, guide, metric, open-source, risk, rust, skills, software, switch, tool, vulnerabilityCode coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test suites with high coverage can obfuscate the fact that critical functionality is untested as software develops over time. We saw this when mutation testing uncovered…
-
9 ways CISOs can combat AI hallucinations
Tags: access, ai, breach, ciso, compliance, control, corporate, cybersecurity, data, defense, encryption, flaw, framework, GDPR, governance, identity, metric, penetration-testing, regulation, risk, soc, tool, trainingTreat AI outputs as drafts, not finished products: One of the biggest risks is over-trusting AI, according to security experts. Coté says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.”The moment your team starts treating an AI-generated answer as a finished work product, you have…
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
8 steps CISOs can take to empower their teams
Once when we were rolling out a well-known EDR tool, I knew the settings weren’t tight enough, nor were the received updates applied fast enough. So I asked two people to own this, come up with suggestions for tightening the screws, and guarantee a successful rollout on multiple OSes in parallel. The phased approach took…
-
What is PUE? A Guide to Data Center Efficiency
In the world of data centers, energy efficiency isn’t just a buzzword”, it’s a vital part of running a cost-effective and sustainable operation. As technology demands grow, so does the need to monitor exactly how much energy is being used and where it’s going. This is where metrics like Power Usage Effectiveness (PUE) become essential…
-
AI is breaking traditional security models, Here’s where they fail first
AI triage redefines the security team’s role : As AI systems increasingly triage vulnerabilities with high confidence, security teams face a subtle but consequential shift in responsibility. People no longer debate whether AI can reduce noise. It demonstrably can. The harder question is which responsibilities remain with security teams once triage is automated. Are they accountable for…
-
Pixel Watch Users Report Inflated Steps, Missing SpO2 Data
A recent Pixel firmware update released in March 2026 has sparked concern among Pixel Watch users, as reports of inaccurate Fitbit tracking, missing SpO2 readings, and inflated activity data continue to surface. What was expected to refine performance has instead led to confusion, with some users questioning the reliability of their health metrics altogether. First seen on thecyberexpress.com Jump to…
-
Pixel Watch Users Report Inflated Steps, Missing SpO2 Data
A recent Pixel firmware update released in March 2026 has sparked concern among Pixel Watch users, as reports of inaccurate Fitbit tracking, missing SpO2 readings, and inflated activity data continue to surface. What was expected to refine performance has instead led to confusion, with some users questioning the reliability of their health metrics altogether. First seen on thecyberexpress.com Jump to…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind
Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, updateSeverity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
-
Building Trust in AI SOC Analyst Solutions: A UK and EU CISO Perspective
Tags: access, ai, best-practice, ciso, control, data, endpoint, framework, GDPR, governance, incident response, international, metric, nis-2, privacy, risk, socBy Brett Candon, VP International at Dropzone AI Trust has always been critical in security operations, but in the UK and Europe it carries significant regulatory weight. GDPR, NIS2 and similar related data”‘protection frameworks shape far more than legal risk, they directly influence architectural decisions, supplier selection, and how security data can be accessed, processed…
-
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
Tags: access, attack, authentication, awareness, business, ciso, compliance, control, cyber, cybersecurity, data, detection, exploit, firewall, incident, incident response, infrastructure, insurance, ISO-27001, metric, mfa, monitoring, network, office, phishing, ransomware, regulation, resilience, risk, risk-management, service, siem, soc, stuxnet, supply-chain, tool, vpn, vulnerability, zero-dayWhy everyone knows it’s burning, but nobody pulls the fire alarm: When I talk to OT managers, production leads or plant engineers, I rarely hear, “We didn’t know we had a problem.” Far more often, it’s, “We know it’s critical, but we can’t just shut it down.” This gap between awareness and action is the…
-
4 ways to prepare your SOC for agentic AI
Tags: access, ai, attack, automation, best-practice, cloud, compliance, control, cybersecurity, data, defense, detection, edr, framework, governance, guide, identity, injection, intelligence, least-privilege, metric, mitre, radius, RedTeam, risk, siem, skills, soar, soc, threat, toolBuild capabilities for AI governance, content and quality: Upskilling existing analysts alone is not enough. As AI agents begin operating across tools, making decisions and triggering actions with minimal human involvement, the demands on the SOC will extend well beyond traditional analyst capabilities, experts say.Content engineering, for instance, is one emerging requirement. In an AI-enabled…
-
TDL – Defense Before Offense: Leadership, Risk, and the Cost of Bad Decisions – Steven Elliott
From the Battlefield to the Boardroom: Lessons in Defense In the latest episode of The Defender’s Log, host David Redekop sits down with Steven Elliott, CFO of Adam Networks, to explore the surprising parallels between military operations, financial management, and cybersecurity. A Journey of Unpredictable Paths Elliott’s background is anything but linear. From a small…
-
NDSS 2025 Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition
Session 14D: Autonomous Vehicles Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University of California, Irvine) PAPER Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems…
-
NDSS 2025 On The Realism Of LiDAR Spoofing Attacks Against Autonomous Driving Vehicle
Session 14D: Autonomous Vehicles Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University of California, Irvine) PAPER Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems…
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…