Security Boulevard

via the comic & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Asteroid News’ appeared first on Security Boulevard.

Top 5 Enterprise Tufin Competitors

Is Tufin Software the Right Fit for Your Environment?

Top Enterprise Tufin Alternatives

What to Look for in a Tufin Competitor

Enhance Your Enterprise Security Operations with FireMon

Get a Demo

Top 5 Enterprise Tufin Competitors

With exploitations of network and application vulnerabilities rapidly increasing each year, network security policy management is a critical concern to organizations across all industries. According to the 2024 Verizon Data Breach Investigations Report (DBIR), vulnerability exploits were “the critical path to initiate a breach” in 2023, having increased 180% over 2022.

As networks grow increasingly complex, the demand for robust, scalable, and efficient security management solutions has never been higher. Tufin is a well-known player in this domain, providing organizations with a comprehensive suite of tools designed to manage and automate network security policies. However, Tufin is not the only option available. Depending on your organization’s specific needs, there are several Tufin competitors that might be a better fit.

Is Tufin Software the Right Fit for Your Environment?

Before diving into the Tufin alternatives, it’s essential to understand what the software offers and whether it aligns with your enterprise’s requirements. Tufin specializes in security policy management solutions, providing tools that help automate and orchestrate security policies across heterogeneous environments, including on-premises data centers, private clouds, and public clouds. Its primary features include network security policy automation, compliance management, risk analysis, and change management.

Tufin software’s value proposition lies in its ability to reduce operational overhead, minimize risks associated with manual errors, and ensure continuous compliance with industry standards and regulations. The platform integrates with a wide range of firewalls, routers, and cloud environments, making it a versatile choice for large enterprises with complex network infrastructures.

However, Tufin Orchestration suite’s comprehensive capabilities may come with a steep learning curve and a significant investment of time and resources. Additionally, some enterprises may prefer alternatives that offer more flexible pricing models, better integration with existing tools, or specific features tailored to their unique challenges.

Top Enterprise Tufin Alternatives

When evaluating Tufin software competitors, it’s crucial to consider factors such as ease of use, scalability, integration capabilities, and the specific security challenges your organization faces. The following seven competitors each bring something unique to the table, providing viable options for enterprises looking to enhance their network security management.

1. FireMon

FireMon is one of the leading Tufin competitors, offering a robust network security policy management platform designed to optimize network security, compliance, and operations. When contemplating FireMon vs Tufin, FireMon’s primary strength lies in its real-time visibility and analytics capabilities. Visibility features include real-time, granular search with FireMon’s Security Intelligence Query Language (SiQL) tool.

The platform is equipped with powerful automation tools that help reduce the time spent on manual tasks, such as firewall policy analysis and change management.

One of FireMon’s standout features is its ability to provide easily-customizable security alerts, metrics, and reports, which can be invaluable for demonstrating compliance with industry standards and regulations. Additionally, FireMon’s platform is highly scalable, making it an excellent choice for large enterprises with expansive and complex network environments.

FireMon also boasts an API-first approach for easy integrations into SIEMs, SOARs, XDRs, vulnerability scanners, and ITSM systems. This flexibility ensures that FireMon can fit seamlessly into most existing network infrastructures, providing immediate value.

2. Skybox Security

Skybox Security is another formidable Tufin software competitor in the network security management space. Skybox offers a comprehensive suite of tools designed to enhance visibility, reduce risk, and improve security operations across complex network environments. Skybox’s platform is particularly well-suited for organizations with hybrid environments, as it provides a unified view of both on-premises and cloud-based assets.

One of Skybox’s key strengths is its vulnerability management capabilities. The platform offers advanced analytics and modeling tools that allow organizations to identify and prioritize vulnerabilities based on their potential impact. This proactive approach to risk management helps organizations address critical issues before they can be exploited.

Skybox also offers robust automation features, helping to streamline tasks such as policy analysis, change management, and compliance reporting. The platform’s ability to integrate with a wide range of security tools and devices further enhances its value, making it a versatile option for enterprises seeking to improve their security posture.

3. Cisco Defense Orchestrator

Cisco Defense Orchestrator (CDO) is another powerful security management solution from Cisco, designed to simplify the process of managing security policies and configurations across complex network environments. CDO’s primary strength lies in its ability to provide centralized visibility and control over a wide range of security devices, including firewalls, routers, and cloud environments.

One of CDO’s standout features is its intuitive, cloud-based interface, which makes it easy for organizations to manage security policies and configurations from anywhere. This flexibility is particularly valuable for organizations with distributed networks or remote teams.

CDO also offers robust automation features, helping to streamline tasks such as policy analysis, change management, and compliance reporting. The platform’s ability to integrate with other Cisco security products further enhances its value, making it an excellent choice for organizations already invested in the Cisco ecosystem.

4. AlgoSec

AlgoSec is another leading player in the network security management space, offering a platform designed to simplify and automate security policy management across complex network environments. AlgoSec’s platform is known for its user-friendly interface, powerful automation tools, and robust reporting capabilities.

One of AlgoSec’s key strengths is its ability to provide end-to-end visibility into network security policy management (NSPM), from design and implementation to ongoing management and auditing. This comprehensive approach helps organizations ensure that their security policies are aligned with business objectives and regulatory requirements.

AlgoSec also excels in its risk management capabilities, offering advanced analytics and simulation tools that allow organizations to identify and mitigate potential risks before they can impact the network. The platform’s ability to integrate with a wide range of firewalls, routers, and cloud environments further enhances its value, making it a versatile option for enterprises looking to improve their security posture.

5. Palo Alto Networks Panorama

Palo Alto Networks is a well-known name in the cybersecurity industry, offering a range of products and solutions designed to meet the needs of modern enterprises. Panorama, Palo Alto Networks’ centralized management solution, provides a powerful platform for managing security policies and configurations across large-scale network environments.

Panorama’s primary strength lies in its ability to provide centralized visibility and control over network security policies. The platform allows organizations to manage multiple firewalls and other security devices from a single interface, simplifying the process of policy management and enforcement. Panorama also offers robust automation features, helping to reduce the time and effort required to implement and maintain security policies.

In addition to its core management capabilities, Panorama integrates seamlessly with other Palo Alto Networks products, such as the Next-Generation Firewall (NGFW) and the Threat Intelligence Cloud. This integration allows organizations to build a comprehensive security strategy that leverages the full power of Palo Alto Networks’ ecosystem.

What to Look for in a Tufin Competitor

When evaluating alternatives to Tufin, it’s essential to consider several key factors to ensure that the chosen solution aligns with your organization’s needs and goals. Here are some critical considerations:

• Scalability: Ensure that the solution can scale alongside your organization as your network grows and evolves. This includes support for a wide range of devices, environments, and use cases.
• Integration: Look for a platform that integrates seamlessly with your existing security tools and infrastructure. This will help streamline operations and reduce the complexity of managing multiple systems.
• Automation: Automation is critical for reducing the time and effort required to manage security policies and configurations. Look for a solution that offers robust automation features, including policy analysis, change management, and compliance reporting.
• Visibility: Comprehensive visibility into network activity and security policies is essential for identifying potential threats and ensuring compliance. Look for a solution that provides real-time visibility and detailed analytics.
• Ease of Use: A user-friendly interface and intuitive workflow can significantly reduce the learning curve and increase productivity. Consider the ease of use when evaluating potential solutions.
• Support and Documentation: Strong support and comprehensive documentation can be invaluable when deploying and managing a new security solution. Consider the availability of training resources, customer support, and community forums.
• Cost: Consider the total cost of ownership, including licensing fees, maintenance costs, and the potential cost of integrating the solution with your existing infrastructure. Choose a solution that offers a good balance between features and cost.

Enhance Your Enterprise Security Operations with FireMon

FireMon has been consistently recognized as a leader in the network security policy management space, thanks to its comprehensive feature set and commitment to innovation. Our platform is designed to help organizations enhance their security operations by providing real-time visibility, advanced analytics, and powerful automation tools.

One of FireMon’s key strengths is its ability to provide detailed security alerts, metrics, and reports, which can be invaluable for demonstrating compliance with industry standards and regulations.

FireMon’s world-class support team helps users set up quickly and provides ongoing support, training, and more.

Also, FireMon excels in its integration capabilities, supporting a wide range of firewalls, routers, and cloud environments. This flexibility ensures that FireMon can fit seamlessly into most existing network infrastructures, providing immediate value without the need for extensive customization or reconfiguration.

Request a demo today and discover why FireMon is one of the best Tufin competitors.

Get 9x
BETTER Book your demo now Sign Up Now

Get a Demo

Customers

Customer Success Training Hub
User Center

Partners

Partner Directory
Partner Portal
Technology Partners

Company

About
Careers
Contact

The post Top 5 Enterprise Tufin Competitors appeared first on Security Boulevard.

Apple wants its three-year-old lawsuit against spyware maker NSO to be dismissed, citing the surveillance software maker's declining dominance of the expanding market and fears that its own threat intelligence could be exposed, which would harm its efforts to protect its users.

The post Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO appeared first on Security Boulevard.

As digital exploitation, fraud and deception move deeper into society, it is incumbent on organizations to educate their employees on digital literacy skills, make them aware of the risks posed by phishing and social engineering threats.

The post Five Tools That Can Help Organizations Combat AI-powered Deception appeared first on Security Boulevard.

Public sector organizations such as schools, hospitals, manufacturing units, essential services and government offices have become a popular target for cybercriminals.

The post Why Are So Many Public Sector Organizations Getting Attacked? appeared first on Security Boulevard.

Learn how to navigate the DORA compliance checklist and meet DORA cybersecurity regulation requirements with our step-by-step guide.

The post DORA Compliance Checklist: From Preparation to Implementation appeared first on Scytale.

The post DORA Compliance Checklist: From Preparation to Implementation appeared first on Security Boulevard.

Boston, USA, 16th September 2024, CyberNewsWire

The post Entro Security Labs Releases Non-Human Identities Research Security Advisory appeared first on Security Boulevard.

Phishing, despite its somewhat innocuous name, remains one of the foremost security threats facing businesses today. Improved awareness by the public and controls such as multi-factor authentication (MFA) have failed to stem the tide.

The FBI Internet Crime Report puts phishing and its variants (spear phishing, smishing, vishing) as the top cybercrime for the last five years, and the advent of generative AI has only added fuel to the fire. Using ChatGPT and other tools, hackers can quickly create personalized messages, in local languages, to launch widespread, highly effective phishing campaigns.

In the last six months alone, malicious emails have increased by 341%, prompting industry experts to urge organizations of all sizes to implement phishing-resistant MFA.

The post What Is Phishing-Resistant MFA and How Does it Work? appeared first on Security Boulevard.

Maximize Your District’s Application Success: How ManagedMethods Qualifies for the Identity Protection and Authentication Category We recently hosted a live webinar that discusses what you need to know about the FCC School and Libraries Cybersecurity Pilot Program. This webinar outlines an overview of the new pilot program, demonstrates how ManagedMethods products align with funding criteria ...

The post Unlock FCC Pilot Program Funding with Cloud Monitor and Content Filter appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Unlock FCC Pilot Program Funding with Cloud Monitor and Content Filter appeared first on Security Boulevard.

Folks,

Do you remember the international embassies web malware exploitation spree using client-side exploits that took place back in 2009 with the Russian Business Network the hosting provider of choice for these campaigns?

I recently took the effort to look at my original data set here and tried to enrich it and provide additional analysis with more details and context.

Sample domains known to have been operated by the same individuals behind these campaigns include:

hxxp://beert54[.]xyz
hxxp://aaepgp[.]com
hxxp://brightstonepharma[.]com
hxxp://ksfcradio[.]com
hxxp://ksfcnews[.]com
hxxp://kklfnews[.]com
hxxp://arabiandemographics[.]com
hxxp://sig4forum[.]com
hxxp://pornokman[.]com
hxxp://pinalbal[.]com
hxxp://bodinzone[.]com
hxxp://123124[.]com
hxxp://pixf[.]biz
hxxp://frmimg[.]info
hxxp://us-shops[.]online
hxxp://hornybabeslive[.]com
hxxp://pharmacyit[.]net
hxxp://deapotheke[.]com
hxxp://cplplywood[.]com
hxxp://us-electro[.]online
hxxp://omiardo[.]com
hxxp://frmimg[.]info
hxxp://ramualdo[.]com
hxxp://pixf[.]biz
hxxp://ksfcnews[.]com
hxxp://ksfcradio[.]com
hxxp://kklfnews[.]com
hxxp://odmarco[.]com
hxxp://us-electro[.]online
hxxp://123124[.]com
hxxp://sig4forum[.]com
hxxp://brightstonepharma[.]com
hxxp://bodinzone[.]com
hxxp://aaepgp[.]com
hxxp://pinalbal[.]com
hxxp://cplplywood[.]com
hxxp://pornokman[.]com
hxxp://hornybabeslive[.]com
hxxp://beert54[.]xyz
hxxp://us-shops[.]online
hxxp://deapotheke[.]com
hxxp://pharmacyit[.]net

Sample personally identifiable email address accounts known to have been involved in these campaigns:

nepishite555suda[.]gmail.com
abusecentre[.]gmail.com
belyaev_andrey[.]inbox.ru
srvs4you[.]gmail.com
migejosh[.]yahoo.com
kseninkopetr[.]nm.ru
palfreycrossvw[.]gmail.com
redemption[.]snapnames.com
mogensen[.]fontdrift.com
xix.x12345[.]yahoo.com
johnvernet[.]gmail.com
4ykakabra[.]gmail.com
mironbot[.]gmail.com
fuadrenalray[.]gmail.com
incremental[.]list.ru
traffon[.]gmail.com
auction[.]r01.ru
admin[.]brut.cn
bobby10[.]mail.zp.ua
ipspec[.]gmail.com
OdileMarcotte[.]gmail.com
sflgjlkj45[.]yahoo.com

Sample MD5s:

MD5: ca9c64945425741f21ba029568e85d29
MD5: b252c210eeed931ee82d0bd0f39c4f1d
MD5: 787ed25000752b1c298b8182f2ea4faa
MD5: fcbd2777c8352f8611077c084f41be8c
MD5: ce02bed90fd08c3586498e0d877ff513
MD5: 97ff606094de24336c3e91eaa1b2d4f0
MD5: a0caae81c322c03bd6b02486319a7f40
MD5: 5733030dcd96cec73e0a86da468a101c
MD5: 5d8398070fa8888275742db5b8bbcebf

The post International Embassies Web Malware Exploitation Serving Domain Properties appeared first on Security Boulevard.

At AppViewX, our top priority is safeguarding the digital identities that are the backbone of modern enterprises. With hundreds of customers and millions of certificates under management, AppViewX bears a significant responsibility to protect its customers’ critical data and infrastructure. This commitment to security is not merely a claim. It is substantiated through independent audits […]

The post SOC 2 Compliance Provides AppViewX Customers Security and Data Protection Assurance appeared first on Security Boulevard.

In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties through their websites. Additionally, we celebrate the 15th anniversary of the podcast and share some reflections and fun facts about the journey. Join […]

The post The Rise of AI Voicemail Scams, Political Donation Privacy Concerns appeared first on Shared Security Podcast.

The post The Rise of AI Voicemail Scams, Political Donation Privacy Concerns appeared first on Security Boulevard.

Authors/Presenters:Bingyu Shen, Tianyi Shan, Yuanyuan Zhou

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Multiview: Finding Blind Spots in Access-Deny Issues Diagnosis appeared first on Security Boulevard.

Authors/Presenters:Binlin Cheng, Erika A Leal, Haotian Zhang, Jiang Mingy

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – On the Feasibility of Malware Unpacking via Hardware-assisted Loop Profiling appeared first on Security Boulevard.

Convert the Browsers on BYOD / Unmanaged Devices into Secure Browsing Sessions

As modern enterprises continue to adapt to the flexible work culture, Bring Your Own Device (BYOD) policies have become a standard practice. However, protecting sensitive corporate data while maintaining user privacy and a seamless work experience has proven to be a difficult balancing act for many organizations.

SquareX’s BYOD solution offers a breakthrough approach that also delivers a frictionless user experience, while respecting employee privacy. In this blog post, we’ll dive into how SquareX’s BYOD solution works and why it’s the right choice for enterprises looking to upgrade their device management strategies.

How SquareX’s BYOD Solution Works

SquareX integrates seamlessly with existing enterprise infrastructure to transform the web browser into a secure environment where corporate data and applications are accessed.

Step 1:
The user accesses an enterprise application, such as Slack or OneDrive, through their browser. They are immediately redirected to an Identity Provider (IDP) like Ping Identity or Okta to authenticate.

Step 2:
The user inputs their login credentials on the IDP page. At this point, the IDP starts the authentication process.

Step 3:
Simultaneously, SquareX collects important browser signals and assesses the device’s posture or health. This data helps determine if the device is secure enough to be allowed access to the enterprise app.

Step 4:
Once the IDP has verified the user’s identity and SquareX confirms that the device meets security requirements, the session is considered trustworthy.

Step 5:
After both the IDP trust and device trust are established, the session is validated, and the IDP redirects the user to the enterprise application, granting access to the desired app.

Why Enterprises Should Use SquareX’s BYOD Solution 1. Granular Access Controls

SquareX offers IT administrators granular control over what employees can access based on device security posture, location, and role. Through the browser extension, administrators can implement policies that define which applications and data employees can access, ensuring that users only have access to the resources they need. For example, access to sensitive corporate resources can be restricted based on device security (e.g., patch levels or encryption status), ensuring only compliant devices can access the most sensitive data.

This level of granularity allows enterprises to enforce least-privilege access — ensuring that users only have the minimum level of access needed to perform their tasks, reducing the risk of overexposure to critical business data.

2. Data Privacy and Protection

With SquareX, enterprises can create policies separating personal and corporate data and workflows. SquareX allows employees to maintain full control over their personal apps, data, and device usage, while only corporate activities are monitored. This approach builds trust and improves user adoption of BYOD policies.

3. Improved UX: Low-Latency, High-Performance Access

SquareX provides a fast, low-latency experience, eliminating the performance issues typically associated with traditional solutions like VPNs or VDIs. Employees can access corporate applications with the same performance as if they were working on a local machine, regardless of their location. This is particularly important for global enterprises, where employees may be accessing corporate resources from different regions or time zones.

4. Easy Deployment and Management

SquareX’s lightweight browser extension means that IT administrators can deploy the solution quickly, with no need for lengthy configurations or large-scale software installations. IT teams can set granular policies, manage security settings, and control access levels all through a central dashboard, making it easy to manage BYOD security at scale.

The Future of BYOD Security

By deploying SquareX, enterprises can modernize their BYOD policies, protect corporate data, and empower their employees to work from anywhere with confidence.

SquareX: The Future of BYOD Security for Enterprises was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post SquareX: The Future of BYOD Security for Enterprises appeared first on Security Boulevard.

A critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk puts systems at risk of exploitation, requiring immediate attention. Affected Platform The security vulnerability CVE-2024-28986 primarily affects the SolarWinds Web Help Desk software. Organizations utilizing this platform must act swiftly to mitigate the potential risks associated with this critical flaw.  Summary  CVE-2024-28986 has been identified as...

The post CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024 appeared first on TrueFort.

The post CVE-2024-28986 – SolarWinds Web Help Desk Security Vulnerability – August 2024 appeared first on Security Boulevard.

Reading Time: 3 min The recent exploitation of Proofpoint’s email routing flaw, known as EchoSpoofing, allowed attackers to send millions of spoofed emails across multiple organizations.

The post What is EchoSpoofing?: Proofpoint Email Routing Exploit appeared first on Security Boulevard.

Authors/Presenters:Carlo Meijer, Wouter Bokslag, Jos Wetzels

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – All Cops Are Broadcasting: TETRA Under Scrutiny appeared first on Security Boulevard.

GraphQL vs REST APIs Developers are constantly exploring new technologies that can improve the performance, flexibility, and usability of applications. GraphQL is one such technology that has gained significant attention for its ability to fetch data efficiently. Unlike the traditional REST API, which requires multiple round trips to the server to gather various pieces of data, [...]

The post Fundamentals of GraphQL-specific attacks appeared first on Wallarm.

The post Fundamentals of GraphQL-specific attacks appeared first on Security Boulevard.

So some of you are thinking “ewwww … another security transformation paper” and this is understandable. A lot of people (and now … a lot of robots too) have written vague, hand-wavy “leadership” papers on how to transform security, include security into digital transformation or move to the cloud (now with GenAI!) the “right” way, while reaping all the benefits and suffering none of the costs. Because tote leadership!

This is not one of those, promise! Why not? Because our new paper helps answer two real — and really hard — questions:

#1 Based on the experience of others, what does a “modern” or transformed organization’s security capability look like? #2 Given what you have today, how to transition from whatever you have to what we discussed in #1 above?

I bet you’d agree that this is really tricky. Hence our paper!

Let’s start with my favorite insights and surprises below (and, yes, Gemini via Gems had a “hand” in this, curation though is very human):

• The Primacy of Organizational Transformation: The guide emphasizes that digital transformation is not solely — or even largely — about technology adoption, but fundamentally about transforming the organization, its operations, its team structure and its culture. This may surprise security leaders from traditional organizations who might primarily focus on technical solutions and “let’s just get new tools!”
• The OOT (Organization, Operations, Technology) Approach: The guide advocates for prioritizing organizational and operational changes before finalizing technology decisions. This may challenge the conventional approach in traditional organizations where technology choices often precede organizational adaptation.

Roadmap of how “classic” teams fuse into modern ones

• The Significance of a Generative Culture: The guide stresses the critical role of a generative culture in achieving successful transformation. Cultivating a generative culture is essential for fostering adaptability and thus ultimately for modernizing security. Such a culture, characterized by high trust, information flow, and shared responsibility, may be a departure from the hierarchical and siloed structures prevalent in traditional organizations.
• The Distribution of Security Responsibilities: We propose a shift away from centralized security functions towards a model where product teams assume greater ownership of security throughout the development lifecycle. The distributed responsibility model emphasizes empowering product teams to build security into their applications from the outset. This may surprise — and upset — security leaders accustomed to a centralized security model.
• The Difficulty of Letting Go: We remind everybody that moving away from legacy processes and controls can be unexpectedly challenging, even painful. Teams may be attached to familiar processes or resistant to change, even if it leads to visibly greater efficiency and security. Security leaders might be surprised by the internal resistance they encounter when trying to implement new ways of working.

Transform process we use

As usual, my favorite quotes from the paper:

• “As we’ve helped more security teams make the move to the cloud, we’ve identified nuanced challenges that they face — namely those related to team structure, changing business operations, and establishing culture — that are critical to their success”
• “Where do we start when we talk about transforming the cybersecurity organization within a company that’s historically delivered security to on-premise systems within a highly centralized function? Ideally, we think this conversation should start with defining security goals framed in business outcomes like capabilities, velocity, quality, cost, and risk.”
• “You’ll find many opinions about how cybersecurity enables a successful digital transformation, but most observers are unaware of the complexity involved in effectively collaborating and sharing responsibilities, skills, tooling, and other capabilities with fast-moving product-based teams who own the full set of responsibilities — including cybersecurity — for the applications they build and run.”
• “Moving away from the toil often associated with securing on-premise systems can be challenging for unexpected reasons. We think security in the cloud is a better future that can be difficult to imagine without inspiration and intentional culture development. ” [A.C. — this is not some snide remark about ‘server huggers’ but a very human tendency to like whatever they invested their blood and soul into…]
• “Our first step in helping customers work through transition to the cloud and more modern ways to work starts with backing away from the belief that it’s the technology that’s transforming.” [A.C. — my fave example is here]

Now, go and read our new paper!

P.S. “Anton, but I like SOC papers, can I haz moar? — Yes, there is one coming in a few weeks! Part 4.5 of our glamorous SOC of the Future series”

Related:

• “CISO’s Guide to Cloud Security Transformation” paper (2021)
• Moving shields into position: How you can organize security to boost digital transformation (official launch blog for the same paper)
• How CISOs need to adapt their mental models for cloud security
• For a successful cloud transformation, change your culture first

New Office of the CISO Paper: Organizing Security for Digital Transformation was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post New Office of the CISO Paper: Organizing Security for Digital Transformation appeared first on Security Boulevard.