Contrast Security announced Northstar, a major release for the company that redefines how businesses see cyberattacks, stop breaches, and protect their applications and APIs. Contrast pairs runtime data and contextual analysis with AI-powered auto-remediation to cut response times and eliminate noise. The Contrast Graph: Live runtime insight that drives precision At the core of the platform is the Contrast Graph, which powers its most advanced capabilities, including optional agentic AI workflows that help teams respond … More →
The post Contrast Northstar pairs runtime data and contextual analysis with AI-powered auto-remediation appeared first on Help Net Security.
A critical phishing campaign targeting Windows users has been uncovered by FortiGuard Labs, leveraging malicious Excel attachments to exploit a long-standing vulnerability in older versions of Microsoft Office. This sophisticated attack distributes FormBook, a notorious information-stealing malware designed to harvest sensitive data such as login credentials, keystrokes, and clipboard information. Phishing Campaign Exploits Old Microsoft […]
The post Hackers Deploy FormBook Malware via Weaponized Excel Files to Target Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. government’s frontline civilian cybersecurity force, has lost nearly one-third of its workforce—roughly 1,000 employees—since the start of the current Trump administration, according to multiple sources and internal communications. This exodus, driven by buyouts, early retirements, and layoffs, has left the agency with approximately 2,200 to 2,600 […]
The post Over 1,000 Employees Departed CISA Since Trump Administration Began appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here.
We’re information security engineers at Tenable. If you’re anything like us, you spend your days on the front lines of the battle against a constantly changing set of cybersecurity threats. No matter your role, you probably face any number of complex challenges to stay one step ahead of the bad guys.
To be most effective, you need to move beyond operating across silos toward bringing all of the data together. Exposure management helps bring this all together.
Maybe you’re contemplating a move to exposure management or maybe you’ve already started the shift. (Not sure how mature your program is? Check out the Tenable exposure management security assessment.) No matter where you are, exposure management represents a fundamental shift toward a unified view of exposures across the attack surface. It involves continuously discovering, assessing, prioritizing and remediating all types of security exposures, including vulnerabilities, misconfigurations and excessive permissions across various assets. As we like to say, “give us all the things.”
In our roles, we are helping Tenable move in this direction. So we thought we’d share some of our experiences.
If you have any questions or you’d like to share your exposure management experiences with us, please use the form at the bottom of the page.
Managing exposuresExposure management is about more than just finding flaws. It's about understanding business risk and prioritizing actions that reduce the potential for attack. If you react to every alert or finding, you’ll soon end up draining your resources, burning out the staff and wasting tons of valuable time.
So, with limited resources, how can security teams effectively manage the vast threat landscape and focus on what truly matters?
Robust, risk-based metrics are the key to guiding the exposure management lifecycle, which begins with comprehensive and continuous discovery of all assets, identities and applications. Then, by prioritizing risks based on business impact and technical context, and by proactively mitigating the highest-risk exposures through remediation, you’ll have an ongoing exposure management process.
Exposure management builds upon vulnerability management to deliver results based on severity and adds the context and prioritization that comes with risk-based vulnerability management (RBVM). In addition, it ingests a wide array of security data sources across the enterprise. Exposure management provides critical context for those assets and we’re able to look at more than just the usual data points.
This approach can transform raw data into actionable intelligence so your organization has a focused, proactive defense.
Tracking progress with exposure managementA fundamental part of effective exposure management is consistent, clear communication about the organization's risk posture. Exposure management helps us paint a more holistic picture of our environment. For example, we monitor our cloud accounts and we have several different sensors there. Exposure management unites all those sources and shows us everything in a consolidated view, in contrast to the old way of looking at the data via multiple point products and having to put that all together manually.
These metrics provide a snapshot comparing the current exposure landscape to previous periods. They offer an overview of quantifiable risk across different business units and asset groups. Frequent assessments are essential for tracking progress, identifying emerging risk areas, and informing strategic decisions within a continuous exposure management framework.
Considerations that drive exposure prioritizationOur exposure management program relies on metrics that facilitate effective prioritization. It’s about understanding which exposures represent the most significant threat right now and communicating those threats to the right asset owners to ensure effective remediation of findings:
Risk-based metrics are fundamental to each stage of the exposure management lifecycle. We look at it like this:
By using metrics to connect technical findings with business risk, we have been able to communicate more effectively with our leadership. In turn, we have data that justifies the resources we need for targeted remediations and we’ve demonstrated the value of our exposure management program.
TakeawaysIncorporating risk-based metrics as part of an exposure management program requires addressing challenges like managing diverse asset types (including user workstations, mobile devices, cloud, IoT, etc.) so you can ensure accurate data across disparate tools and maintain visibility across the changing attack surface.
But an effective exposure management program requires more than just tools. Your metrics-driven approach should help you to continuously understand and reduce risk across the entire attack surface.
With risk-based metrics focused on exploitability, impact, SLAs and trends, you’ll start to move beyond reactive prioritization. You and your team will proactively prioritize efforts, make smarter remediation decisions and optimize resource allocation. Ultimately, you’ll build a more resilient defense.
Have a question about exposure management you’d like us to tackle?We’re all ears. Share your question and maybe we’ll feature it in a future post.
MktoForms2.loadForm("//info.tenable.com", "934-XQB-568", 14070);
Tel Aviv, Israel, June 9th, 2025, CyberNewsWire Available to the public and debuting at the Gartner Security & Risk Management Summit,BrowserTotal is a first of its kind browser security assessment tool conducting more than 120tests to provide posture standing, emerging threat insights, URL analysis, extension risks, andmore. Seraphic Security, a leader in enterprise browser security, […]
The post Seraphic Security Unveils BrowserTotal™ – Free AI-Powered Browser Security Assessment For Enterprises appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.