The DataDome + TollBit integration is now live. Start detecting, controlling, and monetizing AI traffic on your site in minutes—no dev work required.
The post Now Live: Monetize AI Traffic With DataDome & TollBit Integration appeared first on Security Boulevard.
Palo Alto, California, 18th September 2025, CyberNewsWire
The post Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks appeared first on Security Boulevard.
Wondering what your peers think of exposure management? New reports from the Exposure Management Leadership Council, a CISO working group sponsored by Tenable, offer insights.
Key takeawaysIf you’re a CISO and you’re like me, you routinely seek your peers’ perspectives on emerging trends and daily challenges. From securing AI to communicating with the board about cyber risk, it’s crucial to know what’s working and what’s not.
With exposure management gaining significant market momentum, you may be wondering if your peers believe there’s any real substance to it.
The answer is a resounding yes. For proof, check out the perspectives of top security leaders who make up the Exposure Management Leadership Council, a working group dedicated to developing and advancing principles and best practices for exposure management.
The Exposure Management Leadership Council functions as a confidential, vendor-neutral forum where senior leaders can share candid insights and practical strategies for managing enterprise-wide exposure. As the Council’s sponsor, Tenable organizes quarterly meetings (which I facilitate), synthesizes meeting discussions into reports and shares these reports industrywide for the benefit of as many security practitioners as possible.
Because Council meetings operate under the Chatham House Rule to foster trust and openness, we don’t attribute any direct quotes or paraphrased statements to specific Council members.
What are CISOs saying about exposure management?“Exposure management is extremely important for us. We have a very high threat profile and tend to be targeted heavily by advanced persistent threat groups.”
— Member of the Exposure Management Leadership Council
CISOs see exposure management as a solution to the boardroom communication gap“Exposure management can shift the cyber conversation in the boardroom and make it more strategic.”
— Member of the Exposure Management Leadership Council
Council members believe exposure management can improve their ability to answer the following cyber-related questions that their boards of directors truly care about:
Exposure management enables CISOs to shift from reporting on siloed security operations metrics to communicating a clear, unified and business-driven view of an organization’s end-to-end cyber exposure. Council members see the potential for exposure management to help them create a standardized, repeatable and defensible process for measuring and reporting on risk — something akin to a cyber version of the accounting industry’s generally accepted accounting principles (GAAP).
To learn how exposure management can elevate board-level discussions of cyber risk, see the Exposure Management Leadership Council report, “Board Meetings and the Dreaded Cyber Risk Update: A Use Case for Exposure Management.”
How do CISOs distinguish between exposure management and vulnerability management?Prioritizing vulnerabilities and driving accountability for remediation remains a challenge for many CISOs, according to the discussion that took place during the first Council meeting (see the executive summary). They bemoan the inadequacies of relying on CVSS scores alone for prioritization.
While exposure management, by definition, expands the scope of security issues that remediation teams need to address beyond traditional software vulnerabilities, it’s simultaneously designed to unify and enhance risk scoring and prioritization. By taking into account CVSS scores, EPSS data, threat intelligence and business and technical context, exposure management can make it easier for security teams to convince remediation owners to fix the highest-risk exposures — those toxic combinations of vulnerabilities, misconfigurations and excessive permissions that can have significant operational impact when exploited.
The really juicy part of exposure management is that it provides context.
— Member of the Exposure Management Leadership Council
What other use cases for exposure management are CISOs considering?Council members see AI security and controls monitoring as additional use cases for exposure management. They regard AI as both a new attack surface their security teams need to monitor and a powerful threat vector. They’re concerned about data leaks and threat actors leveraging AI to execute more stealthy and pernicious attacks. Consequently, they recognize the need for exposure management programs to address the rapidly expanding AI attack surface.
Similarly, they see exposure management as a potential solution to yet another challenge: monitoring the effectiveness of their security controls. What makes controls monitoring so difficult, they say, is inadequate attack surface management and visibility:
"What good is saying that you’re 95% compliant with your internal cybersecurity controls if that 95% is based on just 10% of known assets?”
— Member of the Exposure Management Leadership Council
More to come from the Exposure Management Leadership CouncilThe Exposure Management Leadership Council will continue to meet quarterly and work toward its long-term goal of establishing principles, best practices, policies and frameworks for exposure management. Stay tuned for future reports and updates as we work together to advance exposure management into a strategic discipline.
Wondering what your peers think of exposure management? New reports from the Exposure Management Leadership Council, a CISO working group sponsored by Tenable, offer insights.
Key takeawaysIf you’re a CISO and you’re like me, you routinely seek your peers’ perspectives on emerging trends and daily challenges. From securing AI to communicating with the board about cyber risk, it’s crucial to know what’s working and what’s not.
With exposure management gaining significant market momentum, you may be wondering if your peers believe there’s any real substance to it.
The answer is a resounding yes. For proof, check out the perspectives of top security leaders who make up the Exposure Management Leadership Council, a working group dedicated to developing and advancing principles and best practices for exposure management.
The Exposure Management Leadership Council functions as a confidential, vendor-neutral forum where senior leaders can share candid insights and practical strategies for managing enterprise-wide exposure. As the Council’s sponsor, Tenable organizes quarterly meetings (which I facilitate), synthesizes meeting discussions into reports and shares these reports industrywide for the benefit of as many security practitioners as possible.
Because Council meetings operate under the Chatham House Rule to foster trust and openness, we don’t attribute any direct quotes or paraphrased statements to specific Council members.
What are CISOs saying about exposure management?“Exposure management is extremely important for us. We have a very high threat profile and tend to be targeted heavily by advanced persistent threat groups.”
— Member of the Exposure Management Leadership Council
CISOs see exposure management as a solution to the boardroom communication gap“Exposure management can shift the cyber conversation in the boardroom and make it more strategic.”
— Member of the Exposure Management Leadership Council
Council members believe exposure management can improve their ability to answer the following cyber-related questions that their boards of directors truly care about:
Exposure management enables CISOs to shift from reporting on siloed security operations metrics to communicating a clear, unified and business-driven view of an organization’s end-to-end cyber exposure. Council members see the potential for exposure management to help them create a standardized, repeatable and defensible process for measuring and reporting on risk — something akin to a cyber version of the accounting industry’s generally accepted accounting principles (GAAP).
To learn how exposure management can elevate board-level discussions of cyber risk, see the Exposure Management Leadership Council report, “Board Meetings and the Dreaded Cyber Risk Update: A Use Case for Exposure Management.”
How do CISOs distinguish between exposure management and vulnerability management?Prioritizing vulnerabilities and driving accountability for remediation remains a challenge for many CISOs, according to the discussion that took place during the first Council meeting (see the executive summary). They bemoan the inadequacies of relying on CVSS scores alone for prioritization.
While exposure management, by definition, expands the scope of security issues that remediation teams need to address beyond traditional software vulnerabilities, it’s simultaneously designed to unify and enhance risk scoring and prioritization. By taking into account CVSS scores, EPSS data, threat intelligence and business and technical context, exposure management can make it easier for security teams to convince remediation owners to fix the highest-risk exposures — those toxic combinations of vulnerabilities, misconfigurations and excessive permissions that can have significant operational impact when exploited.
The really juicy part of exposure management is that it provides context.
— Member of the Exposure Management Leadership Council
What other use cases for exposure management are CISOs considering?Council members see AI security and controls monitoring as additional use cases for exposure management. They regard AI as both a new attack surface their security teams need to monitor and a powerful threat vector. They’re concerned about data leaks and threat actors leveraging AI to execute more stealthy and pernicious attacks. Consequently, they recognize the need for exposure management programs to address the rapidly expanding AI attack surface.
Similarly, they see exposure management as a potential solution to yet another challenge: monitoring the effectiveness of their security controls. What makes controls monitoring so difficult, they say, is inadequate attack surface management and visibility:
"What good is saying that you’re 95% compliant with your internal cybersecurity controls if that 95% is based on just 10% of known assets?”
— Member of the Exposure Management Leadership Council
More to come from the Exposure Management Leadership CouncilThe Exposure Management Leadership Council will continue to meet quarterly and work toward its long-term goal of establishing principles, best practices, policies and frameworks for exposure management. Stay tuned for future reports and updates as we work together to advance exposure management into a strategic discipline.
The post How Top CISOs Approach Exposure Management in the Context of Managing Cyber Risk appeared first on Security Boulevard.
When you use hardened containers with a superior Java runtime, you give your development teams a competitive advantage.
The post Use These Security Best Practices for Hardened Containers and Java appeared first on Azul | Better Java Performance, Superior Java Support.
The post Use These Security Best Practices for Hardened Containers and Java appeared first on Security Boulevard.
EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks. ShinyHunters is very likely relying on members of Scattered Spider and The Com to conduct voice phishing attacks […]
The post New ‘shinysp1d3r’ Ransomware-as-a-Service Targets VMware ESXi in Ongoing Development appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.