Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator (even Sherlock depended on Watson from time to time!). For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH). In this post, we’ll look at M-ATH in detail.

In the complex world of Internet security, TLS encryption reigns. The powers behind the throne are the Certificate Authorities (CAs) that play a crucial role in verifying websites' identities and regulating the trust we place in those sites. However, understanding the trustworthiness of the CAs themselves can be challenging.

Cyberattacks are unauthorized attempts to access data and disrupt your organization's computer systems or networks. It’s reported that 49% of organizations have suffered a data breach over the past two years — it’s possibly higher than that. These data breaches can cause financial loss, reputational damage and legal liabilities. So, organizations develop Red and Blue teams to mitigate the risk of cyberattacks.

Third-party vendors are a vital part of your business ecosystem. But if you’re not careful, these companies can introduce cyber risk. The SolarWinds supply chain hack is a notable example of the jeopardy that even the most trusted partnerships can yield. But with so many moving parts, creating a supplier risk management plan – and executing on it – can be a challenging and arduous task. According to Gartner, 60% of organizations work with more than 1,000 third-party vendors.

Accounting firms handle sensitive client data on a daily basis, making them prime targets for cybercrime. According to PwC, accounting firms have a 30% higher risk of cyberattacks than other businesses. Breaches in the industry are among the most expensive, with IBM’s “Cost of a Data Breach 2022” report finding the average breach totaled $5.97 million.

The days of massive server rooms and having every employee all under one roof may seem like they are gone forever, but for a great many organizations the on-premise work environment is still here and unlikely to be pushed out of service any time soon. Let’s start off with a quick reminder on the importance of security an email system. Email remains the number one attack vector favored by threat actors because it involves humans, who can be a weak link in any security system.

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cyberattacks have become increasingly common, with organizations of all types and sizes being targeted. The consequences of a successful cyberattack can be devastating. As a result, cybersecurity has become a top priority for businesses of all sizes.

A few months ago, I had the pleasure of speaking with Jay Bretzmann, research vice president of security products at IDC. We discussed various security topics trending in 2023, including open identity standards, passwordless technologies like passkeys enabled by FIDO 2.0, and identity-first zero trust security strategies. It became clear that we had an opportunity to share these insights by turning our conversations into an Analyst Connection interview.

Efforts to facilitate critical information sharing between multinational coalition partners, including traditional and non-traditional allies, have become more critical in light of recent conflicts. In addition, partner nations need to share and work together on highly classified information at different security classifications and clearances, which poses a challenge to multinational collaboration efforts.

The adoption of cloud native applications has become a necessity for organizations to run their businesses efficiently. As per Gartner, more than 85% of organizations will embrace a cloud-first principle by 2025, which will rely on adopting cloud native applications for complete execution. The massive increase in adoption of cloud native applications has given rise to more security challenges such as container image vulnerabilities, configuration errors and a larger runtime attack surface.