With NIST recently releasing an updated draft version of the framework, we outline the main proposed changes.

This plays a vital role in helping organisations mitigate cyber risk by shutting down vulnerabilities before they can be exploited maliciously. In this blog article, we outline what PTaaS is and how it can help you advance your cyber resilience.

Cyber security pen testing can vary widely, covering applications, wireless, network services and physical assets. These could include internal and external infrastructure testing, web or mobile application testing, API testing, cloud and network configuration reviews, social engineering and even physical security testing.

This rise in social engineering was seen alongside significant increases in phishing, smishing, vishing, the use of valid accounts and other tactics – adding up to the highest volume of incidents seen in 2023. These, as well as other notable trends from the previous quarter, are discussed in the report, Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage.

To defend against rapidly evolving cyber threats, businesses need to continually adapt and innovate. This means that red and blue teams must work together on an ongoing basis to maximise their individual and collective impact. Purple teaming allows them to achieve this more effectively, significantly advancing organisations’ security posture.

In terms of financial and reputational impact, a data breach is one of the most serious security challenges an organisation can experience. Kroll’s 2021 Data Breach Outlook report states that the pattern of data attacks becoming broader and deeper during the pandemic has continued, even during the recovery phase. With the volume of data breaches continuing to increase, it is essential that organisations take steps to prepare their incident response before they are affected by a breach.

The Kroll Detection and Response Maturity Model analyses 1,000+ security programs from organisations around the world to identify their actual maturity, the ROI of mature programs and what security leaders can do to elevate their detection and response capabilities. The report leverages data uncovered in our The State of Cyber Defense 2023: The False-Positive of Trust, which looked at responses from 1,000 global security decision-makers.

Cloud SIEM solutions can help to address these challenges, but successful deployment, management and monitoring of cloud SIEM can present its own challenges. In this blog post, we outline key approaches and tips to help maximise the performance of your cloud SIEM platform.

The 2023 KuppingerCole Leadership Compass Report: Managed Detection & Response Services provides an overview of the market for MDR services that manage a collection of cybersecurity technologies to provide advanced cyber threat detection and response capabilities. In the report, Kroll was identified as a leading MDR provider, alongside just seven other MDR vendors selected from the across the whole MDR market.

CREST accreditation is a good place to start – a ‘stamp of approval’ for a high-quality penetration test, but what differentiates a CREST penetration test from other assessments? Read on to find out.