Clik here to view.
How Do You Validate Security/Risk?
The Five Steps of CTEM, Part 4 Welcome to the fourth installment of our five-part journey through Continuous Threat Exposure Management (CTEM). In 2022, Gartner unveiled the CTEM framework to support...
View ArticleClik here to view.
Solution Brief- XM Cyber for SAP
Identify and Remediate Exposures that Enable SAP Specific Attacks Empowering organizations to proactively defend against SAP-specific attacks, XM Cyber’s exposure management solution provides...
View ArticleDefending Your SAP Castle: Best Practices for Protecting Against Attack...
Join XM Cyber as we introduce our Continuous Exposure Management platform and its SAP attack technique defenses as part of an enterprise-wide Exposure Management strategy. The post Defending Your SAP...
View ArticleSAP Runs Your Business; Make Defending it Part of Your Exposure Management...
Lots of organizations across the globe use SAP to manage business operations and customer relations. Wait, did I say lots? I meant nearly ALL – like 99 of the 100 top Fortune 100 companies are...
View ArticleClik here to view.
Attack Techniques in Okta – Part 3 – From Okta to AWS Environments
Welcome to Part 3 of Okta Attack Techniques! In this article, we will cover how an attacker or any malicious actor can abuse three different Okta AWS applications to gain access to the AWS...
View Article11 Best Practices to Ensure Your Kubernetes Clusters are Secure
The use of Kubernetes by development teams has exploded over the last few years – but as critical as it is for the management of applications, it opens lots of new security issues that can be exploited...
View ArticleClik here to view.
CVE-2024-6387 – OpenSSH regreSSHion RCE
Overview On Monday, July 1st, researchers from OpenSSH released a security update for a newly identified vulnerability which is being tracked as CVE-2024-6387, and has a CVSS score of 8.1. It has been...
View ArticleA CISO’s Guide to Reporting Risk to The Board
If the thought of reporting to your Board makes you more than a bit nervous, don’t worry you’re in good company. But what if reporting to the Board didn’t have to be intimidating? What if you had all...
View ArticleHow Attackers (Really) Advance: Unveiling 11 Real-Life Stories
Attackers are constantly on the hunt for the quickest and easiest paths to your critical assets, using a combination of exposures such as CVEs, credentials and misconfigurations to navigate their way...
View Article3 Ways to Bridge the Cybersecurity Skills Gap
3 Ways to Bridge the Cybersecurity Skills Gap By 2025, thanks to the millions of unfilled cybersecurity positions, cybercrime damages are projected to reach $10.5 trillion. As it turns out, despite...
View ArticleThe Five Steps of CTEM, Part 5: Mobilization
How to Accomplish Frictionless Remediation Welcome to the fifth and final chapter of our five-part journey through Continuous Threat Exposure Management (CTEM). In 2022, Gartner introduced the CTEM...
View ArticleWhat is Automated Security Validation?
What is Automated Security Validation? Automated Security Validation (ASV) is the process of automatically verifying the effectiveness of your security procedures and controls in preventing...
View ArticleFrost & Sullivan names XM Cyber the Leader in the Expanding Automated...
In this report, Frost & Sullivan researched the market to assess the strategic impact to organizations that deploy ASV solutions. In addition, the top players in the market are analyzed on two...
View ArticleXM Cyber Takes Top Spot in Frost & Sullivan’s Automated Security Validation...
Or, Symbiotic Security – A Tale of Why Automated Security Validation and Continuous Threat Exposure Management Need Each Other If you’re looking for the latest analyst guidance into Automated Security...
View ArticleAnalyst Insight – Frost & Sullivan Radar for Automated Security Validation
Staying ahead of threats is a challenge for all security teams. Automated Security Validation (ASV) gives teams the adversary’s perspective of exposures and helps prioritize high-impact exposures to...
View ArticleWhat is Digital Risk Protection?
What is Digital Risk Protection? Digital Risk Protection (DRP) is how organizations protect their digital assets and brand from external threats. It’s a proactive and comprehensive approach to...
View ArticleWhat is Ransomware Readiness Assessment?
What is a Ransomware Readiness Assessment? Ransomware is a growing and potentially devastating threat to organizations. The consequences of ransomware attack range from inconvenience to huge expense...
View ArticleWhat are Known Exploited Vulnerabilities?
What are Known Exploited Vulnerabilities? Known Exploited Vulnerabilities (KEVs) are weaknesses in software, hardware, applications, or systems that are being actively exploited by attackers. KEVs...
View ArticleIt’s Time to Rethink the 30/60/90-Day Approach to Vulnerability Management
Over the years, the value that organizations derive from the classic approach to fixing vulnerabilities has diminished. Once a staple of vulnerability management policies, the 30/60/90 day approach...
View ArticleCVE-2024-23897 – Jenkins RCE Exploited in Ransomware Attacks
Introduction On August 19th, CISA added a new vulnerability to its catalog of Known Exploited Vulnerabilities (KEV). Being tracked as CVE-2024-23897 with a 9.8 CVSS score, this vulnerability can be...
View Article