I have worked as a security leader since the early commercial days of the internet, where the CISO role only existed in some areas of financial services. Participating in the growth and maturity of security as a business function has been an amazing journey. I have learned a lot of lessons on my own, through my personal experiences, or via my peers. One thing I was not able to do was learn from experienced CISOs that have time and distance to reflect on how to best be successful as a CISO.

Black Hat USA 2023 showcased advancements in cybersecurity and provided a platform for cutting-edge research. This blog recaps highlights from the event, exploring major trends and examining how they may shape the field in the coming months and years.

In 1991, a weather system formed off the east coast of the United States with a cold front that created a low pressure ridge to the east of Nova Scotia. At the same time, a high-pressure system extending out from the Appalachian Mountains forced the ridge first southeast and then to the west, where it encountered the remnants of Hurricane Grace, which it promptly absorbed and swelled in size as it did so.

Security vendors and partners come together to contribute to Semantic Conventions.

The Securities and Exchange Commission (SEC) adopted new rules last week that require companies listed on the US Stock Exchange to disclose any material cybersecurity incidents. In addition to reporting incidents, companies are also required to describe their approach to cybersecurity risk management, strategy, and governance on an annual basis.

The new advanced detection analytics package to detect lateral movement Lateral movement is a dangerous threat in the landscape of highly integrated technologies. If attackers gain access to an endpoint, it’s critical for security teams to identify any and all movements they make. To combat this threat, Elastic Security is excited to announce a new lateral movement detection package that makes use of advanced analytics.

First things first, ChatGPT is awesome! It can help you work more efficiently — from summarizing a 10,000-word document to providing a list of differentiations between competing products, as well as many other tasks.

While perhaps new to AI researchers, supply chain attacks are nothing new to the world of cybersecurity. For those in the know, it has been best practice to verify the source and authenticity of downloads, package repositories, and containers. But human nature usually wins. As developers, our desire to move quickly to improve ease of use for users and customers can cause us to delay efforts to validate the software supply chain until we are forced to by our peers in compliance or security organizations.

In the aftermath of supply chain breaches against SolarWinds and Codecov, organizations are focused on protecting their software from malicious tampering and compromise. Addressing the complexity of software development and potential security exposures has been top of mind. The complexity goes beyond traditional application security as the software supply chain encompasses and spans across different services, organizations, roles, and responsibilities.

Elastic 8.9 introduces the generative AI sidekick, enhanced rule tuning, new lateral detection capabilities, and more! These new features provide security practitioners with advanced detection and analytics, easy to access information, more ways to customize your security investigations, and additional deployment options.