Eighty percent of modern attacks are identity-driven. Why would an attacker hack into a system when they can simply use stolen credentials to masquerade as an approved user and log in to the target organization? Once inside, attackers increasingly target Microsoft Active Directory because it holds the proverbial keys to the kingdom, providing broad access to the systems, applications, resources and data that adversaries exploit in their attacks.

With the end of the year fast approaching, many of us are looking forward to a well-deserved break. However, security practitioners and security leaders worldwide are bracing themselves for what has become a peak period for novel and disruptive threats. In 2020, the holiday season was marked by the SUNBURST incident, and in 2021 the world grappled with Log4Shell.

With cyberattacks growing in scale and complexity, it has never been more difficult to figure out where to invest your time and defensive resources. This remains the core challenge of optimizing an effective security organization. A good prioritization approach should be data-driven, and informed by real attacker activity.

Recent advancements in machine learning, the latest on Black Proxies, and the DHS Cyber Safety Board’s plan to review Lapsus$ gang’s hacking tactics.

We are excited to share that Vanta has been named the #1 Leader in G2’s Winter 2023 Grid® Report for Security Compliance. We’ve also been recognized as the #1 Leader in G2’s Cloud Compliance category for the sixth consecutive season, and retained leadership in Vendor Management, Vendor Security and Privacy Assessment, Cloud Security, and IT Asset Management for multiple seasons. Vanta is the leader in a total of 19 G2 categories. ‍ ‍