Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The PCI Security Standards Council requires all payment processors and merchants to move to TLS 1.2 and above. Organizations that don’t follow this standard do not meet PCI DSS.

Cyber risk regulations like NIS2 and DORA in the EU, or PS21/3 in the UK, signal a seismic shift toward strengthening cyber resilience and enforcing accountability. Championing regulations is not just a matter of checking compliance boxes: it’s an opportunity to become a business leader. To enable growth and protect revenue.

Over the last few weeks I have been catching up with a number of my cybersecurity contacts, primarily engaging with them for new content on our increasingly popular Razorwire podcast. During these conversations, as tends to happen during at this time of year, one of the things I have discussed with these professionals is what are (in their view) some key cybersecurity trends for 2024?

Today we’re excited to share several milestones as we continue on our mission to secure the internet and protect consumer data. ‍ ‍ ‍ ‍ And we’re just getting started. ‍ As we continue to reimagine GRC tools for the future of trust, we’ve built enterprise-ready features and rolled out additional Vanta AI capabilities along with support for the NIST AI Risk Management Framework. ‍ ‍

Conducting regular user access reviews is an effective way to make sure your organization is securing access to critical systems and third-party vendors. Frameworks like SOC 2 and ISO 27001 even require proof of regular access reviews to demonstrate compliance. ‍ Without automation, access reviews are tedious and time-consuming, requiring IT and security teams to manually record user access information in a spreadsheet and take countless screenshots of access permissions screens. ‍

The pace and complexity of AI technologies is increasing every day. In this rapidly changing environment, it’s critical for companies to adopt a rigorous approach to safely and responsibly incorporating AI into their products and processes. ‍ That’s why we’re excited to announce that the NIST AI Risk Management Framework (RMF) is now available in beta.

Zloader returns from hiatus, VexTrio brokers malware for over 60 affiliates, and Kasseika ransomware launches BYOVD attacks.

This month's release roll-up for product updates and enhancements includes AI-driven Document Summaries and Q&A - ‘Ask’ Tab, Advanced Watermarking, and Share File and Folder Links. Below is a summary of these and other new releases. Visit the articles linked below for more details.

Security teams are busier than ever, so it’s no surprise that practitioners are using podcasts to keep up to date with cybersecurity news, ideas, and tools. The data backs this one up - according to the 2023 Voice of the SOC report, 83% of security professionals listen to at least one security podcast. So which podcasts are practitioners listening to? Our report, which surveyed 900 security professionals in the US and Europe, identifies 9 frontrunners.

Managed security services are growing across all regions. Companies are placing greater emphasis on cybersecurity and traditional MSPs have added these services to their offerings to meet this need.