Presented on October 26, 2021

More than 90% of websites use third-party scripts and open source libraries for common functions such as payments, customer reviews, tag management and social media integration. But website owners lack visibility into this Shadow Code – scripts added without approvals or ongoing security validation – to know for certain that their site is safe from cyberattacks, introducing hidden risks into an organization.

Michael Osterman, President, Osterman Research Inc and Kim DeCarlis, CMO, PerimeterX discuss the hidden risk of using third-party scripts. Learn how to secure your modern web applications from supply-side attacks to avoid the risk of a data breach, ensure data privacy and comply with regulations.

The webinar covers:

• Vulnerabilities introduced by third-party scripts in your web applications
• Attack detection methods and challenges
• Visibility into code changes using third-party scripts

Presented on: September 15, 2021

Research highlights hidden vulnerabilities in commonly used commercial off-the-shelf software applications

Commercial off-the-shelf (COTS) software includes prevalent use of third-party and open-source components creating a software supply chain security blind spot. The findings in a recent Osterman Research report present a serious weakness in the software supply chain of many widely used COTS software applications. This webinar will share results of the research report and discuss how organizations can take a more proactive approach to ensuring a stronger enterprise-wide cybersecurity posture.

In this webinar, you will learn:

• Why vulnerabilities in COTS software applications are a cybersecurity threat
• 100% of all analyzed applications with open-source components in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components
• Applications in the meeting and email client categories were the most vulnerable
• Critical vulnerabilities (CVSS 10.0) were found in 85% of these applications
• New ways of analyzing COTS software applications to better reduce your attack surface and potential for compromise

Date: August 24, 2021

On August 4, Osterman Research released a software supply chain study conducted against data collected by GrammaTech’s CodeSentry Software Supply Chain testing product. The study of that data found that 100 percent of commercial applications that use open-source components contain vulnerabilities within their open-source components, and that 85% of the browser, email, file sharing, online meeting and messaging products tested had at least one critical vulnerability with a 10.0 CVSS (Common Vulnerability Scoring System) score, which is the highest possible. 

In this video interview, Michael Sampson, Senior Analyst Osterman Research and author of the report discusses his findings and offers advice on how to avoid some of the pitfalls of open source. 

Sponsored by Anomali, BIO-Key International, MDaemon Technologies, Virsec and VMware Carbon Black

Executive Summary

Yesterday’s leading-edge security innovations are today’s table stakes. As many organizations have ramped up multi-faceted security defenses, threat actors have pivoted to embrace new exploits, new avenues of compromise, and new ways of ensuring a financial payoff from their misdeeds. Criminal or not, adversaries with just as much commitment to wreaking havoc as organizations have to prevent are actively pursuing the next loophole, the next security vulnerability, and the next victim to hold ransom. As security threats change, security defenses need to as well, both reactively to stop current threats, and, more importantly, proactively to get ahead of future security threats.

In this report, we look at the dynamics of the new threat landscape and highlight new security solutions and practices that go beyond the capabilities of conventional solutions.

Request a Copy

How are bad actors exploiting the COVID-19 crisis through the use of innovative techniques and in the sheer volume of the threats they’re sending? What are some new ways that cyber criminals are taking advantage of this crisis? What might we expect to see over the next couple of months and how can we prepare for them?

Join us for this discussion with Stu Sjouwerman, CEO of KnowBe4 as we explore these and other questions about dealing with human security during times of crisis.

Today’s most popular security tools focus on protecting the perimeter—they manage endpoints and patch system vulnerabilities. But cybercriminals are no longer targeting infrastructure – they are targeting humans. It’s the distracted user who clicks on an email attachment, or the eager customer who fills in credentials in a pixel-perfect phishing page who is vulnerable. It’s becoming more and more evident that employees and regulated users need to be at the center of your strategy when building a robust cybersecurity approach in the era of highly sophisticated attacks. So how is that achieved?

Join Proofpoint for a joint presentation with Osterman Research as we deep dive into some of the biggest challenges CISOs face, and why developing a people-centric strategy to security is the most effective way to protect your most valuable assets: your data and your people.

In this session, we’ll share:

• Latest research findings on new methods for solving security attacks such as phishing and business email compromise
• Why cybersecurity transformation is critical for protecting your people against today’s threat actors
• What it means and looks like to have an effective people-centric approach

Register to watch the recording

Sponsored by PerimeterX.

Executive Summary

This new survey of application security professionals underscores the lack of awareness people have about website vulnerabilities in third-party client-side scripts and the unaddressed threats that can result from this blind side.

Industry estimates state that the typical website is comprised of approximately 70 percent third-party code. The survey found that while almost all websites are running at least some third-party client-side scripts, 60 percent of those surveyed estimated the proportion of third-party code to be significantly lower – a dangerous misconception.

Read the whitepaper to learn how you can manage risk from third-party code and better protect your applications.

Request a Copy

Register for your copy – from PerimeterX

Sponsored by Agari, Carbon Black, GoSecure, KnowBe4, MDaemon, Proofpoint, SlashNext, Trend Micro, Trustwave and Zix

Executive Summary

The “network perimeter” today is almost non-existent. Almost all organizations operate a large and growing number of cloud services for mission-critical and non-mission-critical purposes, sometimes just at a departmental level (one source estimates that there are nearly 1,200 cloud services in use in the typical large enterprise and that the vast majority of these are not “enterprise-ready”). Mobile devices – many employee-owned – are regularly used to access corporate data resources and sensitive data assets. These devices typically contain a large number of apps, many of which can be exploited to steal login credentials and other sensitive information. IoT devices are now commonplace and the number of these devices in the workplace is skyrocketing, employees continue to use conventional endpoint devices like desktop and laptop computers, and the “Bring Your Own” trend has expanded from personally-owned and managed devices (BYOD) to personally-owned and managed cloud, mobile and desktop/laptop applications of many types.

In short, the network in most organizations has a dramatically expanded attack surface. There is no longer a defensible perimeter that can fully protect corporate data, and so new approaches, technologies and practices are needed to protect corporate data and finances.

Request a Copy

Sponsored by Carbon Black, Dell, KnowBe4, SlashNext and Zix

Executive Summary

Cybersecurity must be a top-level priority for any organization and for many it is. Security should be viewed holistically and should include a range of elements, including layered, technology-based solutions on-premises and in the cloud; security awareness training to help employees become a more integral part of security defenses; the establishment of common-sense policies and practices that will bolster security defenses; and security education for the board of directors and senior managers to help them understand the critical role they play in enabling a culture of security.

Request a Copy

• Results of a Survey on Archiving and Defensible Deletion Practices (September 2015)
• Archiving, Migration and Compliance in Microsoft Office 365 (July 2015)
• Survey Report on Mobile Archiving (May 2014)
• Best Practices for Email, Web and Social Media Security (January 2014)
• Results of a Survey on Cloud Computing (November 2013)
• Results of a Survey on Microsoft Office 365 (July 2013)
• Security Awareness Training Effectiveness Report (July 2013)
• Managing BYOD in Corporate Environments (June 2013)
• Results of a Survey on Encryption in Mid-Sized and Large Organizations (April 2013)
• Results of a Survey With Email Users (April 2013)
• Results of a Survey on the Use of Email, Social Networking and Other Applications (April 2010)
• Results of a Survey on 2010 Messaging Issues (February 2010)
• Results of an End User Survey on the Use of Communications Tools (September 2009)
• The Importance of Social Networking Tools Relative to Conventional Tools (May 2009)
• Computing Activities in Large and Small Organizations (May 2009)
• The Impact of the Economy on 2009 Spending Plans (January 2009)
• Results of an End User Survey on Communication Issues (October 2008)
• Results of Two End-User Surveys on Email, Attachment and Password Management Issues (June 2008)
• Results of Two End-User Surveys on Messaging and Productivity Issues (April 2008)
• Results of a Survey on Messaging and Application Issues (August 2007)
• A Survey of Email Users (January 2007)

Request a Copy