Presented on August 17, 2022

Watch this webinar to hear from Osterman Research who conducted the benchmarking study and the architect of the Ermetic maturity model as they discuss the significance of the key findings and explain how you can use the model and the benchmark to improve your own cloud security maturity.

Among the findings they will explore are:

• Demonstrable ROI: 42% of companies investing more than 50 hours per week on cloud security are achieving the highest levels of maturity (Levels 3 and 4)
• Bigger not better: Only 7% of companies with more than 10,000 employees were at level three or four in terms of maturity, compared with 18% for companies with between 2,500 and 9,999 employees, and 24% for companies with 500 to 2,499 employees
• Shared blindspot: 81% of organizations lack full visibility into all resources that are directly accessible from the Internet

Register and watch the webinar

Read the report: State of Cloud Security Maturity 2022

Presented on November 18, 2021

Data exfiltration is a significant threat to organizations and is implicated in many types of cybersecurity incidents. For example, ransomware gangs use both encryption that causes operational disruption for the victim and the threat of exposing exfiltrated data if the ransom demand is not paid. Preventing data exfiltration remains a weakness for many organizations, despite having a complex set of cybersecurity tools already, including data loss prevention (DLP) solutions. A new approach is needed to stop the threat and consequential damage of data exfiltration.

In this webinar Dr Darren Williams, Founder and CEO of BlackFog is joined by Michael Sampson, Senior Analyst at Osterman Research to discuss a recent survey on data exfiltration and to introduce the category of Anti Data Exfiltration (ADX) cybersecurity solutions.

Join this session to learn more about ADX and how it provides a new approach in the ongoing fight against cyberattacks.

Presented on October 26, 2021

More than 90% of websites use third-party scripts and open source libraries for common functions such as payments, customer reviews, tag management and social media integration. But website owners lack visibility into this Shadow Code – scripts added without approvals or ongoing security validation – to know for certain that their site is safe from cyberattacks, introducing hidden risks into an organization.

Michael Osterman, President, Osterman Research Inc and Kim DeCarlis, CMO, PerimeterX discuss the hidden risk of using third-party scripts. Learn how to secure your modern web applications from supply-side attacks to avoid the risk of a data breach, ensure data privacy and comply with regulations.

The webinar covers:

• Vulnerabilities introduced by third-party scripts in your web applications
• Attack detection methods and challenges
• Visibility into code changes using third-party scripts

Presented on: October 15, 2021

Endpoints enable productive work and connect employees to the organization’s intellectual property. Endpoints are also a risk and threat vector.

Michael Sampson from Osterman Research and Ed Gavin from Micro Focus offer a candid conversation on the organizations rejecting the implementation of a strong backup approach for endpoints and instead preferring to sync only some data with OneDrive.

In this session you will learn:

• Why OneDrive is not enough to reduce risk or organizational threats
• What the current organizational threats are: insider threats, the risk of lost and stolen devices, and ransomware incidents (among others) that continue to threaten the integrity of endpoints
• How the core drivers for endpoint backup are ones that benefit the organization: data retention, disaster recovery, legal hold and eDiscovery, and counteracting insider threats, among others
• How hidden productivity loss and help desk costs are realized every time devices are compromised, lost, or stolen

Date: June 24, 2021

Microsoft Teams adoption has skyrocketed with over 145 million daily users in April 2021. While the platform has enhanced the way employees communicate, it comes with a host of new concerns for how to manage this data for compliance, privacy, and eDiscovery. In the last year, over 75% of enterprises have required access to the information created and shared on the platform for compliance audits, eDiscovery, or internal investigations—Are you confident you are governing this data compliantly?

Join experts from ZL Tech and Osterman Research as they discuss how to address the biggest governance and compliance concerns that come with Microsoft Teams adoption.

Register to watch the recording

In this webinar, Michael Sampson, senior analyst at Osterman Research, covers the survey results about how private chats, edited and deleted messages, screen sharing, use of SharePoint files, and other capabilities of Microsoft Teams challenge compliance archiving, capture, security, and data loss protection mandates of heavily regulated organizations.

The 45-minute conversation is between Michael Sampson (Osterman Research), Devin Redmond (Theta Lake), and Marc Gilman (Theta Lake).

Register to watch at BrightTalk

Published October 2020

Executive summary

In the face of a relentless increase in the number and sophistication of cyber-attacks, organizations need to strengthen their security defenses, improve their overall readiness to ward off new and emerging attacks, and have the ability to recover (and learn) from attacks and incidents that get through current protections. Cybersecurity professionals are essential to the defense of organizations, but the bad news is that skilled professionals are in short supply. Nearly three out of five of the cybersecurity professionals we surveyed for this white paper consider the shortage to be either “serious” or “very bad”.

Organizations across the world have unfilled cybersecurity vacancies, and the cybersecurity professionals already on staff are pushed to their limits. Something must change to address the staff shortages that are limiting organizations’ ability to erect and maintain strong defenses. In this paper, we examine the cybersecurity skills shortage and advocate the use of advanced security services and technologies that more effectively leverage the time of current professionals.

Request a Copy

Sponsored by Anomali, BIO-Key International, MDaemon Technologies, Virsec and VMware Carbon Black

Executive Summary

Yesterday’s leading-edge security innovations are today’s table stakes. As many organizations have ramped up multi-faceted security defenses, threat actors have pivoted to embrace new exploits, new avenues of compromise, and new ways of ensuring a financial payoff from their misdeeds. Criminal or not, adversaries with just as much commitment to wreaking havoc as organizations have to prevent are actively pursuing the next loophole, the next security vulnerability, and the next victim to hold ransom. As security threats change, security defenses need to as well, both reactively to stop current threats, and, more importantly, proactively to get ahead of future security threats.

In this report, we look at the dynamics of the new threat landscape and highlight new security solutions and practices that go beyond the capabilities of conventional solutions.

Request a Copy

Commissioned by Cyren

Executive Summary

Contextual threat intelligence is an effective force multiplier that enables security teams to make better, faster, and more accurate decisions.

The fundamental nature of cybersecurity represents a continuous battle between bad actors, some of which are highly sophisticated and well-funded; and those who must defend networks, users, and data sources against their attacks.

Threat intelligence can help to enable security analysts, threat researchers and others to deal more effectively with cybercriminals by providing the information to better understand current and past attacks, and it can give them the ability to predict and thwart future attacks.

Request a Copy

Register to request your copy

Sponsored by Micro Focus – Voltage and VMware Carbon Black

Executive Summary

No decision-maker wants to be profiled in major media as being asleep at the wheel while a massive data breach, ransomware attack, or malicious insider incident unfolds at their organization. Careers rise and fall on a decision-maker’s ability to deftly guide an organization through the stormy seas of cyber threats, vulnerabilities, and security incidents, as does the reputation of the organization itself. Protecting data to ensure appropriate usage and avoid unauthorized or inappropriate usage is a major task for decision-makers with responsibility for protecting the integrity of corporate data assets.

Request a Copy