Attribution in cyberspace: Beyond the “whodunnit”

whitePaper | December 12, 2019

Most of the Small to medium-sized companies are unaware about the ways in which they’re vulnerable. More than 45% mistakenly believe they’re not a viable victim. They are just too small a target in comparison to larger organizations and tend to have a blind eye towards the cyber threats they face, which is in sharp contrast to what attackers think.

whitePaper | December 30, 2022

At Adobe®, we take the security of your digital experience and assets seriously. Security practices are integrated into our internal software development processes, operations, and tools. Our cross-functional incident response teams are proactive and nimble in preventing, detecting, and responding to incidents. Furthermore, our collaborative work with partners, leading researchers, and other industry organizations helps us stay updated with the latest threats, vulnerabilities, and security best practices; thereby enabling us to continually build security into the products and services we offer and regularly incorporate advanced security techniques into our product and service offerings.

whitePaper | February 9, 2023

This white paper examines the technology and design principles behind Darktrace's Cyber AI Analyst, a groundbreaking innovation that automates threat investigations at speed and scale.

whitePaper | June 6, 2023

API Security: Best Practices for Vulnerability Mitigation provides a hands-on approach to mitigate security vulnerabilities in APIs. The paper emphasizes the importance of implementing security measures that protect the API and underlying infrastructure. The paper identifies various security vulnerabilities that can arise in APIs and provides detailed guidelines for securing them. These guidelines cover authentication, authorization, input validation, output encoding, error handling, logging, and auditing.

whitePaper | March 14, 2023

Targeted intrusions for gaining long-term access and collecting data about industrial control systems (ICS) are becoming much more frequent. Many of these attacks are about understanding the network and preparing for future activities without causing any immediate impact. The most recent Dragos Year in Review6 report shows that the ransomware groups Lockbit 2.0 and Conti were responsible for more than half of the observed ransomware attacks in industrial environments in 2021, and that these instances resulted in actions on objectives. These attacks have been observed in almost every industrial vertical, primarily targeting small to medium-sized organizations in manufacturing.

whitePaper | November 9, 2022

The CISA Stakeholder-Specific Vulnerability Categorization (SSVC) is a customized decision tree model that assists in prioritizing vulnerability response for the United States government (USG), state, local, tribal, and territorial (SLTT) governments; and critical infrastructure (CI) entities. This document serves as a guide for evaluating vulnerabilities using the CISA SSVC decision tree. The goal of SSVC is to assist in prioritizing the remediation of a vulnerability basedon the impact exploitation would have to the particular organization(s).