As 2019 draws to a close and we reflect on our accomplishments and determine how we can improve in the year ahead, it’s become a year-end tradition for us (and extremely valuable) to look back and share the major application security lessons we’ve learned individually as a team.
Taking stock of the changing threat landscape is essential to protect organizations and plan for the future. And from our vantage point, application security should be part of every organization’s cybersecurity strategy as we become increasingly digital.
To that end, I’d like to share our team’s list of favorite security research reports and findings. Afterall, knowledge is power and will be even more important in 2020. These top whitepapers from 2019 can provide essential guidance and top tips for organizations going into the New Year:
- The NTT Security 2019 Global Threat Intelligence Report gives a strong framework to understand and address today’s global cyber threat landscape. Highlights of the report include insights on governance, compliance and risk management, as well as findings on key security challenges in coin mining, web-based attacks and credential theft.
- Exabeam’s State of the SOC report offers insights on how CISO, CIO, management, and analysts view key aspects of SOC operations, hiring and staffing, retention, processes, technologies, training, and funding. The report also shares best practices for running an efficient and effective SOC.
- Now Secure’s report on The State of Secure Mobile and Web App Development shares insights from IT practitioners about their DevSecOps and application security testing practices. The report delves into the most common DevSecOps adoption patterns, obstacles of automating appsec testing, and vulnerability remediation patterns.
- The 2019 WhiteHat Application Security Statistics report looks at our underlying application security data to derive conclusions, identify trends and highlight what’s working and what’s not when it comes to DevSecOps and secure application delivery.
- CrowdStrike’s Global Threat Report highlights the most significant events and trends in the past year. It combines comprehensive global observations with real-world case studies for deep insights on modern adversaries and their tactics, techniques, and procedures.
While you may not be able to squeeze anything else into your schedule these last few weeks of 2019, hopefully you’ll at least find some downtime to read our favorite reports. As we enter the next decade, you can hit the ground running with the latest security findings to protect your organization and stay abreast of where the industry is headed.