This paper outlines the discrete layers and levels of a world-class security organisation and programme, and how organisations can take advantage of services from SecureWorks to support their progress toward worldclass status.
This paper takes an in-depth look at the true costs — both short and long term — of a data breach, and provides steps and tips that executive teams and security leaders can use to determine and reduce the true cost of a data breach.
This paper explores why the older “all or nothing” kind of relationship between business organisations and information security services providers (ISSPs) is giving way to a hybrid model that security professionals can leverage to augment their operations and effectiveness.
To ensure that “quasi-insiders” or third parties do not contribute to your enterprise’s attack vector, it’s imperative to develop a third-party governance process to mitigate risk. Read on to find out how.
In this white paper we will discover what the evolving path ahead for security leaders looks like, the importance of communication from top to bottom, focusing on how proactive measures can stop threat actors from derailing businesses, and how building a security architecture that protects the most critical assets will support the overall goals of an organisation.
The included Framework for Inquiry is a non-prescriptive exercise that can help boards and management craft a replicable reporting template for reviewing risk levels, measuring operational effectiveness, and prioritizing initiatives over time.
SecureWorks provides an early warning system for evolving cyber threats, enabling organisations to prevent, detect, rapidly respond to and predict cyber attacks. Combining unparalleled visibility into the global threat landscape and powered by the Counter Threat Platform — our advanced data analytics and insights engine —SecureWorks minimises risk and delivers actionable, intelligence driven security solutions for clients around the world.
Cybercriminals can be goal-driven and patient, and they often have a singular focus, plenty of time and access to vast, modern technical resources. Both organized and forum-based criminals are working constantly to find innovative and efficient ways to steal information and money with the lowest risk to their personal freedom. If we wish to stay “one step ahead” of the threats detailed in this report, awareness of online criminal threats, techniques and markets is our best defense.
Achieving and maintaining a high level of information security requires information security professionals with robust skills as well as organisational, technical and operational capabilities. The gap between intent and ability to be secure is evident in our sample of UK large enterprises. Deficient companies will only close that gap when they acquire the necessary capabilities. Some of these capabilities can be purchased as information security tools or application solutions, but it is more prudent for an organisation to consider acquiring these capabilities through a service arrangement with a dedicated security services partner.
Despite long-standing concerns captured in a myriad of surveys, security in the cloud has progressed to a more practical and achievable level.
The cloud represents a shared security responsibility model whereby that responsibility is split between the Cloud Service Provider and the cloud customer. For organisations moving some or all of their applications and data to the cloud, acceptance of this model clears the way to more thoughtful consideration for how security can and should be architected — from the ground up. As a result, IT and IT Security leaders now have a much clearer trajectory to support their business operations in the cloud in a secure manner.
Finding a strategic partnership with a trusted security expert that can assist you in all the aspects of information security is vital. SecureWorks is a market leader in security that can close the security gap in organisations by evaluating security maturity across an enterprise, help define security strategies and implement and manage security program plans. We are a true strategic partner that can help a CISO embed security at all levels of the organisation.
The SecureWorks Security and Risk Consulting practice provides expertise and analysis to help you enhance your security posture, reduce your risk, facilitate compliance and improve your operational efficiency.
Technical Tests are designed to cover specific services. Each security test has its own objectives and acceptable levels of risk. There is not an individual technique that provides a comprehensive picture of an organisation’s security when executed alone. A qualified third party can work with you to determine what combination of techniques you should use to evaluate your security posture and controls to begin to determine where you may be vulnerable.
GDPR will pose different challenges to each organisation. Understanding and acting on the implications for your own organisation is vital. That means taking a risk-based approach to ensure that you are doing what you need to do to manage your own specific risks to personal information.
While virtually all organisations will have to implement changes to become GDPR compliant, some will be able to take partial advantage of existing compliance to other security mandates and frameworks, such as ISO 27001 and PCI by extending those measures to protection of personal data. Even so, further work will be required to comply with GDPR, both with regards to security and its other aspects.
The SecureWorks Incident Management and Response team
helps organizations of all sizes and across all industries
prepare for, respond to and recover from even the most
complex and large-scale security incidents.
This paper is designed to help you ask tough, dir ect
questions of any incident response services provider to
help you determine the vendor’s capabilities, and if that
vendor represents the best fit based on your organization’s
We highly recommend using the following questions
when evaluating any outside assistance with your incident
Fifty-two percent of security leaders rate their organizations at above average or
superior when it comes to detecting or blocking ransomware before it locks or
encrypts data in their systems.
Yet, 36 percent also say their organizations were victims of ransomware in the past
year. And 57 percent say they are more likely to be a ransomware target in 2017.
Secureworks has been tracking cybercrime activity for more than
10 years and, as we monitor this activity to protect our clients,
we collect a large amount of data on both the criminals and their
infrastructure and systems. This annual report presents an overview
of the cybercrime landscape and trends we observed primarily from
the period of mid-2016 to May 2017, in addition to a handful of other
trends ranging from 2015 to 2016.
Technical Tests are designed to cover specific services. Each
security test has its own objectives and acceptable levels
of risk. There is not an individual technique that provides a
comprehensive picture of an organization’s security when
executed alone. A qualified third party can work with you to
determine what combination of techniques you should use
to evaluate your security posture and controls to begin to
determine where you may be vulnerable.
The SecureWorks® Counter Threat Unit™ (CTU) research team analyzes security threats and helps
organizations protect their systems. During May and June 2017, CTU™ researchers identified lessons
learned and observed notable developments in threat behaviors, the global threat landscape, and
• The global WCry and NotPetya campaigns reinforced the need for a layered approach
• Attacks used obfuscated malicious files and scripts to bypass filtering and deliver malware.
• A Chinese threat group has had repeated success using compromised websites to attack
• Threat actors have been stealing intellectual property from Japanese enterprises.
The General Data Protection Regulation1 is a European Union regulation with the full title of ‘Regulation on the protection of natural persons with regard to the
processing of personal data and on the free movement
of such data, which repeals Directive 95/46/EC (General Data Protection Regulation)’.
It’s the first comprehensive overhaul and replacement of European data protection legislation in over twenty years and could be the most significant regulatory framework
to hit organizations since Sarbanes-Oxley in 2002. Its purpose is to replace the varying implementations across Europe of the earlier EU Data Protection Directive with a single harmonized EU regulation. The intended outcome is a standardized set of expectations about how an organization must manage and protect personally identifiable information on employees, clients and other applicable data subjects.
Any organization that holds data on EU citizens, regardless of where it is domiciled, within the EU or otherwise, is in sco
Read this whitepaper to learn how Dell SecureWorks' multi-phase Penetration testing can help you obtain a true understanding of your security and risk posture so that you can strengthen your defenses and prevent a successful attack.
Read this whitepaper to understand how combining the iSensor Intrusion Prevention appliance with 24x7 monitoring and administration by Dell SecureWorks' certified security experts to deliver exceptional cyber threat protection for your midsize organization.
Read this whitepaper to understand how Dell SecureWorks can help your midsize organization improve security, increase operational efficiency and demonstrate compliance with regulatory requirements, allowing you to focus on the priorities and strategic projects that drive your business.