Source: www.techrepublic.com – Author: Megan Crouse Security researchers in Adobe’s bug bounty program can now pick up rewards for finding vulnerabilities in Adobe Firefly and Content Credentials. The bug hunt will be open to members of Adobe’s private bug bounty program starting May 1. Members of Adobe’s public bug bounty program will be eligible to […]

La entrada Adobe Adds Firefly and Content Credentials to Bug Bounty Program – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

OMB’s memo M-24-10 (5c. Minimum Practices for Safety-Impacting and Rights-Impacting Artificial Intelligence) is prescriptive (and timebound): No later than December 1, 2024 and on an ongoing basis while using new or existing covered safety-impacting or rights-impacting AI, agencies must ensure these practices are followed for the AI: D. Conduct ongoing monitoring. In addition to pre-deployment […]

The post Managing Generative AI Risk and Meeting M-24-10 Mandates on Monitoring & Evaluation appeared first on Security Boulevard.

North American software developers have reasonable confidence that generative AI can be a tool to improve the security of the software they're building. In other regions? Not so much.

The post North American Developers Optimistic About Generative AI and Code Security appeared first on Security Boulevard.

The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers (CISOs) to improve data protection, compliance, and operational efficiencies, thereby strengthening customer trust. Despite this, a layered defense model is still necessary […]

The post The CISO’s Top Priority: Elevating Data-Centric Security appeared first on Blog.

The post The CISO’s Top Priority: Elevating Data-Centric Security appeared first on Security Boulevard.

Overview The release of the National Institute of Standards and Technology (NIST)’s AI Risk Management Framework (AI RMF) helped put a framework around how testing would enable organizations to manage and mitigate AI risks. While testing is predominantly considered a core part of model development, the NIST AI RMF emphasizes the importance of continuous testing […]

The post Test & Evaluation Techniques for Meeting M-24-10 Mandates to Manage Generative AI Risk appeared first on Security Boulevard.

By Nathan Wenzler, Chief Security Strategist, Tenable India is ranked third globally among nations facing the most severe cyber threats, as per the World Economic Forum. However, despite this alarming statistic, there exists a significant disparity between the escalating volume of threats and the resources allocated to combat them. The cybersecurity sector is grappling with a colossal skills deficit, with a shortage of 4 million professionals worldwide. Even seasoned cybersecurity experts find it daunting to navigate and decipher the increasingly intricate landscape of modern cyber threats across the ever-widening attack surface due to limited resources.

Role of Generative AI in Enhancing Cybersecurity Strategy

In response to this challenge, organizations are turning towards generative AI to bridge the expertise gap and enhance their resilience against risks. A survey reveals that 44% of IT and cyber leaders express high levels of confidence in the capacity of generative AI to enhance their organization’s cybersecurity strategy. Security teams are increasingly consumed by the arduous task of scrutinizing various attack vectors in their systems and analyzing the tactics, techniques, and procedures employed by potential threat actors. Often, they find themselves reacting to cyberattacks post-incident, rather than proactively thwarting them—a strategy far from ideal for robust cybersecurity. Organizations in India must shift towards a proactive stance, actively pursuing and understanding threats to establish a robust line of defense. The expanding attack surface, coupled with the rapid adoption of cloud services, virtualization platforms, microservices, applications, and code libraries has added immense complexity to the security landscape. Organizations now must contend with vulnerabilities, cloud misconfigurations, and risks associated with identity access, groups, and permissions. Conventional attack path analysis tools offer insights into threat actor entry points, which assets are key targets, and what threats may exist but this can demand painstaking manual effort to decipher implications step-by-step. While attackers require just one entry point to infiltrate and laterally move within a system, defenders face the formidable task of analyzing the entire threat landscape all at once, identifying all potential attack paths, and implementing security measures in the places that can mitigate the most risk, especially when operating with limited staff.

Empowering Security Teams with Generative AI

Generative AI emerges as a potent solution to these challenges, empowering security teams by providing them with the perspective of attackers to map out potential threats and prioritize mitigation strategies based on criticality. By consolidating data from disparate sources, generative AI offers an easier way to understand the complexity of the attack surface, enabling organizations to more quickly assess exposures, prioritize actions, and visualize relationships across the entire attack surface. This means security teams can make risk decisions more quickly, leaving less time for an attacker to take advantage of an exposed asset and begin their assault on the organization. Generative AI-powered attack path analysis amalgamates and distills insights from vulnerability management, cloud security, web application, and identity exposures, enabling organizations to comprehend their risk from the perspective of an attacker. This facilitates informed and targeted cyber defense strategies, allowing organizations to anticipate threats and fortify their defenses accordingly. Through succinct summaries and mitigation guidelines, generative AI equips security teams with a quicker and more efficient view of actionable insights, sparing them the tedious task of manually researching what the threats are and what the correct security controls should be, whether that’s identifying specific patches or version numbers or understanding how to correct unauthorized user access. Even team members with varying levels of expertise can draw actionable conclusions from generative AI, simplifying complex cyberattack paths and enabling effective threat mitigation. In summary, generative AI supports a more comprehensive and proactive approach to cybersecurity, empowering organizations to understand and address potential threats quickly. By breaking free from the constraints of siloed security data, organizations can develop strategies to predict, prevent, and mitigate cyber risks effectively and faster than ever before. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

Startup Knostic emerges from stealth mode with $3.3 million in funding and a gen-AI access control product for enterprises.

The post Knostic Emerges From Stealth With Enterprise Gen-AI Access Controls appeared first on SecurityWeek.