
6 things to do before you bring in a red team
Red team engagements are essential to helping your SOC analysts stay battle ready. But before screaming, “CHARGE,” here are six things you should do to prepare for taking on a red team.

Election security: Why to care and what to do about it
Whether you work in security or are an informed voter (or both!), the security of our election ecosystem is everybody’s business. Here are the challenges our system faces and what we can do about them.

NIST CSF: A new interactive tool to track your progress
There’s lots to like about the NIST CSF. Here are our practical tips for how to use it, plus a preview of a new NIST feature we introduced in Expel Workbench™.

Exabeam: an incident investigator’s cheat code
We love EDR tools too, but here are our best tips and tricks for combining EDR data with other (equally) important security signals.

How to get started with the NIST Privacy Framework
What’s this new framework and how should you use it? Our CISO’s got all the details plus a FREE downloadable self-scoring tool to help you assess where your org’s at when it comes to privacy.

Why the cloud is probably more secure than your on-prem environment
Is your data really safer in the server room next door? Probably not. Here are five reasons why the cloud offers better security than your on-prem environment.

7 habits of highly effective SOCs
Wondering what it takes to build an effective SOC full of motivated, happy analysts? We’ve got some thoughts on that.

Applying the NIST CSF to U.S. election security
NIST isn’t only useful for corporations -- it’s helpful for guiding security activities around processes like our national elections. Our CISO’s got some thoughts on exactly how to apply NIST to election security.

5 tips for writing a cybersecurity policy that doesn’t suck
All good cybersecurity policies share some similar traits. Here are our pro tips for creating a solid policy for your own org.

Five things law firms can do now to improve their security for tomorrow
Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.

Our journey to JupyterHub and beyond
If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.

3 must-dos when you’re starting a threat hunting program
So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.

The top five pitfalls to avoid when implementing SOAR
SOAR isn’t really about “orchestration and response.” It’s an engineering problem at its core. Here’s why.

This is how you should be thinking about cloud security
Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.

Don’t blow it — 5 ways to make the most of the chance to revamp your security posture
If you’ve got a blank canvas with the opportunity to build a security program from scratch, here’s how to get started and make the most of your new program

NIST’s new framework: Riding the wave of re-imagining privacy
The NIST Privacy Framework will revolutionize how we think about privacy. Here’s how your org might use it.

Four habits of highly effective security teams
Practice these habits consistently and you’ll have an engaged, talented and all-around awesome security team.

How to get your security tool chest in order when you’re growing like crazy
Need to expand your security tool chest? Our CISO’s got some tips to consider when thinking about what tech to keep or buy.

Four common infosec legal risks and how to mitigate them
There are four missteps we see happen often that open fast-growing companies up to unnecessary legal risks -- here’s how to course correct.

Dear fellow CEO: do these seven things to improve your org’s security posture
Need to get the security train back on the tracks? Our CEO’s got some pro tips on improving your org’s security ASAP.

How public-private partnerships can support election security
Election security measures (or lack thereof) are making headlines. How can private sector orgs contribute to public sector security? Our CISO Bruce Potter’s got some ideas.

12 revealing questions to ask when evaluating an MSSP or MDR vendor
We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.

How to start a cybersecurity program (or restart one that lapsed)
If you're left holding the hot potato of a legacy lackluster security program, or are suddenly forced to protect your org and its data with less, here are a few quick steps to take to get cybersecurity efforts back on track.

Three tips for getting started with cloud application security
If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

Reaching (all the way to) your NIST 800-171 compliance goals
Close common compliance gaps, without building a SOC, for NIST 800-171 security requirements. And a bit about how we can help.

How to get the most out of your upcoming SOC tour: making your provider uncomfortable
Seven smart ways to prepare for a tour of a security operations center (SOC) and five clues to watch out for during your visit.

Getting a grip on your cloud security strategy
Understanding how to think about cloud security differently is half the battle. We've thought a lot about it, and we’ve identified three key points that should inform your cloud strategy.

A common sense approach for assessing third-party risk
Let us walk you through our third-party assessment process. We think it's lightweight but still achieves the objective - determining if a vendor can be trusted.

What’s new in the NIST Cybersecurity Framework (CSF) v1.1
In case doing a “stare-and-compare” of the original and updated frameworks isn’t your idea of fun, I’ve highlighted three important changes here.

How to get started with the NIST Cybersecurity Framework (CSF)
We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

How much does it cost to build a 24x7 SOC?
Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.

Decoded: new changes to NIST’s Cybersecurity Framework
NIST has polished up their Cybersecurity Framework based on thousands of organizations implementing it over the past three years. Our CISO, Bruce Potter, highlights three of the most significant (and practical) changes.

Budget planning: determining your security spend
Guidance and a short list of things you can do to help you answer the common question "how much should I spend on cybersecurity?"

A cheat sheet for managing your next security incident
Tactical advice on how to survive a security incident when you don’t have an incident response plan.