Security and threat intelligence reports

Vendor released security intelligence reports are a double-edged sword; on one hand they are (usually) provided at no cost, on the other hand they tend to have a reputation to carry a bias towards the business focus of the vendor releasing the report. Personally i think many of the reports are of considerable quality and as long as the reader applies some common sense the information in those reports is of great value to anyone who tries to be proactive about his job/passion. With Verizon’s DBIR and Microsoft’s SIR released the two big hitters are now available and, at least in case of the DBIR, are heavily discussed in the media and among security professionals. Both of these two reports should definitively find their way on your reading list but there are also several other very read-worthy releases from other vendors. Besides providing additional data helping to cross reference findings between reports, reading more than one report can help to crystallize or dismiss trends and lead to a better picture about your (potential) exposure. Below is a short list of noteworthy reports released in the last few weeks;

2011 Verizon Data Breach Investigations Report

Microsoft Security Intelligence Report 2011

2011 Blue Coat Web Security Report

Symantec Internet Security Threat Report (ISTR), Volume 16

Sophos Security Threat Report: 2011

Trustwave’s 2011 Global Security Report

HP/Tippingpoint Cyber Security Risks Report

Arbor Networks Network Infrastructure Security Report

Cisco 2010 Annual Security Report


The list is obviously not an exhaustive compendium but it should give a few starting points.