The new MITRE ATT&CK Evaluations offer free access to high quality, comparative data on EDR product detection capabilities against APTs on an unprecedented scale. Those that need to – and know how to – can make good use of this data.
The new open standard STIX and TAXII 2.1 releases have been approved by OASIS. A new self-certification program should help drive adoption and enable SOC teams to arrive at faster time to detection and time to mitigation.
Orange Polska has released Mixeway, an open source CI/CD security orchestration tool. It needs a lot more work but the GUI and aspiration to correlate vulnerability testing across security tools make it worth taking a look at.
Some telcos are investing in deception technology. According to Attivo Networks, one telco customer found enough unauthorized and malicious behaviour by employees to warrant firing them on the spot. There are telecom infrastructure use cases too.