search menu icon-carat-right cmu-wordmark

SEI Blog

The Latest Research in Software Engineering, Cybersecurity, and AI Engineering

Latest Posts

Network Segmentation: Concepts and Practices

Network Segmentation: Concepts and Practices

• SEI Blog
Dan Kambic

This post was co-authored by Jason Fricke. Imagine a home with only a single large space containing all of your important things, arranged for your convenience. Now imagine someone breaking into it. How safe are your important things? Many organizations implement their networks the same way. By seeking easy and uncomplicated network management--or simply because they don't know better--many organizations can end up with hundreds or thousands of systems connected in a single, massive network....

Read More
Three Places to Start in Defending Against Ransomware

Three Places to Start in Defending Against Ransomware

• SEI Blog
Tim Shimeall

Ransomware is an active and growing threat, affecting many government agencies and private companies. Costs of a ransomware attack (including loss of capability, restoration of data, preventing further attacks, and cleaning up the damage due to the ransomware) frequently run from hundreds of thousands to millions of dollars, over and above any payment of ransom, which is not recommended and may open the organization up to sanctions. Organizations wanting to avoid this damage face a...

Read More
Ransomware as a Service (RaaS) Threats

Ransomware as a Service (RaaS) Threats

• SEI Blog
Marisa Midler

Ransomware continues to be a severe threat to organizations, and the threat is growing. Ransomware attacks are on the rise and a report from the Beazley Group shows ransomware attacks have increased by 25 percent from Q4 2019 to Q1 2020. The monetary value of the average ransom payment has also significantly increased. From Q3 2019 to Q4 2019 the average ransom payment increased from $41,198 to $84,116, a 104 percent increase according to a...

Read More
8 Steps for Migrating Existing Applications to Microservices

8 Steps for Migrating Existing Applications to Microservices

• SEI Blog
Brent Frye

A 2018 survey found that 63 percent of enterprises were adopting microservice architectures. This widespread adoption is driven by the promise of improvements in resilience, scalability, time to market, and maintenance, among other reasons. In this blog post, I describe a plan for how organizations that wish to migrate existing applications to microservices can do so safely and effectively....

Read More
Balancing Cyber Confidence and Privacy Concerns

Balancing Cyber Confidence and Privacy Concerns

• SEI Blog
William Reed

This post was co-written by Dustin Updyke. An important part of an organization's cybersecurity posture includes the monitoring of network traffic for proactive cyber defense. While enterprise network operators are focusing on how best to secure their networks, users are simultaneously demanding more privacy. The trend toward implementing network protocols designed to improve personal privacy is now making it harder for organizations to protect enterprise networks. This blog post briefly describes these protocols and the...

Read More
Managing Static Analysis Alerts with Efficient Instantiation of the SCAIFE API into Code and an Automatically Classifying System

Managing Static Analysis Alerts with Efficient Instantiation of the SCAIFE API into Code and an Automatically Classifying System

• SEI Blog
Lori Flynn

Static analysis tools analyze code without executing it to identify potential flaws in source code. Since alerts may be false positives, engineers must painstakingly examine them to adjudicate if they are legitimate flaws. Automation is needed to reduce the significant manual effort that would be required to adjudicate all (or significantly more of) the alerts. Many tools produce a large number of alerts with high false-positive rates. Other tools produce alerts for only a limited...

Read More
The Latest Work from the SEI: Microservices, Ransomware, and Agile in Government

The Latest Work from the SEI: Microservices, Ransomware, and Agile in Government

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our work in cybersecurity, the future of cybersecurity education, microservices, ransomware, Cybersecurity Maturity Model Certification (CMMC), and Agile in government. We have also included a webcast of a recent discussion on Department of Defense (DoD) software advances and future SEI work. These publications highlight the latest...

Read More
Is Your Organization Using Cybersecurity Analysis Effectively?

Is Your Organization Using Cybersecurity Analysis Effectively?

• SEI Blog
Angela Horneman

Cybersecurity analysis techniques and practices are key components of maintaining situational awareness (SA) for cybersecurity. In this blog post in our series on cyber SA in the enterprise, I define the term analysis, describe what constitutes a security problem that analysts seek to identify, and survey analysis methods. Organizations and analysts can ensure that they are covering the full range of analytical methods by reviewing the matrix of six methods that I present below (see...

Read More