SearchSecurity
New & Notable
News
Google launches its own root CA
Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward.
News
Certificate transparency catches bad Symantec CA certs
One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident.
News
Half of Americans distrust federal government security
News roundup: Half of Americans don't trust federal government security. Plus, a Kaspersky Lab manager was arrested; an internal DOD network was found vulnerable; and more.
News
Microsoft sustains appeal on cloud data privacy case
Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center.
Download Now: Why You Must Make Ransomware A Security Priority
Hackers’ use of ransomware is growing and getting more sophisticated. Download our expert handbook for concrete actions to take now to harden defenses and protect your enterprise from becoming a ransomware victim.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Trending Topics
-
Emerging threats News
MongoDB misconfiguration at fault in ransom attacks
Poor authentication in MongoDB configurations has led to a sharp increase in ransom attacks, and experts say tens of thousands of databases could be at risk.
-
Windows Security: Alerts, Updates and Best Practices News
Podcast: Windows 10 security up, Windows SMB down
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the Shadow Brokers' alleged exploit for Windows SMB and what it means for both enterprises and Microsoft.
-
PCI Data Security Standard Evaluate
What does a PCI Internal Security Assessor do?
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security Assessor helps with security.
-
Disk Encryption and File Encryption Get Started
The challenges of securing big data systems
Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.
-
Market trends and predictions Evaluate
Podcast: McAfee returns as Intel spins off security business
In this Risk & Repeat podcast, SearchSecurity editors discuss the $3.1 billion Intel Security sale and what it means for the infosec industry, the McAfee brand and Intel.
-
CISSP Certification Get Started
CISSP training: Software Development Security
Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.
Topics Covered
-
Application and Platform Security (13) +
- Application Attacks (Buffer Overflows, Cross-Site Scripting)
- Application Firewall Security
- Database Security Management
- Email Protection
- Enterprise Vulnerability Management
- Open Source Security Tools and Applications
- Operating System Security
- Secure SaaS: Cloud services and systems
- Securing Productivity Applications
- Social media security risks and real-time communication security
- Software Development Methodology
- Virtualization Security Issues and Threats
- Web Security Tools and Best Practices
-
Enterprise Data Protection (7) +
-
Enterprise Identity and Access Management (3) +
-
Enterprise Network Security (6) +
Government IT Security Management
-
Information Security Careers, Training and Certifications (3) +
-
Information Security Management (12) +
- Business Management: Security Support and Executive Communications
- Disaster Recovery and Business Continuity Planning
- Enterprise Compliance Management Strategy
- Enterprise Compliance Tools
- Enterprise Risk Management: Metrics and Assessments
- Information Security Incident Response-Information
- Information Security Laws, Investigations and Ethics
- Information Security Policies, Procedures and Guidelines
- News and analysis from IT security conferences
- Security Awareness Training and Internal Threats-Information
- Security Industry Market Trends, Predictions and Forecasts
- Vendor Management: Negotiations, Budgeting, Mergers and Acquisitions
-
Information Security Threats (13) +
- Application Attacks -Information Security Threats
- Denial of Service (DoS) Attack Prevention
- Email and Messaging Threats-Information Security Threats
- Emerging Information Security Threats
- Enterprise Vulnerability Management
- Hacker Tools and Techniques: Underground Sites and Hacking Groups
- Identity Theft and Data Security Breaches
- Information Security Incident Response
- Malware, Viruses, Trojans and Spyware
- Security Awareness Training and Internal Threats
- Smartphone and PDA Viruses and Threats
- Web Application and Web 2.0 Threats-Information Security Threats
- Web Server Threats and Countermeasures
-
Security Audit, Compliance and Standards (10) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Peter Loshin asks:
How can certificate authorities do a better job of preventing improper issuance of unauthorized certificates?
Find Solutions For Your Project
-
Evaluate
How a sandbox differs from a software container
Understanding the difference between software containers and sandboxing can help enterprises make the right decision about which to use. Expert Matthew Pascucci explains them.
-
The challenges of securing big data systems
-
How to choose a web application firewall
-
Sniff out insider threats with these tools
-
-
Problem Solve
How do command injections work on wireless routers?
A Netgear vulnerability exposed a number of wireless router models to command injection attacks. Expert Judith Myerson explains how the attack works and how to stop it.
-
How to mitigate NTP's daemon vulnerabilities
-
How security influences a vendor contract
-
Minimizing risk in outbound network traffic
-
-
Manage
Tackling the threats that come from within
IT threats are tough to tackle when they originate from within your business. This technical guide considers that issue and offers ways to deal with insider security threats.
-
Insider Edition: Attaining security for IoT, through discovery, identity and testing
-
Privileged access management and security in the enterprise
-
Why breach investigations are critical to security
-
-
E-Zine | January 2017
Insider Edition: Attaining security for IoT, through discovery, identity and testing
Download -
E-Handbook | December 2016
Combatting the top cybersecurity threats with intelligence
Download -
E-Handbook | December 2016
Managed security services market: What you need to know now
Download -
E-Zine | December 2016
Dedicated CISO job still open to debate
Download -
E-Zine | November 2016
Insider Edition: Improved threat detection and incident response
Download
Information Security Basics
-
Get Started
distributed denial of service (DDoS) attack
A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks.
-
Get Started
How to approach strategic security planning
Developing a strategic security plan for an enterprise can be a complicated task. Expert Ernie Hayden provides an overview to help CISOs make an effective plan.
-
Get Started
The challenges of securing big data systems
Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.
Multimedia
-
-
Problem Solve
Podcast: Doxware puts a new spin on ransomware
-
Vendor Resources
Blog: Security Bytes
-
How cloud file sharing is creating new headaches for security teams
A sharp rise in cloud file sharing and collaboration activity is creating big problems for security teams – even when the number of security incidents is miniscule.Continue Reading
-
Android malware delivery is harder than you might think
Headlines about Android malware often gloss over just how difficult the process is for a user to install a malicious app on a device. Let's talk about that.Continue Reading
-
More Security Bytes Posts
Patent race picks up speed in the cloud access security broker market
Windows 10 Anniversary update adds headaches for antivirus vendors
Netskope nabs another patent for CASB technology
-
News
View All -
PKI and Digital Certificates
Certificate transparency catches bad Symantec CA certs
One week after certificate transparency revealed a Symantec CA improperly issued over 100 digital certificates, Symantec offers more details on the incident.
-
PKI and Digital Certificates
Google launches its own root CA
Google is expanding its certificate authority capabilities by creating its own root certificate authority, but experts are unsure of Google's plans moving forward.
-
NAC and Endpoint Security Management
Tatu Ylonen stresses proper SSH key management
In part two of his interview with SearchSecurity, SSH creator Tatu Ylonen explains why proper SSH key management is crucial and how attackers can use lost or exposed keys.