New & Notable
Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace corporate VPNs and embrace perimeter-less security.
The latest draft version of TLS 1.3 is out, and it will likely affect enterprises that use cloud services. Expert Ed Moyle explains the impact on users and their monitoring controls.
The CIA reportedly concluded that Russia's foreign intelligence agency created and was responsible for the NotPetya attacks against Ukraine in June.
The OWASP IoT security project aims to get developers to incorporate security at the beginning of a device's life. Expert Ernie Hayden outlines how it is tackling the issue.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Emerging threats News
AMD initially believed the Spectre vulnerabilities posed "near zero risk" to its chip, but the company this week reversed course and is planning microcode updates for its products.
Windows security Problem Solve
Kaspersky Lab recently discovered an undocumented feature in Microsoft Word. Expert Kevin Beaver explains the risks and what to do if you come across one of these software flaws.
PCI DSS News
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises.
Encryption technology Manage
Expert Judith Myerson explains how IP theft can happen despite the cryptographic protections in IEEE standard P1735, as well as what can be done to protect intellectual property.
In this week's Risk & Repeat podcast, SearchSecurity editors offer their cybersecurity predictions for 2018, including forecasts for cryptojacking, DDoS attacks and other threats.
CISSP Get Started
Security assessment and testing should be baked into your regular IT workflows so that you’re able to spot software vulnerabilities before they turn into full-blown attacks.
Data security technology and strategy (5) +
Enterprise identity and access management (8) +
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Information security certifications, training and jobs (2) +
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Information security risk management (3) +
Information security threats (5) +
Network threat detection (4) +
Platform security (3) +
Security audit, compliance and standards (4) +
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools and best practices (3) +
Wireless and mobile security (4) +
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Madelyn Bacon asks:
How concerned are you about this new Mirai variant?
Michael Heller asks:
What do you think of the apparent exposure of Trisis industrial control system malware?
Matthew Pascucci asks:
How do the Android flaw and the vulnerable version of Dnsmasq impact your organization's systems?
Find Solutions For Your Project
After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch.
Researchers found several Dnsmasq vulnerabilities that affect Google's Android operating system. Matt Pascucci explains how these flaws can be exploited by threat actors.
A major SAML vulnerability was found in Slack that granted expired login credentials permission into the system. Matt Pascucci explains how this 'confused deputy' problem was handled.
Pro+ Security DownloadsView All
E-Handbook | January 2018Download
Buyer's Handbook | December 2017Download
E-Handbook | December 2017Download
E-Zine | December 2017Download
Buyer's Handbook | November 2017Download
Information Security Basics
The notion of a defensible security perimeter is outmoded, but that doesn't mean the goal of IT security is unattainable. Laying on defenses is what's needed now.
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of organization’s information technology (IT) security.
Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products.
- Potential ROI and Benefits of ServiceNow Security Operations –Research Content
- What Keeps Me Up At Night?: Concerns of a CISO –Webcast
- Don't Switch To Windows 10 Without An Endpoint Security Plan –White Paper
Blog: Security Bytes
Lenovo's discovery of an authentication bypass, literally titled "HP backdoor," within its networking switches brings unsettling implications for the IT industry.Continue Reading
With CEO Brian Krzanich's keynote at the 2018 Consumer Electronics Show, Intel missed an opportunity for the Meltdown and Spectre vulnerabilities.Continue Reading
More Security Bytes PostsView All Blog Posts
Sections from across SearchSecurity
IoT security issues
News roundup: Okiru, a new Mirai variant, could put over 1.5 billion devices at risk of a botnet. Plus, G Suite Enterprise now comes with a security center, and more.
Cyberespionage and nation-state cyberattacks
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors.
Alternative operating system security
A new Android spyware tool called Skygofree was described as one of the most powerful surveillance tools and can even capture encrypted messages from WhatsApp.
- security information and event management (SIEM)
- polymorphic virus
- antimalware (anti-malware)
- identity management (ID management)
- zero-day (computer)
- identity and access management (IAM)