-
Why can't I just ignore internal app security threats?
Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
-
What are the limits of free Web app scanning tools?
Expert Michael Cobb explains how free Web application security scanning tools can help secure Web apps for budget-strapped organizations.
-
Does Bit9 compromise prove ills of app whitelisting?
Expert Nick Lewis explains how Bit9 was recently compromised and the viability of application whitelisting as a result of the compromise.
-
When firewalls and AV can't stop APTs, what's next?
Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection.
-
Comparing DNS reflection attack to standard DoS attack
A DNS reflection attack is like a regular denial-of-service attack, but much worse. Nick Lewis explains why.
-
Inside the Android lock screen bypass vulnerability
Expert Nick Lewis explains how attackers bypassed the Samsung Galaxy Note 2 lock screen and which devices may be vulnerable.
-
How the Adobe Reader sandbox was compromised
Expert Nick Lewis explains how a recent zero-day exploit escaped the Adobe Reader sandbox, and whether it's likely to happen again.
-
Disable autorun to prevent autorun malware infections
Expert Nick Lewis explains how disabling autorun prevents malware from affecting users.
-
How to ward off data-encrypting ransomware
It can be difficult to recover data that is encrypted by ransomware malware -- unless you have expert Nick Lewis' recommendations in place.
-
How to detect malware with changing file sizes
Malware authors change the size of malware files to avoid detection by antivirus software. Learn how to detect this malware from expert Nick Lewis.
-
Is Foxit Reader as flawed as Adobe Reader?
Does the latest Foxit Reader vulnerability mean it's time to find an alternative PDF reader? Expert Nick Lewis offers his advice.
-
Using Java safely outside the browser
Another Java zero-day vulnerability has a security pro asking threats expert Nick Lewis how Java can safely be used with enterprise applications.
-
How many revisions make for good code review?
Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.
-
How to advocate for EMET amid configuration struggles
Expert Michael Cobb discusses whether EMET configuration issues should deter a security team from pushing for an enterprise EMET deployment.
-
How to test antimalware for enterprise conditions
Expert Michael Cobb discusses how to thoroughly test antimalware products before they are deployed in a potentially harsh enterprise setting.
-
Does digital watermarking improve data security?
Expert Michael Cobb explains the advantages of digital watermarking and analyzes whether improved data security is one of them.
-
Are 'self-defending' app security products effective?
Expert Michael Cobb determines whether 'self-defending' application security products actually provide something new to enterprise security.
-
VPN use in China: Protecting sensitive business data
With VPN use in China prohibited, businesses have reason to be concerned about the privacy of their data.
-
I smell a RAT: Remote access Trojan detection tools
Expert Brad Casey suggests tools that can detect remote access Trojans, or RATs, like FAKEM.
-
Secure the back door on Barracuda security devices
Learn how to lock down a back-door vulnerability on Barracuda security devices and prevent attackers from accessing management accounts.
-
Submit your questions about infosec threats
Nick Lewis is standing by to give you free, unbiased advice on information security threats.
-
Submit your questions about IAM
Randall Gamby is standing by to give you free, unbiased advice on identity and access management.
-
Submit your questions about application security
Michael Cobb is standing by to give you free, unbiased advice on application security.
Security Management Strategies for the CIO