Premium Content

searchSecurity E-Handbooks

Featured E-Handbooks

  • Strategies for a successful data protection program

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies, experts say that custom policies are essential to making a DLP system perform efficiently. Selection of a DLP vendor of-ten depends on how well the software integrates with the systems in place. Fortunately, enough companies have performed a DLP deployment providing best practices to avoid getting tripped up. The rollout is typically performed slowly and systematically. False positives are still an issue, though the system can be immediately tuned to avoid any disruption to employee productivity.

    This TechGuide identifies some of the challenges associated with deploying data protection technology, highlights some of the initial pitfalls encountered by early adopters and explains how it can be used effectively in an organization. CSOs share how they use it to mitigate risks and identify weaknesses and experts discuss some best practices for deploying data protection solutions.

    Download Now

  • Putting security on auto-pilot: What works, what doesn't

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most endeavors humans devise, the impulse to automate the pen test is seemingly irresistible. But is it a good idea? Is automated pen testing simply the equivalent of aiming Metasploit at your system -- which means you will only catch the easy-to-find vulnerabilities? And what part should an automated pen test play in your overall security strategy? This technical guide examines the pros, cons and unknowns of automated pen testing. It looks at what automating the process can accomplish, but also what still needs human interaction. In its three chapters our experts take a deep look at a variety of issues involving automated pen tests and offer advice on how best to use one. Finally, this Technical Guide considers the reality that, even with the best automated penetration testing system in place, not every single vulnerability will be identified. So a final chapter touches on what else an enterprise security system needs besides a pen test to safeguard company data and networks.

    Download Now

Other E-Handbooks available for free to our members

    • Page 1 of 4
      • Does Windows 8.1 meet the demands of the BYOD age?

        The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features and tools; Windows 8.1 is Microsoft's response. Windows 8.1 includes what is promised to be a less frustrating two-factor authentication method, plus improved malware resistance and better VPN and app management. This handbook presents a concise review of Window 8 security tactics and compares its promises to reality.

        View E-Handbook
      • Devising a security strategy for the modern network

        The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update their network security strategy to take into account the latest devices coming online, they must also prepare for the future, too. This TechGuide looks at the options for network defense today and in the near future, including how to spot vulnerabilities and how to rank them, too, so infosec pros can respond to inevitable attacks quickly and efficiently.

        View E-Handbook
      • Unified threat management aspires to the enterprise class

        Unified threat management (UTM) long focused on small and medium-sized businesses, but now it's climbing the ladder and attempting to become enterprise-class technology. This Technical Guide shows IT pros how to determine whether a vendor's UTM is truly an enterprise-grade security appliance and, if so, how to integrate and manage it into existing infrastructure.

        View E-Handbook
      • How to respond to the latest distributed denial-of-service attacks

        All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't put off learning about the threat and means available for defense. Fortunately, techniques and technology do exist for thwarting DDoS attacks or at least limiting the damage done.

        This handbook gathers the latest information on DDoS prevention methods, using the 2013 Spamhaus attack as a case study that serves as a warning of what's ahead if enterprises don't act now. It closes with call to action and, even better, actionable advice InfoSec pros can use today.

        View E-Handbook
      • Secure file transfer: Send large files fast, but keep your system safe

        FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure file transfer shows how best to cure that sense of FTP insecurity.

        View E-Handbook
      • What's the best focus for MDM strategy now?

        This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost, stolen or hacked. That's a given. This guide outlines the basic tenets of sound strategy for mobile devices and explains why that strategy must focus first on the protection of mobile device data, rather than the devices themselves. It also provides a thorough review of the essential MDM tools and how best to integrate them into your system.

        View E-Handbook
      Page 1 of 4
    • Page 1 of 1
      • Network security best practices and essentials

        Your network security is increasingly complex and the ostensibly simple matter of just keeping track of its components has spawned a slew of network discovery tools. But if that complexity weren’t enough, the attacks that chew at your network every day are also growing in complexity and stealth at breakneck speed. So you need a correspondingly complex set of network security tools. And more than that, you need strategy. The increasing complexity of network attack methods has made it necessary to implement equally complex security tools and - more importantly - strategies. Read this Essential Guide on information security to learn more about key elements of a well-coordinated security strategy.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Devising a security strategy for the modern network

        The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update their network security strategy to take into account the latest devices coming online, they must also prepare for the future, too. This TechGuide looks at the options for network defense today and in the near future, including how to spot vulnerabilities and how to rank them, too, so infosec pros can respond to inevitable attacks quickly and efficiently.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Strategies for a successful data protection program

        Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies, experts say that custom policies are essential to making a DLP system perform efficiently. Selection of a DLP vendor of-ten depends on how well the software integrates with the systems in place. Fortunately, enough companies have performed a DLP deployment providing best practices to avoid getting tripped up. The rollout is typically performed slowly and systematically. False positives are still an issue, though the system can be immediately tuned to avoid any disruption to employee productivity.

        This TechGuide identifies some of the challenges associated with deploying data protection technology, highlights some of the initial pitfalls encountered by early adopters and explains how it can be used effectively in an organization. CSOs share how they use it to mitigate risks and identify weaknesses and experts discuss some best practices for deploying data protection solutions.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Application hardening: Evolving techniques for proactive enterprise application security

        Enterprises are now running more and more applications to meet the demands of employees and users. This makes developing a threat and vulnerability management program to secure applications increasingly important. This TechGuide covers proactive techniques that enterprises can execute for creating an effective threat and vulnerability management program, the importance of an internal security pen testing program and utilizing software patching 2.0 to cut costs with virtual patching and automation.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Strategies to make your SIEM system sing

        Using and maintaining a security information and event management (SIEM) system can be a challenge for InfoSec professionals, but the effort is worthwhile if the system enables faster, better security data analysis and response. This TechGuide examines the policies and enhanced monitoring needed from a SIEM to make smarter decisions and respond faster to incidents.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • What's the best focus for MDM strategy now?

        This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost, stolen or hacked. That's a given. This guide outlines the basic tenets of sound strategy for mobile devices and explains why that strategy must focus first on the protection of mobile device data, rather than the devices themselves. It also provides a thorough review of the essential MDM tools and how best to integrate them into your system.

        View E-Handbook
      • Strategies for tackling BYOD: How to ensure mobile security

        Bring your own device (BYOD) and the consumerization of IT are realities of the modern workplace that cannot be ignored. When employees are empowered with the choice of using their own consumer-based devices in the workplace, it is imperative to counter the move in IT to ensure security and control. This information security handbook offers advice on controlling the onslaught of employee-owned devices in the workplace, mitigating the risks of mobile applications, and changing your thought process when it comes to securing the consumerization of IT. Read now for expert advice on tackling the issues BYOD brings and ensuring security in a mobile world.

        View E-Handbook
      • An inside look at network security technologies

        Finding malware, or worse, attackers pivoting from server to server on your network, is a difficult proposition. Persistent, motivated hackers are adept at developing code that evades detection from signature-based network security devices. And more often than not, attackers are penetrating enterprise networks using legitimate credentials stolen via social engineering scams. This informative handbook outlines how to better safeguard your network. Get the latest tips on network security technologies, and advice from our experts.

        View E-Handbook
      Page 1 of 1
    • Page 1 of 1
      • Developing your endpoint security management transition plan

        This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based malware defense and signature-based antivirus with new malware-detection technologies, ensuring Web security gateways provide an effective additional content-filtering layer to serve as endpoints’ first line of defense and deciding whether whitelisting is a viable technology to deploy at the endpoint.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      Page 1 of 1
    • Page 1 of 1
      • How to respond to the latest distributed denial-of-service attacks

        All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't put off learning about the threat and means available for defense. Fortunately, techniques and technology do exist for thwarting DDoS attacks or at least limiting the damage done.

        This handbook gathers the latest information on DDoS prevention methods, using the 2013 Spamhaus attack as a case study that serves as a warning of what's ahead if enterprises don't act now. It closes with call to action and, even better, actionable advice InfoSec pros can use today.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • PCI DSS 3.0: What you must know now about the new guidance

        The new iteration of Payment Card Industry Data Security Standards issued in November 2013, and known as PCI DSS 3.0, gives merchants and payment processors crucial new guidance on meeting threats to information security. But there are also key areas PCI DSS 3.0 fails to address, including mobile devices. This handbook is an overview of the major changes, outlines the areas where procedures and policies remain unclear, and closes with a practical list of how PCI DSS 3.0 affects merchants.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Putting security on auto-pilot: What works, what doesn't

        For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most endeavors humans devise, the impulse to automate the pen test is seemingly irresistible. But is it a good idea? Is automated pen testing simply the equivalent of aiming Metasploit at your system -- which means you will only catch the easy-to-find vulnerabilities? And what part should an automated pen test play in your overall security strategy? This technical guide examines the pros, cons and unknowns of automated pen testing. It looks at what automating the process can accomplish, but also what still needs human interaction. In its three chapters our experts take a deep look at a variety of issues involving automated pen tests and offer advice on how best to use one. Finally, this Technical Guide considers the reality that, even with the best automated penetration testing system in place, not every single vulnerability will be identified. So a final chapter touches on what else an enterprise security system needs besides a pen test to safeguard company data and networks.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Emerging threat detection techniques and products

        Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis of APT and ways to determine whether your organization risks exposure to targeted attacks. The chapters explore detection technologies, how to monitor insider threats and how to effectively use threat intelligence to defend against a targeted attack before it happens.

        View E-Handbook
      • Threat management: Devising a new strategy to tackle today's cyber attacks

        Trying to prepare your defenses against a constantly shifting threat landscape can be a demanding task. New threats – such as mobile malware, targeted attacks, and compromised social media – can open the door to cyber attack; so what do you need to know in order to stay protected? Read this handbook today for a complete overview of today’s threat landscape, including an exploration of the new platforms cybercriminals are targeting, key antimalware strategies, and more.

        View E-Handbook
      Page 1 of 1
    • Page 1 of 1
      • Deep dive into authentication methods and best practices

        Is your token authentication vulnerable to exploit or attack? In this handbook, discover how to lock down two-factor authentication methods in the enterprise. Then, we look at authentication methods such as two-factor tokens, biometrics and cloud-based options. We'll also help you discover why attackers can target the token vendor to take advantage of the security of the authentication system as a whole, and how you can replace the ubiquitous authenticator in your business.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Enterprise network security visibility: Beyond traditional defenses

        Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security technologies place an increased demand on the network. This TechGuide explores how to improve network security visibility with network flow analysis tools, cloud security monitoring solutions and anomaly-based monitoring technology.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Unified threat management aspires to the enterprise class

        Unified threat management (UTM) long focused on small and medium-sized businesses, but now it's climbing the ladder and attempting to become enterprise-class technology. This Technical Guide shows IT pros how to determine whether a vendor's UTM is truly an enterprise-grade security appliance and, if so, how to integrate and manage it into existing infrastructure.

        View E-Handbook
      •  
      Page 1 of 1