Premium Content

searchSecurity E-Handbooks

Featured E-Handbooks

  • Strategies for a successful data protection program

    Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies, experts say that custom policies are essential to making a DLP system perform efficiently. Selection of a DLP vendor of-ten depends on how well the software integrates with the systems in place. Fortunately, enough companies have performed a DLP deployment providing best practices to avoid getting tripped up. The rollout is typically performed slowly and systematically. False positives are still an issue, though the system can be immediately tuned to avoid any disruption to employee productivity.

    This TechGuide identifies some of the challenges associated with deploying data protection technology, highlights some of the initial pitfalls encountered by early adopters and explains how it can be used effectively in an organization. CSOs share how they use it to mitigate risks and identify weaknesses and experts discuss some best practices for deploying data protection solutions.

    Download Now

  • Putting security on auto-pilot: What works, what doesn't

    For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most endeavors humans devise, the impulse to automate the pen test is seemingly irresistible. But is it a good idea? Is automated pen testing simply the equivalent of aiming Metasploit at your system -- which means you will only catch the easy-to-find vulnerabilities? And what part should an automated pen test play in your overall security strategy? This technical guide examines the pros, cons and unknowns of automated pen testing. It looks at what automating the process can accomplish, but also what still needs human interaction. In its three chapters our experts take a deep look at a variety of issues involving automated pen tests and offer advice on how best to use one. Finally, this Technical Guide considers the reality that, even with the best automated penetration testing system in place, not every single vulnerability will be identified. So a final chapter touches on what else an enterprise security system needs besides a pen test to safeguard company data and networks.

    Download Now

Other E-Handbooks available for free to our members

    • Page 2 of 4
      • Strategies to make your SIEM system sing

        Using and maintaining a security information and event management (SIEM) system can be a challenge for InfoSec professionals, but the effort is worthwhile if the system enables faster, better security data analysis and response. This TechGuide examines the policies and enhanced monitoring needed from a SIEM to make smarter decisions and respond faster to incidents.

        View E-Handbook
      • Vulnerability management programs: A handbook for security pros

        Information security professionals need a multifaceted approach for managing and responding to known vulnerabilities, one that recognizes enterprises' finite resources for vulnerability remediation. This TechGuide will help you both identify and prioritize vulnerabilities based on sound risk-management principles, ensuring a vulnerability management program that is effective and aligned with broader risk-management goals.

        View E-Handbook
      • PCI DSS 3.0: What you must know now about the new guidance

        The new iteration of Payment Card Industry Data Security Standards issued in November 2013, and known as PCI DSS 3.0, gives merchants and payment processors crucial new guidance on meeting threats to information security. But there are also key areas PCI DSS 3.0 fails to address, including mobile devices. This handbook is an overview of the major changes, outlines the areas where procedures and policies remain unclear, and closes with a practical list of how PCI DSS 3.0 affects merchants.

        View E-Handbook
      • Next-generation authentication technologies emerge to restore balance

        Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication technologies. This handbook discusses emerging authentication technologies that reduce organizational risk while limiting user inconvenience.

        View E-Handbook
      • Developing your endpoint security management transition plan

        This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based malware defense and signature-based antivirus with new malware-detection technologies, ensuring Web security gateways provide an effective additional content-filtering layer to serve as endpoints’ first line of defense and deciding whether whitelisting is a viable technology to deploy at the endpoint.

        View E-Handbook
      • Emerging threat detection techniques and products

        Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis of APT and ways to determine whether your organization risks exposure to targeted attacks. The chapters explore detection technologies, how to monitor insider threats and how to effectively use threat intelligence to defend against a targeted attack before it happens.

        View E-Handbook
      Page 2 of 4
    • Page 1 of 1
      • Devising a security strategy for the modern network

        The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update their network security strategy to take into account the latest devices coming online, they must also prepare for the future, too. This TechGuide looks at the options for network defense today and in the near future, including how to spot vulnerabilities and how to rank them, too, so infosec pros can respond to inevitable attacks quickly and efficiently.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Network security best practices and essentials

        Your network security is increasingly complex and the ostensibly simple matter of just keeping track of its components has spawned a slew of network discovery tools. But if that complexity weren’t enough, the attacks that chew at your network every day are also growing in complexity and stealth at breakneck speed. So you need a correspondingly complex set of network security tools. And more than that, you need strategy. The increasing complexity of network attack methods has made it necessary to implement equally complex security tools and - more importantly - strategies. Read this Essential Guide on information security to learn more about key elements of a well-coordinated security strategy.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Strategies for a successful data protection program

        Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies, experts say that custom policies are essential to making a DLP system perform efficiently. Selection of a DLP vendor of-ten depends on how well the software integrates with the systems in place. Fortunately, enough companies have performed a DLP deployment providing best practices to avoid getting tripped up. The rollout is typically performed slowly and systematically. False positives are still an issue, though the system can be immediately tuned to avoid any disruption to employee productivity.

        This TechGuide identifies some of the challenges associated with deploying data protection technology, highlights some of the initial pitfalls encountered by early adopters and explains how it can be used effectively in an organization. CSOs share how they use it to mitigate risks and identify weaknesses and experts discuss some best practices for deploying data protection solutions.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Application hardening: Evolving techniques for proactive enterprise application security

        Enterprises are now running more and more applications to meet the demands of employees and users. This makes developing a threat and vulnerability management program to secure applications increasingly important. This TechGuide covers proactive techniques that enterprises can execute for creating an effective threat and vulnerability management program, the importance of an internal security pen testing program and utilizing software patching 2.0 to cut costs with virtual patching and automation.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Developing your endpoint security management transition plan

        This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based malware defense and signature-based antivirus with new malware-detection technologies, ensuring Web security gateways provide an effective additional content-filtering layer to serve as endpoints’ first line of defense and deciding whether whitelisting is a viable technology to deploy at the endpoint.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • What's the best focus for MDM strategy now?

        This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost, stolen or hacked. That's a given. This guide outlines the basic tenets of sound strategy for mobile devices and explains why that strategy must focus first on the protection of mobile device data, rather than the devices themselves. It also provides a thorough review of the essential MDM tools and how best to integrate them into your system.

        View E-Handbook
      • Strategies for tackling BYOD: How to ensure mobile security

        Bring your own device (BYOD) and the consumerization of IT are realities of the modern workplace that cannot be ignored. When employees are empowered with the choice of using their own consumer-based devices in the workplace, it is imperative to counter the move in IT to ensure security and control. This information security handbook offers advice on controlling the onslaught of employee-owned devices in the workplace, mitigating the risks of mobile applications, and changing your thought process when it comes to securing the consumerization of IT. Read now for expert advice on tackling the issues BYOD brings and ensuring security in a mobile world.

        View E-Handbook
      • An inside look at network security technologies

        Finding malware, or worse, attackers pivoting from server to server on your network, is a difficult proposition. Persistent, motivated hackers are adept at developing code that evades detection from signature-based network security devices. And more often than not, attackers are penetrating enterprise networks using legitimate credentials stolen via social engineering scams. This informative handbook outlines how to better safeguard your network. Get the latest tips on network security technologies, and advice from our experts.

        View E-Handbook
      Page 1 of 1
    • Page 1 of 1
      • Strategies to make your SIEM system sing

        Using and maintaining a security information and event management (SIEM) system can be a challenge for InfoSec professionals, but the effort is worthwhile if the system enables faster, better security data analysis and response. This TechGuide examines the policies and enhanced monitoring needed from a SIEM to make smarter decisions and respond faster to incidents.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      Page 1 of 1
    • Page 1 of 1
      • How to respond to the latest distributed denial-of-service attacks

        All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't put off learning about the threat and means available for defense. Fortunately, techniques and technology do exist for thwarting DDoS attacks or at least limiting the damage done.

        This handbook gathers the latest information on DDoS prevention methods, using the 2013 Spamhaus attack as a case study that serves as a warning of what's ahead if enterprises don't act now. It closes with call to action and, even better, actionable advice InfoSec pros can use today.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • PCI DSS 3.0: What you must know now about the new guidance

        The new iteration of Payment Card Industry Data Security Standards issued in November 2013, and known as PCI DSS 3.0, gives merchants and payment processors crucial new guidance on meeting threats to information security. But there are also key areas PCI DSS 3.0 fails to address, including mobile devices. This handbook is an overview of the major changes, outlines the areas where procedures and policies remain unclear, and closes with a practical list of how PCI DSS 3.0 affects merchants.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Putting security on auto-pilot: What works, what doesn't

        For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most endeavors humans devise, the impulse to automate the pen test is seemingly irresistible. But is it a good idea? Is automated pen testing simply the equivalent of aiming Metasploit at your system -- which means you will only catch the easy-to-find vulnerabilities? And what part should an automated pen test play in your overall security strategy? This technical guide examines the pros, cons and unknowns of automated pen testing. It looks at what automating the process can accomplish, but also what still needs human interaction. In its three chapters our experts take a deep look at a variety of issues involving automated pen tests and offer advice on how best to use one. Finally, this Technical Guide considers the reality that, even with the best automated penetration testing system in place, not every single vulnerability will be identified. So a final chapter touches on what else an enterprise security system needs besides a pen test to safeguard company data and networks.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Emerging threat detection techniques and products

        Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing problem, penetrating networks and stealing intellectual property. This TechGuide will provide analysis of APT and ways to determine whether your organization risks exposure to targeted attacks. The chapters explore detection technologies, how to monitor insider threats and how to effectively use threat intelligence to defend against a targeted attack before it happens.

        View E-Handbook
      • Threat management: Devising a new strategy to tackle today's cyber attacks

        Trying to prepare your defenses against a constantly shifting threat landscape can be a demanding task. New threats – such as mobile malware, targeted attacks, and compromised social media – can open the door to cyber attack; so what do you need to know in order to stay protected? Read this handbook today for a complete overview of today’s threat landscape, including an exploration of the new platforms cybercriminals are targeting, key antimalware strategies, and more.

        View E-Handbook
      Page 1 of 1
    • Page 1 of 1
      • Deep dive into authentication methods and best practices

        Is your token authentication vulnerable to exploit or attack? In this handbook, discover how to lock down two-factor authentication methods in the enterprise. Then, we look at authentication methods such as two-factor tokens, biometrics and cloud-based options. We'll also help you discover why attackers can target the token vendor to take advantage of the security of the authentication system as a whole, and how you can replace the ubiquitous authenticator in your business.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Enterprise network security visibility: Beyond traditional defenses

        Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security technologies place an increased demand on the network. This TechGuide explores how to improve network security visibility with network flow analysis tools, cloud security monitoring solutions and anomaly-based monitoring technology.

        View E-Handbook
      •  
      Page 1 of 1
    • Page 1 of 1
      • Unified threat management aspires to the enterprise class

        Unified threat management (UTM) long focused on small and medium-sized businesses, but now it's climbing the ladder and attempting to become enterprise-class technology. This Technical Guide shows IT pros how to determine whether a vendor's UTM is truly an enterprise-grade security appliance and, if so, how to integrate and manage it into existing infrastructure.

        View E-Handbook
      •  
      Page 1 of 1