Eye On IT Security

SearchSecurity.com's Eye On series takes an in-depth look each month at a security topic of key concern to enterprise information security professionals. The series explores an information security topic by bringing together new expert tips, news stories of interest, video interviews and podcasts from SearchSecurity.com and its sister sites. The series aims to dig deeper, identifying trends, emerging technologies and other ways enterprises are bolstering their defenses to address the rapidly changing threat landscape.

Table of contents:

Risk Management

This section explores the role IT security professionals play in working with management to conduct risk assessments on systems and processes in the enterprise. The section aims to showcase some best practices in communicating with upper management. It explores how companies are adjusting to the emergence of cloud computing and how regulatory compliance issues affect the risk profile of enterprises.

Network Security Management

This section explores how IT teams can use data from security systems and apply analytics to gain a greater understanding and ultimately better visibility into network activity. The section highlights how public and private cloud servers can be protected using a managed firewall, how traffic shaping helped a university find and deter piracy activity on the network and how network traffic capturing systems help security appliances capture a greater amount of network activity. Many security vendors are betting that security information and event management (SIEM) systems will be the foundation for most enterprise security defenses.

Mobile Security

This installment of SearchSecurity.com's special news series, "Eye On" explores how enterprise information security teams can address the risks posed by the proliferation of smartphone and tablet device use by employees.

While some firms issue company-owned devices, others are dealing with how to adequately control employee-owned mobile devices. Security pros are seeking to understand the various mobile phone security threats and then apply and enforce security technology and policy to reduce the risk of data leakage. Among the technologies available to help with mobile security is mobile device management or MDM, which seeks to help enterprises apply mobile security policies across different device platforms. Cloud-based mobile security services are also emerging to address the risks. This series explores all these themes.

Let us know what you think about our "Eye On" news series on mobile security. Email us at editor@searchsecurity.com or contact us via Twitter @SearchSecurity.

Cloud Compliance

SearchSecurity.com's special news series, "Eye On" looks at the emerging compliance issues due to the explosion of enterprise adoption of cloud computing services. In the U.S., the federal government is attempting to speed cloud security assessments for agencies by adopting a set of standards. In the U.K. a cloud maturity model has been created by one organization to help small and midsized businesses cope with evaluating cloud providers. Meanwhile enterprises are seeking increased transparency from cloud providers and the payment card industry is attempting to address the use of cloud-based payment systems for merchants.

Let us know what you think about our "Eye On" news series on mobile security. Email us at editor@searchsecurity.com or contact us via Twitter @SearchSecurity.

SIEM Systems

This installment of our Eye On series explores the role log data can potentially play in intelligence gathering. The editorial team reports on how security information event management (SIEM) systems are being deployed and whether they are beginning to be used beyond narrow reporting capabilities to meet regulatory compliance mandates. The latest SIEM systems are designed for easier, more automated deployments and out-of-the box capabilities, but our reporters found that deployments still need a careful amount of planning, tuning and maintenance to identify the most valuable data. SIEM vendors have also added a lot of new capabilities to their systems, unveiling next generation platforms capable of taking in threat data to more proactively detect threats. Finally, the editorial team explores emerging SIEM technologies designed for cloud services.

Network Security Technologies

Network security remains a fundamental and indispensable facet of an overall enterprise security program. Network-based attacks carried out by botnets are relentless and can lead to a variety attacks, including denial-of-service, that can seriously damage a business’ ability to function.

This section of our Eye On IT Security Series examines the latest in network security technologies, including the latest features finding their way into intrusion prevention and intrusion detection systems, and network monitoring and forensics technology.

Web Application Security

This series looks at Web application threats, secure software development practices and the challenge of finding and fixing Web application vulnerabilities. Stories in this series examine why attackers target Web application flaws and the emerging technologies that are slowly improving Web application security in the enterprise. Finally, a piece looks at the challenges posed by mobile application development and the bring your own device (BYOD) trend.