Software development

Get started

  • Is threat hunting the next step for modern SOCs?

    The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats.Continue Reading

  • Compliance, security and oversight for the mobile enterprise

    Managing mobile devices just keeps getting harder. Devices and apps are proliferating. Every data breach seems to prompt new rules. We lay out the problem and a plan.Continue Reading

  • Who should be on an enterprise cybersecurity advisory board?

    What qualifications does a cybersecurity advisory board member need to best serve enterprises? Expert Mike O. Villegas outlines the most helpful backgrounds for board members.Continue Reading

  • The darkside of the internet of things: The security challenge

    Overcoming the internet of things security challenge requires the work of consumers, vendors and governments alike.Continue Reading

  • tailgating (piggybacking)

    Tailgating, sometimes referred to as piggybacking, is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.Continue Reading

  • Sound the alarm: How to get serious about industrial IoT security

    If industrial organizations are serious about the internet of things, they must become serious about industrial IoT security.Continue Reading

  • 2016: A look back at the year of the internet of things

    Taking a look back at 2016, Ryan Lester sheds some light on the really great internet of things milestones we as an industry had this year.Continue Reading

  • Data Breach Preparation and Response: Breaches are Certain, Impact is Not

    In this excerpt from chapter five of Data Breach Preparation and Response: Breaches are Certain, Impact is Not, author Kevvie Fowler discusses the key step to contain a data breach.Continue Reading

  • How a hybrid whitelisting-blacklisting approach can help enterprises

    Allowing known good applications and data isn't enough for enterprises. Beth Musumeci explains why a hybrid whitelisting-blacklisting approach is the best option for security.Continue Reading

  • Securing streaming media provides roadmap for IoT

    When it comes to securing internet of things deployments, companies should take a page from the books of some streaming media services.Continue Reading

  • Risk & Repeat: US accuses Russia of state-sponsored cyberattacks

    In this Risk & Repeat podcast, SearchSecurity editors discuss cyber attribution following the U.S. government's claim that Russia is behind recent state-sponsored cyberattacks.Continue Reading

  • Data breach compensation: What enterprises need to know

    Data breach compensation amounts often fall short of covering the actual damages, especially in a cloud breach. Expert Frank Siemons discusses data breach settlement options.Continue Reading

  • How to prevent ransomware or recover from a ransomware breach

    Ransomware, the latest malware threat with which information security professionals must grapple, is spreading, according to many authorities. This TechGuide explores the nature of the threat and the latest ransomware trends. But it does more than merely raise the alarm: Included in this primer on ransomware is also actionable intelligence on both ransomware prevention and recovery. It outlines several steps information security pros should take now in order to heighten their company's resistance and prevent ransomware attacks. It also guides information security pros through recovery steps if they are indeed victims of a ransomware attack.

    Readers of this guide will gain a deeper insight into the nature of ransomware and how it's changing and spreading. But they will also be better equipped to prevent ransomware attacks and possess crucial knowledge to guide them in the event of a ransomware attack on their corporate systems.

    Continue Reading

  • SMB mobile strategies hit roadblocks

    "Go big or go home" is a common battle cry for people taking on a new challenge, but when it comes to enterprise mobility, some organizations just have to go small. Small and medium-size businesses don't have the capital to buy expensive mobility services, hire in-demand developers or recover from major security breaches. Fortunately, there are some products out there that can help -- and an SMB mobile strategy should focus on security capabilities first and foremost.

    Meanwhile, many larger companies are looking to the top enterprise software vendors for guidance when mobilizing their core business apps. In his column this month, Eric Klein explores how SAP, Oracle, IBM and Microsoft are making moves to help IT tailor essential software for smartphones and tablets. The next steps are ensuring that mobile application code is secure and threat detection software is in place, which Maribel Lopez tackles in her column. This issue's Device Spotlight takes a look at a 2-in-1 tablet from Huawei as the company gains a foothold in the United States. We also look ahead to a few conferences end-user computing pros should consider attending in the final months of the year.

    Continue Reading

  • DevOps and security? Here's how

    The automation of development and operations processes, known as DevOps, is catching on in project teams and business units across industries. The missing component in many of these high-risk scenarios? Security. To make DevOps and security work together, CISOs need to have ongoing collaboration with developers, automating security checks early in the process and providing them with visibility and feedback. In this issue, early adopters of the DevOps and security model share tips on how to defend the cloud's continuous improvement model.

    Retailers, led by Wal-Mart Stores, Home Depot and the National Retail Federation, contend that the two-factor authentication provided by chip and PIN card technology offers the highest level of security. Financial institutions, led by Visa, MasterCard and the American Bankers Association, say it's the microchip embedded in the card that matters because it combats counterfeit fraud. We look at both sides of the chip and PIN card debate.

    The consequences of a company's failure to stay apprised of data protection laws and to implement best practices can be dire. Organizations may find themselves not only targets of post-breach lawsuits, but on the receiving end of the Federal Trade Commission's scrutiny. By pooling the collective knowledge of the legal and IT security organizations, and by staying on top of requirements and updating them as appropriate, CISOs can cover all of their bases in a comprehensive way. We tell you how to set up the swim lanes of a legal partnership.

    Continue Reading