SearchSecurity
New & Notable
Manage
Whose job is it to secure IoT?
Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?
News
DARPA's hardware protection program may face challenges
DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches.
Problem Solve
Top methods to prevent cross-site scripting attacks
To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid.
Evaluate
Zero-day vulnerability vs. zero-day exploit
A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list.
3 Ways SOAR Can Combat the Cybersecurity Skills Shortage
What are some of the strategies that your organization has implemented to help combat the cybersecurity skills gap? Mike Chapple, senior director of IT at University of Notre Dame explains how log processing, threat intelligence and account lifecycle management can help alleviate the shortage of qualified pros and have teams work smarter, not harder.
Trending Topics
-
Emerging threats News
Microsoft finds more BlueKeep-like vulnerabilities
Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other vulnerabilities in RDP.
-
Windows security Manage
How to bypass a Windows kernel protection feature
Security researchers demonstrated how a new fileless attack technique can bypass a Windows kernel protection feature at Black Hat 2018. Find out how the technique works.
-
PCI DSS Evaluate
Explore the next-generation firewall marketplace
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision
-
Encryption technology Problem Solve
How will cryptography adapt to the post-quantum world?
Post-quantum cryptographic algorithms are aimed at securing encrypted data against super-powerful computers in the future, but will they even be necessary? Hanno Böck explains.
-
Security industry trends Manage
CISOs need street cred -- or else
No matter what comes at them in terms of cybersecurity issues, the main CISO challenge comes down to building credibility as a trustworthy person.
-
CISSP Get Started
Passing the CISSP exam: How hard is it?
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Michael Heller asks:
Will the Carbon Black acquisition improve VMware's security play? Why or why not?
Find Solutions For Your Project
-
Evaluate
Zero-day vulnerability vs. zero-day exploit
A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list.
-
DevOps security tools match speed with safety
-
Learn how to identify frameworks for cybersecurity
-
Identify the best email security gateway
-
-
Problem Solve
Top methods to prevent cross-site scripting attacks
To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid.
-
How to prevent a TCP port 445 exploit
-
Wireshark tutorial: How to sniff network traffic
-
CISO on the cybersecurity automation skills gap puzzle
-
-
Manage
Whose job is it to secure IoT?
Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?
-
CISOs need street cred -- or else
-
Best practices for patch management in the enterprise
-
City ransomware attacks could be national emergencies
-
-
E-Handbook | August 2019
New network traffic analysis tools focus on security
Download -
E-Zine | August 2019
Managing identity and access well unlocks strong security
Download -
Buyer's Guide | July 2019
What secure email gateways can do for your enterprise
Download -
E-Handbook | June 2019
Why user identity management is a security essential
Download -
Buyer's Handbook | May 2019
How to select and implement a next-gen firewall
Download
Information Security Basics
-
Get Started
Certified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected; the certification is presented after completion of a...
-
Get Started
New network traffic analysis tools focus on security
Companies have used traffic data analytics to improve bandwidth and network performance. Now, though, a new class of tools taps network data to improve security.
-
Get Started
How traffic analytics now helps secure the network
Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security.
Multimedia
Vendor Resources
- CyberArk Global Advanced Threat Landscape Report 2019 –Analyst Report
- 6 Reasons Why Your Security Appliance Solution is Failing Your Business –White Paper
- Secure Your Business-Critical Applications –Product Overview
Blog: Security Bytes
-
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today.Continue Reading
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
More Security Bytes Posts
Marriott Starwood data breach notification de-values customers
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
-
News
View All -
Endpoint protection and client security
VMWare acquires Carbon Black for $2.1 billion
VMWare announced an agreement to acquire endpoint security vendor Carbon Black in an effort to boost its cloud security offerings; the all-cash deal is valued at $2.1 billion.
-
Application attacks (buffer overflows, cross-site scripting)
DARPA's hardware protection program may face challenges
DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches.
-
Government information security management
Local Texas governments hit by ransomware attack
Ransomware attacks hit 22 municipalities around Texas, most of which appear to be smaller local governments, but the details surrounding the attacks are still unclear.