New & Notable
A vendor admitted to compromising its election system security by installing remote access software on systems over the span of six years, but claims to have stopped the practice.
Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting.
Domain fronting is a popular way to bypass censorship controls, but cloud providers like AWS and Google have outlawed its use. Expert Michael Cobb explains why.
The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis.
Emerging threats News
News roundup: The Ticketmaster breach was part of a massive digital credit card-skimming campaign. Plus, the U.K. fined Facebook over the Cambridge Analytica scandal, and more.
Windows security Manage
Spider ransomware has been found spreading malicious files via a phishing campaign that gives victims a 96-hour deadline. Learn how this attack is similar to past attacks with Nick Lewis.
PCI DSS Get Started
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
Encryption technology Manage
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it.
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Data security technology and strategy (5) +
Enterprise identity and access management (8) +
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
Information security certifications, training and jobs (2) +
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
Information security risk management (3) +
Information security threats (5) +
Network threat detection (4) +
Platform security (3) +
Security audit, compliance and standards (4) +
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
Web security tools and best practices (3) +
Wireless and mobile security (4) +
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Find Solutions For Your Project
IR is shifting, with new technology, automation, machine learning and third-party services changing how IR is performed. But in-house security will remain central.
Facebook Messenger is being used to reach more victims with a cryptojacking bot that Trend Micro researchers named Digimine. Learn how this bot works with expert Nick Lewis.
ICS threats have become more prevalent, so the need for organizations to understand the risks has grown. Expert Ernie Hayden explains what enterprises need to know.
Pro+ Security DownloadsView All
E-Handbook | July 2018Download
E-Handbook | June 2018Download
E-Zine | June 2018Download
Buyer's Handbook | May 2018Download
E-Handbook | May 2018Download
Information Security Basics
Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more.
The Certified Cloud Security Professional (CCSP) certification is intended for experience IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of ...
Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group.
- Top 5 Log Sources You Should Be Ingesting but Probably Aren't –White Paper
- How Continuous Monitoring is Revolutionizing Risk Management –White Paper
- Cybersecurity: A Veracode Case Study –Case Study
Blog: Security Bytes
The difference between data privacy protections afforded to European Union residents and people in the U.S. is more sharply highlighted now that the EU's General Data Protection Regulation has ...Continue Reading
Infosec experts have argued that too much focus is put on cyber attribution, but moving away from publicly identifying threat groups and nation-states may be easier said than done.Continue Reading
More Security Bytes PostsView All Blog Posts
Sections from across SearchSecurity
Cyberespionage and nation-state cyberattacks
The indictment of Russian intelligence officers accused of hacking the DNC revealed a troubling timeline, including the X-Agent malware lurking on DNC systems for months.
Web browser security
In an effort to mitigate the risk of Spectre attacks, Google Chrome site isolation has been enabled for 99% of browser users to minimize the data that could be gleaned by an attacker.
Cyberespionage and nation-state cyberattacks
A grand jury for special counsel Robert Mueller's election-interference investigation indicted 12 Russian intelligence officers for crimes related to the DNC and DCCC hacks.
- Certified Cloud Security Professional (CCSP)
- federated identity management
- next-generation firewall (NGFW)
- DMZ (networking)
- risk analysis
- honeypot (honey pot)
- IPsec (Internet Protocol Security)
- SSL VPN (Secure Sockets Layer virtual private network)