SearchSecurity
New & Notable
Manage
Is the Spectre variant 2 mitigation worth it?
Fixes for the Spectre variant 2 vulnerability affect system performance, so some in the tech sector wonder whether they're worth it. Expert Michael Cobb examines that question.
News
Kaseya MSP clients hit with GandCrab ransomware
GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims.
Evaluate
Can a zero-trust approach fill the security perimeter void?
With the enterprise perimeter a mere memory, how can enterprises hope to secure their mission-critical data and systems?
Manage
How Mirai and Gafgyt variant botnets target IoT devices
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose.
Instant Download: Free Guide to Password Security
Including insights from security pros Michael Cobb, Jeremy Bergsman and Nick Lewis, gain expert advice on how to improve your password policies to keep your enterprise safe. Explore machine learning-powered techniques, how to approach mobile password management, and more.
Trending Topics
-
Emerging threats News
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.
-
Windows security Manage
How to bypass a Windows kernel protection feature
Security researchers demonstrated how a new fileless attack technique can bypass a Windows kernel protection feature at Black Hat 2018. Find out how the technique works.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology News
Microsoft BitLocker misplaces trust in SSDs for encryption
Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse.
-
Security industry trends Evaluate
CISOs face an array of serious issues in the new year
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Mekhala Roy asks:
What other factors are contributing to the rise of malware-free attacks and 'big game hunting'?
-
Michael Cobb asks:
What do you think is the right response to Spectre variant 2 -- mitigation or no mitigation?
Find Solutions For Your Project
-
Evaluate
Can a zero-trust approach fill the security perimeter void?
With the enterprise perimeter a mere memory, how can enterprises hope to secure their mission-critical data and systems?
-
Zero trust through microsegmentation
-
Can GitHub's new repository service help your company?
-
Product roundup: Multifactor authentication tools
-
-
Problem Solve
How process impersonation is used by a Kronos variant
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis.
-
How to avoid being phished on your iPhone
-
How do double attacks work and can they be stopped?
-
How to limit exposure to credential stuffing
-
-
Manage
Is the Spectre variant 2 mitigation worth it?
Fixes for the Spectre variant 2 vulnerability affect system performance, so some in the tech sector wonder whether they're worth it. Expert Michael Cobb examines that question.
-
How Mirai and Gafgyt variant botnets target IoT devices
-
How to get to zero: Putting your strategy into action
-
How detected malware can be tracked with VirusTotal
-
-
E-Handbook | February 2019
Can a zero-trust approach fill the security perimeter void?
Download -
E-Zine | February 2019
CISOs build cybersecurity business case amid attack onslaught
Download -
E-Handbook | January 2019
Customer identity and access management: Why now and how?
Download -
E-Handbook | December 2018
Can deception security tactics turn the tables on attackers?
Download -
E-Zine | December 2018
Allure of the threat hunter draws companies large and small
Download
Information Security Basics
-
Get Started
How to prepare your organization for the CCPA
Organizations that handle California consumer data have a year to comply with CCPA. Expert Steven Weil discusses what enterprises need to know about the California privacy law.
-
Get Started
SOAR (Security Orchestration, Automation and Response)
SOAR (Security Orchestration, Automation and Response) is a technology stack of compatible software programs that allow an organization to collect data about security threats and alerts from multiple sources and respond to low-level security events ...
-
Get Started
COBIT
COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management practices.
Multimedia
Vendor Resources
- 2019 Report: State of the Phish –Research Content
- Vitria's Chris Menier Discusses How Artificial Intelligence, Machine Learning ... –Resource
- Cybersecurity for Digital Twins –eBook
Blog: Security Bytes
-
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.Continue Reading
-
Marriott Starwood data breach notification de-values customers
The Marriott Starwood data breach exposed half a billion customers' data, but the hospitality giant seems to have learned from recent megabreaches that the standard response to a breach can be the ...Continue Reading
-
More Security Bytes Posts
Are US hacker indictments more than Justice Theater?
Breaking down Dell's "potential cybersecurity incident" announcement
Will cybersecurity safety ever equal air travel safety?
-
News
View All -
Data security strategies and governance
CrowdStrike threat report highlights the need for speed
CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.'
-
Malware, virus, Trojan and spyware protection and removal
Kaseya MSP clients hit with GandCrab ransomware
GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims.
-
Security automation systems, tools and tactics
Palo Alto Networks to acquire Demisto for $560 million
Palo Alto Networks announced its plan of acquiring SOAR vendor Demisto for $560 million to accelerate its Application Framework strategy and beef up security operations automation.