SearchSecurity
New & Notable
News
Behind the scenes of the Meltdown and Spectre response
At Black Hat 2018, representatives from Google, Microsoft and Red Hat offered a behind-the-scenes look at the Meltdown and Spectre disclosure and response process.
Manage
OneLogin CSO on unified access management, security-first
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?
News
Amanda Rousseau on reverse engineering malware
Amanda Rousseau, aka Malware Unicorn, discusses her time in computer forensics investigations with the DoD, as well as the joys of reverse engineering malware encryption by hand.
News
Amanda Rousseau talks about how hackers find their hat
Cybersecurity researcher Amanda Rousseau discusses the relationship between the infosec community and law enforcement and how to create the next generation of white hat hackers.
Your Guide to Info Sec Certifications
We’ve collected 30+ certifications for you. Which vendor-neutral and vendor-specific security certifications are best for you? Save time by downloading our list organized by experience level.
Trending Topics
-
Emerging threats Manage
How a Mirai variant puts billions of devices at risk
A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.
-
Windows security Problem Solve
The severity of Microsoft's NTFS security flaw
A security researcher exposed an NTFS flaw that Microsoft deliberately hasn't patched. Expert Michael Cobb explains how the bug works and why it isn't being treated as severe.
-
PCI DSS Get Started
How the PCI SSC took on mobile point-of-sale systems
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help.
-
Encryption technology Manage
Comparing lattice cryptography to current cryptography
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.
-
Security industry trends News
Black Hat attendees facing workforce, budget challenges
According to a survey of Black Hat 2018 attendees, organizations are still struggling with insufficient cybersecurity staff and budgets to meet the current and emerging threats.
-
CISSP Evaluate
Creative ways to earn CISSP CPEs
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.
Topics Covered
-
Data security technology and strategy (5) +
-
Enterprise identity and access management (8) +
-
Enterprise network security (9) +
- DDoS attack detection and prevention
- Endpoint protection and client security
- IoT security issues
- IPv6 security and network protocols security
- Network Access Control technologies
- Network device security: Appliances, firewalls and switches
- Secure remote access
- Software-defined security best practices
- VPN security
-
Information security certifications, training and jobs (2) +
-
Information security program management (7) +
- Government information security management
- Information security incident response
- Information security laws, investigations and ethics
- Information security policies, procedures and guidelines
- Security automation systems, tools and tactics
- Security industry market trends, predictions and forecasts
- Security vendor mergers and acquisitions
-
Information security risk management (3) +
-
Information security threats (5) +
-
Network threat detection (4) +
-
Platform security (3) +
-
Security audit, compliance and standards (4) +
-
Software and application security (9) +
- Application attacks (buffer overflows, cross-site scripting)
- Application firewall security
- Database security
- Microsoft Patch Tuesday and patch management
- Open source security tools and software
- Productivity apps and messaging security
- Secure SaaS: Cloud application security
- Secure software development
- Social media security risks
-
Web security tools and best practices (3) +
-
Wireless and mobile security (4) +
Featured Authors
Have a question for an expert?
Please add a title for your question
Get answers from your peers on your most technical Information Security challenges.
Meet all of our Information Security experts
-
Rob Wright asks:
What were the biggest missteps in the coordinated disclosure effort for Meltdown and Spectre?
-
Kathleen Richards asks:
What types of attacks are you seeing in identity and access management environments?
Find Solutions For Your Project
-
Evaluate
Malicious apps used Facebook APIs to steal user data
Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data.
-
Misuse of the UPnP protocol leads to a vulnerability
-
Top three benefits of SIEM for the enterprise
-
MANRS: ISOC's solution for BGP security
-
-
Problem Solve
Malwarebytes discovered four new Mac security risks
Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis.
-
The severity of Microsoft's NTFS security flaw
-
Why infosec needs more female conference speakers
-
How a vulnerability puts emergency warning systems at risk
-
-
Manage
OneLogin CSO on unified access management, security-first
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?
-
How a Mirai variant puts billions of devices at risk
-
Entropy engineers aid the criticality analysis process
-
How SDKs caused user data leaks in mobile apps
-
-
E-Zine | August 2018
Security data scientists on how to make your data useful
Download -
E-Handbook | July 2018
Incident response playbook in flux as services, tools arrive
Download -
E-Handbook | June 2018
Machine learning security, a real advance in tech protection
Download -
E-Zine | June 2018
CISOs face the IoT security risks of stranger things
Download -
Buyer's Handbook | May 2018
A security operations center for hire? Something to consider
Download
Information Security Basics
-
Get Started
Advances in access governance strategy and technology
Recent advances in IAM policy, strategy and technology are raising companies' ability authenticate identities and manage access to their systems and data.
-
Get Started
Top three benefits of SIEM for the enterprise
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.
-
Get Started
certificate authority
A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.
Multimedia
Vendor Resources
- Success Metrics for Advanced Threat Detection –Resource Center
- The Network Leaders' Guide to Secure SD-WAN –White Paper
- A New Security Strategy that Protects the Organization When Work Is Happening ... –Resource Center
Blog: Security Bytes
-
Five things to watch for at Black Hat USA this year
As Black Hat USA 2018 approaches, we take a quick look at trends in the conference agenda and sessions not to miss.Continue Reading
-
How Dropbox dropped the ball with anonymized data
Dropbox came under fire for sharing anonymized data with academic researchers after questions emerged about how the data was protected and used.Continue Reading
-
More Security Bytes Posts
Is the new California privacy law a domestic GDPR?
Cyber attribution: Why it won't be easy to stop the blame game
It's GDPR Day. Let the privacy regulation games begin!
-
News
View All -
Information security policies, procedures and guidelines
Behind the scenes of the Meltdown and Spectre response
During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre.
-
Emerging cyberattacks and threats
2018 Pwnie winners take bows at Black Hat
The Meltdown and Spectre research teams won big at the Pwnie Awards this year at Black Hat, while the late-entry Bitfi Wallet team overwhelmingly won for Lamest Vendor Response.
-
Web security tools and best practices
Server-side cache poisoning demonstrated at Black Hat 2018
PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018.
SearchSecurity Definitions
- certificate authority (CA)
- hacktivism
- advanced persistent threat (APT)
- whaling attack (whaling phishing)
- Certified Cloud Security Professional (CCSP)
- federated identity management
- next-generation firewall (NGFW)
- DMZ (networking)