Ask the Experts

Ask the Experts

• What are the benefits and challenges of cloud penetration testing?

  Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies.  Continue Reading

• How can companies prevent and respond to island hopping attacks?

  Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate risks from these indirect attacks.  Continue Reading

• What's the best way to prevent XSS attacks?

  To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid.  Continue Reading

• The difference between zero-day vulnerability and zero-day exploit

  A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list.  Continue Reading

• Why is patch management important?

  Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important.  Continue Reading

• How to build an enterprise penetration testing plan

  Simulating an attack against your network is one of the best ways to remediate security holes before the bad guys find them. Here, learn penetration testing basics and how it can help keep your enterprise safe.  Continue Reading

• How to detect and defend against a TCP port 445 exploit and attacks

  The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains how to detect and defend against such attacks.  Continue Reading

• What are the pros and cons of outsourcing IT security?

  Companies are facing increased costs when maintaining an internal security group. Outsourcing IT security has its advantages, but there are some challenges to keep in mind.  Continue Reading

• How can endpoint security features help combat modern threats?

  The antivirus of yesteryear isn't a strong enough competitor to beat modern enterprise threats. Learn about the endpoint security features ready to tackle these battles head-on.  Continue Reading

• Best practices to conduct a user access review

  User entitlement reviews ensure employees only have access to essential systems and unauthorized employees -- or miscreants -- don't. Learn how to conduct an audit of user privileges.  Continue Reading

• Attackers turn the tables on incident response strategies

  Attackers expect incident response strategies and have a plan for when they encounter them. Find out how to take IR to the next level against attacker incident response counterstrategies.  Continue Reading

• Do I need to adopt a cybersecurity framework?

  A comprehensive cybersecurity framework can help businesses avoid costly attacks. But there are other advantages.  Continue Reading

• What's the best way to maintain top cybersecurity frameworks?

  Keeping top cybersecurity frameworks up to date means understanding how a business evolves and changes. What steps should you take to maintain your security strategy?  Continue Reading

• What are the core components of a cybersecurity framework?

  Cybersecurity frameworks differ from one company to another, but each plan has four fundamental stages. Find out what you need to know.  Continue Reading

• What are the most important email security protocols?

  Internet email was designed independent of security considerations, but these are the top email security protocols that add mechanisms to keep messaging safe from threats.  Continue Reading