Ask the Experts

Ask the Experts

• How Windows XP end of life conflicts with PCI DSS requirement 6.2

  Expert Mike Chapple explains why companies running Windows XP will have trouble meeting PCI DSS requirement 6.2 after the Windows XP end-of-life date.  Continue Reading

• HIPAA Omnibus Rule 2013: New Notice of Privacy Practices requirements

  Expert Mike Chapple explains how Notice of Privacy Practices requirements have changed for covered entities under the HIPAA Omnibus Rule 2013.  Continue Reading

• Microsoft Office 2003: Staying safe after the security support stops

  Worried about Microsoft Office 2003 security after support ends April 8, 2014? Michael Cobb offers some pointers.  Continue Reading

• Preventing plaintext password problems in Google Chrome

  Plaintext passwords are risky business. Michael Cobb discusses what Google says about the Chrome password vulnerability and potential exploits.  Continue Reading

• The Vobfus worm and Beebone Trojan: How malware downloads more malware

  The Vobfus worm downloads variants of the Beebone Trojan and vice versa. Discover how to defend your enterprise from malware that downloads malware.  Continue Reading

• Femtocell security: Defending against a femtocell hack

  The risk of a femtocell hack is a real enterprise concern. Nick Lewis explains why and explores how to defend against an attack.  Continue Reading

• KINS malware: Rootkit vs. bootkit

  The emerging KINS malware has been labeled a bootkit rather than a rootkit. Nick Lewis explains the difference and how to defend against it.  Continue Reading

• Mac malware: Evasion techniques, enterprise detection best practices

  Mac malware is starting to use the evasion techniques of Windows malware. Enterprise threats expert Nick Lewis discusses the risks.  Continue Reading

• Advanced volatile threat detection: New term, old malware?

  The newly coined term 'advanced volatile threat' (AVT) describes a specific type of hard-to-detect attack. Nick Lewis debunks the AVT hype.  Continue Reading

• Key takeaways from the 2013 Verizon DBIR: What can be learned for 2014

  Expert Joseph Granneman looks back at the 2013 Verizon DBIR and provides key takeaways for companies looking to avoid being part of the 2014 edition.  Continue Reading

• How to use the RACI matrix for a security risk assessment

  Expert Joseph Granneman explains how the RACI matrix can be used as part of an information security risk assessment.  Continue Reading

• Securing endpoint devices with code-execution prevention

  A survey revealed 54% of enterprises don't know if they use code-execution prevention on networked endpoint devices. Does your organization?  Continue Reading

• The backdoor threat of Trusted Platform Module and Windows 8

  Does the combination of the Trusted Platform Module and Windows 8 create the threat of a backdoor? Michael Cobb discusses.  Continue Reading

• Elliptic curve cryptography: What ECC can do for the enterprise

  Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC.  Continue Reading

• What is the MEHARI risk management framework and how can it be used?

  Expert Joseph Granneman details the MEHARI risk management framework and compares it to the ISO 27000 and NIST 800 series.  Continue Reading

• Is the DoD mobile device strategy applicable to enterprises?

  Can enterprises utilize the DoD mobile device strategy as a measuring stick when allowing devices on a network? Expert Joseph Granneman decides.  Continue Reading

• What are the top instant messaging security risks facing enterprises?

  Expert Michael Cobb explains the security risks of instant messaging (IM) and reveals why standardizing on one program can help mitigate them.  Continue Reading

• SSH security risks: Assessment and remediation planning

  Application security expert Michael Cobb details how to use a new free SSH security risk assessment tool to mitigate enterprise SSH risks.  Continue Reading

• BlackBerry backdoor: Do BlackBerry credential logs pose a threat?

  BlackBerry's email system logs user credentials and sends them in cleartext to BlackBerry servers. Is it a vendor backdoor? Michael Cobb discusses.  Continue Reading

• How to identify and secure data egress points to prevent data loss

  Expert Michael Cobb discusses how to identify the data egress points in enterprise databases to prevent malicious data exfiltration.  Continue Reading

• Windows 8.1 security overview: Enterprise features and tools

  Application security expert Michael Cobb takes a look at the noteworthy security features found in Windows 8.1 Enterprise.  Continue Reading

• Detecting malware encryption: Can NGFWs spot SSL-encrypted malware?

  An NSS Labs study claims next-generation firewalls struggle to detect and defend against SSL-encrypted malware. Brad Casey analyzes the findings.  Continue Reading

• Network security risks: The trouble with default passwords

  Network security expert Brad Casey explores the risks of putting devices on the network with default passwords, and spotting default password usage.  Continue Reading

• How to mitigate Atlassian Crowd's SSO vulnerability

  Network security expert Brad Casey advises how to mitigate the vulnerability in SSO product Atlassian Crowd until an upgrade can be performed.  Continue Reading

• The risks of granting admin rights for Windows app management

  Brad Casey explores issues with giving Windows users admin rights to install and manage applications, and offers advice on mitigating inherent risks.  Continue Reading

• How to defend against a DOM-based XSS attack

  Learn how DOM-based XSS attacks differ from typical cross-site scripting attacks, and learn best practices for defending against them.  Continue Reading

• PinkStats: Unique toolkit offers lessons in APT defense

  Enterprise threats expert Nick Lewis explores how analysis of a newly discovered APT tool, PinkStats, may help enterprise APT defense.  Continue Reading

• DLL preloading: Making malware detection more difficult

  DLL preloading makes malware detection difficult. Effective enterprise mitigation requires antimalware, Microsoft FixIt, and keeping programs current.  Continue Reading

• Using the Google Transparency Report to enhance website blacklisting

  Threats expert Nick Lewis explores whether Google's Transparency Report can be used to enhance blacklisting of malicious websites in the enterprise.  Continue Reading

• Can Windows EFS hinder malware detection?

  A new malware strain leverages the Encrypting File System to thwart forensic analysis. Learn how to handle attacks that involve Windows EFS.  Continue Reading

• Using DNS monitoring to detect network breaches

  Brad Casey highlights three DNS data-monitoring methods that can help organizations determine if their networks have been breached.  Continue Reading

• BYOPC: Network security best practices for employee-owned computers

  Expert Brad Casey offers a number of best practices to help your organization ensure network and endpoint security in a BYOPC era.  Continue Reading

• Using microVM isolation to improve malware detection and defense

  Use of microVMs for malware detection and isolation is growing, but expert Brad Casey cautions that the tactic isn't a cure-all for fighting malware.  Continue Reading

• Is EAL4 certification necessary for enterprise firewall products?

  EAL4 certification ensures integrity in security products, but is it a must when buying enterprise firewall products? Expert Brad Casey explains.  Continue Reading

• Preparing your system for telephony denial-of-service attacks

  Can your organization's telephony system survive a telephony denial-of-service attack? Expert Brad Casey provides pointers for TDoS survival success.  Continue Reading

• Assessing the threat of proxy auto-config malware

  Expert Nick Lewis explains how attackers are taking advantage of proxy auto-config capabilities in browsers and what mitigations can be put in place.  Continue Reading

• Web-based malware: Why detection efforts must go beyond antimalware

  Expert Nick Lewis details why antimalware suites don't provide adequate protection against Web-based malware and how enterprises can defend users.  Continue Reading

• How to manage TeamViewer security risk, mitigate the TeamSpy malware

  In light of the recent TeamSpy malware, Nick Lewis examines whether TeamViewer's security risk has reached an acceptable level for enterprises.  Continue Reading

• Heap spray attacks: Details and mitigations for new techniques

  Expert Nick Lewis details a new heap spray attack technique and provides mitigations for both new and old heap spray attacks.  Continue Reading

• Incident response lessons from Facebook's red team exercises

  Expert Nick Lewis provides advice for enterprises looking to take inspiration for an incident response plan from Facebook's red team exercises.  Continue Reading

• COBIT 5 certification: Should compliance professionals pursue it?

  Expert Mike Chapple details the COBIT 5 certification process and determines if security and compliance professionals should pursue it.  Continue Reading

• How to adapt to latest EU data breach notification requirement changes

  For companies worried about the latest EU data breach notification requirements, expert Mike Chapple says to look to the PCI DSS framework.  Continue Reading

• How PCI 3.0 changes the PCI DSS penetration testing requirement

  The PCI DSS penetration testing requirement becomes more rigorous with the release of PCI 3.0. Expert Mike Chapple details the change.  Continue Reading

• Is FTP malware threatening network port security?

  A diligent enterprise must watch for FTP attacks over non-standard ports, says network security expert Brad Casey.  Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.  Continue Reading

• How to test for and protect against firewall vulnerabilities

  Vulnerabilities in a firewall operating system can render the firewall useless. Learn how to test for and protect against them.  Continue Reading

• The implications of mobile hotspot security vulnerabilities

  Learn how enterprises can ensure mobile hotspot security by guarding against security vulnerabilities in 3G and 4G modems.  Continue Reading

• OpenBL: A website blacklist for improving firewall performance

  A free website blacklist like OpenBL can help enterprise security organizations improve firewall performance -- at least temporarily.  Continue Reading

• How do different browsers handle SSL certificate revocation?

  Application security expert Michael Cobb explores how different Web browsers handle SSL certificate revocation.  Continue Reading

• What to look for in a website security service provider

  When evaluating website security service providers, expert Michael Cobb says be sure to ask for qualifications, references and past work examples.  Continue Reading

• Firefox security features: Introduction to Mixed Content Blocker, CSP

  Application security expert Michael Cobb discusses how Firefox's addition of Mixed Content Blocker and Content Security Policy improve Web security.  Continue Reading

• CMS security recommendations for Drupal and WordPress

  Application security expert Michael Cobb offers advice on how to secure content management systems like WordPress and Drupal.  Continue Reading

• Open source code reuse: What are the security implications?

  Reusing open source code can present a security risk. Application security expert Michael Cobb explains why and how to protect applications.  Continue Reading

• Multi-stage attack detection best practices for enterprises

  Nick Lewis explores the growing popularity of multi-stage toolkits among attackers and reveals strategies for early detection of multi-stage attacks.  Continue Reading

• Inside the PushDo botnet's domain generation algorithm capabilities

  Expert Nick Lewis examines the reemergence of the PushDo botnet and its new domain generation algorithm capabilities, and the threats it poses.  Continue Reading

• Attack attribution analysis: Benefits of linking separate attacks

  Expert Nick Lewis reveals how attribution and comparing technical details can help link separate attacks and explores the value in doing so.  Continue Reading

• AutoIt script in malware attacks: Defensive best practices

  Industry expert Nick Lewis outlines the growing popularity of AutoIt script code in malware attacks and how to defend against these attacks.  Continue Reading

• PDF malware: How to spot, prevent emerging PDF attacks

  Enterprise threats expert Nick Lewis explores emerging techniques being employed in PDF-based malware attacks and tells how to defend against them.  Continue Reading

• Encryption key management: Should keys still be stored in the cloud?

  Expert Joe Granneman explains whether encryption key management in the cloud is still possible after a slew of revelations around the NSA.  Continue Reading

• Evaluating vendor promises: How to create a vendor security checklist

  For enterprises that need to weigh security requirements versus vendors' claims, a vendor security checklist can help. Expert Joe Granneman advises.  Continue Reading

• Security certification training programs: How to choose the right one

  A security certification training program can give test takers a leg up, but only if they select the right program. Expert Joe Granneman advises.  Continue Reading

• Risk versus hype: What is the real impact of insider security threats?

  Expert Joe Granneman separates sensationalism from reality to determine how much risk insider security threats actually pose to enterprise security.  Continue Reading

• For a PCI-compliant database, implement database security controls

  Expert Mike Chapple details the necessary database security controls that an organization must implement to achieve a PCI-compliant database.  Continue Reading

• SB-46 analysis: How California data breach notification law changed

  The scope of California data breach notification law expanded thanks to SB-46. Expert Mike Chapple details some of the most pressing changes.  Continue Reading

• Does running end-of-life software lead to compliance violations?

  There are several risks involved when using end-of-life software, including the possibility of compliance violations. Expert Mike Chapple explains.  Continue Reading

• How to ensure legacy serial port security on enterprise networks

  In the wake of H.D. Moore's discovery of rampant serial port security problems, learn how to secure legacy, Internet-connected serial port servers.  Continue Reading

• The role of the enterprise intrusion prevention system in APT defense

  One research group says an enterprise IPS can't help detect APTs. But network security expert Brad Casey explains why that isn't necessarily true.  Continue Reading

• How to support compliance efforts with customized firewall rule sets

  Take note of these best practices for customizing generic firewall rule sets to better support enterprise compliance efforts.  Continue Reading

• Does Nokia SSL decryption raise security concerns for enterprises?

  Network security expert Brad Casey explores the security threats posed by mobile device manufacturers like Nokia that perform HTTPS data decryption.  Continue Reading

• Next-generation firewall management features: What to look for

  Next-generation firewall management options are often lacking. Network security expert Brad Casey gives key features to look for in evaluating NGFWs.  Continue Reading

• Will a password-strength meter lead to stronger passwords?

  Security expert Michael Cobb explores the benefits of password-strength meters in the enterprise and how they help users create strong passwords.  Continue Reading

• The value of 2,048-bit encryption: Why encryption key length matters

  Leading browsers are required to use 2,048-bit length keys by the end of the year, but what effect does this have on security?  Continue Reading

• How certificate pinning improves certificate authority security

  Certificate pinning reduces reliance on trusting certificates authorities and improves digital certificate trustworthiness. Michael Cobb explains how.  Continue Reading

• How the Firefox Health Report improves enterprise browser security

  Expert Michael Cobb discusses the ins and outs of the Firefox Health Report, and the implications it has for browser security and enterprise security.  Continue Reading

• Can predefined DLP rules help prevent HIPAA and PCI DSS violations?

  Expert Mike Chapple determines whether predefined DLP rules can actually help enterprises to avoid HIPAA and PCI DSS compliance violations.  Continue Reading

• How enterprises can avoid violating the Stored Communications Act

  The Stored Communications Act can come back to bite companies that fail to wipe personal data from corporate devices. Expert Mike Chapple discusses.  Continue Reading

• Grasping the nuances of PCI certification levels for service providers

  Expert Mike Chapple explains how card brands differentiate between PCI certification Levels 1 and 2 for service providers.  Continue Reading

• The 2013 OWASP Top 10 list: What's changed and how to respond

  Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.  Continue Reading

• Does Content-Agnostic Malware Protection improve Chrome security?

  Expert Michael Cobb explains how Content-Agnostic Malware Protection, or CAMP for Chrome, works and whether the feature improves Chrome security.  Continue Reading

• Do two-factor authentication vulnerabilities outweigh the benefits?

  Two-factor authentication vulnerabilities are a real concern, but should they deter enterprises from deploying 2FA? Expert Michael Cobb discusses.  Continue Reading

• Can an unqualified domain name cause man-in-the-middle attacks?

  An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result.  Continue Reading

• RC4 attack details: Can the RC4 encryption algorithm protect SSL/TLS?

  Expert Michael Cobb provides background on the RC4 encryption algorithm and determines whether a recent RC4 attack signals trouble for SSL/TLS users.  Continue Reading

• Data-classification levels for compliance: Why simple is best

  The best data-classification programs are simple and easy to use. Expert Mike Chapple outlines his four must-have data-classification categories.  Continue Reading

• How to change BAAs to comply with the HIPAA Omnibus Rule 2013

  The 2013 HIPAA Omnibus Rule requires changes to HIPAA business associate agreements. Expert Mike Chapple explains how to comply.  Continue Reading

• Understanding the PCI DSS prioritized approach to compliance

  You can take a phased approach to achieving PCI DSS compliance, but expert Mike Chapple says you aren't compliant until you meet all its requirements.  Continue Reading

• How does steganography work and does it threaten enterprise data?

  Expert Joe Granneman explains how steganography works, and the ways it can both protect and threaten enterprise data.  Continue Reading

• How to make a good first impression when presenting to executives

  Explaining an information security program to C-suite executives can be nerve-racking. Here's how to make a good first impression.  Continue Reading

• Choosing security software products: Does vendor revenue matter?

  Expert Joe Granneman weighs in on the value of market revenue rankings when it comes to choosing security software.  Continue Reading

• Hitting the books: How to study for the CISSP exam

  Expert Joe Granneman offers insights on different ways to prepare for the CISSP exam, and outlines what he thinks is the best way to study.  Continue Reading

• Understanding advanced evasion techniques, preventing AET attacks

  Expert Brad Casey explains advanced evasion techniques and details how to protect enterprise networks against the likelihood of an AET attack.  Continue Reading

• Does network speed impact the ability to monitor network activity?

  Expert Brad Casey explains the relationship between network speed and the ability to monitor network activity in the enterprise.  Continue Reading

• What is the value of the Lockheed Martin cyber kill chain?

  Expert Brad Casey analyzes the value of the Lockheed Martin cyber kill chain strategy, emphasizing data exfiltration over intrusion prevention.  Continue Reading

• Lessons learned from Juniper vulnerability in Junos OS

  Expert Brad Casey says the recent Junos OS flaws demonstrates why enterprises must diligently update networking router software to stay secure.  Continue Reading

• OpenFlow security: Does OpenFlow secure software-defined networks?

  Expert Brad Casey answers a question on OpenFlow security implications: Can the OpenFlow protocol foster software-defined networking (SDN) security?  Continue Reading

• Enterprise app store encryption: Lessons to learn from Apple

  After the Apple App Store's security mishap, expert Michael Cobb details the minimum enterprise app store encryption requirements.  Continue Reading

• Identifying and locking down known Java security vulnerabilities

  Expert Michael Cobb discusses why known Java security vulnerabilities are on so many endpoints and how to contain them -- without updating Java.  Continue Reading

• SANS Top 20 Critical Security Controls vs. Defence Signals Directorate

  Expert Michael Cobb compares the value of the SANS Top 20 Critical Security Controls with Australia's Defence Signals Directorate advice.  Continue Reading

• Why securing internal applications is as important as Web-facing apps

  Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.  Continue Reading

• Using free Web application security scanning tools to secure Web apps

  Expert Michael Cobb explains how free Web application security scanning tools can help secure Web apps for budget-strapped organizations.  Continue Reading

• Does the Bit9 compromise call application whitelisting into question?

  Expert Nick Lewis explains how Bit9 was recently compromised and the viability of application whitelisting as a result of the compromise.  Continue Reading