Ask the Experts

Ask the Experts

Risk assessments, metrics and frameworks

• Do you have the right set of penetration tester skills?

  Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path.  Continue Reading

• What are the benefits and challenges of cloud penetration testing?

  Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help inform cloud pen test strategies.  Continue Reading

• Do I need to adopt a cybersecurity framework?

  A comprehensive cybersecurity framework can help businesses avoid costly attacks. But there are other advantages.  Continue Reading

• What's the best way to maintain top cybersecurity frameworks?

  Keeping top cybersecurity frameworks up to date means understanding how a business evolves and changes. What steps should you take to maintain your security strategy?  Continue Reading

• What are the core components of a cybersecurity framework?

  Cybersecurity frameworks differ from one company to another, but each plan has four fundamental stages. Find out what you need to know.  Continue Reading

• How does the MnuBot banking Trojan use unusual C&C servers?

  IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past.  Continue Reading

• Vulnerability scans: How effective are they for web apps?

  Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can be missed by security teams.  Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.  Continue Reading

• How can enterprises leverage Google's Project Wycheproof?

  Google's Project Wycheproof tests crypto libraries for known vulnerabilities, but there are potential drawbacks to this tool. Expert Matthew Pascucci explains them.  Continue Reading

• How can two-factor authentication systems be used effectively?

  Two-factor authentication systems require more than using codes sent through SMS and smart cards. Expert Michael Cobb explains how to properly and effectively implement 2FA.  Continue Reading

• Why are cybersecurity KPIs important for enterprises to determine?

  Cybersecurity KPIs are important for enterprises to determine when setting up a security program. Expert Mike O. Villegas discusses why and what a KPI for security should be.  Continue Reading

• Irongate malware: What are the risks to industrial control systems?

  The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS and SCADA systems.  Continue Reading

• How can APT groups be stopped from exploiting a Microsoft Office flaw?

  APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks work and how to prevent them.  Continue Reading

• Rowhammer exploit: Are Microsoft Edge browser users at risk?

  The Rowhammer and memory deduplication attack enables read and write access to Microsoft Edge browsers. Expert Nick Lewis explains how to mitigate this threat.  Continue Reading

• SAP vulnerability: Why didn't the patch work correctly?

  An old SAP vulnerability that enabled remote administrative access was found to be ineffectually patched. Expert Nick Lewis explains how enterprises can secure their systems.  Continue Reading