Ask the Experts

Ask the Experts

• New advanced persistent threat protection: Beyond perimeter defense

  Firewalls and antivirus are ineffective in the face of APT attacks. Expert Nick Lewis offers suggestions for advanced persistent threat protection.  Continue Reading

• How a DNS reflection attack differs from a standard DoS attack program

  A DNS reflection attack is like a regular denial-of-service attack, but much worse. Nick Lewis explains why.  Continue Reading

• Inside the Samsung Galaxy Note 2 lock screen bypass vulnerability

  Expert Nick Lewis explains how attackers bypassed the Samsung Galaxy Note 2 lock screen and which devices may be vulnerable.  Continue Reading

• How an Adobe Reader zero-day exploit escapes sandboxing capabilities

  Expert Nick Lewis explains how a recent zero-day exploit escaped the Adobe Reader sandbox, and whether it's likely to happen again.  Continue Reading

• Disable autorun to prevent autorun malware infections

  Expert Nick Lewis explains how disabling autorun prevents malware from affecting users.  Continue Reading

• How to protect data from ransomware malware

  It can be difficult to recover data that is encrypted by ransomware malware -- unless you have expert Nick Lewis' recommendations in place.  Continue Reading

• How to detect malware with changing file sizes

  Malware authors change the size of malware files to avoid detection by antivirus software. Learn how to detect this malware from expert Nick Lewis.  Continue Reading

• Foxit Reader vulnerability: Time to find an alternative PDF reader?

  Does the latest Foxit Reader vulnerability mean it's time to find an alternative PDF reader? Expert Nick Lewis offers his advice.  Continue Reading

• How to avoid security problems with Java outside the browser

  Another Java zero-day vulnerability has a security pro asking threats expert Nick Lewis how Java can safely be used with enterprise applications.  Continue Reading

• Advocating for a Microsoft EMET deployment amid configuration issues

  Expert Michael Cobb discusses whether EMET configuration issues should deter a security team from pushing for an enterprise EMET deployment.  Continue Reading

• How to test antimalware products before a full enterprise deployment

  Expert Michael Cobb discusses how to thoroughly test antimalware products before they are deployed in a potentially harsh enterprise setting.  Continue Reading

• The advantages of digital watermarking in enterprise data protection

  Expert Michael Cobb explains the advantages of digital watermarking and analyzes whether improved data security is one of them.  Continue Reading

• Can application security products really be 'self-defending?'

  Expert Michael Cobb determines whether 'self-defending' application security products actually provide something new to enterprise security.  Continue Reading

• VPN use in China: Protecting sensitive business data

  With VPN use in China prohibited, businesses have reason to be concerned about the privacy of their data.  Continue Reading

• Recommended tools for remote access Trojan detection

  Expert Brad Casey suggests tools that can detect remote access Trojans, or RATs, like FAKEM.  Continue Reading

• How to plan for and mitigate a Barracuda vulnerability

  Learn how to lock down a back-door vulnerability on Barracuda security devices and prevent attackers from accessing management accounts.  Continue Reading

• How to mitigate Cisco wireless denial-of-service vulnerabilities

  Cisco WLAN controllers have faced several denial-of-service flaws. Learn how to reduce network security risk in cases when patches aren't available.  Continue Reading

• HP printer discovery issue highlights printer security best practices

  In wake of an HP printer discovery issue where Google indexed thousands of printers, learn best practices to keep network printers off the Internet.  Continue Reading

• Application security risks posed by open source Java frameworks

  Expert Michael Cobb says security issues with open source Java applications have more to do with misconfigurations than the frameworks themselves.  Continue Reading

• How to reduce the risk of Flash security issues

  A rash of zero-day exploits has one organization looking for ways to reduce the risk posed by Flash running on endpoints.  Continue Reading

• Is Firefox PDF reader a secure alternative to Adobe Reader?

  Expert Michael Cobb examines Mozilla’s Firefox PDF reader and discusses whether it is more secure than Adobe Reader.  Continue Reading

• What is OCSP? Understanding the Online Certificate Status Protocol

  Expert Michael Cobb explains the CASC's Online Certificate Status Protocol (OCSP) and OCSP stapling.  Continue Reading

• BB10 security: The risks of running Android apps on BlackBerry 10

  Expert Michael Cobb explains the implications of running Android apps on BB10 and the system's new security features, including Balance.  Continue Reading

• Reframing discussions about return on security investment

  According to expert Joe Granneman, return on security investment is a misnomer. Here's a better way to view security expenditures.  Continue Reading

• The effects of secure application development practices

  Selling the CIO and others on secure application development requires understanding how it will impact the development process.  Continue Reading

• IT security risk training for executives: How to get started

  Executives don’t have time for formalized security risk training, so the onus is on the security team to become involved with core business processes.  Continue Reading

• Using SANS Securing the Human security awareness tools

  Learn how to use tools from the SANS Securing the Human program to boost the effectiveness of an enterprise security awareness program.  Continue Reading

• Should Android kernel vulnerabilities make enterprises avoid Samsung?

  Expert Nick Lewis discusses the threat and significance of Android kernel vulnerabilities found in popular Samsung mobile devices.  Continue Reading

• Google Chrome clickjacking vulnerability: Time to switch browsers?

  Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers.  Continue Reading

• Measuring the risk posed by sophisticated malware evasion techniques

  Learn about the evolving nature of malware evasion techniques. Security expert Nick Lewis determines whether anti-malware tools should detect them.  Continue Reading

• Gauging the security risk posed by the WordPress pingback vulnerability

  Security expert Nick Lewis details the WordPress pingback vulnerability and advises whether it is time to update custom WordPress implementations.  Continue Reading

• How enterprises can prepare for Project Blitzkrieg-style DDoS attacks

  Expert Nick Lewis offers security measures that enterprises, particularly financials, can utilize to fend off Project Blitzkrieg-style DDoS attacks.  Continue Reading

• Boosting information security budgets: How to get the funds you need

  Getting executive support to boost the information security budget is no easy task. Expert Joe Granneman offers tips for getting the funds you need.  Continue Reading

• Open source security tools: Getting more out of an IT security budget

  Open source security tools can help stretch your IT security budget further -- that is, if you use them strategically. Joseph Granneman explains how.  Continue Reading

• Goals for how to become a CISO if you're a security technologist

  Security technologists aspiring to become CISOs must develop a variety of business skills, as Joe Granneman explains in this Ask the Expert Q&A.  Continue Reading

• Information Sharing and Analysis Centers: Getting started with ISACs

  Joe Granneman explains how ISACs enable cybersecurity information sharing and the basic requirements for joining an ISAC.  Continue Reading

• Using EMET to harden Windows XP and other legacy applications

  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.  Continue Reading

• Can a password blacklist improve general enterprise password security?

  Expert Michael Cobb reacts to the BlackBerry 10 password blacklist and determines whether enterprises could adopt it to further secure passwords.  Continue Reading

• Is Google Private Channel more secure than an enterprise app store?

  Is the Google Private Channel a more secure option than building an internal enterprise app store? Expert Michael Cobb discusses.  Continue Reading

• Combat Shockwave security issues with a Web security gateway

  Expert Michael Cobb discusses Adobe Shockwave security issues highlighted by US-CERT, and details how a Web security gateway is one way to allay them.  Continue Reading

• Web application security testing: Is a pen test or code review better?

  For Web application security testing, if cash is tight, should a penetration test top an application code review? Michael Cobb explains his choice.  Continue Reading

• The value of a virtual security gateway in the data center

  Matthew Pascucci discusses virtual security gateway appliances and whether they are a virtual data center necessity or just an overhyped product.  Continue Reading

• How will the cloud affect future network security skills requirements?

  Will the ongoing adoption of cloud technology affect the skills that network security engineers need in the future? Matt Pascucci discusses.  Continue Reading

• Fiber optic networking: Assessing security risks

  Matthew Pascucci discusses the potential security risks associated with fiber optic networking.  Continue Reading

• The fundamentals of designing a secure network

  When designing a secure network segmentation, monitoring, logging and encryption should be a priority. Matt Pascucci explains in this expert Q&A.  Continue Reading

• PCI DSS compliance: What to do when agents email credit card numbers

  Emailing unencrypted credit card numbers is a violation of PCI DSS. Learn how to stop customer service agents from practicing this dangerous act.  Continue Reading

• How to address PCI compliance in the cloud

  Expert Mike Chapple offers advice on how to address PCI compliance when moving systems to the public cloud.  Continue Reading

• Criteria for evaluating PCI consultants

  PCI consultants can help organizations achieve PCI DSS compliance, but first you must choose the right one.  Continue Reading

• Avoiding pitfalls in social media compliance, security

  Expert Mike Chapple offers regulatory compliance advice regarding the management of enterprise social media accounts.  Continue Reading

• Incorporating compliance teams in the request for proposals process

  Procurement personnel should know when to include the compliance team in the request for proposals process.  Continue Reading

• Security requirements for Foreign Corrupt Practices Act compliance

  Expert Mike Chapple explains the Foreign Corrupt Practices Act and the security controls required for compliance.  Continue Reading

• HIPAA compliance training: How to prevent lost or stolen devices

  Mike Chapple explains how enterprises can help lessen the impact of lost or stolen devices as part of HIPAA compliance training.  Continue Reading

• Prevent DDoS DNS amplification attacks by securing DNS resolvers

  Expert Nick Lewis details how misconfigured DNS resolvers can be used for DDoS DNS attacks and how organizations can secure them.  Continue Reading

• Weighing compliance mandates vs. security vulnerability management

  Should security vulnerabilities be prioritized based on compliance needs? Mike Chapple discusses this approach to vulnerability management.  Continue Reading

• Utilize the Blacksheep technique for rootkit detection, cleanup

  Is the Blacksheep technique a legitimate enterprise option for rootkit detection and cleanup? Expert Nick Lewis discusses.  Continue Reading

• Does ISO 27001 certification mean HIPAA and HITECH compliance?

  Mike Chapple clarifies the difference between ISO 27001 certification and HIPAA and HITECH compliance.  Continue Reading

• The Narilam malware: How to protect SQL databases, corporate records

  Expert Nick Lewis explains how the Narilam malware infects SQL databases and destroys corporate records, and offers advice on mitigation.  Continue Reading

• The updated Makadocs malware: How to protect users locally

  Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users.  Continue Reading

• How to limit penetration test risks by defining testing scope

  Expert Nick Lewis explains how to reduce penetration testing risks by limiting the scope of the test.  Continue Reading

• Adjusting third-party patch management after Flash updates move

  Expert Michael Cobb details whether third-party patch management program changes are necessary after the Adobe Flash marriage to Patch Tuesday.  Continue Reading

• Dropbox security concerns: Time to find secure Dropbox alternatives?

  Are Dropbox security concerns serious enough to require enterprise users to switch to secure Dropbox alternatives? Expert Michael Cobb discusses.  Continue Reading

• How to address password change frequency, reuse for third-party apps

  Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies.  Continue Reading

• To nullify targeted attacks, limit out-of-office message security risk

  Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given.  Continue Reading

• How to prevent SQL injection attacks by validating user input

  Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures.  Continue Reading

• How to use RAT security flaws to turn the table on attackers

  Nick Lewis discusses how to learn from RAT security flaws not only for defense, but also to find out more about attackers via offensive security.  Continue Reading

• MiniFlame malware: Assessing the threat to enterprises

  Expert Nick Lewis analyzes miniFlame, the plug-in for the Flame malware, to determine how it operates and whether enterprises should be concerned.  Continue Reading

• Can DomainKeys Identified Mail still be used for email authentication?

  Expert Nick Lewis determines whether the DomainKeys Identified Mail protocol can still be safely relied upon for email authentication.  Continue Reading

• Analyzing updated man-in-the-browser attack techniques

  Do man-in-the-browser attack prevention tactics need to be updated as the attacks themselves take on new characteristics? Expert Nick Lewis discusses.  Continue Reading

• How to review VoIP phone security amid Cisco IP phone vulnerabilities

  In light of recent Cisco IP phone vulnerabilities, expert Brad Casey evaluates VoIP phone security and offers measures to secure VoIP phones.  Continue Reading

• Updating firewall policies with the frequency of firewall testing

  Should firewall testing frequency be decided and documented when updating firewall policies? Expert Brad Casey discusses how often to test firewalls.  Continue Reading

• Brute-force SSH attack prevention depends on network monitoring basics

  Expert Brad Casey discusses why effective brute-force SSH attack prevention means improving network monitoring instead of closing TCP port 22.  Continue Reading

• The pros and cons of SSL decryption for enterprise network monitoring

  Expert Brad Casey discusses the pros and cons of SSL decryption to determine its viability as an enterprise network monitoring method.  Continue Reading

• Is multivendor firewall management software a viable option?

  Matthew Pascucci discusses the limitations of using firewall management software to manage multivendor firewalls.  Continue Reading

• Choosing from must-have wireless IPS features

  Matthew Pascucci offers tips for choosing a wireless intrusion prevention system, including what critical features to look for.  Continue Reading

• Can SDN technology be used for network access protection?

  Expert Matthew Pascucci discusses the possible security implications of using software-defined networking for network access protection.  Continue Reading

• Audit log security: How to monitor and protect audit logs

  Is it possible to make audit logs tamper-proof? Expert Matthew Pascucci offers best practices for audit log security and monitoring.  Continue Reading

• Huawei router security: Is there legitimate cause for concern?

  Security expert Matthew Pascucci discusses Huawei router security and offers four tips for evaluating the security of enterprise network equipment.  Continue Reading

• Gigabit Wi-Fi: Security concerns for Cisco 802.11ac gigabit wireless

  Expert Matt Pascucci discusses how the new Cisco 802.11ac wireless standard differs from others and possible security implications of gigabit Wi-Fi.  Continue Reading

• Determining ideal IPS throughput for new implementation

  Several factors go into determining IPS throughput requirements. Expert Matt Pascucci explains in this Q&A.  Continue Reading

• Should syslog format be mandatory in a log management product?

  Matt Pascucci discusses what to look for when evaluating a log management product and whether syslog format should be a requirement.  Continue Reading

• The pros, cons and ROI of network malware detection

  Consider the pros and cons of network malware detection when calculating ROI, says expert Matt Pascucci.  Continue Reading

• Choosing a switch: Should you splurge on enterprise Ethernet switches?

  Matt Pascucci discusses what to look for when choosing an Ethernet switch, and whether or not to splurge on enterprise Ethernet switches.  Continue Reading

• Remote administration tools: How to develop a secure use policy

  Matt Pascucci offers advice for developing a policy on secure use of remote management tools by network security staff.  Continue Reading

• What to look for in full-packet-capture and network forensic tools

  Matt Pascucci explains what to look for in full-packet-capture network logging and network forensic tools, and areas to focus on during the search.  Continue Reading

• Unencrypted credit card data storage: Why 70% of merchants do it

  Mike Chapple offers four possible reasons why some merchants still store unencrypted credit card data after years of PCI DSS compliance requirements.  Continue Reading

• Breaking down PCI SSC's Qualified Integrators and Resellers program

  Mike Chapple breaks down PCI SSC's new Qualified Integrators and Resellers (QIR) program, explaining the compliances requirements for merchants.  Continue Reading

• How do the HIPAA Security Final Rule and meaningful use rule differ?

  Expert Mike Chapple discusses the HIPAA Security Final Rule and the meaningful use rule, including what each entails and how they differ.  Continue Reading

• Utilize Windows 8 ELAM to secure the boot process, detect rootkits

  Expert Michael Cobb details how the Windows 8 ELAM feature can detect rootkits and other malicious drivers, help secure the Windows boot process.  Continue Reading

• Application whitelisting vs. blacklisting: Which is the way forward?

  Which method is better at fighting next-gen malware? Security expert Michael Cobb weighs in on the application whitelisting vs. blacklisting debate.  Continue Reading

• Is sandboxing the answer to Adobe Acrobat, Adobe Reader security woes?

  Expert Michael Cobb assesses the impact of sandboxing on Adobe Acrobat and Adobe Reader security. Can enterprises trust Adobe's new security methods?  Continue Reading

• Bing security: Is search engine poisoning a problem for Bing users?

  Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security.  Continue Reading

• Microsoft services agreement changes: What other enterprises can learn

  Should enterprises be concerned about Microsoft services agreement changes after the Google privacy policy fiasco? Expert Michael Cobb discusses.  Continue Reading

• Prioritizing the need to update Cisco routers: Is it urgent?

  Matthew Pascucci discusses how to prioritize the need to update Cisco routers, and offers patch management tips for enterprises.  Continue Reading

• What will the HSTS protocol mean for Web security?

  Matthew Pascucci discusses what effect the new HSTS protocol could have on Web security and on preventing man-in-the-middle attacks.  Continue Reading

• Cloud IaaS security: Is a virtual firewall the best bet?

  Matthew Pascucci discusses whether organizations should use an IaaS virtual firewall to protect applications that have been moved to the cloud.  Continue Reading

• How users can defend against the Android remote-wipe vulnerability

  Expert Nick Lewis details the Android remote-wipe vulnerability targeting Samsung phones and provides mitigations for Android users.  Continue Reading

• Safely using shortened URLs requires user education, technology

  Expert Nick Lewis delves into the potential threat posed by shortened URLs and what enterprises can do to protect users from malicious short URLs.  Continue Reading

• Mitigations for an Oracle database authentication vulnerability

  A patch for an Oracle database authentication vulnerability was only released for version 12. Expert Nick Lewis discusses mitigations for 11.1 users.  Continue Reading

• Prepare for Shamoon malware with data backup and recovery plan

  Expert Nick Lewis discusses how to detect Shamoon malware and emphasizes the importance of detailed data backup and recovery plans.  Continue Reading

• Mitigations for mobile phishing problems on the iOS platform

  With potential phishing problems surfacing for iOS users, expert Nick Lewis provides advice for enterprises facing the mobile phishing menace.  Continue Reading