Features

Features

• How to implement zero-trust security, from people who did it

  Understanding zero-trust security is relatively easy in theory. Figuring out how to implement zero trust on the ground is more difficult. Here's how to make it work.  Continue Reading

• Will nonprofit's evolution of zero trust secure consumer data?

  An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection?  Continue Reading

• AI Security Alliance urges clarity for buying AI security tools

  Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, AI security expert advises.  Continue Reading

• CISA exam preparation requires learning ethics, standards, new vocab

  The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary.  Continue Reading

• Explore 7 data loss prevention tools for utmost security

  Explore how DLP products secure enterprise data and these seven specialized vendors that provide protection through varying installation, platforms and features.  Continue Reading

• Coronavirus phishing scams increase amid pandemic's spread

  Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation.  Continue Reading

• Experts say CIA security triad needs a DIE model upgrade

  Using a distributed, immutable, ephemeral strategy instead of the traditional CIA triad could enable enterprises to encourage security by design and minimize risk, two experts say.  Continue Reading

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden.  Continue Reading

• ITOps security requires attention to training

  Becoming fluent about IT security is critically important for numerous aspects of ITOps, yet many organizations fail to train their ITOps staff in security.  Continue Reading

• Best practices to secure data at rest, in use and in motion

  With internal and external cyberthreats on the rise, check out these tips to best protect and secure data at rest and in motion.  Continue Reading

• Cyberinsurance coverage reflects a changing threat landscape

  A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program.  Continue Reading

• Windows IIS server hardening checklist

  Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use.  Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age.  Continue Reading

• Software security testing and software stress testing basics

  In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program.  Continue Reading

• How a security researcher responds to an email phishing attempt

  When security expert Steven Murdoch received an email phishing attempt, the researcher in him decided to investigate. Find out what he learned about criminal phishing tactics.  Continue Reading

• Even with a roadmap, zero-trust model an ongoing process

  Adopting a zero-trust environment was the right move for GitLab, according to the company's former security chief, but it may not be well suited for all enterprises.  Continue Reading

• Beat common types of cyberfraud with security awareness

  Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud.  Continue Reading

• The Mirai IoT botnet holds strong in 2020

  More than three years after its first appearance, the Mirai botnet is still one of the biggest threats to IoT. Learn about its variants and how to protect against them.  Continue Reading

• Cisco CISO says today's enterprise must take chances

  Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure.  Continue Reading

• CISOs face a range of cybersecurity challenges in 2020

  Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020.  Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.  Continue Reading

• Can IDaaS adoption improve enterprise security posture?

  Experts suggest enterprises consider identity as a service as organizations' data management needs grow and access management becomes more complex.  Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy.  Continue Reading

• Cryptography basics: Symmetric key encryption algorithms

  Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here.  Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.  Continue Reading

• How to mitigate 5 persistent application security threats

  The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses.  Continue Reading

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.  Continue Reading

• Editor's picks: Most pressing cybersecurity stories in 2019

  As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months.  Continue Reading

• ICS security challenges and how to overcome them

  Security cannot be an afterthought in internet-connected industrial control systems. IEEE member Kayne McGladrey offers best practices to stay safe in a connected world.  Continue Reading

• Data breach risk factors, response model, reporting and more

  Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner.  Continue Reading

• The ins and outs of cyber insurance coverage

  Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing.  Continue Reading

• Ideal DevSecOps strategy requires the right staff and tools

  Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy.  Continue Reading

• Best practices to help CISOs prepare for CCPA

  With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations.  Continue Reading

• Role of AI in cybersecurity and 6 possible product options

  Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them.  Continue Reading

• Designing the future of cyber threat intelligence sharing

  Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense.  Continue Reading

• Rise in ransomware attacks prompts new prevention priorities

  Officials predict that already widespread ransomware attacks will only grow in scale and influence, while urging organizations to act now to guard against them.  Continue Reading

• Build new and old strategies into insider threat management

  The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture.  Continue Reading

• Creating and managing a zero-trust security framework

  IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face.  Continue Reading

• 4 innovative ways to remedy the cybersecurity skills gap

  Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage.  Continue Reading

• Assessing the value of personal data for class action lawsuits

  Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation.  Continue Reading

• Report shows CISOs, IT unprepared for privacy regulations

  Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.  Continue Reading

• A cybersecurity skills gap demands thinking outside the box

  Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe.  Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?  Continue Reading

• How the future of data privacy regulation is spurring change

  Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape.  Continue Reading

• On a penetration tester career path, flexibility and curiosity are key

  Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path.  Continue Reading

• Combat the human aspect of risk with insider threat management

  When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach.  Continue Reading

• Netscout CSO speaks to third-party risk, security gender gap

  Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry.  Continue Reading

• DevSecOps model requires security get out of its comfort zone

  Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge.  Continue Reading

• Choosing between an SSL/TLS VPN vs. IPsec VPN

  Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here.  Continue Reading

• To secure DevOps, break culture and tooling barriers

  The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved.  Continue Reading

• The 3 pillars of a DevSecOps model

  In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model.  Continue Reading

• Your third-party risk management best practices need updating

  Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips.  Continue Reading

• Top tips for using the Kali Linux pen testing distribution

  It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman.  Continue Reading

• How to use SOAR tools to simplify enterprise infosec programs

  SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users.  Continue Reading

• Using DNS RPZ to pump up cybersecurity awareness

  Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites.  Continue Reading

• New evasive spear phishing attacks bypass email security measures

  Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate.  Continue Reading

• Designing IoT security: Experts warn against cutting corners

  Security, though costly, is essential for IoT devices; a single breach can destroy a company's reputation. IoT security by design can avoid devastating incidents.  Continue Reading

• How does AttackSurfaceMapper help with attack surface mapping?

  A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement.  Continue Reading

• Varied options to solving the cybersecurity skills shortage

  There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik.  Continue Reading

• Browse the best email security products for your enterprise

  Finding the best email security product is vital to protect companies from cyberattacks. Here's a look at the current market leaders.  Continue Reading

• VMware's internal Service-defined Firewall reimagines firewalling

  VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments.  Continue Reading

• Defending against the most common wireless network attacks

  The most common wireless network attacks change over time, but not that much. Find out which tactics still work for attackers and how to defend against them.  Continue Reading

• How to identify and evaluate cybersecurity frameworks

  Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how to go about choosing and using one.  Continue Reading

• Cybersecurity automation won't fix the skills gap alone

  Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs.  Continue Reading

• CEO on collaboration tool security, insider threats, skills gap

  Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO.  Continue Reading

• 5 email security appliance comparison criteria to consider

  Identifying the best email security appliance on the market can be hard. This article discusses the criteria to consider when choosing one for your organization.  Continue Reading

• Why is third-party risk management essential to cybersecurity?

  Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals.  Continue Reading

• Lack of cybersecurity skills fuels workforce shortage

  Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk.  Continue Reading

• For board of directors, cybersecurity literacy is essential

  For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way.  Continue Reading

• Fitting cybersecurity frameworks into your security strategy

  Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication.  Continue Reading

• New tech steers identity and access management evolution

  IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.  Continue Reading

• Tackling IT security awareness training with a county CISO

  A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved.  Continue Reading

• Digital transformation redefines cybersecurity skills, careers

  The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think.  Continue Reading

• How to pass the CISSP exam on your first try: Tips to get a good score

  Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.  Continue Reading

• Quantum computers mean cryptography needs to change, and soon

  As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront.  Continue Reading

• IoT Cybersecurity Improvement Act calls for deployment standards

  The IoT Cybersecurity Improvement Act would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit.  Continue Reading

• Portrait of a CISO: Roles and responsibilities

  Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate.  Continue Reading

• Understand the basics of email security gateways

  Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these products get the job done.  Continue Reading

• 5 best practices to choose the right email security software

  Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.  Continue Reading

• Cisco engineer: Why we need more women in cybersecurity

  Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap.  Continue Reading

• Cybersecurity skills shortage prompts new hiring approach

  Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting.  Continue Reading

• How does an island hopping attack work?

  Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them.  Continue Reading

• Building a threat intelligence framework: Here's how

  A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know.  Continue Reading

• How to become an incident responder: Requirements and more

  Incident response is a growth field that provides excitement and a good salary. Here's an in-depth look at requirements, salaries and the career path.  Continue Reading

• Top 5 incident response interview questions

  Job interviews are always nerve-wracking. But you can prepare now by honing your responses to the most likely interview questions for an incident response position.  Continue Reading

• How to fix the top 5 cybersecurity vulnerabilities

  Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses.  Continue Reading

• 5 critical steps to creating an effective incident response plan

  With cyberthreats and security incidents growing by the day, every organization needs a solid plan for mitigating threats. Here's how to create yours.  Continue Reading

• Top incident response tools to boost network protection

  Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks.  Continue Reading

• 10 types of security incidents and how to handle them

  Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe.  Continue Reading

• How to build an incident response team for your organization

  The time to organize and train an IR team is long before a security incident occurs. Learn the practical steps needed to create an effective, cross-functional team.  Continue Reading

• Top 10 types of information security threats for IT teams

  Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond.  Continue Reading

• Incident response tools: How, when and why to use them

  The OODA loop can help organizations throughout the entire incident response process by giving them insight into which tools they need to detect and respond to security events.  Continue Reading

• Top 10 incident response vendors for 2019

  Leading incident response services include a variety of specialized tools to help organizations plan and manage their overall cybersecurity posture.  Continue Reading

• Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

  Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents.  Continue Reading

• Words to go: Identity and access management security

  IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms.  Continue Reading

• Build a proactive cybersecurity approach that delivers

  Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive.  Continue Reading

• Words to go: Email phishing security

  IT teams must take precautionary measures to address cybersecurity awareness, particularly when it comes to email. Refer to this list of email security terms to mitigate risks.  Continue Reading

• Biometric authentication terms to know

  Consumers are on board with biometric authentication, but enterprises aren't so sure. Here's a breakdown of the must-know terms for companies considering biometric authentication.  Continue Reading

• SANS security awareness credential paves new career path

  The SANS Security Awareness Professional credential gives enterprises a new method to recognize and promote cybersecurity awareness in the organization.  Continue Reading

• Red alerts: Inside Cisco's incident response best practices

  Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises.  Continue Reading