Features

Features

Information security threats

• Zero-trust framework ripe for modern security challenges

  What is zero-trust security, and why deploy it now? Analysts explain its importance in the current IT era and how to get started with evaluation and implementation.  Continue Reading

• How cyber warfare laws limit risk on a digital battleground

  Retired Navy cryptologist implores enterprises to build key cyber warfare laws into their infosec strategy to improve survivability on the digital battleground in his new book.  Continue Reading

• The future of cyber warfare requires infosec's attention

  The future of cyber warfare places enterprise security and survivability in the crosshairs. Learn more about cyber warfare threats and capabilities and how infosec can prepare.  Continue Reading

• Guide to preventing coronavirus phishing and ransomware

  Malicious actors are taking advantage of coronavirus fears to wreak havoc on cybersecurity. Check out our guide to learn about phishing and ransomware threats and how to stop them.  Continue Reading

• How a security researcher spots a phishing email attempt

  When security expert Steven Murdoch spotted a phishing email in his inbox, the researcher in him decided to investigate. Here's what he learned about criminal phishing tactics.  Continue Reading

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.  Continue Reading

• Words to go: Types of phishing scams

  IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk.  Continue Reading

• Mitigating ransomware and phishing attacks during a pandemic

  Where most see crisis, cybercriminals see opportunity. Learn how security leaders can meet the challenges of mitigating ransomware threats and phishing attacks during a pandemic.  Continue Reading

• Cybersecurity impact analysis template for pandemic planning

  This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event.  Continue Reading

• Data security guide: Everything you need to know

  This data security guide digs into data protection and privacy compliance, explaining how to construct a proactive security strategy strengthened by best practices.  Continue Reading

• Coronavirus phishing threats force heightened user awareness

  As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense.  Continue Reading

• With US ban, Huawei products put CISOs on notice

  The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations.  Continue Reading

• Phishing protection: Keep employees from getting hooked

  Share this list of phishing techniques and detection tips to help employees avoid phishing schemes. Plus, review technologies to protect your enterprise from phishing attacks.  Continue Reading

• Coronavirus phishing scams increase amid pandemic's spread

  Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation.  Continue Reading

• Beat common types of cyberfraud with security awareness

  Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud.  Continue Reading

• The Mirai IoT botnet holds strong in 2020

  More than three years after its first appearance, the Mirai botnet is still one of the biggest threats to IoT. Learn about its variants and how to protect against them.  Continue Reading

• Cisco CISO says today's enterprise must take chances

  Cisco CISO Steve Martino talks about taking chances, threats, how the security leader's role is changing and what really works when it comes to keeping the company secure.  Continue Reading

• CISOs face a range of cybersecurity challenges in 2020

  Every company is unique, of course, but certain challenges are widely shared. Learn what security concerns other CISOs and security leaders are focused on in 2020.  Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.  Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.  Continue Reading

• Designing the future of cyber threat intelligence sharing

  Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense.  Continue Reading

• Rise in ransomware attacks prompts new prevention priorities

  Officials predict that already widespread ransomware attacks will only grow in scale and influence, while urging organizations to act now to guard against them.  Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?  Continue Reading

• New evasive spear phishing attacks bypass email security measures

  Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate.  Continue Reading

• Browse the best email security products for your enterprise

  Finding the best email security product is vital to protect companies from cyberattacks. Here's a look at the current market leaders.  Continue Reading

• 5 email security appliance comparison criteria to consider

  Identifying the best email security appliance on the market can be hard. This article discusses the criteria to consider when choosing one for your organization.  Continue Reading

• Lack of cybersecurity skills fuels workforce shortage

  Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk.  Continue Reading

• New tech steers identity and access management evolution

  IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.  Continue Reading

• Tackling IT security awareness training with a county CISO

  A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved.  Continue Reading

• Quantum computers mean cryptography needs to change, and soon

  As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront.  Continue Reading

• Understand the basics of email security gateways

  Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these products get the job done.  Continue Reading

• 5 best practices to choose the right email security software

  Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.  Continue Reading

• Cisco engineer: Why we need more women in cybersecurity

  Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap.  Continue Reading

• Cybersecurity skills shortage prompts new hiring approach

  Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting.  Continue Reading

• How does an island hopping attack work?

  Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them.  Continue Reading

• 10 ways to prevent computer security threats from insiders

  Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders.  Continue Reading

• Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.  Continue Reading

• How information sharing can reduce cybersecurity vulnerabilities

  Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence.  Continue Reading

• Inside 'Master134': Propeller Ads connected to malvertising campaign

  A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign.  Continue Reading

• Inside 'Master134': ExoClick tied to previous malvertising campaigns

  Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats.  Continue Reading

• 'Master134' malvertising campaign raises questions for online ad firms

  Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop.  Continue Reading

• Inside 'Master134': More ad networks tied to malvertising campaign

  Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved.  Continue Reading

• Inside 'Master134': Ad networks' 'blind eye' threatens enterprises

  Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated.  Continue Reading

• Inside 'Master134': Adsterra's history shows red flags, abuses

  Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign.  Continue Reading

• Find the right tool using this antimalware software comparison

  Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings.  Continue Reading

• Antimalware protection and the fundamentals of endpoint security

  Learn about antimalware protection and how endpoint security technology prevents malware from infecting end-user computers and corporate networks.  Continue Reading

• USB attacks: Big threats to ICS from small devices

  USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations.  Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.  Continue Reading

• Top 10 CISO concerns for 2019 span a wide range of issues

  From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019.  Continue Reading

• Battling nation-state cyberattacks in a federal leadership vacuum

  Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers.  Continue Reading

• Cyber NYC initiative strives to make New York a cybersecurity hub

  New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation.  Continue Reading

• Testing email security products: Results and analysis

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies.  Continue Reading

• Testing email security products: Challenges and methodologies

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies.  Continue Reading

• Overwhelmed by security data? Science to the rescue

  Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.  Continue Reading

• Business email compromise moves closer to advanced threats

  The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks.  Continue Reading

• Illumio: Subtle data manipulation attacks pose serious threats

  Illumio CTO P.J. Kirner discusses the threat of data manipulation and explains why subtle, hard to detect attacks could have devastating effects on enterprises.  Continue Reading

• Six questions to ask before buying enterprise MDM products

  Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products.  Continue Reading

• Get the best botnet protection with the right array of tools

  Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.  Continue Reading

• Threat Forecasting

  In this excerpt from chapter 1 of Threat Forecasting, authors John Pirc, David DeSanto, Iain Davison, and Will Gragido discuss how to navigate today's threat landscape.  Continue Reading

• Security for applications: What tools and principles work?

  Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job.  Continue Reading

• The Basics of Cyber Safety

  In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.  Continue Reading

• Deception in the Digital Age

  In this excerpt from chapter five of Deception in the Digital Age, authors Cameron H. Malin, Terry Gudaitis, Thomas J. Holt and Max Kilger discuss phishing and watering hole attacks.  Continue Reading

• The art of the cyber warranty and guaranteeing protection

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the science of developing a cyber warranty for threat detection products.  Continue Reading

• Recent ransomware attacks: Is it an epidemic or overblown?

  Until WannaCry and NotPetya, estimates of ransomware cost and damages were likely overblown. But indications are that companies lost hundreds of millions from these malicious attacks alone.  Continue Reading

• Securing SQL Server: Protecting Your Database from Attackers

  In this excerpt from chapter nine of Securing SQL Server, author Denny Cherry discusses why SQL injection attacks are so successful.  Continue Reading

• Cybercrime and Business: Strategies for Global Corporate Security

  In this excerpt from chapter three of Cybercrime and Business, author Sanford L. Moskowitz discusses the effects cybercrime can have on small- and medium-sized businesses.  Continue Reading

• Why WannaCry and other computer worms may inherit the earth

  A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission.  Continue Reading

• Electronic voting systems in the U.S. need post-election audits

  Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems?  Continue Reading

• Valerie Plame: U.S. government cyberdefense must be improved

  Former CIA officer Valerie Plame discusses why America's cyberdefense is lagging behind -- and what the government and private sector should do to reverse the trend.  Continue Reading

• Symantec Endpoint Protection and the details for buyers to know

  Expert Ed Tittel examines Symantec Endpoint Protection, an intrusion prevention, firewall and antimalware product for physical and virtual endpoints.  Continue Reading

• A closer look at Kaspersky antimalware protection services

  Expert Ed Tittel looks at Kaspersky antimalware product Endpoint Security, which provides multilayered protection against malware, phishing attacks and other exploits.  Continue Reading

• Details of Trend Micro Worry-Free Business Security Services

  Expert Ed Tittel takes a closer look at Trend Micro Worry-Free Business Security Services, an antivirus and antimalware product for small organizations.  Continue Reading

• Trend Micro OfficeScan endpoint protection software and its offerings

  Expert contributor Ed Tittel takes a look at Trend Micro OfficeScan, an endpoint protection product with antivirus and antimalware functionality for physical and virtualized endpoints.  Continue Reading

• The various offers of Microsoft System Center Endpoint Protection

  Expert Ed Tittel examines System Center Endpoint Protection, Microsoft's native Windows antivirus and antimalware security product.  Continue Reading

• An in-depth look into McAfee Endpoint Threat Protection

  McAfee Endpoint Threat Protection is an antimalware protection product that is designed to secure Windows systems against malware, data loss and other threats in standalone or networked environments.  Continue Reading

• Sophos Endpoint Protection and an overview of its features

  Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more.  Continue Reading

• Advanced Persistent Security

  In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations.  Continue Reading

• The importance of securing endpoints with antimalware protection

  All organizations need to protect their endpoints from outside malware with antimalware products, which are essential to an enterprise-wide security strategy.  Continue Reading

• Evaluating endpoint security products for antimalware protection

  Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.  Continue Reading

• Learn what breach detection system is best for your network

  Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.  Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.  Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.  Continue Reading

• FireEye iSIGHT Threat Intelligence: Services overview

  Expert Ed Tittel looks at FireEye iSIGHT Threat Intelligence service for providing actionable, contextual data about today's top IT threats to organizations.  Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.  Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.  Continue Reading

• SecureWorks threat intelligence and what it can do for your enterprise

  Expert Ed Tittel examines the features and capabilities of SecureWorks, which gathers its intelligence from thousands of SecureWorks global customers.  Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.  Continue Reading

• Analyzing the capabilities of Symantec DeepSight Intelligence

  Expert Ed Tittel offers an overview of Symantec DeepSight Intelligence, which provides organizations with information and alerts on today's IT threats.  Continue Reading

• Comparing the top threat intelligence services

  Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.  Continue Reading

• Enterprise scenarios for threat intelligence tools

  Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.  Continue Reading

• An introduction to threat intelligence platforms in the enterprise

  Expert Ed Tittel describes how threat intelligence platforms work to help in the proactive defense of enterprise networks.  Continue Reading

• Politics of cyber attribution pose risk for private industry

  Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies.  Continue Reading

• Sharpen your DDoS detection skills with the right tool

  DDoS detection and prevention tools are more sophisticated than ever. But finding the right one for your company takes studying and asking vendors the right questions.  Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.  Continue Reading

• Looming cloud security threats: How attacks will follow your data

  You can move your data to cloud-based systems and web services, but you can't hide it there. Hackers and predators have more ways to find it.  Continue Reading

• Building a threat intelligence program? How to avoid the 'feed' frenzy

  Cyberthreat intelligence is just data if it is not actionable. We offer tips to help your team focus on relevant CTI for faster threat detection and response.  Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.  Continue Reading

• Cyber Guerilla

  In this excerpt of Cyber Guerilla, authors Jelle van Haaster, Ricky Gevers and Martijn Sprengers discuss the various roles hackers play.  Continue Reading

• Even with rise in crypto-ransomware, majority do not pay

  With data increasingly held hostage, companies are learning the downside of encryption and cryptocurrency. As some organizations admit to paying ransoms, will the problem get worse?  Continue Reading

• Dissecting the Hack

  In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian Baskin discuss Bitcoin and digital currency.  Continue Reading