Features

Features

Network threat detection

• One security framework may be key to cyber effectiveness

  The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations.  Continue Reading

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.  Continue Reading

• Skill building is key to furthering gender diversity in tech

  Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent.  Continue Reading

• Threat intelligence offers promise, but limitations remain

  Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity.  Continue Reading

• ICS security challenges and how to overcome them

  Security cannot be an afterthought in internet-connected industrial control systems. IEEE member Kayne McGladrey offers best practices to stay safe in a connected world.  Continue Reading

• Role of AI in cybersecurity and 6 possible product options

  Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them.  Continue Reading

• Designing the future of cyber threat intelligence sharing

  Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense.  Continue Reading

• AI for good or evil? AI dangers, advantages and decisions

  Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field?  Continue Reading

• Combat the human aspect of risk with insider threat management

  When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach.  Continue Reading

• Browse the best email security products for your enterprise

  Finding the best email security product is vital to protect companies from cyberattacks. Here's a look at the current market leaders.  Continue Reading

• Understand the basics of email security gateways

  Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these products get the job done.  Continue Reading

• 5 best practices to choose the right email security software

  Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.  Continue Reading

• Cisco engineer: Why we need more women in cybersecurity

  Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap.  Continue Reading

• Building a threat intelligence framework: Here's how

  A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know.  Continue Reading

• DHS-led agency works to visualize, share cyber-risk information

  A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain.  Continue Reading

• Product roundup: Features of top SIEM software on the market

  Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier.  Continue Reading

• Threat hunting techniques move beyond the SOC

  Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated.  Continue Reading

• Cloud-first? User and entity behavior analytics takes flight

  The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.  Continue Reading

• Seven criteria for evaluating today's leading SIEM tools

  Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization.  Continue Reading

• SIEM evaluation criteria: Choosing the right SIEM products

  Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask.  Continue Reading

• SIEM benefits include efficient incident response, compliance

  SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.  Continue Reading

• Overwhelmed by security data? Science to the rescue

  Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.  Continue Reading

• A comprehensive guide to SIEM products

  Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security.  Continue Reading

• SOC services: How to find the right provider for your company

  SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best.  Continue Reading

• How machine learning anomaly detection works inside SAP

  SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms.  Continue Reading

• Get the best botnet protection with the right array of tools

  Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.  Continue Reading

• Five questions to ask before purchasing NAC products

  Organizations are recognizing the need for network access control systems, but it is important to evaluate and perform research before you invest in enterprise NAC products.  Continue Reading

• User behavior analytics leads the security analytics charge

  Will no longer playing by the rules help companies find insider threats to prevent security attacks? As user and entity behavior analytics gets closer to SIEM tools, enterprises take notice.  Continue Reading

• What SIEM features are essential for your company?

  On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products.  Continue Reading

• Machine learning in cybersecurity: How to evaluate offerings

  Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech?  Continue Reading

• Learn what breach detection system is best for your network

  Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.  Continue Reading

• Enterprise scenarios for threat intelligence tools

  Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.  Continue Reading

• Politics of cyber attribution pose risk for private industry

  Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies.  Continue Reading

• Security looks to machine learning technology for a cognitive leg up

  Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next?  Continue Reading

• IBM QRadar Security Intelligence Platform: Product overview

  Expert Dan Sullivan takes a look at how the IBM QRadar Security Intelligence Platform collects data from multiple sources so as to provide a comprehensive view of IT security.  Continue Reading

• LogRhythm's Security Analytics Platform: Product overview

  Expert Dan Sullivan examines LogRhythm's Security Analytics Platform, a product that leverages big data analytics and machine learning to help protect enterprises.  Continue Reading

• Splunk Enterprise Security: Product overview

  Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events.  Continue Reading

• Fortscale UEBA: Big data security analytics product overview

  Expert Dan Sullivan examines Fortscale's user behavior analytics platform, which is built on Cloudera Hadoop and incorporates machine learning and big data security analytics.  Continue Reading

• Cybereason Detection and Response Platform: Product overview

  Expert Dan Sullivan explores how the Cybereason Detection and Response Platform uses big data security analytics to identify malicious events and better secure enterprises.  Continue Reading

• Hexis Cyber Solutions' HawkEye AP: Product overview

  Expert Dan Sullivan examines the HawkEye AP platform, a big data security analytics product from Hexis Cyber Solutions that can parse hundreds of different data formats.  Continue Reading

• Lancope's StealthWatch FlowCollector: Security analytics product overview

  Expert Dan Sullivan examines the Lancope StealthWatch FlowCollector, a security analytics product that ingests large volumes of data to identify suspicious activity.  Continue Reading

• Hexis Cyber Solutions' NetBeat MON: Product overview

  Expert Dan Sullivan checks out Hexis Cyber Solutions' NetBeat MON, a security analytics monitoring appliance that leverages several open source network monitoring tools.  Continue Reading

• RSA NetWitness Logs and Packets: Security analytics product overview

  Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats.  Continue Reading

• Juniper Networks' JSA Series Secure Analytics: Product overview

  Expert Dan Sullivan examines the Juniper Networks JSA Series Secure Analytics product family, which provides log analysis, threat analysis and compliance reporting for larger enterprises.  Continue Reading

• Q&A: Analyzing DNS services with Paul Vixie

  With targeted attacks such as distributed denial-of-service and ransomware on the rise, should domain name system analysis become part of your defense strategy?  Continue Reading

• Mojo AirTight WIPS overview

  Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks.  Continue Reading

• Zebra Technologies AirDefense: WIPS overview

  Expert Karen Scarfone examines Zebra Technologies' AirDefense, a wireless intrusion prevention system designed to monitor enterprise network activity for WLANs.  Continue Reading

• Fluke Networks AirMagnet Enterprise: WIPS overview

  Expert Karen Scarfone examines Fluke Networks AirMagnet Enterprise, a wireless intrusion prevention system to monitor WLAN events and detect a wide variety of potential problems.  Continue Reading

• What SIEM tools made your short list?

  More companies are investing in security information and event management to improve their response to targeted attacks, according to the readers we surveyed.  Continue Reading

• Comparing the top big data security analytics tools

  Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization.  Continue Reading

• Five factors for evaluating big data security analytics platforms

  Expert Dan Sullivan outlines criteria for evaluating big data security analytics platforms for collecting, analyzing and managing large volumes of data generated for information security purposes.  Continue Reading

• The business case for big data security analytics

  Expert Dan Sullivan explores the emerging category of big data security analytics and outlines the vital capabilities and key benefits of the technology for enterprises.  Continue Reading

• Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview

  Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.  Continue Reading

• EMC RSA Security Analytics: SIEM product overview

  Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.  Continue Reading

• AlienVault OSSIM: SIEM Product overview

  Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.  Continue Reading

• Splunk Enterprise: SIEM product overview

  Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.  Continue Reading

• SolarWinds Log and Event Manager: SIEM product overview

  Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.  Continue Reading

• IBM Security QRadar: SIEM product overview

  Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.  Continue Reading

• LogRhythm's Security Intelligence Platform: SIEM product overview

  Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.  Continue Reading

• Introduction to big data security analytics in the enterprise

  Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection.  Continue Reading

• Comparing the best intrusion prevention systems

  Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.  Continue Reading

• Readers’ top picks for advanced threat detection

  Companies and functionality organizations are targeting when they seek to bolster their defenses through threat detection and analytics.  Continue Reading

• Three criteria for selecting the right IPS products

  Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.  Continue Reading

• Enterprise benefits of network intrusion prevention systems

  Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies.  Continue Reading

• The basics of network intrusion prevention systems

  Expert Karen Scarfone explores intrusion prevention systems and their acquisition, deployment and management within the enterprise.  Continue Reading

• Beyond the Page: New SIEM Battleground Unfolds with Advanced Analytics

  Robert Lemos looks at next-generation security information and event management analytic tools and cloud-based systems.  Continue Reading

• The hunt for data analytics: Is your SIEM on the endangered list?

  Analytics-driven security disrupts -- and sometimes supplants -- SIEM tools.  Continue Reading

• Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8, Fourth Edition

  In this excerpt of Windows Forensic Analysis Toolkit, author Harlan Carvey discusses what Volume Shadow Copies are and how they affect forensic analysis in Windows 8.  Continue Reading

• Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology

  In this excerpt of Python Forensics, author Chet Hosmer offers some ground rules for using the Python programming language in forensic applications.  Continue Reading

• Beyond the Page: Next-generation SIEM

  In this edition of Beyond the Page, Anton Chuvakin offers Information Security magazine readers a multimedia presentation that discusses strategies that you can use to take advantage of next-generation SIEM for internal and external threat ...  Continue Reading

• SIEM evolution: Is your SIEM security stuck in a rut?

  Even the best SIEM deployments need to sometimes come unglued to reach higher levels of success.  Continue Reading

• Continuous monitoring demystified

  A continuous monitoring program can improve everything from configuration and patch management to event monitoring and incident response.  Continue Reading

• Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides

  In this excerpt of Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides, the authors explain how to discover and extract malware from a Linux system.  Continue Reading

• Introduction to Information Security: A Strategic-Based Approach

  In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention.  Continue Reading

• Digital Forensics Processing and Procedures

  In this excerpt from Digital Forensics Processing and Procedures, the authors provide insight on areas that will need to be considered when setting up a forensic laboratory.  Continue Reading

• Unified Communications Forensics: Anatomy of Common UC Attacks

  In this excerpt from Unified Communications Forensics, learn how hackers gain access into UC systems and how to scan the network for vulnerabilities.  Continue Reading

• A full-service model for SIEM

  The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations.  Continue Reading

• The new era of big data security analytics

  The information security industry needs to shift its focus to data-driven security.  Continue Reading

• Network Forensics: Tracking Hackers through Cyberspace

  Authors Sherri Davidoff and Jonathan Ham discuss the benefits of Web proxies and caching for forensic analysts in this chapter excerpt from their co-authored book, Network Forensics: Tracking Hackers through Cyberspace.  Continue Reading

• Rogue AP containment methods

  Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these ...  Continue Reading

• Chained Exploits: How to prevent phishing attacks from corporate spies

  Ever wonder if someone is monitoring everywhere you go on the Internet? In this chapter excerpt from Chained Exploits: Advanced Hacking Attacks from Start to Finish, learn how to keep corporate spies at bay.  Continue Reading

• Maintaining and Monitoring Countermeasures, Part I

   Continue Reading

• Maintaining and Monitoring Countermeasures -- Part II

   Continue Reading

• Lesson 4 Quiz Answers

   Continue Reading

• Intrusion Prevention Fundamentals: Signatures and Actions

  Before buying an IPS device, it's important to understand exactly what you're getting. Different products may claim to have the same features, but because marketing terminology isn't industry-standardized, they might be offering two very different ...  Continue Reading

• Leave no trace: Understanding attackers' motives

  This excerpt from Chapter 1 of "Rootkits: Subverting the Windows Kernel," explains the purpose of back doors and how hackers use them, as well as how stealth plays a major role in most successful attacks.  Continue Reading

• Simplify with SIM: Evaluating security information management systems

  Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses.  Continue Reading

• Honeynet security consoles and honeypot legal issues

  Find out more about the honeypot legal issues in this excerpt from "Know your enemy: Learning about security threats."  Continue Reading

• The future of intrusion detection and prevention

  Read Chapter 17, The Future of Intrusion Detection and Prevention, from the book "Intrusion Detection & Prevention" written by Carl Endorf, Eugene Schultz, Ph.D., and Jim Mellander.  Continue Reading

• Thwart attacks by switching vulnerable SSH daemon to random ports

  Switching a vulnerable SSH daemon to a randomly chosen port can slow or even thwart an attacker.  Continue Reading

• Dan Kaminsky updates scanrand free IP port scanner

  The scanrand 2.0 IP port scanner uses a SQL database for more detailed mining and temporal field, according to creator Dan Kaminsky  Continue Reading

• Using control change management to improve attack resistance

  Learn how control change management can free your enterprise from the "widget mentality" -- and ensure better attack resistance.  Continue Reading

• Improve security intelligence with security information sharing

  Security information sharing with fellow security intelligence specialists can help enterprises learn about risks out and the methods that fight them.  Continue Reading

• Beyond network perimeter defense: A 'submarine warfare' strategy

  Today's attacker can be anywhere, meaning network perimeter defense alone is futile. Change your thinking, and your tactics.  Continue Reading

• Hping: How to better understand how hackers attack

  Hping's packet-crafting function can point out holes a black hat may exploit, as well as spot imperfections in hackers' forgeries.  Continue Reading

• How to avoid federal Wiretap Act issues with a honeypot network security system

  Hackers have rights, too. How can you deploy honeypots without running afoul of the law?  Continue Reading

• Honeypot technology: How honeypots work in the enterprise

  The founder of the Honeynet Project explains how honeypots work and how they complement other technologies.  Continue Reading

• Designing a defense-in-depth network security model

  We challenged networking and firewall vendors to provide defense-in-depth security from the perimeter to the core. Their responses give us a glimpse into the future of enterprise network security.  Continue Reading

• Do's and don'ts of building a forensics workstation

  Elizabeth Genco explains the pros and cons of building a forensics workstation from scratch. Read now to learn what forensic tools are beneficial and which ones aren't.  Continue Reading

• Four computer forensics books worth investigating

  Check out four computer forensics books that can help you learn the ins and outs of computer forensics technology and laws in place to manage cybercrime.  Continue Reading