Features
Features
Network threat detection
-
2021 IT priorities require security considerations
AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading
-
Security operations center use cases, strategies vary
More CISOs are turning to security operations centers to centralize infosec processes, but experience shows SOC use cases will depend on the organization's infosec objectives. Continue Reading
-
Compare 5 SecOps certifications and training courses
Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response. Continue Reading
-
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits. Continue Reading
-
Zero-trust network policies should reflect varied threats
Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading
-
Zero-trust methodology's popularity a double-edged sword
The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness. Continue Reading
-
One security framework may be key to cyber effectiveness
The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations. Continue Reading
-
AI-powered cyberattacks force change to network security
Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data. Continue Reading
-
Skill building is key to furthering gender diversity in tech
Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent. Continue Reading
-
Threat intelligence offers promise, but limitations remain
Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading
-
ICS security challenges and how to overcome them
Security cannot be an afterthought in internet-connected industrial control systems. IEEE member Kayne McGladrey offers best practices to stay safe in a connected world. Continue Reading
-
Role of AI in cybersecurity and 6 possible product options
Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them. Continue Reading
-
Designing the future of cyber threat intelligence sharing
Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
-
AI for good or evil? AI dangers, advantages and decisions
Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field? Continue Reading
-
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
-
Browse the best email security products for your enterprise
Finding the best email security product is vital to protect companies from cyberattacks. Here's a look at the current market leaders. Continue Reading
-
Understand the basics of email security gateways
Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these products get the job done. Continue Reading
-
5 best practices to choose the right email security software
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise. Continue Reading
-
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
-
Building a threat intelligence framework: Here's how
A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading
-
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
Product roundup: Features of top SIEM software on the market
Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier. Continue Reading
-
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
-
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading
-
Seven criteria for evaluating today's leading SIEM tools
Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization. Continue Reading
-
SIEM evaluation criteria: Choosing the right SIEM products
Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask. Continue Reading
-
SIEM benefits include efficient incident response, compliance
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading
-
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
-
A comprehensive guide to SIEM products
Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security. Continue Reading
-
SOC services: How to find the right provider for your company
SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best. Continue Reading
-
How machine learning anomaly detection works inside SAP
SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms. Continue Reading
-
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading
-
Five questions to ask before purchasing NAC products
Organizations are recognizing the need for network access control systems, but it is important to evaluate and perform research before you invest in enterprise NAC products. Continue Reading
-
User behavior analytics leads the security analytics charge
Will no longer playing by the rules help companies find insider threats to prevent security attacks? As user and entity behavior analytics gets closer to SIEM tools, enterprises take notice. Continue Reading
-
What SIEM features are essential for your company?
On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products. Continue Reading
-
Machine learning in cybersecurity: How to evaluate offerings
Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech? Continue Reading
-
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading
-
Enterprise scenarios for threat intelligence tools
Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats. Continue Reading
-
Politics of cyber attribution pose risk for private industry
Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies. Continue Reading
-
Security looks to machine learning technology for a cognitive leg up
Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next? Continue Reading
-
IBM QRadar Security Intelligence Platform: Product overview
Expert Dan Sullivan takes a look at how the IBM QRadar Security Intelligence Platform collects data from multiple sources so as to provide a comprehensive view of IT security. Continue Reading
-
LogRhythm's Security Analytics Platform: Product overview
Expert Dan Sullivan examines LogRhythm's Security Analytics Platform, a product that leverages big data analytics and machine learning to help protect enterprises. Continue Reading
-
Splunk Enterprise Security: Product overview
Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events. Continue Reading
-
Fortscale UEBA: Big data security analytics product overview
Expert Dan Sullivan examines Fortscale's user behavior analytics platform, which is built on Cloudera Hadoop and incorporates machine learning and big data security analytics. Continue Reading
-
Cybereason Detection and Response Platform: Product overview
Expert Dan Sullivan explores how the Cybereason Detection and Response Platform uses big data security analytics to identify malicious events and better secure enterprises. Continue Reading
-
Hexis Cyber Solutions' HawkEye AP: Product overview
Expert Dan Sullivan examines the HawkEye AP platform, a big data security analytics product from Hexis Cyber Solutions that can parse hundreds of different data formats. Continue Reading
-
Lancope's StealthWatch FlowCollector: Security analytics product overview
Expert Dan Sullivan examines the Lancope StealthWatch FlowCollector, a security analytics product that ingests large volumes of data to identify suspicious activity. Continue Reading
-
Hexis Cyber Solutions' NetBeat MON: Product overview
Expert Dan Sullivan checks out Hexis Cyber Solutions' NetBeat MON, a security analytics monitoring appliance that leverages several open source network monitoring tools. Continue Reading
-
RSA NetWitness Logs and Packets: Security analytics product overview
Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats. Continue Reading
-
Juniper Networks' JSA Series Secure Analytics: Product overview
Expert Dan Sullivan examines the Juniper Networks JSA Series Secure Analytics product family, which provides log analysis, threat analysis and compliance reporting for larger enterprises. Continue Reading
-
Q&A: Analyzing DNS services with Paul Vixie
With targeted attacks such as distributed denial-of-service and ransomware on the rise, should domain name system analysis become part of your defense strategy? Continue Reading
-
Mojo AirTight WIPS overview
Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks. Continue Reading
-
Zebra Technologies AirDefense: WIPS overview
Expert Karen Scarfone examines Zebra Technologies' AirDefense, a wireless intrusion prevention system designed to monitor enterprise network activity for WLANs. Continue Reading
-
Fluke Networks AirMagnet Enterprise: WIPS overview
Expert Karen Scarfone examines Fluke Networks AirMagnet Enterprise, a wireless intrusion prevention system to monitor WLAN events and detect a wide variety of potential problems. Continue Reading
-
What SIEM tools made your short list?
More companies are investing in security information and event management to improve their response to targeted attacks, according to the readers we surveyed. Continue Reading
-
Comparing the top big data security analytics tools
Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization. Continue Reading
-
Five factors for evaluating big data security analytics platforms
Expert Dan Sullivan outlines criteria for evaluating big data security analytics platforms for collecting, analyzing and managing large volumes of data generated for information security purposes. Continue Reading
-
The business case for big data security analytics
Expert Dan Sullivan explores the emerging category of big data security analytics and outlines the vital capabilities and key benefits of the technology for enterprises. Continue Reading
-
Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview
Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data. Continue Reading
-
EMC RSA Security Analytics: SIEM product overview
Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise. Continue Reading
-
AlienVault OSSIM: SIEM Product overview
Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization. Continue Reading
-
Splunk Enterprise: SIEM product overview
Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity. Continue Reading
-
SolarWinds Log and Event Manager: SIEM product overview
Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity. Continue Reading
-
IBM Security QRadar: SIEM product overview
Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data. Continue Reading
-
LogRhythm's Security Intelligence Platform: SIEM product overview
Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data. Continue Reading
-
Introduction to big data security analytics in the enterprise
Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection. Continue Reading
-
Comparing the best intrusion prevention systems
Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization. Continue Reading
-
Readers’ top picks for advanced threat detection
Companies and functionality organizations are targeting when they seek to bolster their defenses through threat detection and analytics. Continue Reading
-
Three criteria for selecting the right IPS products
Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization. Continue Reading
-
Enterprise benefits of network intrusion prevention systems
Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies. Continue Reading
-
The basics of network intrusion prevention systems
Expert Karen Scarfone explores intrusion prevention systems and their acquisition, deployment and management within the enterprise. Continue Reading
-
Beyond the Page: New SIEM Battleground Unfolds with Advanced Analytics
Robert Lemos looks at next-generation security information and event management analytic tools and cloud-based systems. Continue Reading
-
The hunt for data analytics: Is your SIEM on the endangered list?
Analytics-driven security disrupts -- and sometimes supplants -- SIEM tools. Continue Reading
-
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8, Fourth Edition
In this excerpt of Windows Forensic Analysis Toolkit, author Harlan Carvey discusses what Volume Shadow Copies are and how they affect forensic analysis in Windows 8. Continue Reading
-
Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology
In this excerpt of Python Forensics, author Chet Hosmer offers some ground rules for using the Python programming language in forensic applications. Continue Reading
-
Beyond the Page: Next-generation SIEM
In this edition of Beyond the Page, Anton Chuvakin offers Information Security magazine readers a multimedia presentation that discusses strategies that you can use to take advantage of next-generation SIEM for internal and external threat ... Continue Reading
-
SIEM evolution: Is your SIEM security stuck in a rut?
Even the best SIEM deployments need to sometimes come unglued to reach higher levels of success. Continue Reading
-
Continuous monitoring demystified
A continuous monitoring program can improve everything from configuration and patch management to event monitoring and incident response. Continue Reading
-
Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides
In this excerpt of Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides, the authors explain how to discover and extract malware from a Linux system. Continue Reading
-
Introduction to Information Security: A Strategic-Based Approach
In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention. Continue Reading
-
Digital Forensics Processing and Procedures
In this excerpt from Digital Forensics Processing and Procedures, the authors provide insight on areas that will need to be considered when setting up a forensic laboratory. Continue Reading
-
Unified Communications Forensics: Anatomy of Common UC Attacks
In this excerpt from Unified Communications Forensics, learn how hackers gain access into UC systems and how to scan the network for vulnerabilities. Continue Reading
-
A full-service model for SIEM
The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations. Continue Reading
-
The new era of big data security analytics
The information security industry needs to shift its focus to data-driven security. Continue Reading
-
Network Forensics: Tracking Hackers through Cyberspace
Authors Sherri Davidoff and Jonathan Ham discuss the benefits of Web proxies and caching for forensic analysts in this chapter excerpt from their co-authored book, Network Forensics: Tracking Hackers through Cyberspace. Continue Reading
-
Rogue AP containment methods
Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these ... Continue Reading
-
Chained Exploits: How to prevent phishing attacks from corporate spies
Ever wonder if someone is monitoring everywhere you go on the Internet? In this chapter excerpt from Chained Exploits: Advanced Hacking Attacks from Start to Finish, learn how to keep corporate spies at bay. Continue Reading
-
Maintaining and Monitoring Countermeasures, Part I
-
Maintaining and Monitoring Countermeasures -- Part II
-
Lesson 4 Quiz Answers
-
Intrusion Prevention Fundamentals: Signatures and Actions
Before buying an IPS device, it's important to understand exactly what you're getting. Different products may claim to have the same features, but because marketing terminology isn't industry-standardized, they might be offering two very different ... Continue Reading
-
Leave no trace: Understanding attackers' motives
This excerpt from Chapter 1 of "Rootkits: Subverting the Windows Kernel," explains the purpose of back doors and how hackers use them, as well as how stealth plays a major role in most successful attacks. Continue Reading
-
Simplify with SIM: Evaluating security information management systems
Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses. Continue Reading
-
Honeynet security consoles and honeypot legal issues
Find out more about the honeypot legal issues in this excerpt from "Know your enemy: Learning about security threats." Continue Reading
-
The future of intrusion detection and prevention
Read Chapter 17, The Future of Intrusion Detection and Prevention, from the book "Intrusion Detection & Prevention" written by Carl Endorf, Eugene Schultz, Ph.D., and Jim Mellander. Continue Reading
-
Thwart attacks by switching vulnerable SSH daemon to random ports
Switching a vulnerable SSH daemon to a randomly chosen port can slow or even thwart an attacker. Continue Reading
-
Dan Kaminsky updates scanrand free IP port scanner
The scanrand 2.0 IP port scanner uses a SQL database for more detailed mining and temporal field, according to creator Dan Kaminsky Continue Reading
-
Using control change management to improve attack resistance
Learn how control change management can free your enterprise from the "widget mentality" -- and ensure better attack resistance. Continue Reading
-
Improve security intelligence with security information sharing
Security information sharing with fellow security intelligence specialists can help enterprises learn about risks out and the methods that fight them. Continue Reading
-
Beyond network perimeter defense: A 'submarine warfare' strategy
Today's attacker can be anywhere, meaning network perimeter defense alone is futile. Change your thinking, and your tactics. Continue Reading