Features

Features

• CISOs take notice as GPS vulnerabilities raise alarms

  GPS has been extraordinarily reliable, but there's a growing chorus of experts who say it's time to assess GPS security and consider protective strategies.  Continue Reading

• Thor's OS Xodus

  In this excerpt from chapter one of Thor's OS Xodus, author Timothy "Thor" Mullen discusses OS X, privacy, and online safety.  Continue Reading

• Threat Forecasting

  In this excerpt from chapter 1 of Threat Forecasting, authors John Pirc, David DeSanto, Iain Davison, and Will Gragido discuss how to navigate today's threat landscape.  Continue Reading

• Security Controls Evaluation, Testing, and Assessment Handbook

  In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control.  Continue Reading

• Security for applications: What tools and principles work?

  Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job.  Continue Reading

• Transitioning to the role of CISO: Dr. Alissa Johnson

  Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem."  Continue Reading

• The vulnerability management process after Equifax

  Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach.  Continue Reading

• Are security operations centers doing enough?

  SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.  Continue Reading

• The Basics of Cyber Safety

  In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.  Continue Reading

• Deception in the Digital Age

  In this excerpt from chapter five of Deception in the Digital Age, authors Cameron H. Malin, Terry Gudaitis, Thomas J. Holt and Max Kilger discuss phishing and watering hole attacks.  Continue Reading

• Grossman: Cyberinsurance market is like the 'Wild West'

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature.  Continue Reading

• The art of the cyber warranty and guaranteeing protection

  Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the science of developing a cyber warranty for threat detection products.  Continue Reading

• The CISO job seems to be finally getting the credit it's due

  The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities.  Continue Reading

• Recent ransomware attacks: Is it an epidemic or overblown?

  Until WannaCry and NotPetya, estimates of ransomware cost and damages were likely overblown. But indications are that companies lost hundreds of millions from these malicious attacks alone.  Continue Reading

• Agnes Kirk on the role of CISO, Washington's state of mind

  A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security.  Continue Reading

• Securing SQL Server: Protecting Your Database from Attackers

  In this excerpt from chapter nine of Securing SQL Server, author Denny Cherry discusses why SQL injection attacks are so successful.  Continue Reading

• What SIEM features are essential for your company?

  On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products.  Continue Reading

• Machine learning in cybersecurity: How to evaluate offerings

  Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech?  Continue Reading

• Safety of Web Applications

  In this excerpt from chapter three of Safety of Web Applications, author Eric Quinton discusses symmetric and asymmetric encryption.  Continue Reading

• Symantec Data Loss Prevention: Product overview

  Expert Bill Hayes checks out the Symantec Data Loss Prevention suite, featuring an architecture consisting of content-aware detection servers, endpoint agents and unified management.  Continue Reading

• Research Methods for Cyber Security

  In this excerpt from chapter six of Research Methods for Cyber Security, authors Thomas W. Edgar and David O. Manz discuss the different types of machine learning.  Continue Reading

• Cybercrime and Business: Strategies for Global Corporate Security

  In this excerpt from chapter three of Cybercrime and Business, author Sanford L. Moskowitz discusses the effects cybercrime can have on small- and medium-sized businesses.  Continue Reading

• Why WannaCry and other computer worms may inherit the earth

  A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission.  Continue Reading

• Meet the new government CISO for the nation's capital

  With years of cybersecurity and military IT experience, the District of Columbia's first information security officer brings a well-developed toolkit to the job.  Continue Reading

• HTTPS interception gets a bad rap; now what?

  Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it.  Continue Reading

• Computer and Information Security Handbook

  In this excerpt from chapter three of Computer and Information Security Handbook, author John R. Vacca reviews the basics of cryptography.  Continue Reading

• Top cybersecurity conferences for when Black Hat and RSA aren't right

  The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle.  Continue Reading

• Electronic voting systems in the U.S. need post-election audits

  Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems?  Continue Reading

• Learn what network access control systems can do for you

  Network access control systems keep rogue or compromised devices off of corporate networks. See how they work and the other security technologies with which they work.  Continue Reading

• Valerie Plame: U.S. government cyberdefense must be improved

  Former CIA officer Valerie Plame discusses why America's cyberdefense is lagging behind -- and what the government and private sector should do to reverse the trend.  Continue Reading

• U.S. attorney: Gathering cybercrime evidence can be difficult

  Assistant U.S. attorney says jurors and courts are getting smarter about cybercrime evidence, although digital cases overall may be getting more difficult to prosecute.  Continue Reading

• How FBI cyber investigations handle obfuscation techniques

  An FBI agent discusses cyber investigations, how they handle obfuscation techniques, the anonymizing features of the deep web and how to catch the right person.  Continue Reading

• FBI: Cyber investigations no different from real world

  Despite a loud group claiming the burden of proof is harder to meet with digital evidence, an agent says FBI cyber investigations are not much different from traditional cases.  Continue Reading

• Symantec Endpoint Protection and the details for buyers to know

  Expert Ed Tittel examines Symantec Endpoint Protection, an intrusion prevention, firewall and antimalware product for physical and virtual endpoints.  Continue Reading

• A closer look at Kaspersky antimalware protection services

  Expert Ed Tittel looks at Kaspersky antimalware product Endpoint Security, which provides multilayered protection against malware, phishing attacks and other exploits.  Continue Reading

• Deborah Wheeler lands role of CISO at Delta Air Lines

  The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role.  Continue Reading

• CISOs: Disruptive technology trends and how to prepare

  Information security managers and venture capitalists weigh in on which digital trends are changing security operations and how IT teams should deal with the fallout.  Continue Reading

• Details of Trend Micro Worry-Free Business Security Services

  Expert Ed Tittel takes a closer look at Trend Micro Worry-Free Business Security Services, an antivirus and antimalware product for small organizations.  Continue Reading

• Trend Micro OfficeScan endpoint protection software and its offerings

  Expert contributor Ed Tittel takes a look at Trend Micro OfficeScan, an endpoint protection product with antivirus and antimalware functionality for physical and virtualized endpoints.  Continue Reading

• The various offers of Microsoft System Center Endpoint Protection

  Expert Ed Tittel examines System Center Endpoint Protection, Microsoft's native Windows antivirus and antimalware security product.  Continue Reading

• An in-depth look into McAfee Endpoint Threat Protection

  McAfee Endpoint Threat Protection is an antimalware protection product that is designed to secure Windows systems against malware, data loss and other threats in standalone or networked environments.  Continue Reading

• Sophos Endpoint Protection and an overview of its features

  Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more.  Continue Reading

• The GDPR right to be forgotten: Don't forget it

  Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it.  Continue Reading

• Passive Python Network Mapping

  In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against network security threats.  Continue Reading

• Protecting Patient Information

  In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data breaches in healthcare.  Continue Reading

• Mobile Security and Privacy

  In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity in terms of mathematics.  Continue Reading

• Federal Cloud Computing

  In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government.  Continue Reading

• Advanced Persistent Security

  In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations.  Continue Reading

• The importance of securing endpoints with antimalware protection

  All organizations need to protect their endpoints from outside malware with antimalware products, which are essential to an enterprise-wide security strategy.  Continue Reading

• Evaluating endpoint security products for antimalware protection

  Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.  Continue Reading

• Q&A: Ping CEO on contextual authentication, intelligent identity

  Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises.  Continue Reading

• Advanced endpoint protection takes on the latest exploits

  Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints.  Continue Reading

• Patch management tool comparison: What are the best products?

  With so many different vendors in the market, it isn't easy to pick the right patch management tool. Read this product comparison to see which is best for your company.  Continue Reading

• Choosing the best patch management software for your business

  Keeping your applications updated and patched is essential for company security. Patch management software can help you do that efficiently, but which one is best for you?  Continue Reading

• Seven tips for buying automated patch management tools

  The evaluation of patch management tools begins by determining your organization's needs. Know what to look for and learn how to gauge features, functions and interoperability.  Continue Reading

• (ISC)2 CEO on cybersecurity workforce expansion and 2017 Congress

  Recently, SearchSecurity editorial director Robert Richardson checked in with (ISC)2's CEO David Shearer as the organization prepares for its fall Security Congress.  Continue Reading

• Why the citizen developer trend is bugging infosec teams

  Automated tools are making it easier for citizen developers to build and deploy applications quickly. But is that a good thing for enterprise security teams?  Continue Reading

• Know why patch management tools are required in the IT infrastructure

  Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses.  Continue Reading

• Introduction to automated enterprise patch management software

  Patch management software keeps enterprises better protected by automating the delivery of operating systems and application updates. See how it can help your business.  Continue Reading

• IT security trends: 2017 prioritizes cloud, network, endpoints

  The 2017 TechTarget IT Priorities Survey reports a number of key IT security trends about where enterprises and infosec professionals place their time and resources.  Continue Reading

• Experian's Tom King tackles role of CISO from the ground up

  An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.  Continue Reading

• Acquiring cybersecurity insurance: Why collaboration is key

  Cybersecurity insurance is becoming more important to enterprises as threats increase. Sean Martin explains why enterprise departments need to work together to acquire it.  Continue Reading

• Trustwave Data Loss Prevention: Product overview

  Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises.  Continue Reading

• Learn what breach detection system is best for your network

  Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.  Continue Reading

• Okta Adaptive MFA gives companies flexible authentication

  Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access.  Continue Reading

• Trend Micro Integrated Data Loss Prevention: Product overview

  Expert Bill Hayes examines the Trend Micro Integrated Data Loss Prevention product, which acts as a software plug-in with other Trend Micro security products.  Continue Reading

• RSA Authentication Manager offers a variety of authentication methods

  With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication.  Continue Reading

• Proofpoint Email DLP: Product overview

  Expert Bill Hayes examines Proofpoint Email Data Loss Prevention, a specialized DLP product that's part of Proofpoint's cloud-based Information Protection suite.  Continue Reading

• Summing up Symantec VIP Service, a multifactor authentication tool

  Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.  Continue Reading

• An in-depth look at Gemalto's SafeNet Authentication Service

  Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security.  Continue Reading

• SecureAuth IdP: An overview of its multifactor authentication ability

  Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product.  Continue Reading

• Timeline: Symantec certificate authority improprieties

  Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.  Continue Reading

• VASCO IDENTIKEY Authentication Server and a look at its key features

  Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market.  Continue Reading

• Quest Defender protects businesses with two-factor authentication

  Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity.  Continue Reading

• Is threat hunting the next step for modern SOCs?

  The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats.  Continue Reading

• Polycom CISO focused on ISO 27001 certification, data privacy

  Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.  Continue Reading

• Challenging role of CISO presents many opportunities for change

  With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited.  Continue Reading

• Measuring and Managing Information Risk: A FAIR Approach

  In this excerpt from chapter 13 of Measuring and Managing Information Risk, authors Jack Freund and Jack Jones discuss information security metrics.  Continue Reading

• Introduction to Social Media Investigation: A Hands-on Approach

  In this excerpt from chapter four of Introduction to Social Media Investigation: A Hands-on Approach, author Jennifer Golbeck discusses privacy controls on social media.  Continue Reading

• Handbook of System Safety and Security

  In this excerpt from chapter 10 of Handbook of System Safety and Security, editor Edward Griffor discusses cloud and mobile cloud architecture and security.  Continue Reading

• Mobile Data Loss: Threats and Countermeasures

  In this excerpt from chapter three of Mobile Data Loss, author Michael T. Raggo discusses mobile security countermeasures.  Continue Reading

• Building a Practical Information Security Program

  In this excerpt from chapter nine of Building a Practical Information Security Program, authors Jason Andress and Mark Leary discuss deploying a security compliance process.  Continue Reading

• Identity and access management strategy: Time to modernize?

  More likely than not, your company's identity and access management strategy needs an update. Learn how to decide if that's the case and, if so, what you should do now.  Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.  Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.  Continue Reading

• FireEye iSIGHT Threat Intelligence: Services overview

  Expert Ed Tittel looks at FireEye iSIGHT Threat Intelligence service for providing actionable, contextual data about today's top IT threats to organizations.  Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.  Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.  Continue Reading

• CA Strong Authentication offers businesses low-cost MFA and 2FA

  CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.  Continue Reading

• SecureWorks threat intelligence and what it can do for your enterprise

  Expert Ed Tittel examines the features and capabilities of SecureWorks, which gathers its intelligence from thousands of SecureWorks global customers.  Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.  Continue Reading

• Analyzing the capabilities of Symantec DeepSight Intelligence

  Expert Ed Tittel offers an overview of Symantec DeepSight Intelligence, which provides organizations with information and alerts on today's IT threats.  Continue Reading

• Comparing the top threat intelligence services

  Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.  Continue Reading

• Enterprise scenarios for threat intelligence tools

  Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.  Continue Reading

• An introduction to threat intelligence platforms in the enterprise

  Expert Ed Tittel describes how threat intelligence platforms work to help in the proactive defense of enterprise networks.  Continue Reading

• Politics of cyber attribution pose risk for private industry

  Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies.  Continue Reading

• In her new role of CISO, Annalea Ilg is curious, driven and paranoid

  The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure.  Continue Reading

• MSSPs add advanced threats as managed security services gain hold

  Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?  Continue Reading

• Sharpen your DDoS detection skills with the right tool

  DDoS detection and prevention tools are more sophisticated than ever. But finding the right one for your company takes studying and asking vendors the right questions.  Continue Reading

• McAfee Total Protection for Data Loss Prevention: Product overview

  Expert Bill Hayes takes a closer look at McAfee Total Protection for Data Loss Prevention, a DLP software suite for deployment on hardware and virtual appliances.  Continue Reading