Features

Features

• Information Security Analytics

  In this excerpt from chapter Z of Information Security Analytics, authors Mark Ryan Talabis, Robert McPherson, Inez Miyamoto and Jason L. Martin discuss security intelligence.  Continue Reading

• Industrial Network Security

  In this excerpt from chapter 3 of Industrial Network Security, authors Eric D. Knapp and Joel Langill discuss the history and trends of industrial cybersecurity.  Continue Reading

• Hiding Behind the Keyboard

  In this excerpt from chapter 2 of Hiding Behind the Keyboard, authors Brett Shavers and John Bair discuss the Tor Browser.  Continue Reading

• Hacking Web Intelligence

  In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy.  Continue Reading

• High-stakes role of CISO: Scott Howitt, MGM Resorts International

  Many organizations are making the CISO a peer to the CIO or taking the position out of IT altogether, says Howitt, who has held several technology and leadership positions.  Continue Reading

• Building a threat intelligence program? How to avoid the 'feed' frenzy

  Cyberthreat intelligence is just data if it is not actionable. We offer tips to help your team focus on relevant CTI for faster threat detection and response.  Continue Reading

• Aflac CISO Tim Callahan on global security, risk management

  With today's cyberthreats, the CISO has to know more about intelligence, working with government and private industry, and how to tailor the security program to further the business.  Continue Reading

• Incident response tools can help automate your security

  In this era of nonstop security threats, incident response tools that help automate detection and reaction are now essential. Learn how to update your IR process.  Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.  Continue Reading

• Data Breach Preparation and Response: Breaches are Certain, Impact is Not

  In this excerpt from chapter five of Data Breach Preparation and Response: Breaches are Certain, Impact is Not, author Kevvie Fowler discusses the key step to contain a data breach.  Continue Reading

• Cybersecurity and Applied Mathematics

  In this excerpt of Cybersecurity and Applied Mathematics, authors Leigh Metcalf and William Casey explain string analysis and how it can be applied to cyber data.  Continue Reading

• Cyber Guerilla

  In this excerpt of Cyber Guerilla, authors Jelle van Haaster, Ricky Gevers and Martijn Sprengers discuss the various roles hackers play.  Continue Reading

• Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations

  In this excerpt from chapter five of Google Earth Forensics, authors Michael Harrington and Michael Cross discuss the process of digital forensics.  Continue Reading

• Digital Guardian for Data Loss Prevention: Product overview

  Expert Bill Hayes examines Digital Guardian for Data Loss Prevention and more of the vendor's DLP product lineup, which cover data in use, data in transit and data in the cloud.  Continue Reading

• CA Technologies Data Protection: DLP product overview

  Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.  Continue Reading

• Critical Watch FusionVM: Vulnerability management product overview

  Expert Ed Tittel examines Critical Watch FusionVM, a vulnerability management tool that comes in cloud-based offering and virtual appliance or virtual scanner versions.  Continue Reading

• Tripwire IP360: Vulnerability management product overview

  Expert Ed Tittel examines vulnerability management products from Tripwire, including the rack-mounted IP360 appliance and the cloud- based PureCloud Enterprise service.  Continue Reading

• Tenable Nessus Vulnerability Scanner: Product overview

  Expert Ed Tittel examines the Nessus vulnerability scanner series from Tenable Network Security, which includes client, cloud and on-premises vulnerability management products.  Continue Reading

• How to buy the best incident response tools for your enterprise

  Incident response tools are an essential element of any enterprise's incident response management system. This publication helps security pros identify the best IR tools for their enterprise.  Continue Reading

• Want a board-level cybersecurity expert? They're hard to find

  Members of the board must be ready to defend their fiduciary decisions, corporate policies, compliance actions and, soon, cybersecurity preparedness.  Continue Reading

• SAINT 8 Security Suite: Vulnerability management product overview

  Expert Ed Tittel examines SAINT 8 Security Suite, a product that scans operating systems, database applications and web applications to identify assets and find vulnerabilities.  Continue Reading

• Rapid7 Nexpose: Vulnerability management product overview

  Ed Tittel examines Rapid7 Nexpose, a vulnerability management product for physical, virtual, cloud and mobile environments that discovers assets and scans for vulnerabilities.  Continue Reading

• Qualys Vulnerability Management: Product overview

  Expert Ed Tittel examines Qualys Vulnerability Management, a product for organizations of all sizes that is designed to help admins identify, monitor and mitigate vulnerabilities.  Continue Reading

• Core Security's Core Insight: Vulnerability management product overview

  Expert Ed Tittel takes a look at how Core Security's Core Insight accepts output from multiple vulnerability management scanners to present a single-pane view of vulnerabilities.  Continue Reading

• Beyond Security's AVDS: Vulnerability management product overview

  Expert Ed Tittel examines Beyond Security's Automated Vulnerability Detection System, which scans IP-based network infrastructures to detect vulnerabilities and identify assets.  Continue Reading

• IBM QRadar Security Intelligence Platform: Product overview

  Expert Dan Sullivan takes a look at how the IBM QRadar Security Intelligence Platform collects data from multiple sources so as to provide a comprehensive view of IT security.  Continue Reading

• Sumo Logic Enterprise Security Analytics: Product overview

  Expert Dan Sullivan examines Sumo Logic Enterprise Security Analytics, which uses a combination of rules, anomaly detection and predictive analytics to detect security threats.  Continue Reading

• LogRhythm's Security Analytics Platform: Product overview

  Expert Dan Sullivan examines LogRhythm's Security Analytics Platform, a product that leverages big data analytics and machine learning to help protect enterprises.  Continue Reading

• Splunk Enterprise Security: Product overview

  Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events.  Continue Reading

• Fortscale UEBA: Big data security analytics product overview

  Expert Dan Sullivan examines Fortscale's user behavior analytics platform, which is built on Cloudera Hadoop and incorporates machine learning and big data security analytics.  Continue Reading

• Even with rise in crypto-ransomware, majority do not pay

  With data increasingly held hostage, companies are learning the downside of encryption and cryptocurrency. As some organizations admit to paying ransoms, will the problem get worse?  Continue Reading

• Q&A: Looking at cyberweapons and other issues with Nathaniel Gleicher

  The former White House cybersecurity policy director talks about cyberthreats, the government's vulnerability equities process and lawful use of exploit toolkits.  Continue Reading

• Identity of things? IAM system to change as IoT invades the workplace

  Companies in certain industries -- manufacturing, healthcare and critical infrastructure -- are already dealing with securing the internet of things; others will have to start.  Continue Reading

• Cybereason Detection and Response Platform: Product overview

  Expert Dan Sullivan explores how the Cybereason Detection and Response Platform uses big data security analytics to identify malicious events and better secure enterprises.  Continue Reading

• Hexis Cyber Solutions' HawkEye AP: Product overview

  Expert Dan Sullivan examines the HawkEye AP platform, a big data security analytics product from Hexis Cyber Solutions that can parse hundreds of different data formats.  Continue Reading

• Choosing the best web fraud detection system for your company

  This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company.  Continue Reading

• Lancope's StealthWatch FlowCollector: Security analytics product overview

  Expert Dan Sullivan examines the Lancope StealthWatch FlowCollector, a security analytics product that ingests large volumes of data to identify suspicious activity.  Continue Reading

• FireEye Threat Analytics Platform: Product overview

  Expert Dan Sullivan takes a look at the FireEye Threat Analytics Platform, a cloud-based security analytics product that offers threat detection and contextual intelligence.  Continue Reading

• Hexis Cyber Solutions' NetBeat MON: Product overview

  Expert Dan Sullivan checks out Hexis Cyber Solutions' NetBeat MON, a security analytics monitoring appliance that leverages several open source network monitoring tools.  Continue Reading

• RSA NetWitness Logs and Packets: Security analytics product overview

  Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats.  Continue Reading

• When to take a bug bounty program public -- and how to do it

  Bug-finding programs are valuable to enterprises, but they require a lot of planning and effort to be effective. Sean Martin looks at what goes into taking a bug bounty program public.  Continue Reading

• Juniper Networks' JSA Series Secure Analytics: Product overview

  Expert Dan Sullivan examines the Juniper Networks JSA Series Secure Analytics product family, which provides log analysis, threat analysis and compliance reporting for larger enterprises.  Continue Reading

• Click Security Analytics: Product overview

  Expert Dan Sullivan takes a look at Click Security's collection of tools focused on key areas of security analytics, including profiling, investigating and analyzing threats.  Continue Reading

• The security ratings game grades third-party vendors

  Can security ratings services patterned on consumer credit scores offer insight into the security postures of third parties and other business partners?  Continue Reading

• Q&A: Analyzing DNS services with Paul Vixie

  With targeted attacks such as distributed denial-of-service and ransomware on the rise, should domain name system analysis become part of your defense strategy?  Continue Reading

• CISOs face cloud GRC challenges as services take off

  Governance, risk management and compliance goals are tested by the proliferating use of cloud services -- and it's even worse than IT organizations think.  Continue Reading

• Arbor Networks Pravail Security Analytics: Product overview

  Expert Dan Sullivan examines the features of Arbor Networks' Pravail Security Analytics, which employs full packet capture to detect various signals of an attack for enterprises.  Continue Reading

• Blue Coat DLP: Data loss prevention product overview

  Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products.  Continue Reading

• Blue Coat Security Analytics Platform: Product overview

  Expert Dan Sullivan takes a look at the Blue Coat Security Analytics Platform, which is designed to capture comprehensive network information and apply targeted security analytics.  Continue Reading

• WinMagic SecureDoc: Full-disk encryption product overview

  Expert Karen Scarfone examines the features of WinMagic's SecureDoc, a full-disk encryption product for laptops, desktops, mobile devices and servers.  Continue Reading

• Resolve web security issues with advice from industry experts

  Web security issues begin at the web app development stage, but there are ways security pros and developers can collaborate to boost security without sacrificing app performance.  Continue Reading

• Building an application security program: Why education is key

  Education and training are crucial parts of a strong application security program. Sean Martin explains how enterprises should build these elements into their programs.  Continue Reading

• Want to avoid data breach lawsuits? Get legal on your side

  The CISO's role as the protector of an organization's data intersects with responsibilities of corporate counsel. Here's how to keep the communications flowing in sticky situations.  Continue Reading

• Muddy waters for chip and PIN technology, banks won't sign off

  The banks and the retailers have divergent views on how best to secure credit card transactions. Will the courts decide between signatures and PINs? Or will market forces win out?  Continue Reading

• DevOps security requires new mindset and tools for visibility, automation

  Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services.  Continue Reading

• Dissecting the Hack

  In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian Baskin discuss Bitcoin and digital currency.  Continue Reading

• Digital Identity Management

  In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics and the TLS protocol.  Continue Reading

• Becoming a Global Chief Security Executive Officer

  In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, author Roland Cloutier discusses the primary role of the chief security officer.  Continue Reading

• Mojo AirTight WIPS overview

  Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks.  Continue Reading

• Automated Security Analysis of Android and iOS Applications

  In this excerpt of Automated Security Analysis of Android and iOS Applications with Mobile Security Framework, authors Ajin Abraham and Henry Dalziel discuss mobile application penetration testing.  Continue Reading

• Augmented Reality Law, Privacy, and Ethics

  In this excerpt of Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies, author Brian D. Wassom discusses privacy concerns in the internet of things.  Continue Reading

• How to start building an enterprise application security program

  Building an effective application security program can be daunting. Sean Martin talks with experts about the best first steps enterprises should take.  Continue Reading

• Zebra Technologies AirDefense: WIPS overview

  Expert Karen Scarfone examines Zebra Technologies' AirDefense, a wireless intrusion prevention system designed to monitor enterprise network activity for WLANs.  Continue Reading

• Fluke Networks AirMagnet Enterprise: WIPS overview

  Expert Karen Scarfone examines Fluke Networks AirMagnet Enterprise, a wireless intrusion prevention system to monitor WLAN events and detect a wide variety of potential problems.  Continue Reading

• Cybersecurity blind spots: Mitigating risks and vulnerabilities

  Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge.  Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.  Continue Reading

• CISSP online training: Telecommunications and Networking

  Spotlight article: Shon Harris explains the main concepts in the CISSP domain on telecommunications and networking, including network protocols, extension technologies and more.  Continue Reading

• CISO challenges: Addressing cybersecurity blind spots

  Every enterprise has cybersecurity blind spots that it fails to recognize and address. Sean Martin explains what they are and how they create more CISO challenges.  Continue Reading

• Aruba RFProtect WIPS: Product overview

  Expert Karen Scarfone examines the features of Aruba RFProtect, a wireless intrusion prevention system to detect and block WLAN attacks against enterprise networks.  Continue Reading

• Cisco Adaptive Wireless IPS: Product overview

  Expert Karen Scarfone looks at the features and functionality of the Cisco Adaptive Wireless IPS, a wireless intrusion prevention system to monitor and protect WLANs.  Continue Reading

• Check Point Next Generation Firewall: Product overview

  Check Point Next Generation Firewall family combines firewalls with unified threat management technology, VPNs and more. Expert Mike O. Villegas takes a closer look.  Continue Reading

• Cisco ASA with FirePOWER: NGFW product overview

  Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.  Continue Reading

• CISO challenges: Identifying and addressing common problems

  Enterprises often struggle to identify and prioritize the most pressing security concerns and threats. Sean Martin explains the common CISO challenges facing organizations today.  Continue Reading

• Cyberinsurance policies: Getting coverage and avoiding limitations

  The cyberinsurance market is maturing rapidly, but there are still gray areas to navigate. Sean Martin explains what enterprises should know about policies.  Continue Reading

• Mobile security strategy matures with BYOD

  The basic level of mobile security is to protect data and access to a network, but understanding the needs of mobile users and their devices is the key to maturing that strategy.  Continue Reading

• Cyberinsurance: Assessing risks and defining policies

  Cyberinsurance is sparking interest from enterprises, but how are security risks assessed for policies? Sean Martin takes a closer look at the process.  Continue Reading

• Readers' 2016 top picks for enterprise encryption tools

  As the enterprise encryption tools market matures, buyers find many vendors to choose from, but few stand out from the crowd as encryption is absorbed into other security tools.  Continue Reading

• Strong authentication methods: Are you behind the curve?

  Not sure who's really behind that username and password? Google, Facebook and others may finally give multifactor authentication technology the 'push' it needs.  Continue Reading

• Protect your security perimeter with bellwether technologies

  Protecting your security perimeter is getting harder, as the threats get more sophisticated and the perimeter harder to identify. But these eight bellwether technologies can help.  Continue Reading

• The role of cybersecurity insurance in the enterprise

  Cybersecurity insurance has gained more attention and acceptance from enterprises, but does it fit within an enterprise security program? Sean Martin explores a growing market.  Continue Reading

• Application development security requires forethought

  Enterprises push for short development cycles to meet delivery deadlines. Expert Michael Cobb explains how to incorporate application development security into the process.  Continue Reading

• Enterprise encryption: Do the plusses outweigh the 'minuses'?

  Encryption is a powerful tool, but its implementation presents its own set of perils. CISOs weigh in on data privacy and key management strategies.  Continue Reading

• What SIEM tools made your short list?

  More companies are investing in security information and event management to improve their response to targeted attacks, according to the readers we surveyed.  Continue Reading

• Proper network segments may prevent the next breach

  Companies still fail to implement secure network segmentation and role-based access. Here's how to protect your sensitive data and stay out of the headlines.  Continue Reading

• Choosing secure file transfer products for your enterprise

  Are you concerned about file transfer security? Expert Karen Scarfone discusses the best products for transporting files while maintaining their confidentiality.  Continue Reading

• How to buy the best SSL for your enterprise

  To choose the best SSL for your enterprise, you need to stay up to date on SSL/TLS encryption developments. Learn why SSL/TLS remains a vital technology and how to determine the approach that will work best for your company.  Continue Reading

• Voltage SecureMail encryption tool: Product overview

  Expert contributor Karen Scarfone takes a look at Voltage SecureMail for encrypting email messages in the enterprise.  Continue Reading

• Trend Micro Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Trend Micro's suite of email encryption software products for securing email messages in the enterprise.  Continue Reading

• DataMotion SecureMail software: Product overview

  Expert contributor Karen Scarfone examines DataMotion SecureMail software for encrypting email messages in the enterprise.  Continue Reading

• Symantec Desktop Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.  Continue Reading

• Proofpoint Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Proofpoint Email Encryption products, which come with data loss prevention capability and a Secure Share add-on for secure file sharing.  Continue Reading

• Can cybersecurity spending protect the U.S. government?

  CNAP articulates the right things, as many U.S. government cyber initiatives do, but what has captured the attention of the Beltway is the billion-dollar budget proposals.  Continue Reading

• What endpoint protection software is on your short list?

  Roughly half of survey respondents indicated that their organization is shifting away from static scanning as the primary protection for endpoints.  Continue Reading

• Managing Online Risk

  In this excerpt of Managing Online Risk, author Deborah Gonzalez outlines the main steps of a risk management model.  Continue Reading

• Information Governance and Security: Protecting and Managing Your Company's Proprietary

  In this excerpt of Information Governance and Security, authors John G. Iannarelli and Michael O'Shaughnessy offer tips for establishing guidelines for all departments or sectors of a business.  Continue Reading

• Integrated Security Systems Design

  In this excerpt of Integrated Security Systems Design, author Thomas L. Norman explains the tools of security system design, the place of electronics in the process, how to establish electronic security program objectives and the types of design ...  Continue Reading

• Securing VoIP: Keeping Your VoIP Networks Safe

  In this excerpt of Securing VoIP: Keeping your VoIP Network Safe, author Regis (Bud) Bates outlines different approaches to VoIP security and offers best practices to ensure infrastructure security is intact.  Continue Reading

• Detecting and Combating Malicious Email

  In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims.  Continue Reading

• Designing and Building Security Operations center

  In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading