Features

Features

• Automated Security Analysis of Android and iOS Applications

  In this excerpt of Automated Security Analysis of Android and iOS Applications with Mobile Security Framework, authors Ajin Abraham and Henry Dalziel discuss mobile application penetration testing.  Continue Reading

• Augmented Reality Law, Privacy, and Ethics

  In this excerpt of Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies, author Brian D. Wassom discusses privacy concerns in the internet of things.  Continue Reading

• How to start building an enterprise application security program

  Building an effective application security program can be daunting. Sean Martin talks with experts about the best first steps enterprises should take.  Continue Reading

• Zebra Technologies AirDefense: WIPS overview

  Expert Karen Scarfone examines Zebra Technologies' AirDefense, a wireless intrusion prevention system designed to monitor enterprise network activity for WLANs.  Continue Reading

• Fluke Networks AirMagnet Enterprise: WIPS overview

  Expert Karen Scarfone examines Fluke Networks AirMagnet Enterprise, a wireless intrusion prevention system to monitor WLAN events and detect a wide variety of potential problems.  Continue Reading

• Cybersecurity blind spots: Mitigating risks and vulnerabilities

  Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge.  Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.  Continue Reading

• CISSP online training: Telecommunications and Networking

  Spotlight article: Shon Harris explains the main concepts in the CISSP domain on telecommunications and networking, including network protocols, extension technologies and more.  Continue Reading

• CISO challenges: Addressing cybersecurity blind spots

  Every enterprise has cybersecurity blind spots that it fails to recognize and address. Sean Martin explains what they are and how they create more CISO challenges.  Continue Reading

• Aruba RFProtect WIPS: Product overview

  Expert Karen Scarfone examines the features of Aruba RFProtect, a wireless intrusion prevention system to detect and block WLAN attacks against enterprise networks.  Continue Reading

• Cisco Adaptive Wireless IPS: Product overview

  Expert Karen Scarfone looks at the features and functionality of the Cisco Adaptive Wireless IPS, a wireless intrusion prevention system to monitor and protect WLANs.  Continue Reading

• Check Point Next Generation Firewall: Product overview

  Check Point Next Generation Firewall family combines firewalls with unified threat management technology, VPNs and more. Expert Mike O. Villegas takes a closer look.  Continue Reading

• Cisco ASA with FirePOWER: NGFW product overview

  Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.  Continue Reading

• CISO challenges: Identifying and addressing common problems

  Enterprises often struggle to identify and prioritize the most pressing security concerns and threats. Sean Martin explains the common CISO challenges facing organizations today.  Continue Reading

• Cyberinsurance policies: Getting coverage and avoiding limitations

  The cyberinsurance market is maturing rapidly, but there are still gray areas to navigate. Sean Martin explains what enterprises should know about policies.  Continue Reading

• Mobile security strategy matures with BYOD

  The basic level of mobile security is to protect data and access to a network, but understanding the needs of mobile users and their devices is the key to maturing that strategy.  Continue Reading

• Cyberinsurance: Assessing risks and defining policies

  Cyberinsurance is sparking interest from enterprises, but how are security risks assessed for policies? Sean Martin takes a closer look at the process.  Continue Reading

• Readers' 2016 top picks for enterprise encryption tools

  As the enterprise encryption tools market matures, buyers find many vendors to choose from, but few stand out from the crowd as encryption is absorbed into other security tools.  Continue Reading

• Strong authentication methods: Are you behind the curve?

  Not sure who's really behind that username and password? Google, Facebook and others may finally give multifactor authentication technology the 'push' it needs.  Continue Reading

• Protect your security perimeter with bellwether technologies

  Protecting your security perimeter is getting harder, as the threats get more sophisticated and the perimeter harder to identify. But these eight bellwether technologies can help.  Continue Reading

• The role of cybersecurity insurance in the enterprise

  Cybersecurity insurance has gained more attention and acceptance from enterprises, but does it fit within an enterprise security program? Sean Martin explores a growing market.  Continue Reading

• Application development security requires forethought

  Enterprises push for short development cycles to meet delivery deadlines. Expert Michael Cobb explains how to incorporate application development security into the process.  Continue Reading

• Enterprise encryption: Do the plusses outweigh the 'minuses'?

  Encryption is a powerful tool, but its implementation presents its own set of perils. CISOs weigh in on data privacy and key management strategies.  Continue Reading

• What SIEM tools made your short list?

  More companies are investing in security information and event management to improve their response to targeted attacks, according to the readers we surveyed.  Continue Reading

• Proper network segments may prevent the next breach

  Companies still fail to implement secure network segmentation and role-based access. Here's how to protect your sensitive data and stay out of the headlines.  Continue Reading

• Choosing secure file transfer products for your enterprise

  Are you concerned about file transfer security? Expert Karen Scarfone discusses the best products for transporting files while maintaining their confidentiality.  Continue Reading

• How to buy the best SSL for your enterprise

  To choose the best SSL for your enterprise, you need to stay up to date on SSL/TLS encryption developments. Learn why SSL/TLS remains a vital technology and how to determine the approach that will work best for your company.  Continue Reading

• Voltage SecureMail encryption tool: Product overview

  Expert contributor Karen Scarfone takes a look at Voltage SecureMail for encrypting email messages in the enterprise.  Continue Reading

• Trend Micro Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Trend Micro's suite of email encryption software products for securing email messages in the enterprise.  Continue Reading

• DataMotion SecureMail software: Product overview

  Expert contributor Karen Scarfone examines DataMotion SecureMail software for encrypting email messages in the enterprise.  Continue Reading

• Symantec Desktop Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.  Continue Reading

• Proofpoint Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Proofpoint Email Encryption products, which come with data loss prevention capability and a Secure Share add-on for secure file sharing.  Continue Reading

• Can cybersecurity spending protect the U.S. government?

  CNAP articulates the right things, as many U.S. government cyber initiatives do, but what has captured the attention of the Beltway is the billion-dollar budget proposals.  Continue Reading

• What endpoint protection software is on your short list?

  Roughly half of survey respondents indicated that their organization is shifting away from static scanning as the primary protection for endpoints.  Continue Reading

• Managing Online Risk

  In this excerpt of Managing Online Risk, author Deborah Gonzalez outlines the main steps of a risk management model.  Continue Reading

• Information Governance and Security: Protecting and Managing Your Company's Proprietary

  In this excerpt of Information Governance and Security, authors John G. Iannarelli and Michael O'Shaughnessy offer tips for establishing guidelines for all departments or sectors of a business.  Continue Reading

• Integrated Security Systems Design

  In this excerpt of Integrated Security Systems Design, author Thomas L. Norman explains the tools of security system design, the place of electronics in the process, how to establish electronic security program objectives and the types of design ...  Continue Reading

• Securing VoIP: Keeping Your VoIP Networks Safe

  In this excerpt of Securing VoIP: Keeping your VoIP Network Safe, author Regis (Bud) Bates outlines different approaches to VoIP security and offers best practices to ensure infrastructure security is intact.  Continue Reading

• Detecting and Combating Malicious Email

  In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims.  Continue Reading

• Designing and Building Security Operations center

  In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• Addressing NFV security issues in the enterprise

  Network functions virtualization can complement SDN and benefit enterprises, but there are NFV security considerations that must be addressed. Expert Judith Myerson explains.  Continue Reading

• What EMM tool is on your short list?

  EMM vendors consolidate tools for enterprise mobility management, covering device, application and even identity management, into ‘single-pane-of-glass' management consoles.  Continue Reading

• Bug bounty programs narrow the crowd

  Data shows that more companies are moving away from crowdsourcing and adopting invitation-only awards programs. Do higher-quality submissions result?  Continue Reading

• The incident response process is on the clock

  No time to prepare for incident handling? Security tools aim to automate the incident response process and help organizations lessen the time between threat detection and response.  Continue Reading

• Comparing the best network access control products

  Expert Rob Shapland takes a look at the best network access control products on the market today and examines the features and capabilities that distinguish the top vendors in this space.  Continue Reading

• Comparing the top big data security analytics tools

  Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization.  Continue Reading

• Comparing the top vulnerability management tools

  Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization.  Continue Reading

• Windows 10 Wi-Fi Sense for hotspot sharing: Is it safe?

  Microsoft's Windows 10 Wi-Fi Sense was designed to make hotspot sharing easy, but experts debate if the security risks are real and whether the new feature offers substantial benefits and relative safety.  Continue Reading

• Readers' top picks for DLP products

  The companies and DLP products that organizations consider, when they seek to address compliance and data security requirements across multiple platforms and environments.  Continue Reading

• Deconstructing the emergency incident response process

  Professional incident response providers can quickly bring the additional resources and the expertise that companies often need to handle a rapidly unfolding threat.  Continue Reading

• Security attack? New defenses in 2016 escape compromise

  Worried that attackers may know your infrastructure better than you do? Cyberthreats are learning fast from defenses that detect them. New strategies focus on what happens next.  Continue Reading

• Dell SonicWall NSA UTM: Product overview

  Expert David Strom explains why the feature-rich Dell SonicWall NSA Series of enterprise unified threat management devices may take some getting used to.  Continue Reading

• WatchGuard UTM appliances: Product overview

  Expert Ed Tittel examines WatchGuard UTM appliances that bundle different kinds of network infrastructure protection into a single device for small, midsize and large businesses.  Continue Reading

• Sophos SG Series UTM: Product overview

  Expert Ed Tittel looks at the Sophos SG Series of unified threat management appliances, which bundle various kinds of network infrastructure protection into a single device.  Continue Reading

• Fortinet FortiGate UTM: Product overview

  Expert Ed Tittel looks at Fortinet FortiGate UTM appliances, which combine different network infrastructure protection features into a single device.  Continue Reading

• Cisco Meraki MX appliances: UTM product overview

  Expert Ed Tittel examines Cisco's Meraki MX UTM Appliances, a series of UTM products that combines various network security and protection features into a single device.  Continue Reading

• Check Point UTM Threat Prevention Appliances: Product review

  Check Point UTM Threat Prevention Appliances are recognized by our reviewer as consistent software architectures that are easy to configure.  Continue Reading

• Seven criteria for buying vulnerability management tools

  Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises.  Continue Reading

• The business case for vulnerability management tools

  Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products.  Continue Reading

• Introduction to vulnerability management tools

  Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers.  Continue Reading

• Trend Micro InterScan Messaging Security: Product overview

  Expert Karen Scarfone looks at the Trend Micro InterScan Messaging Security and Trend Micro ScanMail Suite for Microsoft Exchange email security gateway products used for monitoring email messages that could contain suspicious content and threats.  Continue Reading

• Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

  Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats.  Continue Reading

• Sophos Email Appliance: Product overview

  Expert Karen Scarfone examines the Sophos Email Appliance email security gateway product that is used for detecting and blocking messages that contain suspicious content and threats.  Continue Reading

• Proofpoint Enterprise Protection: Product overview

  Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats.  Continue Reading

• Microsoft Exchange Online Protection: Product overview

  Expert Karen Scarfone reviews the Microsoft Exchange Online Protection email security gateway product, which is used for detecting and blocking common email-transmitted threats.  Continue Reading

• McAfee Email Protection, Security for Email Servers: Product overview

  Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages.  Continue Reading

• Clearswift SECURE Email Gateway: Product overview

  Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails.  Continue Reading

• Fortinet FortiMail: Product overview

  Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization.  Continue Reading

• Cybersecurity professionals: Five ways to increase the talent pool

  The lack of cybersecurity skills in the industry is glaring, but there are ways for educators, vendors and enterprises to fix the problem. Sean Martin explains how.  Continue Reading

• Websense Email Security Gateway: Product overview

  Expert Karen Scarfone reviews the Websense Email Security Gateway product, which is used for monitoring email messages that could contain suspicious threats.  Continue Reading

• Cisco Email Security Appliance: Product overview

  Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.  Continue Reading

• How to amp up enterprise security with a suite of tools

  Vendors are increasingly offering security via a suite of tools. Here's how to use them to improve enterprise security while avoiding the drawbacks like functions overlap.  Continue Reading

• Readers' top picks for application security tools

  The top companies and application security products that organizations consider when they seek to reduce their application vulnerabilities.  Continue Reading

• Virtualization security tools defend across clouds

  Several vendors offer ways to protect virtual machines both in the data center and in the cloud. How do these products differ from what's available from VMware or Amazon Web Services?  Continue Reading

• Integrated security suite? How to avoid tool overlap

  The versatility of Swiss Army knife-like platforms may override existing security controls. Here's how to cut out overlap and get the most function out of multi-tools.  Continue Reading

• Five factors for evaluating big data security analytics platforms

  Expert Dan Sullivan outlines criteria for evaluating big data security analytics platforms for collecting, analyzing and managing large volumes of data generated for information security purposes.  Continue Reading

• The business case for big data security analytics

  Expert Dan Sullivan explores the emerging category of big data security analytics and outlines the vital capabilities and key benefits of the technology for enterprises.  Continue Reading

• Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview

  Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.  Continue Reading

• EMC RSA Security Analytics: SIEM product overview

  Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.  Continue Reading

• AlienVault OSSIM: SIEM Product overview

  Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.  Continue Reading

• Splunk Enterprise: SIEM product overview

  Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.  Continue Reading

• SolarWinds Log and Event Manager: SIEM product overview

  Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.  Continue Reading

• IBM Security QRadar: SIEM product overview

  Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.  Continue Reading

• LogRhythm's Security Intelligence Platform: SIEM product overview

  Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.  Continue Reading

• Introduction to big data security analytics in the enterprise

  Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection.  Continue Reading

• Comparing the best intrusion prevention systems

  Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.  Continue Reading

• Lessons in mobile data loss protection for enterprise IT pros

  With mobile devices everywhere in the enterprise now, learning tactics for data loss protection must become an IT priority.  Continue Reading

• Comparing the top Web fraud detection systems

  Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.  Continue Reading

• Drowning in a sea of cybersecurity tools?

  Here’s how to conquer the steady stream of new technologies and find the best security tools beyond point solutions.  Continue Reading

• Readers’ top picks for advanced threat detection

  Companies and functionality organizations are targeting when they seek to bolster their defenses through threat detection and analytics.  Continue Reading

• Readers’ top picks for enterprise firewalls

  The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.  Continue Reading

• Leaky enterprise: Data loss tops mobile security threats

  With the absence of high-profile breaches, mobile data protection is still on the backburner at some organizations. Why it’s time to change course.  Continue Reading

• Three criteria for selecting the right IPS products

  Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.  Continue Reading

• Vormetric Transparent Encryption: Product overview

  Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.  Continue Reading

• HP Security Voltage's SecureData Enterprise: Product overview

  Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.  Continue Reading

• Trustwave DbProtect: Database security tool overview

  Expert Ed Tittel checks out Trustwave DbProtect, a centrally managed enterprise-level database activity monitor that includes vulnerability assessment functionality.  Continue Reading

• Protegrity Database Protector: Database security tool overview

  Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.  Continue Reading

• Fortinet FortiDB: Database security tool overview

  Expert Ed Tittel examines Fortinet FortiDB, an add-on product for better securing databases through database activity monitoring and vulnerability assessment.  Continue Reading

• Oracle Advanced Security: Database security tool overview

  Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.  Continue Reading