Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Experts debate XDR market maturity and outlook

  Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go. Continue Reading

• The benefits of an IT management response

  Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too? Continue Reading

• 3 components to consider when selecting an MDR service

  In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision. Continue Reading

• Ultimate guide to secure remote access

  This comprehensive secure remote access guide outlines the strategies, tools and best practices to provide anywhere access while protecting data, systems and users. Continue Reading

• Should companies pay ransomware, and is it illegal to?

  It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout. Continue Reading

• CompTIA SYO-601 exam pivots to secure bigger attack surface

  The latest CompTIA Security+ exam, SYO-601, tests skills and knowledge for dealing with an expanded attack surface and the latest forms of assault on cybersecurity defenses.Continue Reading

• Why companies should use AI for fraud management, detection

  AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge.Continue Reading

• 17 ransomware removal tools to protect enterprise networks

  Check out this list of ransomware removal platforms to detect possible security threats, block attacks, and erase any malware lingering on devices and enterprise networks.Continue Reading

• Blockchain for identity management: Implications to consider

  Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization.Continue Reading

• How privacy engineers promote innovation and trust

  Forward-thinking companies are hiring privacy engineers. Could your organization benefit? Uncover how these experts promote innovation and fortify customer trust.Continue Reading

• The differences between open XDR vs. native XDR

  With extended detection and response, security teams get improved threat analytics and response capabilities. Here's what they need to know to choose the right type of XDR.Continue Reading

• What is identity and access management? Guide to IAM

  Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.Continue Reading

• 10 ways blockchain can improve IAM

  DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM.Continue Reading

• Federate and secure identities with enterprise BYOI

  Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend.Continue Reading

• Network security in the return-to-work era

  IT teams are dealing with the challenge of reconnecting devices to office networks as employees return to work. Here's how your organization can overcome that challenge.Continue Reading

• Risk-based vulnerability management tools in the cloud

  As enterprises increasingly rely on cloud services, a risk-based vulnerability management approach can provide the best protection against cybersecurity threats.Continue Reading

• How to perform a cybersecurity risk assessment in 5 steps

  This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues.Continue Reading

• Balancing the benefits with the risks of emerging technology

  Emerging technologies enable companies to maintain a competitive edge through their various benefits but can come with high risks. A balancing act is required.Continue Reading

• The top 7 identity and access management risks

  An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that might arise?Continue Reading

• Comparing top identity and access management certifications

  In addition to learning security fundamentals applicable to identity and access management, the top IAM certifications can yield rewarding career and networking opportunities.Continue Reading

• 5 IAM trends shaping the future of security

  The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help.Continue Reading

• ransomware

  Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.Continue Reading

• How to select an MDR service that's right for your company

  A well-engineered managed detection and response system can provide a lot of benefits. But, before deploying an MDR service, determine exactly what you expect from a provider.Continue Reading

• 10 identity and access management tools to protect networks

  IAM tools keep enterprises safe by ensuring only authorized users can access sensitive data and applications. Read this in-depth product overview of top tools on the market.Continue Reading

• Top 5 benefits of a new cybersecurity market model

  Companies are struggling to identify the cybersecurity technology that would actually be useful for their use cases. It's time for a new market model around efficacy instead.Continue Reading

• 10 cybersecurity certifications to boost your career in 2021

  A consensus of industry professionals rank these security certifications as the most coveted by employers and security pros.Continue Reading

• Corral superuser access via SDP, privileged access management

  Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM?Continue Reading

• Security observability vs. visibility and monitoring

  Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture.Continue Reading

• Security observability tools step up threat detection, response

  A step beyond security monitoring are security observability tools, which provide greater context into the events of an incident to perform a more effective response.Continue Reading

• What is secure remote access in today's enterprise?

  Out with the old, in with the new. The meaning of secure remote access, and how organizations achieve it, is changing. Here's what you need to know.Continue Reading

• Inept cybersecurity education and training feed into skills gap

  Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap.Continue Reading

• Network reconnaissance techniques for beginners

  In this excerpt of 'How Cybersecurity Really Works,' author Sam Grubb breaks down common network reconnaissance techniques used by adversaries to attack wired networks.Continue Reading

• RSA Conference 2021: 3 hot cybersecurity trends explained

  In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE.Continue Reading

• 12 essential features of advanced endpoint security tools

  In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies.Continue Reading

• Cyber Defense Matrix makes sense of chaotic security market

  The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals.Continue Reading

• Endpoint security strategy: Focus on endpoints, apps or both?

  Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both.Continue Reading

• Enterprises mull 5G vs. Wi-Fi security with private networks

  While Wi-Fi security can be implemented just as securely as 5G, mechanisms built into 5G offer some compelling benefits to enterprises considering private 5G networks.Continue Reading

• Despite confusion, zero-trust journey underway for many

  Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today.Continue Reading

• 6 ways to spur cybersecurity board engagement

  New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow.Continue Reading

• Buyers must navigate cybersecurity market confusion

  Customer confusion in the security market stems from the number of new products designed to deal with a growing number of cyberthreats. Experts look at how to navigate it all.Continue Reading

• Applying web application reconnaissance to offensive hacking

  Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman.Continue Reading

• Collaboration is key to a secure web application architecture

  Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers.Continue Reading

• CCISO exam guide authors discuss the changing CISO role

  Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape.Continue Reading

• Threat intelligence frameworks to bolster security

  Organizations have many threat intelligence frameworks to work with, each with its own advantages. From for-profit to nonprofit, here's help to figure out which ones you need.Continue Reading

• Can a new DHS cybersecurity strategy help the private sector?

  The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated.Continue Reading

• Ultimate guide to cybersecurity incident response

  Learn actionable incident response strategies that your IT and enterprise security teams can use to meet today's security threats and vulnerabilities more effectively.Continue Reading

• Ransomware attack case study: Recovery can be painful

  Even with full backups and no permanent data loss, recovering from ransomware can be expensive and painful, as evidenced in this ransomware attack case study.Continue Reading

• Top 6 SOAR uses cases to implement in enterprise SOCs

  Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts.Continue Reading

• Top benefits of SOAR tools, plus potential pitfalls to consider

  To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success.Continue Reading

• 10 leading incident response vendors for 2021

  Incident response vendors offer a variety of specialized tools to help organizations plan and manage their overall cybersecurity posture. Learn about 10 of them here.Continue Reading

• Top incident response tools to boost network protection

  Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks.Continue Reading

• Endpoint security vs. network security: Why both matter

  As the security perimeter blurs, companies often debate the merits of endpoint security vs. network security. However, it shouldn't be an either-or decision.Continue Reading

• SOAR vs. SIEM: What's the difference?

  When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data.Continue Reading

• 3 ransomware distribution methods popular with attackers

  To prevent cyber attacks, understanding how they work is half the battle. Explore the most common ransomware distribution methods in this excerpt of 'Preventing Ransomware.'Continue Reading

• Malware researcher speculates on the future of ransomware

  Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals.Continue Reading

• 5 cyber threat intelligence feeds to evaluate

  Cyber threat intelligence feeds help organizations up their security game. While the 'best' feeds vary depending on a company's needs, here are five leading services to consider.Continue Reading

• SolarWinds fallout has enterprise CISOs on edge

  As investigators uncover more about the massive SolarWinds hack, enterprise CISOs' concerns about digital supply chain security grow.Continue Reading

• Threat detection and response tools evolve and mature

  A variety of threat detection and response tools, such as XDR, are evolving into platforms to help enterprises share information and stay ahead of cybersecurity threats.Continue Reading

• Using content disarm and reconstruction for malware protection

  Content disarm and reconstruction is a modern approach to removing malicious code from files, key to detecting and thwarting successful phishing and malware attacks.Continue Reading

• 2021 cybersecurity predictions: Oh, where cybersecurity may go

  Jonathan Meyers sees 2021 bringing cybersecurity challenges to the forefront, like more cyberattacks on local governments, BYOD security issues and AI and ML overhype.Continue Reading

• The ultimate guide to cybersecurity planning for businesses

  This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks.Continue Reading

• What is the future of cybersecurity?

  Remote work is here to stay, so it's time to rethink the short-term fixes made in 2020. What else is in the cards? Here are the trends shaping the future of cybersecurity.Continue Reading

• Select a customer IAM architecture to boost business, security

  Not all customer IAM platforms are created equal. Will a security-focused or marketing-focused CIAM architecture best meet your organization's needs? Read on for help deciding.Continue Reading

• Extended detection and response tools take EDR to next level

  Extended detection and response tools offer new capabilities -- among them greater visibility -- to enterprises searching for better ways to protect their endpoints.Continue Reading

• Biometric security technology could see growth in 2021

  Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits.Continue Reading

• Top 10 cybersecurity best practices to protect your business

  Looking to improve your business's security program? Our top-10 list of cybersecurity advice breaks out best practices and tips for security professionals and for employees.Continue Reading

• Top 5 essential open source cybersecurity tools for 2021

  Some of the open source tools highlighted in our top five list have been around for decades; others are relatively new. Each has proven to be highly useful and valuable.Continue Reading

• Editor's picks: Top cybersecurity articles of 2020

  As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months.Continue Reading

• What is SecOps? Everything you need to know

  SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.Continue Reading

• Technology a double-edged sword for U.S. election security

  Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election.Continue Reading

• Counter threats with these top SecOps software options

  SecOps tools offer many capabilities to address common threats enterprises face, including domain name services, network detection and response, and anti-phishing.Continue Reading

• SASE model drives improved cloud and work-from-home security

  Find out how the Secure Access Service Edge model provides increased work-from-home security and cloud access outside of the traditional enterprise data center access model.Continue Reading

• Weighing remote browser isolation benefits and drawbacks

  Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach.Continue Reading

• Compare 5 SecOps certifications and training courses

  Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response.Continue Reading

• Cyber insurance explained, from selection to post-purchase

  Before you sign on the dotted line, make sure you understand what cyber insurance can and can't do -- and what type of policy will do the most for you.Continue Reading

• What is zero trust? Ultimate guide to the network security model

  Zero trust is a security strategy that assumes all users, devices and transactions are already compromised. The zero trust model requires strict identity and device verification, regardless of the user’s location in relation to the network perimeter.Continue Reading

• Using SDP as a VPN alternative to secure remote workforces

  Software-defined perimeter has been touted as a VPN alternative for secure remote access. How do you know if SDP or a traditional VPN is right for your company?Continue Reading

• Weighing the future of firewalls in a zero-trust world

  Cybersecurity pros have been predicting the firewall's demise for years, yet the device is still with us. But does it have a place in zero-trust networks? One analyst says yes.Continue Reading

• AI in security analytics is the enhancement you need

  AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits.Continue Reading

• AI in cybersecurity ups your odds against persistent threats

  AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle.Continue Reading

• Security automation tools and analytics reshape SecOps efforts

  To transition from being reactive to proactive in terms of cybersecurity threats, check out how SecOps teams can use security analytics and automation tools to make the change.Continue Reading

• The 6 benefits of zero-trust security for businesses

  The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the six business benefits of zero trust and how it differs from traditional security approaches.Continue Reading

• Zero-trust network policies should reflect varied threats

  Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies.Continue Reading

• Zero-trust methodology's popularity a double-edged sword

  The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness.Continue Reading

• Why SASE should be viewed as an evolution, not revolution

  The hype around secure access service edge (SASE) is palpable. But by taking a step back, security leaders can align an emerging trend to their long-term goals.Continue Reading

• Evaluating SOC automation benefits and limitations

  Security operations center automation can help address the security skills gap by scaling critical analyst responsibilities. But an overreliance on AI introduces other risks.Continue Reading

• Explore the top 3 zero-trust certifications and training courses

  Explore how zero-trust certifications and training options from Forrester, Cybrary and Pluralsight can build on your IT team's skills for a successful security migration.Continue Reading

• Zero-trust implementation begins with choosing an on-ramp

  Zero-trust security has three main on-ramps -- each with its own technology path. For a clear-cut zero-trust implementation, enterprises need to choose their on-ramp wisely.Continue Reading

• The Ghidra Book interview with co-author Kara Nance

  Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved.Continue Reading

• Weighing double key encryption challenges, payoffs

  Microsoft's new double key encryption offering brings data security and compliance benefits. Are they worth the implementation challenges?Continue Reading

• Explore self-sovereign identity use cases and benefits

  The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt.Continue Reading

• Oversee apps with these 3 application security testing tools

  Unsecured applications can have dire consequences for enterprises. Discover how top app security testing tools on the market today protect apps and enhance developer productivity.Continue Reading

• Cybersecurity testing essentials for mergers and acquisitions

  Before moving forward with an M&A, conduct some cybersecurity testing to ensure your company knows how the acquired company protects data, employees and customers.Continue Reading

• Site-to-site VPN security benefits and potential risks

  Not every enterprise needs the functionality of a standard VPN client. A site-to-site VPN may be a better choice for some companies, but it's not without risk.Continue Reading

• Zero-trust use cases highlight both its benefits and misconceptions

  For many organizations, zero trust remains an abstract security idea. Zero-trust use cases demonstrate the concept's real-world benefits but also expose its drawbacks.Continue Reading

• Cybersecurity new normal needs change in process, CISOs say

  As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal.Continue Reading

• How security champions can help, despite working remotely

  By effectively using collaboration tools, security champions can still spread a company's security message even as most offices stay closed and employees work remotely.Continue Reading

• What cybersecurity teams can learn from COVID-19

  Nabil Hannan examines key similarities between medical and computer viruses that cybersecurity teams can use to keep businesses protected effectively.Continue Reading

• Security team analyzes data breach costs for better metrics

  Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations.Continue Reading

• 7 security awareness statistics to keep you up at night

  As if protecting corporate systems and data wasn't hard enough, beware of another potential foe: those well-meaning but woefully uninformed staff members.Continue Reading