Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Data loss prevention market: DLP vendors (and the questions to ask them)

  Learn more about the data loss prevention marketplace, DLP vendors and critical questions to ask when evaluating potential DLP products for your enterprise. Continue Reading

• Exploring the top four DLP benefits for enterprises

  Data loss prevention products can vary greatly, yet they all offer the same four core advantages. Rich Mogull explains the top ways DLP can benefit your enterprise. Continue Reading

• An intro to automated penetration testing

  In this exploratory article, expert Mike Chapple explains what automated penetration testing is, why it is useful and how to start building an enterprise penetration tester toolkit. Continue Reading

• What to expect from the new CompTIA Security+ certification exam

  With the new version of the CompTIA Security+ exam adding some necessary changes, expert Joseph Granneman explains how they affect the relevance of the exam. Continue Reading

• NIST SP800-82: The evolution of the ICS guide

  Expert Ernie Hayden takes an in-depth look at the development of NIST SP800-82 since its birth, and what the standard includes in the most recent revision. Continue Reading

• CISSP quiz: System architecture, security models, system evaluation

  Test your knowledge of the CISSP exam's Security Architecture and Design domain by taking this practice quiz that covers topics including system architecture, security models and more.Continue Reading

• SHA-2 algorithm: The how and why of the transition

  Is it time to make the move to the SHA-2 algorithm? Application security expert Michael Cobb discusses and offers tips to ease the transition.Continue Reading

• Top questions to ask mobile device management vendors

  With so many mobile device management vendors and products in the marketplace, choosing one to use in your enterprise can be a challenge. Check out these 13 vendor questions that will help make the evaluation process easier.Continue Reading

• Continuous monitoring demystified

  A continuous monitoring program can improve everything from configuration and patch management to event monitoring and incident response.Continue Reading

• How to conduct a next-generation firewall evaluation

  Before buying a next-generation firewall, read this essential guide that will walk your business through the process, from evaluation to purchase.Continue Reading

• NGFW benefits include identity awareness, secure mobile access

  Security expert Diana Kelley outlines three major benefits of next-generation firewalls: their ability to thwart unknown attacks, to make decisions using identity awareness and to ensure secure access by remote and mobile users.Continue Reading

• Evaluating next-gen firewall vendors: Top 11 must-ask questions

  Evaluating potential firewall vendors and choosing the one that best aligns with your enterprise's needs can be a tricky task. This tip offers 11 questions any organization should ask vendors prior to making a firewall purchase.Continue Reading

• CISSP training video: Control objectives, risk management and analysis

  In this CISSP Essentials Security School presentation, Shon Harris outlines the importance of control objectives, metrics, and risk management and analysis in the CISSP Information Security Governance and Risk Management domain.Continue Reading

• Podcast: Explaining CISSP value to infosec pros

  Shon Harris of Logical Security offers an insider's perspective on the real value of the CISSP certification and why it has become the gold standard in security certifications.Continue Reading

• How can the OWASP Top Ten reduce Web application vulnerabilities?

  The OWASP Top Ten Proactive Controls can reduce Web application vulnerabilities, but are they difficult and expensive to implement?Continue Reading

• Can FIPS 140-2 certification improve enterprise mobile security?

  FIPS 140-2 is a federal mobile security certification, so does it have any relevance in an enterprise setting? Michael Cobb explains.Continue Reading

• Amazon Fire Phone security features and pitfalls

  The Amazon Fire Phone has the potential to ignite interest among enterprise users, but are security issues lurking beneath its shiny façade? Expert Lisa Phifer reviews the Fire Phone's security features and shortcomings.Continue Reading

• Next-generation tools for next-generation network security

  The next-generation network -- one that must encompass the cloud, mobility and Internet of Things devices -- requires a different standard of network monitoring tools. Learn about new and improved tools that conquer those challenges.Continue Reading

• Is cyberinsurance worth the risk?

  Immature products and a lack of standardization raise critical questions about first-party risk and third-party liability.Continue Reading

• The NoSQL challenge: What's in store for big data and security

  Big data offers horizontal scalability, but how do you get your database security to scale along with it?Continue Reading

• Third-party application security evaluation tools and services

  Learn about the tools and services available that enterprises can use to determine the security of their third-party applications.Continue Reading

• The best free vulnerability risk assessment tools

  Application security expert Michael Cobb discusses three free vulnerability risk assessment tools you should consider leveraging in the enterprise.Continue Reading

• Open source PCI DSS: A strategy for cheaper, easier PCI compliance

  Could open source security software solve PCI DSS compliance problems? Mike Chapple looks at how open source technologies can meet compliance needs.Continue Reading

• Product review: Juniper Networks SRX Series UTM appliances

  The market-leading Juniper Networks SRX Series of UTM boxes are feature-rich products that may cause implementation headaches.Continue Reading

• HCISPP certification: What are the benefits?

  (ISC)2's HCISPP certification has many potential benefits for health information privacy and security. Expert Joseph Granneman examines them.Continue Reading

• Benefits and tradeoffs: Is a UTM appliance your best bet?

  Unified threat management tools offer layered security and defense against sophisticated attacks. But, there are caveats. How deep are your pockets?Continue Reading

• Buying security: Unified threat management, or UTM, products

  Looking for an enterprise unified threat management (UTM) product? Expert David Strom offers UTM buying guidance on features, functions and price.Continue Reading

• Benefits of using a UTM appliance to reduce security incidents

  Unified threat management, or UTM, appliances offer four major enterprise benefits. Learn how this key tool can help reduce security incidents.Continue Reading

• Enterprise UTM products: Five questions to ask before purchasing

  Is your enterprise ready for UTM? Uncover five questions to ask prior to purchase to get the most out of the investment.Continue Reading

• The top 10 questions you should ask potential UTM vendors

  When evaluating potential UTM vendors, it's critical to know which questions to ask. Here are 10 questions about things your enterprise needs to know.Continue Reading

• Using UTM to lower costs, reduce latency and improve security rollouts

  Unified threat management appliances are critical for improving future security rollouts, reducing costs and minimizing latency.Continue Reading

• Scoping out the UTM market: UTM vendors at a glance

  This comprehensive list of UTM vendors aims to help enterprises evaluate who's who in the UTM market.Continue Reading

• Evaluating UTM products: Pros and cons of UTM appliances

  Before you invest in a UTM product, it's critical to ensure it will fulfill your security needs. Learn the pros and cons of UTM appliances.Continue Reading

• Next-generation firewall comparisons show no product is perfect

  When comparing NGFW appliances, experts say that enterprises should focus on products that meet specific needs, not just those with the most features.Continue Reading

• Snort OpenAppID introduction: Open source application control

  The OpenAppID engine for Snort promises to enable organizations to create an open source application firewall. Kevin Beaver explores how it works.Continue Reading

• How to decide if a cloud firewall is better than a traditional firewall

  Before replacing a traditional firewall with a cloud firewall, keep these considerations in mind. Kevin Beaver shares his list of concerns.Continue Reading

• NIST cybersecurity framework: Assessing the strengths and weaknesses

  Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved.Continue Reading

• Exploring logical, physical access control systems integration

  Is it smart for infosec teams to push for integration of logical and physical access control systems? Learn how to make the case and where to start.Continue Reading

• Password-free authentication: Figuring out FIDO

  Will open FIDO standards for better interoperability of next-generation authentication technologies actually work?Continue Reading

• Network segmentation: No-brainer or unseen network security threat?

  When it comes to security, network segmentation can be a blessing or a curse. In this tip, we look at the pros and cons of this enterprise decision.Continue Reading

• NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.Continue Reading

• UTM vs. NGFW: Comparing unified threat management, next-gen firewalls

  What's the difference between unified threat management (UTM) products and next-generation firewalls (NGFW)? Brad Casey discusses.Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading

• Data encryption, notification and the NIST Cybersecurity Framework

  Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.Continue Reading

• Authentication caching: How it reduces enterprise network congestion

  Michael Cobb explores the pros and cons of authentication caching and whether the practice can truly calm network strain.Continue Reading

• CryptoLocker ransomware: Why ransomware prevention is a losing battle

  The CryptoLocker ransomware caught many enterprises off guard. Expert Nick Lewis explains why it's unique and the one defense strategy that works.Continue Reading

• Required: A revamped antimalware strategy

  Increasingly sophisticated malware can divert the attention of IT departments from low-level security gaps. Here’s why you need a strategy that works on all levels.Continue Reading

• Social engineering attacks: Is security focused on the wrong problem?

  To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors.Continue Reading

• RSA Conference 2014 analysis: Security topics to keep on the radar

  Several information security topics emerged as hot topics at RSA 2014. Learn three security topics enterprises should keep on their radar.Continue Reading

• HSTS: How HTTP Strict Transport Security enhances application security

  Many websites are using HTTP Strict Transport Security (HSTS) to enhance application security, but is it really more effective than HTTPS?Continue Reading

• Choosing an SSL decryption appliance for enterprise SSL monitoring

  SSL monitoring is becoming critical to enterprise network security. Learn the key criteria for choosing an SSL decryption appliance.Continue Reading

• Security analytics: The key to reliable security data, effective action

  It's tough to get reliable security data. This Security School explains how to use security analytics to safeguard your network system's health.Continue Reading

• Final version of NIST cybersecurity framework draws mixed reviews

  Experts differed over whether the NIST cybersecurity framework provides critical infrastructure firms with the tools to defend themselves.Continue Reading

• The benefits of subscription-based penetration testing services

  Should an enterprise opt for subscription-based services or conduct their pen testing in-house? Network security expert Brad Casey discusses.Continue Reading

• Is cloud-based DDoS mitigation better than in-house DDoS protection?

  Discover the benefits of cloud-based DDoS mitigation and uncover when a cloud service is more viable than in-house DDoS protection.Continue Reading

• How ISP services can improve enterprise cybersecurity

  Uncover which ISP services enterprises should seek from their providers to improve cybersecurity and mitigate cyberattacks.Continue Reading

• Using Wireshark: Reviewing four key Wireshark features

  Become familiar with four Wireshark features network security pros value in this packet-capturing analytics tool.Continue Reading

• Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.Continue Reading

• The changing face of advanced malware detection

  It's a new year of advanced threats, malicious code and holes to plug, but security teams are fighting back with help from global services.Continue Reading

• Mobile security report: Data on devices

  New survey shows the battle between corporate-issued devices versus personally owned smartphones and tablets is too close to call.Continue Reading

• SHA-1 to SHA-2: The future of SSL and enterprise application security

  The future of SSL is SHA-2. Security expert Michael Cobb explains why SHA-1 poses an increasing danger and what the transition entails.Continue Reading

• KINS malware: Rootkit vs. bootkit

  The emerging KINS malware has been labeled a bootkit rather than a rootkit. Nick Lewis explains the difference and how to defend against it.Continue Reading

• Essential security analytics technology for advanced malware detection

  Josh Sokol reviews the security technologies needed to support a successful security analytics program focused on advanced malware detection.Continue Reading

• The backdoor threat of Trusted Platform Module and Windows 8

  Does the combination of the Trusted Platform Module and Windows 8 create the threat of a backdoor? Michael Cobb discusses.Continue Reading

• Elliptic curve cryptography: What ECC can do for the enterprise

  Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC.Continue Reading

• What is the MEHARI risk management framework and how can it be used?

  Expert Joseph Granneman details the MEHARI risk management framework and compares it to the ISO 27000 and NIST 800 series.Continue Reading

• How to identify and secure data egress points to prevent data loss

  Expert Michael Cobb discusses how to identify the data egress points in enterprise databases to prevent malicious data exfiltration.Continue Reading

• Using the Google Transparency Report to enhance website blacklisting

  Threats expert Nick Lewis explores whether Google's Transparency Report can be used to enhance blacklisting of malicious websites in the enterprise.Continue Reading

• Can Windows EFS hinder malware detection?

  A new malware strain leverages the Encrypting File System to thwart forensic analysis. Learn how to handle attacks that involve Windows EFS.Continue Reading

• Using DNS monitoring to detect network breaches

  Brad Casey highlights three DNS data-monitoring methods that can help organizations determine if their networks have been breached.Continue Reading

• Using microVM isolation to improve malware detection and defense

  Use of microVMs for malware detection and isolation is growing, but expert Brad Casey cautions that the tactic isn't a cure-all for fighting malware.Continue Reading

• Is EAL4 certification necessary for enterprise firewall products?

  EAL4 certification ensures integrity in security products, but is it a must when buying enterprise firewall products? Expert Brad Casey explains.Continue Reading

• Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.Continue Reading

• A full-service model for SIEM

  The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations.Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.Continue Reading

• How to test for and protect against firewall vulnerabilities

  Vulnerabilities in a firewall operating system can render the firewall useless. Learn how to test for and protect against them.Continue Reading

• How do different browsers handle SSL certificate revocation?

  Application security expert Michael Cobb explores how different Web browsers handle SSL certificate revocation.Continue Reading

• PCI DSS version 3.0: The five most important changes for merchants

  PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later.Continue Reading

• Open source code reuse: What are the security implications?

  Reusing open source code can present a security risk. Application security expert Michael Cobb explains why and how to protect applications.Continue Reading

• PCI 3.0 special report: Reviewing the state of payment card compliance

  Get an in-depth analysis of PCI DSS 3.0, an illustrated history of PCI DSS and insights on the future of enterprise payment card compliance.Continue Reading

• Software [In]security: BSIMM-V does a number on secure software dev

  The fifth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading

• Social media regulations and compliance: What enterprises should know

  Nick Hayes of Forrester Research details social media regulations and compliance issues, including five compliance areas that enterprises must manage.Continue Reading

• Data governance 2.0: Adapting to a new data governance framework

  Data governance 2.0, an updated enterprise data governance framework, brings challenges and opportunities. Henry Peyret of Forrester Research details.Continue Reading

• VDI security: The benefits and pitfalls of virtualizing endpoints

  With the rise of endpoint virtualization, enterprises need to grasp the positives and manage the negatives of VDI security. Expert Brad Casey details.Continue Reading

• Use SIEM technology to identify unauthorized access attempts

  Analyst Anton Chuvakin explains how to use SIEM technology to identify unauthorized access attempts that can lead to data theft.Continue Reading

• Best of vulnerability management 2013

  Readers pick the top vulnerability management products in 2013: Network vulnerability scanners, patch management, reporting, remediation, compliance.Continue Reading

• Security: The genesis of SDN

  SDN is a design with security as its foundation, and it has the potential to solve traditional networking's glaring security issues.Continue Reading

• SIEM analytics: Process matters more than products

  Expect Microsoft Word to write the next great American novel? Success or failure with SIEM products rests on your security monitoring capabilities.Continue Reading

• Best of Web application firewalls 2013

  Readers vote on the top Web application firewalls in 2013: Standalone WAFs and products that are part of application acceleration/delivery systems.Continue Reading

• Cybersecurity: Global risk management moves beyond regulations

  Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead.Continue Reading

• Bridging the IT security skills gap

  While poaching security talent may plug short-term gaps, outreach and education will solve the long-term shortfall in IT security professionals.Continue Reading

• Firewalls play by new rules

  Modern firewalls offer greater application awareness and user controls. Protect your migration strategy with these tips from the pros.Continue Reading

• Enterprise mobile security by the numbers

  Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading

• Unlock new pathways to network security architecture

  Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.Continue Reading

• Ten years later: The legacy of SB 1386 compliance on data privacy laws

  A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.Continue Reading

• Big data analytics: New patterns emerge for security

  Will big data analytics make security better? With data scientists in short supply, solution providers rush to provide big data analytics tools.Continue Reading

• BSIMM4 measures and advances secure application development

  The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading

• Data breach protection requires new barriers

  Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?Continue Reading