Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• How to avoid brand hacking and ensure enterprise social media security

  Enterprise social media has revolutionized how businesses communicate with consumers. However, it has also made brand hacking an even larger concern. Continue Reading

• Exploring logical, physical access control systems integration

  Is it smart for infosec teams to push for integration of logical and physical access control systems? Learn how to make the case and where to start. Continue Reading

• Password-free authentication: Figuring out FIDO

  Will open FIDO standards for better interoperability of next-generation authentication technologies actually work? Continue Reading

• Gathering forensic data with CrowdResponse

  Video: Keith Barker of CBT Nuggets shows how to use CrowdStrike's security incident response tool, CrowdResponse, to gather forensic information. Continue Reading

• Network segmentation: No-brainer or unseen network security threat?

  When it comes to security, network segmentation can be a blessing or a curse. In this tip, we look at the pros and cons of this enterprise decision. Continue Reading

• NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.Continue Reading

• UTM vs. NGFW: Comparing unified threat management, next-gen firewalls

  What's the difference between unified threat management (UTM) products and next-generation firewalls (NGFW)? Brad Casey discusses.Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading

• Data encryption, notification and the NIST Cybersecurity Framework

  Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.Continue Reading

• Authentication caching: How it reduces enterprise network congestion

  Michael Cobb explores the pros and cons of authentication caching and whether the practice can truly calm network strain.Continue Reading

• CryptoLocker ransomware: Why ransomware prevention is a losing battle

  The CryptoLocker ransomware caught many enterprises off guard. Expert Nick Lewis explains why it's unique and the one defense strategy that works.Continue Reading

• Required: A revamped antimalware strategy

  Increasingly sophisticated malware can divert the attention of IT departments from low-level security gaps. Here’s why you need a strategy that works on all levels.Continue Reading

• Social engineering attacks: Is security focused on the wrong problem?

  To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors.Continue Reading

• Ranum Q&A with Aaron Turner: Whitelisting is on enterprise blacklist

  An early proponent of Microsoft SRP, Aaron Turner says application whitelisting has finally taken hold in consumer app stores.Continue Reading

• HSTS: How HTTP Strict Transport Security enhances application security

  Many websites are using HTTP Strict Transport Security (HSTS) to enhance application security, but is it really more effective than HTTPS?Continue Reading

• Richard Clarke: NSA revelations show potential for police state

  At the 2014 CSA Summit, presidential cybersecurity advisor Richard Clarke said NSA monitoring efforts are negatively affecting U.S. cloud providers.Continue Reading

• What to do when shadow IT risks move to the cloud

  Shadow IT isn't new, but now it's climbed into the cloud. Get a grip on it the old-fashioned way, with discovery, monitoring and interdiction.Continue Reading

• Choosing an SSL decryption appliance for enterprise SSL monitoring

  SSL monitoring is becoming critical to enterprise network security. Learn the key criteria for choosing an SSL decryption appliance.Continue Reading

• Security analytics: The key to reliable security data, effective action

  It's tough to get reliable security data. This Security School explains how to use security analytics to safeguard your network system's health.Continue Reading

• Final version of NIST cybersecurity framework draws mixed reviews

  Experts differed over whether the NIST cybersecurity framework provides critical infrastructure firms with the tools to defend themselves.Continue Reading

• The benefits of subscription-based penetration testing services

  Should an enterprise opt for subscription-based services or conduct their pen testing in-house? Network security expert Brad Casey discusses.Continue Reading

• Is cloud-based DDoS mitigation better than in-house DDoS protection?

  Discover the benefits of cloud-based DDoS mitigation and uncover when a cloud service is more viable than in-house DDoS protection.Continue Reading

• How ISP services can improve enterprise cybersecurity

  Uncover which ISP services enterprises should seek from their providers to improve cybersecurity and mitigate cyberattacks.Continue Reading

• Using Wireshark: Reviewing four key Wireshark features

  Become familiar with four Wireshark features network security pros value in this packet-capturing analytics tool.Continue Reading

• Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.Continue Reading

• The changing face of advanced malware detection

  It's a new year of advanced threats, malicious code and holes to plug, but security teams are fighting back with help from global services.Continue Reading

• Mobile security report: Data on devices

  New survey shows the battle between corporate-issued devices versus personally owned smartphones and tablets is too close to call.Continue Reading

• SHA-1 to SHA-2: The future of SSL and enterprise application security

  The future of SSL is SHA-2. Security expert Michael Cobb explains why SHA-1 poses an increasing danger and what the transition entails.Continue Reading

• On Data Privacy Day, OTA highlights need for data protection policy

  The Online Trust Alliance marks Data Privacy Day with events to help enterprises plan for inevitable data protection and privacy incidents.Continue Reading

• How to use OpenPuff steganography to send sensitive info securely

  Video: Keith Barker of CBT Nuggets demonstrates how to use OpenPuff steganography to hide sensitive information from prying eyes during transmission.Continue Reading

• KINS malware: Rootkit vs. bootkit

  The emerging KINS malware has been labeled a bootkit rather than a rootkit. Nick Lewis explains the difference and how to defend against it.Continue Reading

• Essential security analytics technology for advanced malware detection

  Josh Sokol reviews the security technologies needed to support a successful security analytics program focused on advanced malware detection.Continue Reading

• The backdoor threat of Trusted Platform Module and Windows 8

  Does the combination of the Trusted Platform Module and Windows 8 create the threat of a backdoor? Michael Cobb discusses.Continue Reading

• Elliptic curve cryptography: What ECC can do for the enterprise

  Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC.Continue Reading

• What is the MEHARI risk management framework and how can it be used?

  Expert Joseph Granneman details the MEHARI risk management framework and compares it to the ISO 27000 and NIST 800 series.Continue Reading

• SSH security risks: Assessment and remediation planning

  Application security expert Michael Cobb details how to use a new free SSH security risk assessment tool to mitigate enterprise SSH risks.Continue Reading

• How to identify and secure data egress points to prevent data loss

  Expert Michael Cobb discusses how to identify the data egress points in enterprise databases to prevent malicious data exfiltration.Continue Reading

• Using the Google Transparency Report to enhance website blacklisting

  Threats expert Nick Lewis explores whether Google's Transparency Report can be used to enhance blacklisting of malicious websites in the enterprise.Continue Reading

• Can Windows EFS hinder malware detection?

  A new malware strain leverages the Encrypting File System to thwart forensic analysis. Learn how to handle attacks that involve Windows EFS.Continue Reading

• Using DNS monitoring to detect network breaches

  Brad Casey highlights three DNS data-monitoring methods that can help organizations determine if their networks have been breached.Continue Reading

• Using microVM isolation to improve malware detection and defense

  Use of microVMs for malware detection and isolation is growing, but expert Brad Casey cautions that the tactic isn't a cure-all for fighting malware.Continue Reading

• Is EAL4 certification necessary for enterprise firewall products?

  EAL4 certification ensures integrity in security products, but is it a must when buying enterprise firewall products? Expert Brad Casey explains.Continue Reading

• Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.Continue Reading

• A full-service model for SIEM

  The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations.Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.Continue Reading

• How to test for and protect against firewall vulnerabilities

  Vulnerabilities in a firewall operating system can render the firewall useless. Learn how to test for and protect against them.Continue Reading

• MDM vs. MAM: Comparing enterprise mobile security management options

  Struggling to compare MDM vs. MAM? You're not alone. Learn all about the various technology options in enterprise mobile security management.Continue Reading

• How do different browsers handle SSL certificate revocation?

  Application security expert Michael Cobb explores how different Web browsers handle SSL certificate revocation.Continue Reading

• PCI DSS version 3.0: The five most important changes for merchants

  PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later.Continue Reading

• Open source code reuse: What are the security implications?

  Reusing open source code can present a security risk. Application security expert Michael Cobb explains why and how to protect applications.Continue Reading

• PCI 3.0 special report: Reviewing the state of payment card compliance

  Get an in-depth analysis of PCI DSS 3.0, an illustrated history of PCI DSS and insights on the future of enterprise payment card compliance.Continue Reading

• Eliminating black hat bargains

  Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.Continue Reading

• Software [In]security: BSIMM-V does a number on secure software dev

  The fifth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading

• Social media regulations and compliance: What enterprises should know

  Nick Hayes of Forrester Research details social media regulations and compliance issues, including five compliance areas that enterprises must manage.Continue Reading

• Data governance 2.0: Adapting to a new data governance framework

  Data governance 2.0, an updated enterprise data governance framework, brings challenges and opportunities. Henry Peyret of Forrester Research details.Continue Reading

• VDI security: The benefits and pitfalls of virtualizing endpoints

  With the rise of endpoint virtualization, enterprises need to grasp the positives and manage the negatives of VDI security. Expert Brad Casey details.Continue Reading

• Use SIEM technology to identify unauthorized access attempts

  Analyst Anton Chuvakin explains how to use SIEM technology to identify unauthorized access attempts that can lead to data theft.Continue Reading

• Best of vulnerability management 2013

  Readers pick the top vulnerability management products in 2013: Network vulnerability scanners, patch management, reporting, remediation, compliance.Continue Reading

• Security: The genesis of SDN

  SDN is a design with security as its foundation, and it has the potential to solve traditional networking's glaring security issues.Continue Reading

• SIEM analytics: Process matters more than products

  Expect Microsoft Word to write the next great American novel? Success or failure with SIEM products rests on your security monitoring capabilities.Continue Reading

• Best of Web application firewalls 2013

  Readers vote on the top Web application firewalls in 2013: Standalone WAFs and products that are part of application acceleration/delivery systems.Continue Reading

• How to use Nikto to scan for Web server vulnerabilities

  Video: Keith Barker of CBT Nuggets shows how to use Nikto, a free and open source tool, to scan for outdated or vulnerable Web servers.Continue Reading

• Cybersecurity: Global risk management moves beyond regulations

  Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead.Continue Reading

• Bridging the IT security skills gap

  While poaching security talent may plug short-term gaps, outreach and education will solve the long-term shortfall in IT security professionals.Continue Reading

• Firewalls play by new rules

  Modern firewalls offer greater application awareness and user controls. Protect your migration strategy with these tips from the pros.Continue Reading

• Enterprise mobile security by the numbers

  Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading

• Unlock new pathways to network security architecture

  Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.Continue Reading

• Ten years later: The legacy of SB 1386 compliance on data privacy laws

  A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.Continue Reading

• Big data analytics: New patterns emerge for security

  Will big data analytics make security better? With data scientists in short supply, solution providers rush to provide big data analytics tools.Continue Reading

• BSIMM4 measures and advances secure application development

  The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading

• Data breach protection requires new barriers

  Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?Continue Reading

• Apple security update: Is it ready for the enterprise?

  It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.Continue Reading

• The pros and cons of SSL decryption for enterprise network monitoring

  Expert Brad Casey discusses the pros and cons of SSL decryption to determine its viability as an enterprise network monitoring method.Continue Reading

• Address IPv6 security before your time runs out

  Most networks have partial deployment of IPv6 often without IT realizing it. It’s time to take stock of the security implications before attackers do.Continue Reading

• Botnet takedowns: A dramatic defense

  The infections and cyberattacks that botnets are used to launch remain hard-to-detect malware threats that have moved beyond PCs to mobile devices.Continue Reading

• Managing big data privacy concerns: Tactics for proactive enterprises

  The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading

• Well-rounded information security education benefits IT professionals

  A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.Continue Reading

• BYOD security strategies: Balancing BYOD risks and rewards

  Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading

• Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading

• Critical infrastructure protection hindered by difficulties, experts say

  Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses.Continue Reading

• Private market growing for zero-day exploits and vulnerabilities

  Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.Continue Reading

• Chief information security officer skills go beyond customary technical roles

  A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.Continue Reading

• Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading

• Cloud Compliance: Tackling Compliance in the Cloud

  Moving to a cloud environment brings compliance challenges, but they’re not insurmountable.Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.Continue Reading

• The new era of big data security analytics

  The information security industry needs to shift its focus to data-driven security.Continue Reading

• FISMA Compliance and the Evolution to Continuous Monitoring

  The U.S. Department of State developed a system for improving federal cybersecurity.Continue Reading

• GRC Management and Critical Infrastructure Protection

  GRC needs to adapt to become a truly effective risk management tool for critical infrastructure.Continue Reading

• Developing a BYOD Strategy: Weigh the Risks, Challenges and Benefits

  Organizations need to consider benefits and risks as they embrace BYOD.Continue Reading

• Pros and Cons of Information Security Certifications

  Educating the security professional requires far more than a certification exam.Continue Reading

• PDF download: Information Security magazine October 2012

  In this issue, find out who won this year's Readers' Choice Awards. Also learn about threat management best practices and how hacktivists are impacting the threat landscape.Continue Reading

• Software-defined networking: Exploring SDN security pros and cons

  Matthew Pascucci offers an intro to software-defined networking and explains why SDN security relies on securing the SDN controller at all costs.Continue Reading

• Threat prevention techniques: Best practices for threat management

  A successful threat management program requires effective processes, layered technology and user education.Continue Reading

• PDF download: Information Security magazine September 2012

  In this issue, learn about the pros and cons of cloud-based security services and mobile application security considerations.Continue Reading

• A new framework for preventing XSS attacks

  Understand how cross-site scripting attacks work and how to prevent them.Continue Reading