Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Next-generation tools for next-generation network security
The next-generation network -- one that must encompass the cloud, mobility and Internet of Things devices -- requires a different standard of network monitoring tools. Learn about new and improved tools that conquer those challenges. Continue Reading
Is cyberinsurance worth the risk?
Immature products and a lack of standardization raise critical questions about first-party risk and third-party liability. Continue Reading
The NoSQL challenge: What's in store for big data and security
Big data offers horizontal scalability, but how do you get your database security to scale along with it? Continue Reading
-
Third-party application security evaluation tools and services
Learn about the tools and services available that enterprises can use to determine the security of their third-party applications. Continue Reading
The best free vulnerability risk assessment tools
Application security expert Michael Cobb discusses three free vulnerability risk assessment tools you should consider leveraging in the enterprise. Continue Reading
Open source PCI DSS: A strategy for cheaper, easier PCI compliance
Could open source security software solve PCI DSS compliance problems? Mike Chapple looks at how open source technologies can meet compliance needs.Continue Reading
Product review: Juniper Networks SRX Series UTM appliances
The market-leading Juniper Networks SRX Series of UTM boxes are feature-rich products that may cause implementation headaches.Continue Reading
HCISPP certification: What are the benefits?
(ISC)2's HCISPP certification has many potential benefits for health information privacy and security. Expert Joseph Granneman examines them.Continue Reading
Benefits and tradeoffs: Is a UTM appliance your best bet?
Unified threat management tools offer layered security and defense against sophisticated attacks. But, there are caveats. How deep are your pockets?Continue Reading
Buying security: Unified threat management, or UTM, products
Looking for an enterprise unified threat management (UTM) product? Expert David Strom offers UTM buying guidance on features, functions and price.Continue Reading
-
Benefits of using a UTM appliance to reduce security incidents
Unified threat management, or UTM, appliances offer four major enterprise benefits. Learn how this key tool can help reduce security incidents.Continue Reading
Enterprise UTM products: Five questions to ask before purchasing
Is your enterprise ready for UTM? Uncover five questions to ask prior to purchase to get the most out of the investment.Continue Reading
The top 10 questions you should ask potential UTM vendors
When evaluating potential UTM vendors, it's critical to know which questions to ask. Here are 10 questions about things your enterprise needs to know.Continue Reading
Using UTM to lower costs, reduce latency and improve security rollouts
Unified threat management appliances are critical for improving future security rollouts, reducing costs and minimizing latency.Continue Reading
Scoping out the UTM market: UTM vendors at a glance
This comprehensive list of UTM vendors aims to help enterprises evaluate who's who in the UTM market.Continue Reading
Evaluating UTM products: Pros and cons of UTM appliances
Before you invest in a UTM product, it's critical to ensure it will fulfill your security needs. Learn the pros and cons of UTM appliances.Continue Reading
Next-generation firewall comparisons show no product is perfect
When comparing NGFW appliances, experts say that enterprises should focus on products that meet specific needs, not just those with the most features.Continue Reading
Snort OpenAppID introduction: Open source application control
The OpenAppID engine for Snort promises to enable organizations to create an open source application firewall. Kevin Beaver explores how it works.Continue Reading
How to decide if a cloud firewall is better than a traditional firewall
Before replacing a traditional firewall with a cloud firewall, keep these considerations in mind. Kevin Beaver shares his list of concerns.Continue Reading
NIST cybersecurity framework: Assessing the strengths and weaknesses
Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved.Continue Reading
Exploring logical, physical access control systems integration
Is it smart for infosec teams to push for integration of logical and physical access control systems? Learn how to make the case and where to start.Continue Reading
Password-free authentication: Figuring out FIDO
Will open FIDO standards for better interoperability of next-generation authentication technologies actually work?Continue Reading
Network segmentation: No-brainer or unseen network security threat?
When it comes to security, network segmentation can be a blessing or a curse. In this tip, we look at the pros and cons of this enterprise decision.Continue Reading
NSA TAO: What Tailored Access Operations unit means for enterprises
The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.Continue Reading
UTM vs. NGFW: Comparing unified threat management, next-gen firewalls
What's the difference between unified threat management (UTM) products and next-generation firewalls (NGFW)? Brad Casey discusses.Continue Reading
How Cisco's 'Application Centric Infrastructure' differs from SDN
As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading
Data encryption, notification and the NIST Cybersecurity Framework
Awkward? The NIST Cybersecurity Framework arrives as the U.S. government struggles to counter negative reports on its data privacy and encryption standards.Continue Reading
Authentication caching: How it reduces enterprise network congestion
Michael Cobb explores the pros and cons of authentication caching and whether the practice can truly calm network strain.Continue Reading
CryptoLocker ransomware: Why ransomware prevention is a losing battle
The CryptoLocker ransomware caught many enterprises off guard. Expert Nick Lewis explains why it's unique and the one defense strategy that works.Continue Reading
Required: A revamped antimalware strategy
Increasingly sophisticated malware can divert the attention of IT departments from low-level security gaps. Here’s why you need a strategy that works on all levels.Continue Reading
Social engineering attacks: Is security focused on the wrong problem?
To combat social engineering techniques, know thy data and how to protect it against exfiltration by malicious actors.Continue Reading
RSA Conference 2014 analysis: Security topics to keep on the radar
Several information security topics emerged as hot topics at RSA 2014. Learn three security topics enterprises should keep on their radar.Continue Reading
HSTS: How HTTP Strict Transport Security enhances application security
Many websites are using HTTP Strict Transport Security (HSTS) to enhance application security, but is it really more effective than HTTPS?Continue Reading
Choosing an SSL decryption appliance for enterprise SSL monitoring
SSL monitoring is becoming critical to enterprise network security. Learn the key criteria for choosing an SSL decryption appliance.Continue Reading
Security analytics: The key to reliable security data, effective action
It's tough to get reliable security data. This Security School explains how to use security analytics to safeguard your network system's health.Continue Reading
Final version of NIST cybersecurity framework draws mixed reviews
Experts differed over whether the NIST cybersecurity framework provides critical infrastructure firms with the tools to defend themselves.Continue Reading
The benefits of subscription-based penetration testing services
Should an enterprise opt for subscription-based services or conduct their pen testing in-house? Network security expert Brad Casey discusses.Continue Reading
Is cloud-based DDoS mitigation better than in-house DDoS protection?
Discover the benefits of cloud-based DDoS mitigation and uncover when a cloud service is more viable than in-house DDoS protection.Continue Reading
How ISP services can improve enterprise cybersecurity
Uncover which ISP services enterprises should seek from their providers to improve cybersecurity and mitigate cyberattacks.Continue Reading
Using Wireshark: Reviewing four key Wireshark features
Become familiar with four Wireshark features network security pros value in this packet-capturing analytics tool.Continue Reading
Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm
With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.Continue Reading
Tor networks: Stop employees from touring the deep Web
Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.Continue Reading
The changing face of advanced malware detection
It's a new year of advanced threats, malicious code and holes to plug, but security teams are fighting back with help from global services.Continue Reading
Mobile security report: Data on devices
New survey shows the battle between corporate-issued devices versus personally owned smartphones and tablets is too close to call.Continue Reading
SHA-1 to SHA-2: The future of SSL and enterprise application security
The future of SSL is SHA-2. Security expert Michael Cobb explains why SHA-1 poses an increasing danger and what the transition entails.Continue Reading
KINS malware: Rootkit vs. bootkit
The emerging KINS malware has been labeled a bootkit rather than a rootkit. Nick Lewis explains the difference and how to defend against it.Continue Reading
Essential security analytics technology for advanced malware detection
Josh Sokol reviews the security technologies needed to support a successful security analytics program focused on advanced malware detection.Continue Reading
The backdoor threat of Trusted Platform Module and Windows 8
Does the combination of the Trusted Platform Module and Windows 8 create the threat of a backdoor? Michael Cobb discusses.Continue Reading
Elliptic curve cryptography: What ECC can do for the enterprise
Is elliptic curve cryptography more effective than RSA or Diffie-Hellman? Security expert Michael Cobb details the pros and cons of ECC.Continue Reading
What is the MEHARI risk management framework and how can it be used?
Expert Joseph Granneman details the MEHARI risk management framework and compares it to the ISO 27000 and NIST 800 series.Continue Reading
SSH security risks: Assessment and remediation planning
Application security expert Michael Cobb details how to use a new free SSH security risk assessment tool to mitigate enterprise SSH risks.Continue Reading
How to identify and secure data egress points to prevent data loss
Expert Michael Cobb discusses how to identify the data egress points in enterprise databases to prevent malicious data exfiltration.Continue Reading
Using the Google Transparency Report to enhance website blacklisting
Threats expert Nick Lewis explores whether Google's Transparency Report can be used to enhance blacklisting of malicious websites in the enterprise.Continue Reading
Can Windows EFS hinder malware detection?
A new malware strain leverages the Encrypting File System to thwart forensic analysis. Learn how to handle attacks that involve Windows EFS.Continue Reading
Using DNS monitoring to detect network breaches
Brad Casey highlights three DNS data-monitoring methods that can help organizations determine if their networks have been breached.Continue Reading
Using microVM isolation to improve malware detection and defense
Use of microVMs for malware detection and isolation is growing, but expert Brad Casey cautions that the tactic isn't a cure-all for fighting malware.Continue Reading
Is EAL4 certification necessary for enterprise firewall products?
EAL4 certification ensures integrity in security products, but is it a must when buying enterprise firewall products? Expert Brad Casey explains.Continue Reading
Return on security investment: The risky business of probability
You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.Continue Reading
A full-service model for SIEM
The industry needs to recognize the value that full service "SIEM in the cloud" would bring to organizations.Continue Reading
Use John the Ripper to test network devices against brute forcing
Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.Continue Reading
How to test for and protect against firewall vulnerabilities
Vulnerabilities in a firewall operating system can render the firewall useless. Learn how to test for and protect against them.Continue Reading
MDM vs. MAM: Comparing enterprise mobile security management options
Struggling to compare MDM vs. MAM? You're not alone. Learn all about the various technology options in enterprise mobile security management.Continue Reading
How do different browsers handle SSL certificate revocation?
Application security expert Michael Cobb explores how different Web browsers handle SSL certificate revocation.Continue Reading
PCI DSS version 3.0: The five most important changes for merchants
PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later.Continue Reading
Open source code reuse: What are the security implications?
Reusing open source code can present a security risk. Application security expert Michael Cobb explains why and how to protect applications.Continue Reading
PCI 3.0 special report: Reviewing the state of payment card compliance
Get an in-depth analysis of PCI DSS 3.0, an illustrated history of PCI DSS and insights on the future of enterprise payment card compliance.Continue Reading
Software [In]security: BSIMM-V does a number on secure software dev
The fifth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading
Social media regulations and compliance: What enterprises should know
Nick Hayes of Forrester Research details social media regulations and compliance issues, including five compliance areas that enterprises must manage.Continue Reading
Data governance 2.0: Adapting to a new data governance framework
Data governance 2.0, an updated enterprise data governance framework, brings challenges and opportunities. Henry Peyret of Forrester Research details.Continue Reading
VDI security: The benefits and pitfalls of virtualizing endpoints
With the rise of endpoint virtualization, enterprises need to grasp the positives and manage the negatives of VDI security. Expert Brad Casey details.Continue Reading
Use SIEM technology to identify unauthorized access attempts
Analyst Anton Chuvakin explains how to use SIEM technology to identify unauthorized access attempts that can lead to data theft.Continue Reading
Best of vulnerability management 2013
Readers pick the top vulnerability management products in 2013: Network vulnerability scanners, patch management, reporting, remediation, compliance.Continue Reading
Security: The genesis of SDN
SDN is a design with security as its foundation, and it has the potential to solve traditional networking's glaring security issues.Continue Reading
SIEM analytics: Process matters more than products
Expect Microsoft Word to write the next great American novel? Success or failure with SIEM products rests on your security monitoring capabilities.Continue Reading
Best of Web application firewalls 2013
Readers vote on the top Web application firewalls in 2013: Standalone WAFs and products that are part of application acceleration/delivery systems.Continue Reading
Cybersecurity: Global risk management moves beyond regulations
Global risk management based on the lowest common denominator may not ‘comply' with IP or trade secrets. Analysts see big changes ahead.Continue Reading
Bridging the IT security skills gap
While poaching security talent may plug short-term gaps, outreach and education will solve the long-term shortfall in IT security professionals.Continue Reading
Firewalls play by new rules
Modern firewalls offer greater application awareness and user controls. Protect your migration strategy with these tips from the pros.Continue Reading
Enterprise mobile security by the numbers
Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed?Continue Reading
Third-party risk management: Horror stories? You are not alone
The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading
Unlock new pathways to network security architecture
Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.Continue Reading
Ten years later: The legacy of SB 1386 compliance on data privacy laws
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.Continue Reading
Big data analytics: New patterns emerge for security
Will big data analytics make security better? With data scientists in short supply, solution providers rush to provide big data analytics tools.Continue Reading
BSIMM4 measures and advances secure application development
The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading
Data breach protection requires new barriers
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?Continue Reading
Apple security update: Is it ready for the enterprise?
It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.Continue Reading
The pros and cons of SSL decryption for enterprise network monitoring
Expert Brad Casey discusses the pros and cons of SSL decryption to determine its viability as an enterprise network monitoring method.Continue Reading
Address IPv6 security before your time runs out
Most networks have partial deployment of IPv6 often without IT realizing it. It’s time to take stock of the security implications before attackers do.Continue Reading
Botnet takedowns: A dramatic defense
The infections and cyberattacks that botnets are used to launch remain hard-to-detect malware threats that have moved beyond PCs to mobile devices.Continue Reading
Managing big data privacy concerns: Tactics for proactive enterprises
The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading
Antivirus evasion techniques show ease in avoiding antivirus detection
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading
Outsourcing security services in the enterprise: Where to begin
Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading
Well-rounded information security education benefits IT professionals
A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.Continue Reading
BYOD security strategies: Balancing BYOD risks and rewards
Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.Continue Reading
The Huawei security risk: Factors to consider before buying Chinese IT
Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading
Thirteen principles to ensure enterprise system security
Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading
Critical infrastructure protection hindered by difficulties, experts say
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses.Continue Reading
Private market growing for zero-day exploits and vulnerabilities
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.Continue Reading
Chief information security officer skills go beyond customary technical roles
A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.Continue Reading
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading