Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Security steering committee force CISOs to connect with the business

  Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases. Continue Reading

• Information security steering committee best practices

  Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business. Continue Reading

• Using a managed file transfer for secure data transmission, exchange

  Managed file transfer (MFT) products meet the increasing security, compliance and operational demands of data in motion. Continue Reading

• Host-based intrusion prevention addresses server, desktop security

  HIPS is used for everything from traditional signature-based antivirus/antispyware and host firewalls to behavior analysis. Continue Reading

• Product Review: Application Security Inc.'s AppDetectivePro

  Application Security Inc.'s AppDetectivePro does deep inspections of database configurations to identify security issues. It's ideal for internal and external auditors, security professionals, consultants and others who need to perform on-the-fly ... Continue Reading

• Sophos Endpoint Security and Control 8.0 product review

  Sophos Endpoint Security and Control 8.0 is a comprehensive endpoint security product, offering antivirus, antispyware, host intrusion prevention, firewalling, application control, device control, and network access control.Continue Reading

• Mix of Frameworks and GRC Satisfy Compliance Overlaps

  Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands.Continue Reading

• Windows Server 2003 hardening services ensures better security

  Shutting down unneeded services, ports and accounts makes Windows Server 2003 tough to beat.Continue Reading

• Data Lifecycle Management Model Shows Risks and Integrated Data Flow

  Information flows through business processes in an orderly fashion; security must flow right along with it.Continue Reading

• Information Security and Business Integration

  INTEGRATION Security professionals can rely on the same models and frameworks used by traditional business to earn a seat at the table.Continue Reading

• Results Chain for Information Security and Assurance

  Continue Reading

• Information Security Blueprint

  Continue Reading

• Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities

  For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known ...Continue Reading

• Allowing select access to IP addresses using Windows Server 2003

  Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.Continue Reading

• How to install and configure Nessus

  Nessus, an open source vulnerability scanner, can scan a network for potential security risks and provide detailed reporting that enables you to remediate gaps in your corporation's security posture. This tip, the first in a series of three on ...Continue Reading

• What are the pros and cons of zero-knowledge penetration tests?

  A penetration tester with no previous knowledge of the site being tested may be able to give some insight unavailable to other forms of penetration testing, but there are pros and cons. Expert Michael Cobb weighs in.Continue Reading

• Pros and cons of multifactor authentication technology for consumers

  Multifactor consumer authentication is a must-have for financial services firms, but there are a number of different types of multifactor authentication technology from which to choose. In this tip, contributor Judith M. Myerson addresses the pros ...Continue Reading

• Fact or fiction: Pros and cons of database encryption

  According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ...Continue Reading

• Secure Computing SafeWord 2008 product review

  Secure Computing SafeWord 2008 delivers identity management and access control for Windows systems using tokens that generate secure single-use passcodes. Information Security magazine reviews these capabilities.Continue Reading

• Face-Off: Is vulnerability research ethical?

  Bruce Schneier and Marcus Ranum debate the ethics of vulnerability researchContinue Reading

• 7 Security Questions to Ask Your SaaS Provider

  Outsourcing software as a service (SaaS) puts control over an organization's applications in the hands of others. Learn what questions to ask your provider, how to define security policies, how to understand how service providers handle security and...Continue Reading

• 5 Steps for Developing Strong Change Management Program Best Practices

  Poor change control and configuration management can affect the security of your systems and networks. Follow these five steps for a strong change management program.Continue Reading

• Varonis DatAdvantage product review

  Varonis DatAdvantage data governance software is evaluated on its configuration and management, effectiveness, policy control and reporting.Continue Reading

• Companies Collecting Too Much Customer Data Increase Exposure

  If the risk of losing customer or partner information outweighs its value, why collect it in the first place?Continue Reading

• The pros and cons of data breach insurance

  The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.Continue Reading

• What are the pros and cons of shaping P2P packets?

  Packet shaping, a technique used to control computer network traffic, really isn't a security issue; it's a policy matter, says network expert Mike Chapple. Learn why, in this SearchSecurity.com Q&A.Continue Reading

• SonicWALL NSA E5500 product review

  Product review of SonicWALL NSA E5500 security tool basic and advanced firewall features, setup, pricing, VPN and wireless security.Continue Reading

• Case Study: Company deploys full disk encryption policy on laptops

  One billion-dollar company isn't taking chances with data stored on its laptops. It deployed full disk encryption on every machine, an increasingly popular security strategy.Continue Reading

• Examine Security Features and Tools of Microsoft Windows Server 2008

  Unwrap Windows Server 2008, the first server revision under Trustworthy Computing. Microsoft promises it is secure by design, default and deployment.Continue Reading

• Data Loss Prevention Tools Offer Insight into Where Data Lives

  DLP tools help mitigate incidents and aid with data discovery.Continue Reading

• Product review: AlgoSec's AlgoSec Firewall Analyzer 4.0

  FIREWALL MANAGEMENTContinue Reading

• What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

  Password managment tools other than Active Directory are available, though they may not be the best access control coordinators.Continue Reading

• How Sarbanes-Oxley changed the information security profession

  Sarbanes-Oxley empowered information security professionals with the clout they'd sought for so long.Continue Reading

• SIEM market, log management tools need a standardized log format

  Security information and event management (SIEM) systems and log management tools would benefit from standardized log formats.Continue Reading

• Honeyclients bring new twist to honeypots

  Honeyclients are unpatched web browsers that actively seek malicous websites.Continue Reading

• Web 2.0 application development techniques introduce new information security risks

  Ajax, Java and other dynamic application coding methods have pulled computing power over to the client, introducing new risks and resurrecting old ones.Continue Reading

• Guardium SQL Guard 6.0 product review

  Guardium SQL Guard 6.0 is evaluated on its ability to monitor access to SQL databases. SQL Guard ensures a system of checks and balances between the security and database engineering teams.Continue Reading

• Proofpoint On Demand Product Review

  In this product review, learn about Proofpoint On Demand antivirus and antispam features.Continue Reading

• What are the pros and cons of using keystroke dynamic-based authentication systems?

  In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the positive and negative aspects of using keystroke dynamic-based authentication systems.Continue Reading

• Rootkit detection and removal know-how

  Get advice on how to detect malware and rootkits and the best ways to achieve rootkit removal and prevent hacker attacks.Continue Reading

• Viewpoint: Correlate SIMs and log management

  Continue Reading

• Logical, physical security integration challenges

  Integrating physical and IT security can reap considerable benefits for an organization, including enhanced efficiency and compliance plus improved security. But convergence isn't easy. Challenges include bringing the physical and IT security teams ...Continue Reading

• What are the pros and cons of outsourcing email security services?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading

• How to select a penetration tester

  Penetration testing tools can simulate attacks and help organizations get an idea of their security vulnerabilities. In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains what you should be getting out of your penetration ...Continue Reading

• Editor's Desk: Freeing Julie Amero

  Justice ServedContinue Reading

• Protecting Your Brand

  Customer confidence is at risk when a breach occurs.Continue Reading

• M&A: Merging network security policies

  Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading

• What are the pros and cons of using an email encryption gateway?

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.Continue Reading

• Product review: Unified threat management (UTM) devices

  Unified threat management devices consolidate several network security functions into one product. This article evalutes six UTM appliances; each had to act as a firewall and virtual private network and provide antivirus, Web content filtering, ...Continue Reading

• Using VMware for malware analysis

  Virtualization software like VMware helps ease the challenges of malware analysis. Malware expert Lenny Zeltser explains the steps enterprises must take to ensure malicious software doesn't leak out of their VMware-based labs and endanger production...Continue Reading

• Bit9 Parity product review for endpoint security

  Product review of Bit9's Parity 3.5, a PC security tool designed to give enterprises control over what users can do on company computers and prevent executables in malware from running on desktops. Automatically installs SQL Server 2005 and Apache ...Continue Reading

• Intellectual property protection do's and don'ts

  Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual property and tips for data...Continue Reading

• Role-based access controls

  Identity management is a critical security challenge, but without viable standards for access control, your best efforts may be just a drop in the bucket.Continue Reading

• DigitalPersona Workstation Pro and Server for Biometric Authentication

  This review evaluates DigitalPersona Pro, a single sign-on (SSO) software suite that allows an enterprise to replace passwords with biometric fingerprint readers or provide dual-factor authentication.Continue Reading

• Enterprise UTM products differ from all-in-one SMB appliances

  UTM appliance struggle to find their niche in the enterprise as large companies prefer best-in-breed security products.Continue Reading

• Cyber-Ark Enterprise Password Vault 4.0 product review

  Product review of Cyber-Ark Enterprise Password Vault, a password management and security tool that manages passwords and controls privileged accounts.Continue Reading

• Information security blueprint for architecture and systems

  A formalized security architecture diagrams how you should handle the changing threat and regulatory environments.Continue Reading

• Virtual Threats

  Virtual machines save you money in the data center, but can you ignore their security implications any longer?Continue Reading

• Core Security Technologies Core Impact 6.0 security tool review

  In this product review, learn how Core Security Core Impact 6.0 tool can assist in ethical hacking a penetration testing, and get info on setup, reporting and management.Continue Reading

• How to setup and configure syslog to view and filter data

  Your network devices are trying to tell you that you're under atta ck. Syslog helps you sort through the data overload and get the message.Continue Reading

• Intrusion Detection: Lancope StealthWatch 5.5

  Lancope's Lancope StealthWatch 5.5Continue Reading

• Intrusion Detection: Arbor Networks' Peakflow X 3.6

  Arbor Networks' Peakflow X 3.6Continue Reading

• Optical network security: Inside a fiber-optic hack

  Fiber-optic networks aren't hack-proof: A savvy attacker can crack them with ease.Continue Reading

• Authentication: MXI Security's Stealth MXP

  MXI Security's Stealth MXPContinue Reading

• How to selectively block instant messages

  Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods for taking ...Continue Reading

• Data Encryption and IDS / IPS: Getting a better view of network activity

  Encryption can to help secure data and meet HIPPA requirements, but the technology blocks sight of network activity by blinding IDSes and IPSes. Learn how to have an effective encryption and IDS/IPSe solution simultaneously.Continue Reading

• The pros and cons of data wiping

  Weigh the pros and cons of software disk-wiping and determine if it can protect against data compromise in this Platform Security Ask the Expert Q&AContinue Reading

• Secure Reads: Steganography and the art of covert communication

  Read a quick review of the book, Hiding in Plain Sight: Steganography and the Art of Covert Communication.Continue Reading

• IDP/Network Access Control

  ForeScout Technologies' CounterACTContinue Reading

• Information security resume do's and don'ts

  Get advice, and learn do's and don'ts for creating an information security technology or network security resume.Continue Reading

• Hot Pick: BlueCat Networks' Adonis 1000

  BlueCat Networks' Adonis 1000Continue Reading

• The pros and cons of PKI and two-factor authentication methods

  There are myriad authentication methods to choose from today; learn the pros and cons of two such methods, Public Key Infrastructures and two-factor authentication systems, and how each system helps validate user identities, in this identity and ...Continue Reading

• Google Hacking: Why being a Google dork is hurting your company

  Are you a Google dork? A simple Google search engine query can expose corporate security secrets and private information. Black hats are aware of it. Are you? Learn how to prevent and defend against Google hacking.Continue Reading

• The pros and cons of proxy firewalls

  In this Ask the Expert Q&A, our application security expert reviews the pros and cons of proxy firewalls.Continue Reading

• Portable device security: Safend's Safend Protector

  Read a security product review of Safend's Safend Protector.Continue Reading

• Cheat sheet: Access management solutions and their pros and cons

  A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization.Continue Reading

• Mining NetFlow

  Your routers and switches can yield a mother lode of security information about your network--if you know where to digContinue Reading

• The pros and cons of FTP over SSL

  Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&AContinue Reading

• The pros and cons of migrating to Firefox

  Making the switch from Internet Explorer to Firefox isn't a security cure-all. Here are some factors to consider before you change Web browsers.Continue Reading

• Building A Perimeter Defense With Application-Level Firewalls

  Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.Continue Reading

• Application Security: Cenzic's Hailstorm v2.6

  Cenzic's Hailstorm v2.6Continue Reading

• Five common application-level attacks and the countermeasures to beat them

  This tip reviews five of the most common attacks against applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcationa nd session management, insecure direct object references and security misconfiguration. Michael ...Continue Reading

• The pros and cons of reformatting a hard drive

  In this Ask the Expert Q&A, our platform security expert discusses the pros and cons of reformatting a hard drive after an attack.Continue Reading

• Market trends: The future of e-mail security

  The e-mail security market is undergoing a change that is marked by commoditization and centralization. Joel Snyder analyzes these trends and offers a glimpse at the future of e-mail security products.Continue Reading

• The pros and cons of application firewalls

  In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some ...Continue Reading

• Imprivata's OneSign 2.8 - Single Sign-On

  Imprivata's OneSign 2.8Continue Reading

• Top 5 Hacker Tools: Google hacker, password cracker, WLAN detector

  Read about five must-have hacker tools: WikTo, a Web scanner and Google hacking tool; Paros Proxy, a Web application manipulation proxy; Cain and Abel, a password sniffer/cracker; Winfingerprint, a Windows configuration harvester; and Wellenreiter, ...Continue Reading

• Intrusion Detection: Tripwire's Enterprise 5.0

  June 2005 review of Tripwire's Enterprise 5.0Continue Reading

• nCircle's IP360 Vulnerability Management System product review

  Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.Continue Reading

• Pre-CISSP: Options for the security newbie

  Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.Continue Reading

• Snapping on SNMPv3

  The ubiquitous management protocol is more secure, but upgrading isn't simple.Continue Reading

• Dos and don'ts for passing the CISSP exam

  From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.Continue Reading

• Wireless security product review: AirTight Networks' SpectraGuard 2.0

  A review of AirTight Networks' SpectraGuard 2.0Continue Reading

• SSHv2: Safe & Secure

  The overhauled encryption protocol helps harden networks.Continue Reading

• The Myths of Security

  The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.Continue Reading

• How to select the best security assessment tool for the job

  Here are four factors to take into account when choosing a security assessment tool.Continue Reading

• SSO benefits: Security booster or improving end user experience?

  Enterprise single sign-on all about simplicity and improving end user experience, security is just a side benefit. Learn why this is true, as well as other technologies that both reduce complexity and improve security.Continue Reading

• Simplify with SIM: Evaluating security information management systems

  Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses.Continue Reading

• The downside of cybercrime investigation and prosecution

  Prosecuting cybercrime puts your organization -- and your security -- on the hot seat.Continue Reading

• The self-defending network: Is it real technology or market speak?

  Cisco and other security vendors are touting the "self-defending" network. Is it real technology or market-speak?Continue Reading