Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Security steering committee force CISOs to connect with the business
Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases. Continue Reading
Information security steering committee best practices
Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business. Continue Reading
Using a managed file transfer for secure data transmission, exchange
Managed file transfer (MFT) products meet the increasing security, compliance and operational demands of data in motion. Continue Reading
-
Host-based intrusion prevention addresses server, desktop security
HIPS is used for everything from traditional signature-based antivirus/antispyware and host firewalls to behavior analysis. Continue Reading
Product Review: Application Security Inc.'s AppDetectivePro
Application Security Inc.'s AppDetectivePro does deep inspections of database configurations to identify security issues. It's ideal for internal and external auditors, security professionals, consultants and others who need to perform on-the-fly ... Continue Reading
Sophos Endpoint Security and Control 8.0 product review
Sophos Endpoint Security and Control 8.0 is a comprehensive endpoint security product, offering antivirus, antispyware, host intrusion prevention, firewalling, application control, device control, and network access control.Continue Reading
Mix of Frameworks and GRC Satisfy Compliance Overlaps
Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands.Continue Reading
Windows Server 2003 hardening services ensures better security
Shutting down unneeded services, ports and accounts makes Windows Server 2003 tough to beat.Continue Reading
Data Lifecycle Management Model Shows Risks and Integrated Data Flow
Information flows through business processes in an orderly fashion; security must flow right along with it.Continue Reading
Information Security and Business Integration
INTEGRATION Security professionals can rely on the same models and frameworks used by traditional business to earn a seat at the table.Continue Reading
-
Results Chain for Information Security and Assurance
Information Security Blueprint
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known ...Continue Reading
Allowing select access to IP addresses using Windows Server 2003
Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.Continue Reading
How to install and configure Nessus
Nessus, an open source vulnerability scanner, can scan a network for potential security risks and provide detailed reporting that enables you to remediate gaps in your corporation's security posture. This tip, the first in a series of three on ...Continue Reading
What are the pros and cons of zero-knowledge penetration tests?
A penetration tester with no previous knowledge of the site being tested may be able to give some insight unavailable to other forms of penetration testing, but there are pros and cons. Expert Michael Cobb weighs in.Continue Reading
Pros and cons of multifactor authentication technology for consumers
Multifactor consumer authentication is a must-have for financial services firms, but there are a number of different types of multifactor authentication technology from which to choose. In this tip, contributor Judith M. Myerson addresses the pros ...Continue Reading
Fact or fiction: Pros and cons of database encryption
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ...Continue Reading
Secure Computing SafeWord 2008 product review
Secure Computing SafeWord 2008 delivers identity management and access control for Windows systems using tokens that generate secure single-use passcodes. Information Security magazine reviews these capabilities.Continue Reading
Face-Off: Is vulnerability research ethical?
Bruce Schneier and Marcus Ranum debate the ethics of vulnerability researchContinue Reading
7 Security Questions to Ask Your SaaS Provider
Outsourcing software as a service (SaaS) puts control over an organization's applications in the hands of others. Learn what questions to ask your provider, how to define security policies, how to understand how service providers handle security and...Continue Reading
5 Steps for Developing Strong Change Management Program Best Practices
Poor change control and configuration management can affect the security of your systems and networks. Follow these five steps for a strong change management program.Continue Reading
Varonis DatAdvantage product review
Varonis DatAdvantage data governance software is evaluated on its configuration and management, effectiveness, policy control and reporting.Continue Reading
Companies Collecting Too Much Customer Data Increase Exposure
If the risk of losing customer or partner information outweighs its value, why collect it in the first place?Continue Reading
The pros and cons of data breach insurance
The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.Continue Reading
What are the pros and cons of shaping P2P packets?
Packet shaping, a technique used to control computer network traffic, really isn't a security issue; it's a policy matter, says network expert Mike Chapple. Learn why, in this SearchSecurity.com Q&A.Continue Reading
SonicWALL NSA E5500 product review
Product review of SonicWALL NSA E5500 security tool basic and advanced firewall features, setup, pricing, VPN and wireless security.Continue Reading
Case Study: Company deploys full disk encryption policy on laptops
One billion-dollar company isn't taking chances with data stored on its laptops. It deployed full disk encryption on every machine, an increasingly popular security strategy.Continue Reading
Examine Security Features and Tools of Microsoft Windows Server 2008
Unwrap Windows Server 2008, the first server revision under Trustworthy Computing. Microsoft promises it is secure by design, default and deployment.Continue Reading
Data Loss Prevention Tools Offer Insight into Where Data Lives
DLP tools help mitigate incidents and aid with data discovery.Continue Reading
Product review: AlgoSec's AlgoSec Firewall Analyzer 4.0
FIREWALL MANAGEMENTContinue Reading
What are the pros and cons of using stand-alone authentication that is not Active Directory-based?
Password managment tools other than Active Directory are available, though they may not be the best access control coordinators.Continue Reading
How Sarbanes-Oxley changed the information security profession
Sarbanes-Oxley empowered information security professionals with the clout they'd sought for so long.Continue Reading
SIEM market, log management tools need a standardized log format
Security information and event management (SIEM) systems and log management tools would benefit from standardized log formats.Continue Reading
Honeyclients bring new twist to honeypots
Honeyclients are unpatched web browsers that actively seek malicous websites.Continue Reading
Web 2.0 application development techniques introduce new information security risks
Ajax, Java and other dynamic application coding methods have pulled computing power over to the client, introducing new risks and resurrecting old ones.Continue Reading
Guardium SQL Guard 6.0 product review
Guardium SQL Guard 6.0 is evaluated on its ability to monitor access to SQL databases. SQL Guard ensures a system of checks and balances between the security and database engineering teams.Continue Reading
Proofpoint On Demand Product Review
In this product review, learn about Proofpoint On Demand antivirus and antispam features.Continue Reading
What are the pros and cons of using keystroke dynamic-based authentication systems?
In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the positive and negative aspects of using keystroke dynamic-based authentication systems.Continue Reading
Rootkit detection and removal know-how
Get advice on how to detect malware and rootkits and the best ways to achieve rootkit removal and prevent hacker attacks.Continue Reading
Viewpoint: Correlate SIMs and log management
Logical, physical security integration challenges
Integrating physical and IT security can reap considerable benefits for an organization, including enhanced efficiency and compliance plus improved security. But convergence isn't easy. Challenges include bringing the physical and IT security teams ...Continue Reading
What are the pros and cons of outsourcing email security services?
In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading
How to select a penetration tester
Penetration testing tools can simulate attacks and help organizations get an idea of their security vulnerabilities. In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains what you should be getting out of your penetration ...Continue Reading
Editor's Desk: Freeing Julie Amero
Justice ServedContinue Reading
Protecting Your Brand
Customer confidence is at risk when a breach occurs.Continue Reading
M&A: Merging network security policies
Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading
What are the pros and cons of using an email encryption gateway?
In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.Continue Reading
Product review: Unified threat management (UTM) devices
Unified threat management devices consolidate several network security functions into one product. This article evalutes six UTM appliances; each had to act as a firewall and virtual private network and provide antivirus, Web content filtering, ...Continue Reading
Using VMware for malware analysis
Virtualization software like VMware helps ease the challenges of malware analysis. Malware expert Lenny Zeltser explains the steps enterprises must take to ensure malicious software doesn't leak out of their VMware-based labs and endanger production...Continue Reading
Bit9 Parity product review for endpoint security
Product review of Bit9's Parity 3.5, a PC security tool designed to give enterprises control over what users can do on company computers and prevent executables in malware from running on desktops. Automatically installs SQL Server 2005 and Apache ...Continue Reading
Intellectual property protection do's and don'ts
Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual property and tips for data...Continue Reading
Role-based access controls
Identity management is a critical security challenge, but without viable standards for access control, your best efforts may be just a drop in the bucket.Continue Reading
DigitalPersona Workstation Pro and Server for Biometric Authentication
This review evaluates DigitalPersona Pro, a single sign-on (SSO) software suite that allows an enterprise to replace passwords with biometric fingerprint readers or provide dual-factor authentication.Continue Reading
Enterprise UTM products differ from all-in-one SMB appliances
UTM appliance struggle to find their niche in the enterprise as large companies prefer best-in-breed security products.Continue Reading
Cyber-Ark Enterprise Password Vault 4.0 product review
Product review of Cyber-Ark Enterprise Password Vault, a password management and security tool that manages passwords and controls privileged accounts.Continue Reading
Information security blueprint for architecture and systems
A formalized security architecture diagrams how you should handle the changing threat and regulatory environments.Continue Reading
Virtual Threats
Virtual machines save you money in the data center, but can you ignore their security implications any longer?Continue Reading
Core Security Technologies Core Impact 6.0 security tool review
In this product review, learn how Core Security Core Impact 6.0 tool can assist in ethical hacking a penetration testing, and get info on setup, reporting and management.Continue Reading
How to setup and configure syslog to view and filter data
Your network devices are trying to tell you that you're under atta ck. Syslog helps you sort through the data overload and get the message.Continue Reading
Intrusion Detection: Lancope StealthWatch 5.5
Lancope's Lancope StealthWatch 5.5Continue Reading
Intrusion Detection: Arbor Networks' Peakflow X 3.6
Arbor Networks' Peakflow X 3.6Continue Reading
Optical network security: Inside a fiber-optic hack
Fiber-optic networks aren't hack-proof: A savvy attacker can crack them with ease.Continue Reading
Authentication: MXI Security's Stealth MXP
MXI Security's Stealth MXPContinue Reading
How to selectively block instant messages
Monitoring instant messaging traffic isn't easy, especially when constantly evolving IM applications are designed to exploit firewall vulnerabilities. SearchSecurity.com's application security expert Michael Cobb reviews the best methods for taking ...Continue Reading
Data Encryption and IDS / IPS: Getting a better view of network activity
Encryption can to help secure data and meet HIPPA requirements, but the technology blocks sight of network activity by blinding IDSes and IPSes. Learn how to have an effective encryption and IDS/IPSe solution simultaneously.Continue Reading
The pros and cons of data wiping
Weigh the pros and cons of software disk-wiping and determine if it can protect against data compromise in this Platform Security Ask the Expert Q&AContinue Reading
Secure Reads: Steganography and the art of covert communication
Read a quick review of the book, Hiding in Plain Sight: Steganography and the Art of Covert Communication.Continue Reading
IDP/Network Access Control
ForeScout Technologies' CounterACTContinue Reading
Information security resume do's and don'ts
Get advice, and learn do's and don'ts for creating an information security technology or network security resume.Continue Reading
Hot Pick: BlueCat Networks' Adonis 1000
BlueCat Networks' Adonis 1000Continue Reading
The pros and cons of PKI and two-factor authentication methods
There are myriad authentication methods to choose from today; learn the pros and cons of two such methods, Public Key Infrastructures and two-factor authentication systems, and how each system helps validate user identities, in this identity and ...Continue Reading
Google Hacking: Why being a Google dork is hurting your company
Are you a Google dork? A simple Google search engine query can expose corporate security secrets and private information. Black hats are aware of it. Are you? Learn how to prevent and defend against Google hacking.Continue Reading
The pros and cons of proxy firewalls
In this Ask the Expert Q&A, our application security expert reviews the pros and cons of proxy firewalls.Continue Reading
Portable device security: Safend's Safend Protector
Read a security product review of Safend's Safend Protector.Continue Reading
Cheat sheet: Access management solutions and their pros and cons
A cheat sheet of the most common access solutions with a brief description, and their risks and pros and cons to help you choose the solution that is right for your organization.Continue Reading
Mining NetFlow
Your routers and switches can yield a mother lode of security information about your network--if you know where to digContinue Reading
The pros and cons of FTP over SSL
Compare and contrast the pros and cons of having hosts send PGP-encrypted files to an existing FTP site against building an ad hoc FTP server using SSL, in this Ask the Expert Q&AContinue Reading
The pros and cons of migrating to Firefox
Making the switch from Internet Explorer to Firefox isn't a security cure-all. Here are some factors to consider before you change Web browsers.Continue Reading
Building A Perimeter Defense With Application-Level Firewalls
Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.Continue Reading
Application Security: Cenzic's Hailstorm v2.6
Cenzic's Hailstorm v2.6Continue Reading
Five common application-level attacks and the countermeasures to beat them
This tip reviews five of the most common attacks against applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcationa nd session management, insecure direct object references and security misconfiguration. Michael ...Continue Reading
The pros and cons of reformatting a hard drive
In this Ask the Expert Q&A, our platform security expert discusses the pros and cons of reformatting a hard drive after an attack.Continue Reading
Market trends: The future of e-mail security
The e-mail security market is undergoing a change that is marked by commoditization and centralization. Joel Snyder analyzes these trends and offers a glimpse at the future of e-mail security products.Continue Reading
The pros and cons of application firewalls
In this Ask the Expert Q&A, our application security expert discusses the pros and cons of application firewalls. He also explains how they differ from packet filter and stateful inspection firewalls, and why they are not the preferred among some ...Continue Reading
Imprivata's OneSign 2.8 - Single Sign-On
Imprivata's OneSign 2.8Continue Reading
Top 5 Hacker Tools: Google hacker, password cracker, WLAN detector
Read about five must-have hacker tools: WikTo, a Web scanner and Google hacking tool; Paros Proxy, a Web application manipulation proxy; Cain and Abel, a password sniffer/cracker; Winfingerprint, a Windows configuration harvester; and Wellenreiter, ...Continue Reading
Intrusion Detection: Tripwire's Enterprise 5.0
June 2005 review of Tripwire's Enterprise 5.0Continue Reading
nCircle's IP360 Vulnerability Management System product review
Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.Continue Reading
Pre-CISSP: Options for the security newbie
Shon Harris advises novice security practitioners on the value of entry-level certifications -- and good, old-fashioned experience -- in preparation for the CISSP®.Continue Reading
Snapping on SNMPv3
The ubiquitous management protocol is more secure, but upgrading isn't simple.Continue Reading
Dos and don'ts for passing the CISSP exam
From choosing an exam date to answering the questions, here are some dos and don'ts for CISSP exam success.Continue Reading
Wireless security product review: AirTight Networks' SpectraGuard 2.0
A review of AirTight Networks' SpectraGuard 2.0Continue Reading
SSHv2: Safe & Secure
The overhauled encryption protocol helps harden networks.Continue Reading
The Myths of Security
The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.Continue Reading
How to select the best security assessment tool for the job
Here are four factors to take into account when choosing a security assessment tool.Continue Reading
SSO benefits: Security booster or improving end user experience?
Enterprise single sign-on all about simplicity and improving end user experience, security is just a side benefit. Learn why this is true, as well as other technologies that both reduce complexity and improve security.Continue Reading
Simplify with SIM: Evaluating security information management systems
Security information management tools are key to refining the deluge of raw data in an enterprise network into actionable intelligence. Expert Joel Snyder discusses.Continue Reading
The downside of cybercrime investigation and prosecution
Prosecuting cybercrime puts your organization -- and your security -- on the hot seat.Continue Reading
The self-defending network: Is it real technology or market speak?
Cisco and other security vendors are touting the "self-defending" network. Is it real technology or market-speak?Continue Reading