Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Carefully evaluate providers' SaaS security model
Enterprises need to make sure a SaaS provider has the proper security controls to protect sensitive data before a contract is signed Continue Reading
Basic Database Security: Step by Step
Use this checklist to ensure you're following the basics for securing database systems. Continue Reading
Multifactor authentication options to secure online banking
Banks are required to deploy multifactor authentication to secure online banking and meet FFIEC requirements. In this tip, Dave Shackleford describes some of the pros and cons associated with traditional forms of multifactor authentication as well ... Continue Reading
-
Integrated change management reduces security risks
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it. Continue Reading
Metasploit Project acquisition ups ante for penetration testing market
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from. Continue Reading
Nine ways to improve application security after an incident
Application and information security teams work in silos and often meet only after an attack on a critical app. Here are nine tips you can use to prevent future costly incidents and improve application security after an attackContinue Reading
Jerry Freese: Make Critical Infrastructure Protection a Priority
Critical infrastructure protection must be addressed today to protect our country tomorrow.Continue Reading
The pros and cons of implementing smart cards
Most infosec pros agree that smart cards create a higher level of enterprise security than passwords alone. Learn how to weigh the pros and cons of smart cards to know if they're right for your enterprise?Continue Reading
Security best practices in hotels
Accountability for Internet security should be placed on users, not service providers such as hotels.Continue Reading
Best Email Security Products
Readers vote on the best antispam, antiphishing, email antivirus and antimalware filtering, software and appliance products, as well as hosted "in-the-cloud" email security services.Continue Reading
-
Best Wireless Security Products
Readers vote on the best wireless security products, including wireless firewalls and UTM devices, wireless access control products, WLAN intrusion and detection systems, and security-enabled wireless infrastructure productsContinue Reading
Truth, lies and fiction about encryption
Encryption solves some very straight-forward problems but implementation isn't always easy. We'll explain some of the common misperceptions so you'll understand your options.Continue Reading
Privileged account management critical to data security
Regulatory requirements and economic realities are pressuring enterprises to secure their privileged accounts.Continue Reading
Risk management must include physical-logical security convergence
If your organization is serious about managing risk and total asset protection, then physical-logical convergence is a necessary step.Continue Reading
How to write a risk methodology that blends business, security needs
One security professional describes a homegrown risk methodology currently being used by a large university and a private corporation.Continue Reading
Do you need an IDS or IPS, or both?
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.Continue Reading
Tabletop exercises sharpen security and business continuity
Delaware's Dept. of Technology and Information conducts annual incident response exercises that test the readiness of state agencies to respond to real attacks. Learn how simulated cyberattacks and incident response exercises help organizations ...Continue Reading
Data loss prevention benefits in the real world
DLP promises strong data protection via content inspection and security monitoring, but real-world implementations can be complex and expensive; these eight real-world lessons help you use DLP to its fullest.Continue Reading
How to Secure Cloud Computing
On-demand computing services can save large enterprises and small businesses a lot of money, but security and regulatory compliance become difficult.Continue Reading
How to secure use of Web 2.0
How much information is too much information, and how will you monitor and manage the use of Web 2.0 inside your organization?Continue Reading
Data classification best practices: Techniques, methods and projects
Effective data classification in the enterprise requires a simple approach.Continue Reading
What are common (and uncommon) unified threat management features?
Unified threat management products have gained popularity because they bring multiple security tools together into one appliance. In this SearchSecurity.com Q&A, Michael Cobb reviews just what those security tools are.Continue Reading
Vein-reader biometric authentication for health care, financials
Health care facilities, along with financial institutions, are prime market targets for vein-reading technology, the latest in biometric applications.Continue Reading
10 tips to improve your network security strategy in a recession
Here are 10 steps you can take to improve your threat management posture that require minimum investment, manpower and give you a fast return on your investment.Continue Reading
Internal auditors and CISOs mitigate similar risks
Internal audit and information security may often find themselves at odds, but in the end, their respective goals are the same.Continue Reading
CISOs, human resources cooperation vital to security
CISOs work closely with human resources to investigate potential Web or email policy violations by employees, develop security policies and procedures, and plan for disaster recovery.Continue Reading
Security steering committee force CISOs to connect with the business
Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases.Continue Reading
Information security steering committee best practices
Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business.Continue Reading
Using a managed file transfer for secure data transmission, exchange
Managed file transfer (MFT) products meet the increasing security, compliance and operational demands of data in motion.Continue Reading
Host-based intrusion prevention addresses server, desktop security
HIPS is used for everything from traditional signature-based antivirus/antispyware and host firewalls to behavior analysis.Continue Reading
Product Review: Application Security Inc.'s AppDetectivePro
Application Security Inc.'s AppDetectivePro does deep inspections of database configurations to identify security issues. It's ideal for internal and external auditors, security professionals, consultants and others who need to perform on-the-fly ...Continue Reading
Encryption no longer an optional technology
Unravel the ins and outs of how your organization should deploy encryption.Continue Reading
Sophos Endpoint Security and Control 8.0 product review
Sophos Endpoint Security and Control 8.0 is a comprehensive endpoint security product, offering antivirus, antispyware, host intrusion prevention, firewalling, application control, device control, and network access control.Continue Reading
Mix of Frameworks and GRC Satisfy Compliance Overlaps
Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands.Continue Reading
Windows Server 2003 hardening services ensures better security
Shutting down unneeded services, ports and accounts makes Windows Server 2003 tough to beat.Continue Reading
Information Security and Business Integration
INTEGRATION Security professionals can rely on the same models and frameworks used by traditional business to earn a seat at the table.Continue Reading
Data Lifecycle Management Model Shows Risks and Integrated Data Flow
Information flows through business processes in an orderly fashion; security must flow right along with it.Continue Reading
Results Chain for Information Security and Assurance
Information Security Blueprint
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known ...Continue Reading
Allowing select access to IP addresses using Windows Server 2003
Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.Continue Reading
How to install and configure Nessus
Nessus, an open source vulnerability scanner, can scan a network for potential security risks and provide detailed reporting that enables you to remediate gaps in your corporation's security posture. This tip, the first in a series of three on ...Continue Reading
Best practices for application-level firewall selection and deployment
Application-level firewalls are an essential aspect of any organization's multi-layered defense strategy, but the implementation process has some security pros scratching their heads. In this tip, contributor Joel Dubin discusses the contrasting ...Continue Reading
Virtualization server security best practices
Avoid server virtualization security bad practices with these dos and don'ts. Get info on virtualization products, segmentation, implementation, avoiding malware, and staging, deploying and patching virtual machines, segmentation and implementation.Continue Reading
Product review: Klocwork Insight 8.0
SOFTWARE SECURITYContinue Reading
What are the pros and cons of zero-knowledge penetration tests?
A penetration tester with no previous knowledge of the site being tested may be able to give some insight unavailable to other forms of penetration testing, but there are pros and cons. Expert Michael Cobb weighs in.Continue Reading
Pros and cons of multifactor authentication technology for consumers
Multifactor consumer authentication is a must-have for financial services firms, but there are a number of different types of multifactor authentication technology from which to choose. In this tip, contributor Judith M. Myerson addresses the pros ...Continue Reading
Fact or fiction: Pros and cons of database encryption
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ...Continue Reading
Secure Computing SafeWord 2008 product review
Secure Computing SafeWord 2008 delivers identity management and access control for Windows systems using tokens that generate secure single-use passcodes. Information Security magazine reviews these capabilities.Continue Reading
Face-Off: Is vulnerability research ethical?
Bruce Schneier and Marcus Ranum debate the ethics of vulnerability researchContinue Reading
7 Security Questions to Ask Your SaaS Provider
Outsourcing software as a service (SaaS) puts control over an organization's applications in the hands of others. Learn what questions to ask your provider, how to define security policies, how to understand how service providers handle security and...Continue Reading
5 Steps for Developing Strong Change Management Program Best Practices
Poor change control and configuration management can affect the security of your systems and networks. Follow these five steps for a strong change management program.Continue Reading
Varonis DatAdvantage product review
Varonis DatAdvantage data governance software is evaluated on its configuration and management, effectiveness, policy control and reporting.Continue Reading
Companies Collecting Too Much Customer Data Increase Exposure
If the risk of losing customer or partner information outweighs its value, why collect it in the first place?Continue Reading
The pros and cons of data breach insurance
The security incident at the Hannaford supermarket chain and elsewhere have some wondering if it's time to purchase data breach insurance. But experts say there are drawbacks.Continue Reading
What are the pros and cons of shaping P2P packets?
Packet shaping, a technique used to control computer network traffic, really isn't a security issue; it's a policy matter, says network expert Mike Chapple. Learn why, in this SearchSecurity.com Q&A.Continue Reading
SonicWALL NSA E5500 product review
Product review of SonicWALL NSA E5500 security tool basic and advanced firewall features, setup, pricing, VPN and wireless security.Continue Reading
Case Study: Company deploys full disk encryption policy on laptops
One billion-dollar company isn't taking chances with data stored on its laptops. It deployed full disk encryption on every machine, an increasingly popular security strategy.Continue Reading
Comparative Product Review: Six Web Application Firewalls
No longer can security managers focus only on perimeter and host security. The application has become the prime target for hackers. We review six leading Web application firewalls from Barracuda, Bee Ware, Breach Security, Citrix, F5 and Imperva ...Continue Reading
Examine Security Features and Tools of Microsoft Windows Server 2008
Unwrap Windows Server 2008, the first server revision under Trustworthy Computing. Microsoft promises it is secure by design, default and deployment.Continue Reading
Product review: Titus Labs' Message Classification
DOCUMENT CLASSIFICATIONContinue Reading
Data Loss Prevention Tools Offer Insight into Where Data Lives
DLP tools help mitigate incidents and aid with data discovery.Continue Reading
Product review: AlgoSec's AlgoSec Firewall Analyzer 4.0
FIREWALL MANAGEMENTContinue Reading
What are the pros and cons of using stand-alone authentication that is not Active Directory-based?
Password managment tools other than Active Directory are available, though they may not be the best access control coordinators.Continue Reading
How Sarbanes-Oxley changed the information security profession
Sarbanes-Oxley empowered information security professionals with the clout they'd sought for so long.Continue Reading
SIEM market, log management tools need a standardized log format
Security information and event management (SIEM) systems and log management tools would benefit from standardized log formats.Continue Reading
Honeyclients bring new twist to honeypots
Honeyclients are unpatched web browsers that actively seek malicous websites.Continue Reading
Web 2.0 application development techniques introduce new information security risks
Ajax, Java and other dynamic application coding methods have pulled computing power over to the client, introducing new risks and resurrecting old ones.Continue Reading
Guardium SQL Guard 6.0 product review
Guardium SQL Guard 6.0 is evaluated on its ability to monitor access to SQL databases. SQL Guard ensures a system of checks and balances between the security and database engineering teams.Continue Reading
Proofpoint On Demand Product Review
In this product review, learn about Proofpoint On Demand antivirus and antispam features.Continue Reading
What are the pros and cons of using keystroke dynamic-based authentication systems?
In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the positive and negative aspects of using keystroke dynamic-based authentication systems.Continue Reading
Rootkit detection and removal know-how
Get advice on how to detect malware and rootkits and the best ways to achieve rootkit removal and prevent hacker attacks.Continue Reading
Viewpoint: Correlate SIMs and log management
Logical, physical security integration challenges
Integrating physical and IT security can reap considerable benefits for an organization, including enhanced efficiency and compliance plus improved security. But convergence isn't easy. Challenges include bringing the physical and IT security teams ...Continue Reading
What are the pros and cons of outsourcing email security services?
In this SearchSecurity.com Q&A, application security expert Michael Cobb explains whether it's right for your organization to hand off email security services to another provider.Continue Reading
How to select a penetration tester
Penetration testing tools can simulate attacks and help organizations get an idea of their security vulnerabilities. In this SearchSecurity.com Q&A, platform security expert Michael Cobb explains what you should be getting out of your penetration ...Continue Reading
Editor's Desk: Freeing Julie Amero
Justice ServedContinue Reading
Protecting Your Brand
Customer confidence is at risk when a breach occurs.Continue Reading
M&A: Merging network security policies
Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the same page. In this tip, contributor Mike Chapple ...Continue Reading
What are the pros and cons of using an email encryption gateway?
In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses the pros and cons of using an email encryption gateway to prevent data leakage.Continue Reading
Product review: RedSeal Systems' RedSeal Security Risk Manager
Red Seal Security Risk Manager allows security administrators to model and manage threats to corporate assets and networks. This product review looks at how the risk management tool rates in effectiveness, ease of setup, reporting and overall ...Continue Reading
Product review: Unified threat management (UTM) devices
Unified threat management devices consolidate several network security functions into one product. This article evalutes six UTM appliances; each had to act as a firewall and virtual private network and provide antivirus, Web content filtering, ...Continue Reading
Using VMware for malware analysis
Virtualization software like VMware helps ease the challenges of malware analysis. Malware expert Lenny Zeltser explains the steps enterprises must take to ensure malicious software doesn't leak out of their VMware-based labs and endanger production...Continue Reading
Bit9 Parity product review for endpoint security
Product review of Bit9's Parity 3.5, a PC security tool designed to give enterprises control over what users can do on company computers and prevent executables in malware from running on desktops. Automatically installs SQL Server 2005 and Apache ...Continue Reading
Intellectual property protection do's and don'ts
Theft of intellectual property is a growing problem but many companies are not prepared to deal with this security threat. Learn about the risk involved with trade secrets, why companies are failing to protect intellectual property and tips for data...Continue Reading
Are you putting information at risk by using contractors?
Contractors can become the source of a security breach. This feature looks at the risk management steps, including access control and policies, that organizations should take when hiring contractors. A sidebar examines how a health care company uses...Continue Reading
Role-based access controls
Identity management is a critical security challenge, but without viable standards for access control, your best efforts may be just a drop in the bucket.Continue Reading
Product review: e-DMZ Security's eGuardPost
This product review examines e-DMZ eGuardPost's capabilities that allow security managers to apply granular access controls to remote connections. The appliance also comes bundled with Security's Password Auto Repository (PAR), e-DMZ's flagship ...Continue Reading
DigitalPersona Workstation Pro and Server for Biometric Authentication
This review evaluates DigitalPersona Pro, a single sign-on (SSO) software suite that allows an enterprise to replace passwords with biometric fingerprint readers or provide dual-factor authentication.Continue Reading
Enterprise UTM products differ from all-in-one SMB appliances
UTM appliance struggle to find their niche in the enterprise as large companies prefer best-in-breed security products.Continue Reading
Cyber-Ark Enterprise Password Vault 4.0 product review
Product review of Cyber-Ark Enterprise Password Vault, a password management and security tool that manages passwords and controls privileged accounts.Continue Reading
Information security blueprint for architecture and systems
A formalized security architecture diagrams how you should handle the changing threat and regulatory environments.Continue Reading
Virtual Threats
Virtual machines save you money in the data center, but can you ignore their security implications any longer?Continue Reading
Core Security Technologies Core Impact 6.0 security tool review
In this product review, learn how Core Security Core Impact 6.0 tool can assist in ethical hacking a penetration testing, and get info on setup, reporting and management.Continue Reading
How to setup and configure syslog to view and filter data
Your network devices are trying to tell you that you're under atta ck. Syslog helps you sort through the data overload and get the message.Continue Reading
Intrusion Detection: Lancope StealthWatch 5.5
Lancope's Lancope StealthWatch 5.5Continue Reading
Intrusion Detection: Arbor Networks' Peakflow X 3.6
Arbor Networks' Peakflow X 3.6Continue Reading
Optical network security: Inside a fiber-optic hack
Fiber-optic networks aren't hack-proof: A savvy attacker can crack them with ease.Continue Reading
Security Blog Log: Taking Google Code Search for a spin
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.Continue Reading
Authentication: MXI Security's Stealth MXP
MXI Security's Stealth MXPContinue Reading