Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• How a threat intelligence platform can anticipate future attacks

  Threat intelligence technology can analyze data to forecast future attacks and provide actionable countermeasures. Learn if it is suitable for your enterprise. Continue Reading

• How effective is geofencing technology as a security method?

  Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works. Continue Reading

• Quest Defender protects businesses with two-factor authentication

  Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity. Continue Reading

• ISAOs: The benefits of sharing security information

  ISAOs are a good way for organizations to share information about security threats. Expert Steven Weil explains what these organizations are and their attributes. Continue Reading

• Mobile endpoint security: What enterprise infosec pros must know now

  Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats. Continue Reading

• Same-origin policy: How did Adobe Flash Player's implementation fail?

  The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.Continue Reading

• Cybersecurity careers soar with security leadership skills

  Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading

• How does an active defense system benefit enterprise security?

  Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.Continue Reading

• FireEye iSIGHT Threat Intelligence: Services overview

  Expert Ed Tittel looks at FireEye iSIGHT Threat Intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading

• Bolster your DLP strategy with help from the cloud and CASBs

  As data is increasingly stored in the cloud, it's difficult to maintain a DLP strategy if you're faced with poor data visibility. Find out how you can harness cloud to improve the process.Continue Reading

• What are the possible benefits of a cybersecurity training center?

  A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises? Expert Mike O. Villegas explains.Continue Reading

• Is it worth using outsourced security services instead of in-house?

  Outsourced security services are always an option for enterprises. Expert Mike O. Villegas outlines the pros and cons of using MSSPs instead of in-house security.Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading

• CA Strong Authentication offers businesses low-cost MFA and 2FA

  CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.Continue Reading

• Incorporating user behavior analytics into enterprise security programs

  User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities.Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading

• Comparing the top threat intelligence services

  Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.Continue Reading

• Enterprise scenarios for threat intelligence tools

  Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.Continue Reading

• An introduction to threat intelligence platforms in the enterprise

  Expert Ed Tittel describes how threat intelligence platforms work to help in the proactive defense of enterprise networks.Continue Reading

• User behavior analytics: Building a business case for enterprises

  User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology.Continue Reading

• MSSPs add advanced threats as managed security services gain hold

  Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?Continue Reading

• DLP systems: Spotting weaknesses and improving management

  DLP systems are becoming a necessity, but their weaknesses need to be tightened to ensure enterprise asset security. Expert Kevin Beaver explains what areas to focus on.Continue Reading

• Sharpen your DDoS detection skills with the right tool

  DDoS detection and prevention tools are more sophisticated than ever. But finding the right one for your company takes studying and asking vendors the right questions.Continue Reading

• Choose the right DLP tools to help execute your DLP strategy

  A business's choice in DLP tools should go hand in hand with its data loss prevention strategy. See how to create an effective strategy and to select the right DLP tool for the job.Continue Reading

• Single sign-on service requires a cloud-era update

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading

• How do identity governance and access management systems differ?

  Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.Continue Reading

• The best SSO for enterprises must be cloud and mobile capable

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading

• Enterprise SSO: The promise and the challenges ahead

  It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well.Continue Reading

• McAfee Total Protection for Data Loss Prevention: Product overview

  Expert Bill Hayes takes a closer look at McAfee Total Protection for Data Loss Prevention, a DLP software suite for deployment on hardware and virtual appliances.Continue Reading

• OpenVPN Access Server is an SSL VPN based on open source software

  Expert Karen Scarfone takes a look at the OpenVPN Access Server SSL VPN for securing network traffic by providing encrypted tunnels to the enterprise.Continue Reading

• Pulse Connect Secure offers a variety of authentication options

  Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels.Continue Reading

• SonicWALL SSL VPN provides security for organizations of any size

  The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features.Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.Continue Reading

• RSA Data Loss Prevention Suite: Product overview

  Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.Continue Reading

• Check Point Mobile Access adds extra security to existing appliances

  Expert Karen Scarfone examines the Check Point Mobile Access Software Blade and explains how it encrypts communications between client computers and enterprise networks.Continue Reading

• Cisco IOS SSL VPN offers security through internet routers

  Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading

• Barracuda SSL VPN has hardware and virtual options for most businesses

  Expert Karen Scarfone takes a look at Barracuda SSL VPN and explains how the virtual private network product protects and secures enterprise communications.Continue Reading

• How a single ICMPv6 packet can cause a denial-of-service attack

  Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading

• What are some best practices for reporting ransomware attacks?

  Enterprises are advised to start reporting ransomware attacks, but are there risks? Expert Mike O. Villegas discusses whether organizations are obligated to report attacks.Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• Risk & Repeat: Does the Amazon S3 outage raise security flags?

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading

• Ransomware costs not limited to ransoms, research shows

  The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading

• How big data tools and technologies can be protected from risk

  Big data tools and technologies can contribute to your enterprise's overall security, but they also require protection. Find out the controls your enterprise can implement.Continue Reading

• What global threat intelligence can and can't do for security programs

  Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading

• Risk & Repeat: Pentagon cybersecurity under fire

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading

• What's the difference between software containers and sandboxing?

  Understanding the difference between software containers and sandboxing can help enterprises make the right decision about which to use. Expert Matthew Pascucci explains them.Continue Reading

• Big data frameworks: Making their use in enterprises more secure

  Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading

• Stop app attacks with a web application firewall

  Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF.Continue Reading

• Insider threat detection tools that sniff out dangers from within

  Learn about the insider threat detection tools that can zero-in on anomalous user behavior. Malicious or accidental, the insider threat is one of the most dangerous and costly to companies.Continue Reading

• FIDO authentication standard could signal the passing of passwords

  The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading

• How to buy digital certificates for your enterprise

  In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.Continue Reading

• Information Security Analytics

  In this excerpt from chapter Z of Information Security Analytics, authors Mark Ryan Talabis, Robert McPherson, Inez Miyamoto and Jason L. Martin discuss security intelligence.Continue Reading

• Hiding Behind the Keyboard

  In this excerpt from chapter 2 of Hiding Behind the Keyboard, authors Brett Shavers and John Bair discuss the Tor Browser.Continue Reading

• How does Microsoft's NetCease perform anti-network reconnaissance?

  Microsoft security researchers recently introduced a new tool called NetCease that prevents network reconnaissance. Expert Judith Myerson explains how the tool can stop attackers.Continue Reading

• Select the vulnerability management tool that fits your business needs

  See what a vulnerability management tool is, how it can help your company mitigate risk and remain compliant, and which vendors best match your company's needs.Continue Reading

• Do DMZ networks still provide security benefits for enterprises?

  DMZ networks were once widely used by enterprises, but are they still common today? Expert Judith Myerson explains why DMZs may be a good security option for some organizations.Continue Reading

• Are there security benefits to using a site-to-site VPN?

  Not every enterprise needs the functionality of a standard VPN client. Expert Judith Myerson explains why a site-to-site VPN may be a better choice for some companies.Continue Reading

• Combatting the top cybersecurity threats with intelligence

  Security professionals are playing an ever-greater role in managing business risk. Their efforts against top cybersecurity threats include investing in the latest defensive tools that promise to shut down attackers.

  At the top of enterprises' ...Continue Reading

• Managed security services market: What you need to know now

  A wise CISO recently said that, while today's managed security services market can handle almost everything, any security threat that keeps him awake at night was something he wanted his internal team to handle. But even though it's true that some ...Continue Reading

• What are the pros and cons of the different types of CISOs?

  There can often be two types of CISOs: the builder and the stabilizer. Expert Mike O. Villegas discusses the pros and cons of each type and the roles they play.Continue Reading

• How major FDIC cybersecurity issues highlight leadership failures

  A series of major FDIC cybersecurity data breaches has created a chaotic situation and highlights the importance of strong, well-intentioned security leadership in organizations.Continue Reading

• How does the SFG malware dropper evade antimalware programs?

  The SFG malware dropper can bypass antimalware programs and exploit two patched vulnerabilities. Expert Nick Lewis explains how to these attacks work and how to stop them.Continue Reading

• Managed security providers: What's new?

  Managed security providers are responding rapidly to the evolving threat environment. Learn how an MSSP enhances corporate security and how to determine which services you need.Continue Reading

• The Darkleech campaign: What changes should enterprises be aware of?

  Darkleech campaigns have taken a new form and have now stopped using obfuscated script. Expert Nick Lewis explains the changes in Darkleech operations to watch for.Continue Reading

• How identity management systems strengthen cybersecurity readiness

  Identity management is a core component of cybersecurity readiness, but there are many layers and complexities behind it. Expert Peter Sullivan explains the basics of IAM.Continue Reading

• How did Ammyy Admin software get repeatedly abused by malware?

  The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves.Continue Reading

• Is a GRE tunnel or IPsec tunnel more secure for enterprise use?

  The difference between a GRE tunnel and an IPsec tunnel is a commonly discussed topic, but which is more secure? Expert Matthew Pascucci explains which is better for enterprises.Continue Reading

• Keydnap malware: How does it steal Mac passwords?

  The Keydnap malware has the ability to steal passwords stored in the Keychain Access app on Mac systems. Expert Nick Lewis explains how to mitigate this issue.Continue Reading

• CryptXXX: How does this ransomware spread through legitimate websites?

  The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress.Continue Reading

• How does the CLDAP protocol DDoS amplification attack work?

  DDoS amplification attacks that use the CLDAP protocol are a new threat to enterprises. Expert Matthew Pascucci explains how they work and how enterprises can protect themselves.Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.Continue Reading

• CISO job description: Business function more than IT

  The executive-level security position is always up for debate. Is it a technical role, or is it moving out of the IT department to influence broader security and risk management initiatives?Continue Reading

• How to use threat intelligence metrics to attain relevant data

  Threat intelligence services can be valuable, but enterprises must first determine the right threat intelligence metrics. Char Sample explains the best ways to achieve this.Continue Reading

• Risk & Repeat: Rapid7 tackles IoT threats, vulnerabilities

  In this episode of SearchSecurity's Risk & Repeat podcast, Tod Beardsley and Rebekah Brown of Rapid7 talk about the IoT threat landscape and improving IoT device security.Continue Reading

• How to build an incident response toolkit for enterprise security

  When hackers kick the door down and are ransacking your enterprise, the security team needs to be equipped with the right incident response toolkit to mount a fast, effective reaction. The right forensic data needs to be stored, the right ...Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.Continue Reading

• Cyber Guerilla

  In this excerpt of Cyber Guerilla, authors Jelle van Haaster, Ricky Gevers and Martijn Sprengers discuss the various roles hackers play.Continue Reading

• How did a full access OAuth token get issued to the Pokémon GO app?

  A full account access OAuth token was mistakenly issued to the Pokémon GO mobile game by Google. Expert Michael Cobb explains the security risks and if this can happen with other apps.Continue Reading

• Is Barclays' phone banking biometric authentication system secure?

  Barclays now uses a biometric authentication system for phone banking customers, where 'voice prints' can replace passwords. Expert Michael Cobb explains the security risks.Continue Reading

• Bug bounties: How does Apple's program compare to others?

  Apple has started to offer bug bounties to researchers who find vulnerabilities in iOS. Expert Michael Cobb compares Apple's program to that of other companies.Continue Reading

• Digital Guardian for Data Loss Prevention: Product overview

  Expert Bill Hayes examines Digital Guardian for Data Loss Prevention and more of the vendor's DLP product lineup, which cover data in use, data in transit and data in the cloud.Continue Reading

• Risk & Repeat: Will Rule 41 changes become cybersecurity law?

  In this Risk & Repeat podcast, SearchSecurity editors discuss the controversial Rule 41 changes and what they mean for law federal enforcement and cybersecurity practices.Continue Reading

• How should HIPAA covered entities respond to healthcare ransomware?

  The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. Expert Mike Chapple discusses.Continue Reading

• Should healthcare organizations follow the NIST guidelines for HIPAA?

  HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple explains.Continue Reading

• What advanced security analysis tools are and how they work

  The security analysis tools that provide advanced analytics are essential to counter the latest threats to enterprise systems and data. These products gather and analyze data from many different sources within an organization, and they provide ...Continue Reading

• How data obfuscation techniques can help protect enterprises

  Data obfuscation techniques can help enterprises protect corporate information and limit risks of data exposure or leaks. Expert Ajay Kumar explains how these techniques work.Continue Reading

• Is a no-SMS 2FA policy a good idea for enterprises?

  Now that NIST has deprecated the use of SMS 2FA, should nongovernment organizations follow suit? Expert Mike Chapple discusses the risks of SMS-based 2FA to enterprises.Continue Reading

• Finding the right security analytics tools for your enterprise

  See how security analytics tools can work for businesses looking for more from their security software, and what security analytics tools are right for certain business scenarios.Continue Reading

• Are cybersecurity conferences valuable to CISOs?

  Cybersecurity conferences are highly attended events, but are they valuable to CISOs in particular? Expert Mike O. Villegas discusses how CISOs can get the most out of them.Continue Reading

• CA Technologies Data Protection: DLP product overview

  Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.Continue Reading

• Risk & Repeat: Yahoo data breach details emerge

  In this Risk & Repeat podcast, SearchSecurity editors discuss new information on the Yahoo data breach, including how counterfeit cookies may have been used by attackers.Continue Reading

• Critical Watch FusionVM: Vulnerability management product overview

  Expert Ed Tittel examines Critical Watch FusionVM, a vulnerability management tool that comes in cloud-based offering and virtual appliance or virtual scanner versions.Continue Reading