Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• The GDPR right to be forgotten: Don't forget it

  Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it. Continue Reading

• What tools were used to hide fileless malware in server memory?

  Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend. Continue Reading

• Federal Cloud Computing

  In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government. Continue Reading

• IPv6 addresses: Security recommendations for usage

  IPv6 addresses can be used in a number of ways that can strengthen information security. Expert Fernando Gont explains the basics of IPv6 address usage for enterprises. Continue Reading

• Applying cybersecurity readiness to today's enterprises

  How prepared is your organization for a cyberattack? Expert Peter Sullivan outlines the seven steps enterprises need to take in order to achieve cybersecurity readiness. Continue Reading

• Tools to transfer large files: How to find and buy the best

  Need to transfer files within headquarters or between branches? Managed file transfer tools now offer some interesting new features.Continue Reading

• Why security incident management is paramount for enterprises

  Enterprises aren't truly prepared for cyber threats unless they have proper security incident management in place. Expert Peter Sullivan explains what enterprises need to know.Continue Reading

• The importance of securing endpoints with antimalware protection

  All organizations need to protect their endpoints from outside malware with antimalware products, which are essential to an enterprise-wide security strategy.Continue Reading

• Evaluating endpoint security products for antimalware protection

  Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.Continue Reading

• Cybersecurity readiness: The importance of continuous network monitoring

  Continuous network monitoring and traffic analysis are crucial ingredients for cybersecurity readiness. Expert Peter Sullivan explains what enterprise security teams need to know.Continue Reading

• Advanced endpoint protection takes on the latest exploits

  Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints.Continue Reading

• How does the Microsoft Authenticator application affect password use?

  The Microsoft Authenticator application enables smartphone-based, two-factor authentication and attempts to reduce the use of passwords. Expert Matthew Pascucci explains how.Continue Reading

• The digital certificate: How it works, which to buy

  This expert guide on the digital certificate provides essential information to what can be a complex purchase. Learn about the options and how to find the best for one for your network.Continue Reading

• Select the best patch management software for your company

  Patch management software enables businesses to prioritize and automatically update systems so that their assets remain secure. See which best fits your infosec strategy.Continue Reading

• Patch management tool comparison: What are the best products?

  With so many different vendors in the market, it isn't easy to pick the right patch management tool. Read this product comparison to see which is best for your company.Continue Reading

• Choosing the best patch management software for your business

  Keeping your applications updated and patched is essential for company security. Patch management software can help you do that efficiently, but which one is best for you?Continue Reading

• Seven tips for buying automated patch management tools

  The evaluation of patch management tools begins by determining your organization's needs. Know what to look for and learn how to gauge features, functions and interoperability.Continue Reading

• What breach detection systems are best for corporate defenses?

  A system breach is inevitable, and BDS products provide a valuable means of detection. But a strategy that blends both defense and offense is the best approach to security.Continue Reading

• How to find the best DDoS attack prevention and detection tools

  DDoS prevention is an urgent security need for any company. Learn how to select the products and services that will best strengthen your defense against denial-of-service attacks.Continue Reading

• Use a web app firewall to halt app attacks

  As the demands on web application firewalls grow, the available WAF features are also expanding. What do you need to know to evaluate the tools vendors offer?Continue Reading

• To secure Office 365, take advantage of controls Microsoft offers

  Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers.Continue Reading

• Office 365 security features: As good as it gets?

  Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite.Continue Reading

• Address Office 365 security concerns while enjoying its benefits

  Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront.Continue Reading

• Know why patch management tools are required in the IT infrastructure

  Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses.Continue Reading

• Introduction to automated enterprise patch management software

  Patch management software keeps enterprises better protected by automating the delivery of operating systems and application updates. See how it can help your business.Continue Reading

• How does Facebook's Delegated Recovery enable account verification?

  Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works.Continue Reading

• How mobile application assessments can boost enterprise security

  Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments.Continue Reading

• Cloud access security brokers: Hard to tell what's real

  Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do ...Continue Reading

• Wendy Nather: 'We're on a trajectory for profound change'

  This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.Continue Reading

• Report: Threat hunting is more SOC than intel

  Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements.Continue Reading

• Experian's Tom King tackles role of CISO from the ground up

  An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.Continue Reading

• How does a privacy impact assessment affect enterprise security?

  A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments.Continue Reading

• Using threat intelligence tools to prevent attacks on your enterprise

  Using threat intelligence tools can help your enterprise stay one step ahead of attackers and possible threats. Learn how threat intelligence can be used in your company.Continue Reading

• Trustwave Data Loss Prevention: Product overview

  Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises.Continue Reading

• Learn what breach detection system is best for your network

  Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.Continue Reading

• Okta Adaptive MFA gives companies flexible authentication

  Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access.Continue Reading

• Trend Micro Integrated Data Loss Prevention: Product overview

  Expert Bill Hayes examines the Trend Micro Integrated Data Loss Prevention product, which acts as a software plug-in with other Trend Micro security products.Continue Reading

• RSA Authentication Manager offers a variety of authentication methods

  With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication.Continue Reading

• Proofpoint Email DLP: Product overview

  Expert Bill Hayes examines Proofpoint Email Data Loss Prevention, a specialized DLP product that's part of Proofpoint's cloud-based Information Protection suite.Continue Reading

• Summing up Symantec VIP Service, a multifactor authentication tool

  Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.Continue Reading

• An in-depth look at Gemalto's SafeNet Authentication Service

  Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security.Continue Reading

• SecureAuth IdP: An overview of its multifactor authentication ability

  Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product.Continue Reading

• Timeline: Symantec certificate authority improprieties

  Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.Continue Reading

• Applying the new FDA medical device guidance to infosec programs

  New FDA medical device guidance demonstrates the need for better cybersecurity during manufacturing and use. Expert Nick Lewis explains how enterprises can use the recommendations.Continue Reading

• VASCO IDENTIKEY Authentication Server and a look at its key features

  Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market.Continue Reading

• Should the Vulnerabilities Equities Process be codified into law?

  The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.Continue Reading

• How effective is geofencing technology as a security method?

  Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.Continue Reading

• Quest Defender protects businesses with two-factor authentication

  Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity.Continue Reading

• ISAOs: The benefits of sharing security information

  ISAOs are a good way for organizations to share information about security threats. Expert Steven Weil explains what these organizations are and their attributes.Continue Reading

• Mobile endpoint security: What enterprise infosec pros must know now

  Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats.Continue Reading

• Same-origin policy: How did Adobe Flash Player's implementation fail?

  The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.Continue Reading

• Cybersecurity careers soar with security leadership skills

  Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading

• How does an active defense system benefit enterprise security?

  Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.Continue Reading

• FireEye iSIGHT Threat Intelligence: Services overview

  Expert Ed Tittel looks at FireEye iSIGHT Threat Intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading

• What are the possible benefits of a cybersecurity training center?

  A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises? Expert Mike O. Villegas explains.Continue Reading

• Is it worth using outsourced security services instead of in-house?

  Outsourced security services are always an option for enterprises. Expert Mike O. Villegas outlines the pros and cons of using MSSPs instead of in-house security.Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading

• CA Strong Authentication offers businesses low-cost MFA and 2FA

  CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.Continue Reading

• Incorporating user behavior analytics into enterprise security programs

  User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities.Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading

• Comparing the top threat intelligence services

  Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.Continue Reading

• Enterprise scenarios for threat intelligence tools

  Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.Continue Reading

• An introduction to threat intelligence platforms in the enterprise

  Expert Ed Tittel describes how threat intelligence platforms work to help in the proactive defense of enterprise networks.Continue Reading

• User behavior analytics: Building a business case for enterprises

  User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology.Continue Reading

• MSSPs add advanced threats as managed security services gain hold

  Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?Continue Reading

• DLP systems: Spotting weaknesses and improving management

  DLP systems are becoming a necessity, but their weaknesses need to be tightened to ensure enterprise asset security. Expert Kevin Beaver explains what areas to focus on.Continue Reading

• Tool time: Picking DDoS prevention products

  DDoS prevention is an urgent security need for any company. Learn how to select the products and services that will best strengthen your defense against denial-of-service attacks.Continue Reading

• Sharpen your DDoS detection skills with the right tool

  DDoS detection and prevention tools are more sophisticated than ever. But finding the right one for your company takes studying and asking vendors the right questions.Continue Reading

• Choose the right DLP tools to help execute your DLP strategy

  A business's choice in DLP tools should go hand in hand with its data loss prevention strategy. See how to create an effective strategy and to select the right DLP tool for the job.Continue Reading

• Single sign-on service requires a cloud-era update

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading

• How do identity governance and access management systems differ?

  Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.Continue Reading

• The best SSO for enterprises must be cloud and mobile capable

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading

• Enterprise SSO: The promise and the challenges ahead

  It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well.Continue Reading

• McAfee Total Protection for Data Loss Prevention: Product overview

  Expert Bill Hayes takes a closer look at McAfee Total Protection for Data Loss Prevention, a DLP software suite for deployment on hardware and virtual appliances.Continue Reading

• OpenVPN Access Server is an SSL VPN based on open source software

  Expert Karen Scarfone takes a look at the OpenVPN Access Server SSL VPN for securing network traffic by providing encrypted tunnels to the enterprise.Continue Reading

• Pulse Connect Secure offers a variety of authentication options

  Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels.Continue Reading

• SonicWALL SSL VPN provides security for organizations of any size

  The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features.Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.Continue Reading

• RSA Data Loss Prevention Suite: Product overview

  Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.Continue Reading

• Check Point Mobile Access adds extra security to existing appliances

  Expert Karen Scarfone examines the Check Point Mobile Access Software Blade and explains how it encrypts communications between client computers and enterprise networks.Continue Reading

• Cisco IOS SSL VPN offers security through internet routers

  Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading

• Barracuda SSL VPN has hardware and virtual options for most businesses

  Expert Karen Scarfone takes a look at Barracuda SSL VPN and explains how the virtual private network product protects and secures enterprise communications.Continue Reading

• How a single ICMPv6 packet can cause a denial-of-service attack

  Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• Risk & Repeat: Does the Amazon S3 outage raise security flags?

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading

• Ransomware costs not limited to ransoms, research shows

  The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading

• What global threat intelligence can and can't do for security programs

  Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading

• Risk & Repeat: Pentagon cybersecurity under fire

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading

• What's the difference between software containers and sandboxing?

  Understanding the difference between software containers and sandboxing can help enterprises make the right decision about which to use. Expert Matthew Pascucci explains them.Continue Reading

• Big data frameworks: Making their use in enterprises more secure

  Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading

• Stop app attacks with a web application firewall

  Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF.Continue Reading

• Insider threat detection tools that sniff out dangers from within

  Learn about the insider threat detection tools that can zero-in on anomalous user behavior. Malicious or accidental, the insider threat is one of the most dangerous and costly to companies.Continue Reading

• FIDO authentication standard could signal the passing of passwords

  The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading