Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Trustwave Data Loss Prevention: Product overview

  Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises. Continue Reading

• Learn what breach detection system is best for your network

  Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading

• Okta Adaptive MFA gives companies flexible authentication

  Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access. Continue Reading

• Trend Micro Integrated Data Loss Prevention: Product overview

  Expert Bill Hayes examines the Trend Micro Integrated Data Loss Prevention product, which acts as a software plug-in with other Trend Micro security products. Continue Reading

• RSA Authentication Manager offers a variety of authentication methods

  With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication. Continue Reading

• Proofpoint Email DLP: Product overview

  Expert Bill Hayes examines Proofpoint Email Data Loss Prevention, a specialized DLP product that's part of Proofpoint's cloud-based Information Protection suite.Continue Reading

• Summing up Symantec VIP Service, a multifactor authentication tool

  Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.Continue Reading

• An in-depth look at Gemalto's SafeNet Authentication Service

  Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security.Continue Reading

• SecureAuth IdP: An overview of its multifactor authentication ability

  Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product.Continue Reading

• Timeline: Symantec certificate authority improprieties

  Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.Continue Reading

• Applying the new FDA medical device guidance to infosec programs

  New FDA medical device guidance demonstrates the need for better cybersecurity during manufacturing and use. Expert Nick Lewis explains how enterprises can use the recommendations.Continue Reading

• VASCO IDENTIKEY Authentication Server and a look at its key features

  Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market.Continue Reading

• Should the Vulnerabilities Equities Process be codified into law?

  The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.Continue Reading

• How a threat intelligence platform can anticipate future attacks

  Threat intelligence technology can analyze data to forecast future attacks and provide actionable countermeasures. Learn if it is suitable for your enterprise.Continue Reading

• How effective is geofencing technology as a security method?

  Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.Continue Reading

• Quest Defender protects businesses with two-factor authentication

  Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity.Continue Reading

• ISAOs: The benefits of sharing security information

  ISAOs are a good way for organizations to share information about security threats. Expert Steven Weil explains what these organizations are and their attributes.Continue Reading

• Mobile endpoint security: What enterprise infosec pros must know now

  Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats.Continue Reading

• Same-origin policy: How did Adobe Flash Player's implementation fail?

  The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.Continue Reading

• Cybersecurity careers soar with security leadership skills

  Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading

• How does an active defense system benefit enterprise security?

  Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.Continue Reading

• FireEye iSIGHT Threat Intelligence: Services overview

  Expert Ed Tittel looks at FireEye iSIGHT Threat Intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading

• Bolster your DLP strategy with help from the cloud and CASBs

  As data is increasingly stored in the cloud, it's difficult to maintain a DLP strategy if you're faced with poor data visibility. Find out how you can harness cloud to improve the process.Continue Reading

• What are the possible benefits of a cybersecurity training center?

  A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises? Expert Mike O. Villegas explains.Continue Reading

• Is it worth using outsourced security services instead of in-house?

  Outsourced security services are always an option for enterprises. Expert Mike O. Villegas outlines the pros and cons of using MSSPs instead of in-house security.Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading

• CA Strong Authentication offers businesses low-cost MFA and 2FA

  CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.Continue Reading

• Incorporating user behavior analytics into enterprise security programs

  User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities.Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading

• Comparing the top threat intelligence services

  Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.Continue Reading

• Enterprise scenarios for threat intelligence tools

  Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.Continue Reading

• An introduction to threat intelligence platforms in the enterprise

  Expert Ed Tittel describes how threat intelligence platforms work to help in the proactive defense of enterprise networks.Continue Reading

• User behavior analytics: Building a business case for enterprises

  User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology.Continue Reading

• MSSPs add advanced threats as managed security services gain hold

  Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?Continue Reading

• DLP systems: Spotting weaknesses and improving management

  DLP systems are becoming a necessity, but their weaknesses need to be tightened to ensure enterprise asset security. Expert Kevin Beaver explains what areas to focus on.Continue Reading

• Sharpen your DDoS detection skills with the right tool

  DDoS detection and prevention tools are more sophisticated than ever. But finding the right one for your company takes studying and asking vendors the right questions.Continue Reading

• Choose the right DLP tools to help execute your DLP strategy

  A business's choice in DLP tools should go hand in hand with its data loss prevention strategy. See how to create an effective strategy and to select the right DLP tool for the job.Continue Reading

• Single sign-on service requires a cloud-era update

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading

• How do identity governance and access management systems differ?

  Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.Continue Reading

• The best SSO for enterprises must be cloud and mobile capable

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading

• Enterprise SSO: The promise and the challenges ahead

  It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well.Continue Reading

• McAfee Total Protection for Data Loss Prevention: Product overview

  Expert Bill Hayes takes a closer look at McAfee Total Protection for Data Loss Prevention, a DLP software suite for deployment on hardware and virtual appliances.Continue Reading

• OpenVPN Access Server is an SSL VPN based on open source software

  Expert Karen Scarfone takes a look at the OpenVPN Access Server SSL VPN for securing network traffic by providing encrypted tunnels to the enterprise.Continue Reading

• Pulse Connect Secure offers a variety of authentication options

  Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels.Continue Reading

• SonicWALL SSL VPN provides security for organizations of any size

  The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features.Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.Continue Reading

• RSA Data Loss Prevention Suite: Product overview

  Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.Continue Reading

• Check Point Mobile Access adds extra security to existing appliances

  Expert Karen Scarfone examines the Check Point Mobile Access Software Blade and explains how it encrypts communications between client computers and enterprise networks.Continue Reading

• Cisco IOS SSL VPN offers security through internet routers

  Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading

• Barracuda SSL VPN has hardware and virtual options for most businesses

  Expert Karen Scarfone takes a look at Barracuda SSL VPN and explains how the virtual private network product protects and secures enterprise communications.Continue Reading

• How a single ICMPv6 packet can cause a denial-of-service attack

  Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading

• What are some best practices for reporting ransomware attacks?

  Enterprises are advised to start reporting ransomware attacks, but are there risks? Expert Mike O. Villegas discusses whether organizations are obligated to report attacks.Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• Risk & Repeat: Does the Amazon S3 outage raise security flags?

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading

• Ransomware costs not limited to ransoms, research shows

  The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading

• How big data tools and technologies can be protected from risk

  Big data tools and technologies can contribute to your enterprise's overall security, but they also require protection. Find out the controls your enterprise can implement.Continue Reading

• What global threat intelligence can and can't do for security programs

  Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading

• Risk & Repeat: Pentagon cybersecurity under fire

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading

• What's the difference between software containers and sandboxing?

  Understanding the difference between software containers and sandboxing can help enterprises make the right decision about which to use. Expert Matthew Pascucci explains them.Continue Reading

• Big data frameworks: Making their use in enterprises more secure

  Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading

• Stop app attacks with a web application firewall

  Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF.Continue Reading

• Insider threat detection tools that sniff out dangers from within

  Learn about the insider threat detection tools that can zero-in on anomalous user behavior. Malicious or accidental, the insider threat is one of the most dangerous and costly to companies.Continue Reading

• FIDO authentication standard could signal the passing of passwords

  The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading

• How to buy digital certificates for your enterprise

  In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.Continue Reading

• Information Security Analytics

  In this excerpt from chapter Z of Information Security Analytics, authors Mark Ryan Talabis, Robert McPherson, Inez Miyamoto and Jason L. Martin discuss security intelligence.Continue Reading

• Hiding Behind the Keyboard

  In this excerpt from chapter 2 of Hiding Behind the Keyboard, authors Brett Shavers and John Bair discuss the Tor Browser.Continue Reading

• How does Microsoft's NetCease perform anti-network reconnaissance?

  Microsoft security researchers recently introduced a new tool called NetCease that prevents network reconnaissance. Expert Judith Myerson explains how the tool can stop attackers.Continue Reading

• Select the vulnerability management tool that fits your business needs

  See what a vulnerability management tool is, how it can help your company mitigate risk and remain compliant, and which vendors best match your company's needs.Continue Reading

• Do DMZ networks still provide security benefits for enterprises?

  DMZ networks were once widely used by enterprises, but are they still common today? Expert Judith Myerson explains why DMZs may be a good security option for some organizations.Continue Reading

• Combatting the top cybersecurity threats with intelligence

  Security professionals are playing an ever-greater role in managing business risk. Their efforts against top cybersecurity threats include investing in the latest defensive tools that promise to shut down attackers.

  At the top of enterprises' ...Continue Reading

• Managed security services market: What you need to know now

  A wise CISO recently said that, while today's managed security services market can handle almost everything, any security threat that keeps him awake at night was something he wanted his internal team to handle. But even though it's true that some ...Continue Reading

• What are the pros and cons of the different types of CISOs?

  There can often be two types of CISOs: the builder and the stabilizer. Expert Mike O. Villegas discusses the pros and cons of each type and the roles they play.Continue Reading

• How major FDIC cybersecurity issues highlight leadership failures

  A series of major FDIC cybersecurity data breaches has created a chaotic situation and highlights the importance of strong, well-intentioned security leadership in organizations.Continue Reading

• How does the SFG malware dropper evade antimalware programs?

  The SFG malware dropper can bypass antimalware programs and exploit two patched vulnerabilities. Expert Nick Lewis explains how to these attacks work and how to stop them.Continue Reading

• Managed security providers: What's new?

  Managed security providers are responding rapidly to the evolving threat environment. Learn how an MSSP enhances corporate security and how to determine which services you need.Continue Reading

• The Darkleech campaign: What changes should enterprises be aware of?

  Darkleech campaigns have taken a new form and have now stopped using obfuscated script. Expert Nick Lewis explains the changes in Darkleech operations to watch for.Continue Reading

• How identity management systems strengthen cybersecurity readiness

  Identity management is a core component of cybersecurity readiness, but there are many layers and complexities behind it. Expert Peter Sullivan explains the basics of IAM.Continue Reading

• How did Ammyy Admin software get repeatedly abused by malware?

  The remote administration Ammyy Admin software was repeatedly found to be spreading different types of malware. Expert Nick Lewis explains how enterprises should protect themselves.Continue Reading

• Is a GRE tunnel or IPsec tunnel more secure for enterprise use?

  The difference between a GRE tunnel and an IPsec tunnel is a commonly discussed topic, but which is more secure? Expert Matthew Pascucci explains which is better for enterprises.Continue Reading

• Keydnap malware: How does it steal Mac passwords?

  The Keydnap malware has the ability to steal passwords stored in the Keychain Access app on Mac systems. Expert Nick Lewis explains how to mitigate this issue.Continue Reading

• CryptXXX: How does this ransomware spread through legitimate websites?

  The CryptXXX ransomware has been spreading through compromised legitimate websites that redirect to malicious sites. Expert Nick Lewis explains how this happens with WordPress.Continue Reading

• How does the CLDAP protocol DDoS amplification attack work?

  DDoS amplification attacks that use the CLDAP protocol are a new threat to enterprises. Expert Matthew Pascucci explains how they work and how enterprises can protect themselves.Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.Continue Reading

• CISO job description: Business function more than IT

  The executive-level security position is always up for debate. Is it a technical role, or is it moving out of the IT department to influence broader security and risk management initiatives?Continue Reading

• How to use threat intelligence metrics to attain relevant data

  Threat intelligence services can be valuable, but enterprises must first determine the right threat intelligence metrics. Char Sample explains the best ways to achieve this.Continue Reading

• Risk & Repeat: Rapid7 tackles IoT threats, vulnerabilities

  In this episode of SearchSecurity's Risk & Repeat podcast, Tod Beardsley and Rebekah Brown of Rapid7 talk about the IoT threat landscape and improving IoT device security.Continue Reading

• How to build an incident response toolkit for enterprise security

  When hackers kick the door down and are ransacking your enterprise, the security team needs to be equipped with the right incident response toolkit to mount a fast, effective reaction. The right forensic data needs to be stored, the right ...Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.Continue Reading

• Cyber Guerilla

  In this excerpt of Cyber Guerilla, authors Jelle van Haaster, Ricky Gevers and Martijn Sprengers discuss the various roles hackers play.Continue Reading

• How did a full access OAuth token get issued to the Pokémon GO app?

  A full account access OAuth token was mistakenly issued to the Pokémon GO mobile game by Google. Expert Michael Cobb explains the security risks and if this can happen with other apps.Continue Reading

• Is Barclays' phone banking biometric authentication system secure?

  Barclays now uses a biometric authentication system for phone banking customers, where 'voice prints' can replace passwords. Expert Michael Cobb explains the security risks.Continue Reading

• Bug bounties: How does Apple's program compare to others?

  Apple has started to offer bug bounties to researchers who find vulnerabilities in iOS. Expert Michael Cobb compares Apple's program to that of other companies.Continue Reading