Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
The GDPR right to be forgotten: Don't forget it
Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it. Continue Reading
What tools were used to hide fileless malware in server memory?
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend. Continue Reading
Federal Cloud Computing
In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government. Continue Reading
-
IPv6 addresses: Security recommendations for usage
IPv6 addresses can be used in a number of ways that can strengthen information security. Expert Fernando Gont explains the basics of IPv6 address usage for enterprises. Continue Reading
Applying cybersecurity readiness to today's enterprises
How prepared is your organization for a cyberattack? Expert Peter Sullivan outlines the seven steps enterprises need to take in order to achieve cybersecurity readiness. Continue Reading
Tools to transfer large files: How to find and buy the best
Need to transfer files within headquarters or between branches? Managed file transfer tools now offer some interesting new features.Continue Reading
Why security incident management is paramount for enterprises
Enterprises aren't truly prepared for cyber threats unless they have proper security incident management in place. Expert Peter Sullivan explains what enterprises need to know.Continue Reading
The importance of securing endpoints with antimalware protection
All organizations need to protect their endpoints from outside malware with antimalware products, which are essential to an enterprise-wide security strategy.Continue Reading
Evaluating endpoint security products for antimalware protection
Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.Continue Reading
Cybersecurity readiness: The importance of continuous network monitoring
Continuous network monitoring and traffic analysis are crucial ingredients for cybersecurity readiness. Expert Peter Sullivan explains what enterprise security teams need to know.Continue Reading
-
Advanced endpoint protection takes on the latest exploits
Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints.Continue Reading
How does the Microsoft Authenticator application affect password use?
The Microsoft Authenticator application enables smartphone-based, two-factor authentication and attempts to reduce the use of passwords. Expert Matthew Pascucci explains how.Continue Reading
The digital certificate: How it works, which to buy
This expert guide on the digital certificate provides essential information to what can be a complex purchase. Learn about the options and how to find the best for one for your network.Continue Reading
Select the best patch management software for your company
Patch management software enables businesses to prioritize and automatically update systems so that their assets remain secure. See which best fits your infosec strategy.Continue Reading
Patch management tool comparison: What are the best products?
With so many different vendors in the market, it isn't easy to pick the right patch management tool. Read this product comparison to see which is best for your company.Continue Reading
Choosing the best patch management software for your business
Keeping your applications updated and patched is essential for company security. Patch management software can help you do that efficiently, but which one is best for you?Continue Reading
Seven tips for buying automated patch management tools
The evaluation of patch management tools begins by determining your organization's needs. Know what to look for and learn how to gauge features, functions and interoperability.Continue Reading
What breach detection systems are best for corporate defenses?
A system breach is inevitable, and BDS products provide a valuable means of detection. But a strategy that blends both defense and offense is the best approach to security.Continue Reading
How to find the best DDoS attack prevention and detection tools
DDoS prevention is an urgent security need for any company. Learn how to select the products and services that will best strengthen your defense against denial-of-service attacks.Continue Reading
Use a web app firewall to halt app attacks
As the demands on web application firewalls grow, the available WAF features are also expanding. What do you need to know to evaluate the tools vendors offer?Continue Reading
To secure Office 365, take advantage of controls Microsoft offers
Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers.Continue Reading
Office 365 security features: As good as it gets?
Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite.Continue Reading
Address Office 365 security concerns while enjoying its benefits
Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront.Continue Reading
Know why patch management tools are required in the IT infrastructure
Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses.Continue Reading
Introduction to automated enterprise patch management software
Patch management software keeps enterprises better protected by automating the delivery of operating systems and application updates. See how it can help your business.Continue Reading
How does Facebook's Delegated Recovery enable account verification?
Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works.Continue Reading
How mobile application assessments can boost enterprise security
Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments.Continue Reading
Cloud access security brokers: Hard to tell what's real
Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do ...Continue Reading
Wendy Nather: 'We're on a trajectory for profound change'
This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.Continue Reading
Report: Threat hunting is more SOC than intel
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements.Continue Reading
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.Continue Reading
How does a privacy impact assessment affect enterprise security?
A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments.Continue Reading
Using threat intelligence tools to prevent attacks on your enterprise
Using threat intelligence tools can help your enterprise stay one step ahead of attackers and possible threats. Learn how threat intelligence can be used in your company.Continue Reading
Trustwave Data Loss Prevention: Product overview
Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises.Continue Reading
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.Continue Reading
Okta Adaptive MFA gives companies flexible authentication
Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access.Continue Reading
Trend Micro Integrated Data Loss Prevention: Product overview
Expert Bill Hayes examines the Trend Micro Integrated Data Loss Prevention product, which acts as a software plug-in with other Trend Micro security products.Continue Reading
RSA Authentication Manager offers a variety of authentication methods
With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication.Continue Reading
Proofpoint Email DLP: Product overview
Expert Bill Hayes examines Proofpoint Email Data Loss Prevention, a specialized DLP product that's part of Proofpoint's cloud-based Information Protection suite.Continue Reading
Summing up Symantec VIP Service, a multifactor authentication tool
Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.Continue Reading
An in-depth look at Gemalto's SafeNet Authentication Service
Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security.Continue Reading
SecureAuth IdP: An overview of its multifactor authentication ability
Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product.Continue Reading
Timeline: Symantec certificate authority improprieties
Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.Continue Reading
Applying the new FDA medical device guidance to infosec programs
New FDA medical device guidance demonstrates the need for better cybersecurity during manufacturing and use. Expert Nick Lewis explains how enterprises can use the recommendations.Continue Reading
VASCO IDENTIKEY Authentication Server and a look at its key features
Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market.Continue Reading
Should the Vulnerabilities Equities Process be codified into law?
The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.Continue Reading
How effective is geofencing technology as a security method?
Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.Continue Reading
Quest Defender protects businesses with two-factor authentication
Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity.Continue Reading
ISAOs: The benefits of sharing security information
ISAOs are a good way for organizations to share information about security threats. Expert Steven Weil explains what these organizations are and their attributes.Continue Reading
Mobile endpoint security: What enterprise infosec pros must know now
Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats.Continue Reading
Same-origin policy: How did Adobe Flash Player's implementation fail?
The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.Continue Reading
Cybersecurity careers soar with security leadership skills
Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading
How does an active defense system benefit enterprise security?
Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.Continue Reading
Reviewing the threat intelligence features of VeriSign iDefense
Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading
Threat Intelligence service overview of Infoblox ActiveTrust
Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.Continue Reading
FireEye iSIGHT Threat Intelligence: Services overview
Expert Ed Tittel looks at FireEye iSIGHT Threat Intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading
Detailing the features of LookingGlass Cyber Threat Center
Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading
What are the possible benefits of a cybersecurity training center?
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises? Expert Mike O. Villegas explains.Continue Reading
Is it worth using outsourced security services instead of in-house?
Outsourced security services are always an option for enterprises. Expert Mike O. Villegas outlines the pros and cons of using MSSPs instead of in-house security.Continue Reading
RSA NetWitness Suite and its threat intelligence capabilities
Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading
CA Strong Authentication offers businesses low-cost MFA and 2FA
CA Strong Authentication brings inexpensive multi- and two-factor authentication to businesses looking to protect mobile applications and devices and to prevent identity theft.Continue Reading
Incorporating user behavior analytics into enterprise security programs
User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities.Continue Reading
Five criteria for purchasing from threat intelligence providers
Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading
Comparing the top threat intelligence services
Expert Ed Tittel examines the top threat intelligence services to understand how they differ from one another and address various enterprise security needs.Continue Reading
Enterprise scenarios for threat intelligence tools
Expert contributor Ed Tittel explains which types of organizations need threat intelligence tools as part of a proactive, layered security strategy to protect against threats.Continue Reading
An introduction to threat intelligence platforms in the enterprise
Expert Ed Tittel describes how threat intelligence platforms work to help in the proactive defense of enterprise networks.Continue Reading
User behavior analytics: Building a business case for enterprises
User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology.Continue Reading
MSSPs add advanced threats as managed security services gain hold
Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?Continue Reading
DLP systems: Spotting weaknesses and improving management
DLP systems are becoming a necessity, but their weaknesses need to be tightened to ensure enterprise asset security. Expert Kevin Beaver explains what areas to focus on.Continue Reading
Tool time: Picking DDoS prevention products
DDoS prevention is an urgent security need for any company. Learn how to select the products and services that will best strengthen your defense against denial-of-service attacks.Continue Reading
Sharpen your DDoS detection skills with the right tool
DDoS detection and prevention tools are more sophisticated than ever. But finding the right one for your company takes studying and asking vendors the right questions.Continue Reading
Choose the right DLP tools to help execute your DLP strategy
A business's choice in DLP tools should go hand in hand with its data loss prevention strategy. See how to create an effective strategy and to select the right DLP tool for the job.Continue Reading
Single sign-on service requires a cloud-era update
The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading
How do identity governance and access management systems differ?
Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.Continue Reading
The best SSO for enterprises must be cloud and mobile capable
The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading
Enterprise SSO: The promise and the challenges ahead
It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well.Continue Reading
McAfee Total Protection for Data Loss Prevention: Product overview
Expert Bill Hayes takes a closer look at McAfee Total Protection for Data Loss Prevention, a DLP software suite for deployment on hardware and virtual appliances.Continue Reading
OpenVPN Access Server is an SSL VPN based on open source software
Expert Karen Scarfone takes a look at the OpenVPN Access Server SSL VPN for securing network traffic by providing encrypted tunnels to the enterprise.Continue Reading
Pulse Connect Secure offers a variety of authentication options
Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels.Continue Reading
SonicWALL SSL VPN provides security for organizations of any size
The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features.Continue Reading
What effect does a federal CISO have on government cybersecurity?
The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.Continue Reading
RSA Data Loss Prevention Suite: Product overview
Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.Continue Reading
Check Point Mobile Access adds extra security to existing appliances
Expert Karen Scarfone examines the Check Point Mobile Access Software Blade and explains how it encrypts communications between client computers and enterprise networks.Continue Reading
Cisco IOS SSL VPN offers security through internet routers
Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading
Barracuda SSL VPN has hardware and virtual options for most businesses
Expert Karen Scarfone takes a look at Barracuda SSL VPN and explains how the virtual private network product protects and secures enterprise communications.Continue Reading
How a single ICMPv6 packet can cause a denial-of-service attack
Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading
Attack by TIFF images: What are the vulnerabilities in LibTIFF?
Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading
Risk & Repeat: Does the Amazon S3 outage raise security flags?
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading
How can the Dirty COW vulnerability be used to attack Android devices?
A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading
SHA-1 certificates: How will Mozilla's deprecation affect enterprises?
Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading
Ransomware costs not limited to ransoms, research shows
The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.Continue Reading
Ransomware prevention tools to win the fight
Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading
What are the pros and cons of hiring a virtual CISO?
A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading
What global threat intelligence can and can't do for security programs
Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading
Risk & Repeat: Pentagon cybersecurity under fire
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading
What's the difference between software containers and sandboxing?
Understanding the difference between software containers and sandboxing can help enterprises make the right decision about which to use. Expert Matthew Pascucci explains them.Continue Reading
Big data frameworks: Making their use in enterprises more secure
Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading
Stop app attacks with a web application firewall
Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF.Continue Reading
Insider threat detection tools that sniff out dangers from within
Learn about the insider threat detection tools that can zero-in on anomalous user behavior. Malicious or accidental, the insider threat is one of the most dangerous and costly to companies.Continue Reading
FIDO authentication standard could signal the passing of passwords
The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading