Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
What data breach notification policy should enterprises follow?
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices. Continue Reading
How does tokenization technology affect PCI DSS compliance?
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can help with PCI DSS compliance. Continue Reading
Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview
Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data. Continue Reading
-
EMC RSA Security Analytics: SIEM product overview
Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise. Continue Reading
AlienVault OSSIM: SIEM Product overview
Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization. Continue Reading
Splunk Enterprise: SIEM product overview
Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.Continue Reading
SolarWinds Log and Event Manager: SIEM product overview
Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.Continue Reading
IBM Security QRadar: SIEM product overview
Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.Continue Reading
LogRhythm's Security Intelligence Platform: SIEM product overview
Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.Continue Reading
How does OpenPGP encryption improve messaging security?
Facebook added OpenPGP encryption to its messaging services to help improve messaging safety. Expert Michael Cobb explains the benefits of the approach.Continue Reading
-
Can Google's Chrome extension policy improve Web security?
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.Continue Reading
Comparing the best intrusion prevention systems
Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.Continue Reading
Supply chain security: Controlling third-party risks
Third-party contractors and business partners can create risks for enterprises. Expert Eric Cole offers guidance on improving supply chain security and controlling third-party risks.Continue Reading
How should enterprises start the vendor management process?
The security vendor management process can be tricky, especially at the beginning when deciding what to buy and from whom. Expert Mike O. Villegas has some advice.Continue Reading
Three steps to prevent and mitigate router security issues
Numerous router security threats have made the news, threatening the integrity of enterprise data. Expert Kevin Beaver offers three steps for maintaining router safety.Continue Reading
Database security products: A buyer's guide
Learn how to evaluate and buy the right database security tools for your organization with this database security tool buyer's guide.Continue Reading
What are enterprise social media best practices for CISOs?
CISOs need to follow certain enterprise social media best practices if they want to safely maintain public profiles. Expert Mike O. Villegas has ten best practices for social media.Continue Reading
Lessons from the Conficker botnet, seven years later
Though one of the largest botnets ever was sinkholed seven years ago, it still infects millions of machines. Expert Nick Lewis explains what enterprises can learn from Conficker.Continue Reading
Comparing the top Web fraud detection systems
Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.Continue Reading
The best endpoint security approach in this interconnected age
Some endpoint security suites have reached a level where they create almost all the capabilities of an enterprise in microcosm. New emphasis has been placed on protections that don't depend on traditional static scanning, but how well are these ...Continue Reading
Security startups tackle the art of deception techniques
Distributed decoy systems aim to take deception by defenders to the next level. Will a network of traps and lies change the rules of engagement?Continue Reading
Q&A: Secure application development in the age of mashups
How do you integrate the needs of the business and third-party services with security? Veracode’s Chief Strategy Officer Sam King has some answers.Continue Reading
Readers’ top picks for advanced threat detection
Companies and functionality organizations are targeting when they seek to bolster their defenses through threat detection and analytics.Continue Reading
Readers’ top picks for enterprise firewalls
The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.Continue Reading
Leaky enterprise: Data loss tops mobile security threats
With the absence of high-profile breaches, mobile data protection is still on the backburner at some organizations. Why it’s time to change course.Continue Reading
The search for answers to ‘advanced threat’ defense
Visibility into what is happening on your network may matter more than stopping an attack. Can technology keep up with advanced threats?Continue Reading
Leaky enterprise? Data loss tops mobile security threats
Many CISOs are now in the hot seat, seeking better ways to embrace mobility while combating high-priority mobile security threats. As mobile devices become productivity tools, security professionals need to pay attention to data classification and ...Continue Reading
Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool
Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.Continue Reading
Ensuring network perimeter security in a perimeterless age
The increasingly porous enterprise perimeter, challenged by BYOD, private and public Wi-Fi and other access options, makes traditional network perimeter security obsolete.Continue Reading
Three criteria for selecting the right IPS products
Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.Continue Reading
Vormetric Transparent Encryption: Product overview
Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.Continue Reading
HP Security Voltage's SecureData Enterprise: Product overview
Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.Continue Reading
Trustwave DbProtect: Database security tool overview
Expert Ed Tittel checks out Trustwave DbProtect, a centrally managed enterprise-level database activity monitor that includes vulnerability assessment functionality.Continue Reading
Protegrity Database Protector: Database security tool overview
Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.Continue Reading
Fortinet FortiDB: Database security tool overview
Expert Ed Tittel examines Fortinet FortiDB, an add-on product for better securing databases through database activity monitoring and vulnerability assessment.Continue Reading
Oracle Advanced Security: Database security tool overview
Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.Continue Reading
McAfee Database Activity Monitoring: Database security tool overview
Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.Continue Reading
Imperva SecureSphere: Database security tool overview
Expert Ed Tittel examines Imperva SecureSphere Database Activity Monitoring and Database Assessment, products that are deployed as an inline bridge or as a lightweight agent to assess and monitor local database access.Continue Reading
IBM Guardium: Database security tool overview
Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities.Continue Reading
The latest advances in SIEM products
There are many factors to consider when selecting a security incident and event management (SIEM) product. Read on to learn about the latest SIEM tech advances.Continue Reading
What factors should drive your choice of SSO service?
OpenID or SAML? These are but two choices you need to make when setting up SSO service for your enterprise employees. Learn what factors are at play in this crucial access decision.Continue Reading
Why aren't merchants adopting EMV technology yet?
EMV technology has been adopted by a small number of merchants despite the Oct. 1 liability deadline, and it may stay that way for a while. Here's why.Continue Reading
Enterprise benefits of network intrusion prevention systems
Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies.Continue Reading
Why did Anthem resist government vulnerability assessments?
Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.Continue Reading
Emerging security threats from every which way
Lethal threats to enterprise information security are emerging from every which way. This ISM Insider Edition looks at what security professionals are up against: state-sponsored attacks, the rise of hacking via social media, and the spread ...Continue Reading
What should you look for in candidates for a CISO position?
The CISO position can be tough to fill, especially when enterprises set high expectations for the candidates. Expert Mike O. Villegas discusses key CISO qualifications.Continue Reading
Is a security cloud service your best endpoint defense?
Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise?Continue Reading
The best SSL VPN products for you: A buyer's guide
Learn how to evaluate and buy the best SSL VPN products for your organization with this SSL VPN buyer's guide.Continue Reading
What threat intelligence service is best for your company?
Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data. Learn how to find the best service for your situation.Continue Reading
What does PCI say about physical point-of-sale security?
Physical point-of-sale security is covered in PCI DSS. Expert Mike Chapple explains how to use good security practices and understand PCI requirements for POS terminals.Continue Reading
What to look for in vulnerability management
Every enterprise has its security vulnerabilities and some are easy to spot. The trick is how to prioritize and fix the flaws in the system. This is an increasingly difficult task for information security teams, and therefore the right vulnerability...Continue Reading
Five criteria for purchasing Web fraud detection systems
Expert Ed Tittel describes the purchasing criteria for Web fraud detection systems and explains how they can protect banking, e-commerce and other industries.Continue Reading
Comparing the best data loss prevention products
Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading
Hacking and Penetration Testing with Low Power Devices
In this excerpt of Hacking and Penetration Testing with Low Power Devices, author Philip Polstra describes "The Deck" -- a custom Linux distribution -- that breaks the traditional penetration model by providing pen testers an OS that runs on ...Continue Reading
Can white-box cryptography save your apps?
With the Internet of Things, software-based secure elements could hold the key.Continue Reading
The CISO role's evolution from IT security to policy wonk
As the need for a dedicated information security officer catches fire beyond firewalls, how should companies engineer the expanding CISO role?Continue Reading
Choose the best vulnerability assessment tools
This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings.Continue Reading
Cybersecurity investment pays more than monetary dividends
Companies are investing in cybersecurity startups to reap the benefits of working with problem-solving technology.Continue Reading
Should security funds be dedicated to hiring or tools?
Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools?Continue Reading
How is the NIST Cybersecurity Framework being received?
The NIST Cybersecurity Framework gets mixed reviews, but it could be a good starting point for organizations looking to better manage cybersecurity.Continue Reading
How will the Cybersecurity Information Sharing Act affect enterprises?
The Cybersecurity Information Sharing Act has ruffled some feathers in the security industry. What is the CISA and what is the debate around it?Continue Reading
How to deploy the right DLP products for the right jobs
Expert Bill Hayes maps specific data loss prevention products to three deployment scenarios to better help readers make their own purchase decisions.Continue Reading
How NIST SP 800-171 affects the protection of CUI
The recently released NIST SP 800-171 is designed to protect controlled unclassified information (CUI) outside of the government. Expert Mike O. Villegas explores the impact of these guidelines.Continue Reading
Can a thermal sensor pull data from an air-gapped computer?
An air-gapped computer is supposed to be safe from over-the-air attacks, yet new research exposed a vulnerability that allows heat and thermal sensors to extract data. Expert Nick Lewis explains how to address the threat.Continue Reading
njRAT: How can .NET malware be detected and mitigated?
A Trojan called njRAT has emerged that is written in .NET rather than the traditional C/C++. Expert Nick Lewis explains how to detect and avoid the threat.Continue Reading
The best SSL VPN products in the market
SSL VPNs are essential for securing network connections and communications. Here's a look at the best SSL VPN products in the industry.Continue Reading
How global threat intelligence fits into a security strategy
Global threat intelligence services can be part of your security arsenal, but to prevent phishing and other threats basic defenses like strong passwords are vital too.Continue Reading
Comparing the best Web application firewalls in the industry
Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading
How can a compliance management plan help enterprises avoid fatigue?
Complex compliance mandates can lead to compliance fatigue. Expert Mike Chapple explains how to develop an effective compliance management plan.Continue Reading
What are the security benefits of self-healing networks?
How do self-healing networks function? Expert Kevin Beaver looks at the benefits such a network has to offer, as well as the key concepts self-healing networks bring to an enterprise security strategy.Continue Reading
Should the Netdump flaw deter enterprise ODL SDN use?
The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may not want to pass on OpenDayligh just yet.Continue Reading
Is network port security a worthwhile enterprise security strategy?
The benefits of network port security as it relates to network access control has come under the microscope. Expert Kevin Beaver explains the benefits of this approach as well as its drawbacks.Continue Reading
Can a threat intelligence service improve your security posture?
This guide looks at the global threats to security in the enterprise and the role a threat intelligence service can play in enterprise defense strategy. It focuses, first, on how hackers are breaking into systems, then zeroes in on threat ...Continue Reading
How can mobile certificate security risks be reduced?
According to recent research, mobile certificate usage is riddled with security issues. Expert Michael Cobb explains how to best control and secure mobile certificates in the enterprise.Continue Reading
Four enterprise scenarios for Web fraud detection systems
Expert Ed Tittel describes use cases for Web fraud detection systems and products and explains how they can increase account and transaction security.Continue Reading
Is Project Shumway a viable enterprise option to replace Flash?
Mozilla's Project Shumway was designed to replace the security-troubled Flash Player, so should it be on an enterprise's radar? Expert Michael Cobb discusses.Continue Reading
What QSAs need to know about new PCI requirements
The PCI SSC changed the requirements for QSAs. Here's what current and future Qualified Security Assessors need to know about the PCI update.Continue Reading
How can geofencing improve an enterprise security strategy?
Geofencing technology creates a virtual fence on employee devices, adding a crucial extra layer of security. But do privacy concerns negate the benefits of this feature? Expert Michael Cobb explains.Continue Reading
Do third-party DNS providers pose security risks?
Third-party DNS providers claim to improve browsing times and speeds, but are they a secure enterprise option? Expert Michael Cobb explains.Continue Reading
App security: Surviving the merger and acquisition process
Some companies are trying to head off information security glitches before they sign on the dotted line, with help from security officers.Continue Reading
What's the best way for enterprises to avoid shelfware?
Shelfware is an increasing concern for enterprises, but expert Mike O. Villegas has some suggestions to help combat the problem.Continue Reading
Wearables security: Do enterprises need a separate WYOD policy?
Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines how to create a WYOD policy.Continue Reading
Should risk management planning include root cause analysis?
Incorporating root cause analysis in risk management planning could be beneficial to developing a security plan, but is it the best time for it?Continue Reading
CISOs: Application security programs need improvements
An up-to-date application security program -- as well as knowing how to connect with stakeholders -- is critical to being a successful CISO today, said Renee Guttmann, vice president, Office of the CISO at Accuvant Inc.Continue Reading
Managed security service providers: Weighing the pros and cons
Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading
What's the best way to protect sensitive information while traveling?
Security professionals often have to travel with important data, but that introduces many security risks. Here are some tips to protect sensitive information while traveling.Continue Reading
Are cybersecurity certifications a key requirement for new hires?
Cybersecurity certifications are attractive qualifications in a candidate, but hiring managers should always look for other traits when hiring security professionals.Continue Reading
What are the compliance requirements for Web application firewalls?
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.Continue Reading
What are the key takeaways from the SEC financial security report?
An SEC financial security report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at common trends.Continue Reading
What happens if the Data Accountability and Trust Act becomes a law?
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.Continue Reading
If mobile remote wipe isn't an option, will selective wipe do?
Remote wipe isn't always an option when it comes to securing enterprise BYOD use. Learn how selective wipe and enterprise wipe technology can help erase corporate data on lost devices without compromising personal data.Continue Reading
Buyer's Essentials: What to look for in a Web application scanner
Today enterprises are running multiple Web applications on their network -- both those created internally and those obtained from third parties. To be certain that your apps are secure you need to regularly test them.
Web app scanners are ...Continue ReadingProtecting data on the go
Ever since the dawn of the BYOD era, personal and business data have comingled. Enterprise security pros need to not only secure company-owned devices; they must also protect the business data that ends up, inevitably, on smartphones, tablets and ...Continue Reading
From CCSP to CISSP: A look at (ISC)2 cybersecurity certifications
Video: Cybersecurity certifications are not in short supply, but (ISC)2 still dominates the field with CISSP and the new CCSP certification from its CSA partnership.Continue Reading
Can a walled garden approach help secure Web browsers?
While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading
Can a new encryption trick prevent reverse engineering?
Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or HARES.Continue Reading
Security threat intelligence services: A buyer's guide
In this SearchSecurity buyer's guide, learn how security threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.Continue Reading
Comparing the top database security tools
Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision.Continue Reading
How is a smart sandbox different from traditional sandbox technology?
Expert Michael Cobb explains what a smart sandbox is, how it differs from traditional sandbox technology, and when one should be considered for enterprise use.Continue Reading
Addressing wearables security, the next wave of BYOD concerns
Wearables are the next wave of BYO devices infiltrating the enterprise. Domingo Guerra, president and co-founder of Appthority, talked to SearchSecurity at RSA Conference 2015 about how to address the onslaught.Continue Reading