Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Trend Micro InterScan Messaging Security: Product overview

  Expert Karen Scarfone looks at the Trend Micro InterScan Messaging Security and Trend Micro ScanMail Suite for Microsoft Exchange email security gateway products used for monitoring email messages that could contain suspicious content and threats. Continue Reading

• Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

  Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats. Continue Reading

• Sophos Email Appliance: Product overview

  Expert Karen Scarfone examines the Sophos Email Appliance email security gateway product that is used for detecting and blocking messages that contain suspicious content and threats. Continue Reading

• Proofpoint Enterprise Protection: Product overview

  Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats. Continue Reading

• How can software transplants fix bad code?

  Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology. Continue Reading

• What effect would DMCA changes have on security researchers?

  There's been a lot of controversy around the DMCA, especially because of the Chrysler car hack. Here are the issues with it and how it affects security researchers.Continue Reading

• Cybersecurity Information Sharing Act's impact on security

  The Cybersecurity Information Sharing Act has many in the security industry nervous, but expert Mike Chapple discusses the bill's minimal impact on enterprise security.Continue Reading

• Microsoft Exchange Online Protection: Product overview

  Expert Karen Scarfone reviews the Microsoft Exchange Online Protection email security gateway product, which is used for detecting and blocking common email-transmitted threats.Continue Reading

• How should companies handle SaaS compliance?

  SaaS cloud security presents extra challenges to enterprise compliance. Expert Mike Chapple offers some advice on how to cope with those challenges.Continue Reading

• McAfee Email Protection, Security for Email Servers: Product overview

  Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages.Continue Reading

• Clearswift SECURE Email Gateway: Product overview

  Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails.Continue Reading

• Fortinet FortiMail: Product overview

  Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization.Continue Reading

• What social media compliance issues plague enterprises?

  Social media compliance issues in Fortune 100 firms aren't what you might expect. Expert Mike Chapple explains the top problems in social media compliance.Continue Reading

• What is the best way to prepare for the ITPM certification?

  The ITPM certification can help security managers bolster insider threat programs. Here's what the certification involves and how to best prepare for it.Continue Reading

• Websense Email Security Gateway: Product overview

  Expert Karen Scarfone reviews the Websense Email Security Gateway product, which is used for monitoring email messages that could contain suspicious threats.Continue Reading

• Can the CCSP certification fulfill the need for educated professionals?

  The CCSP certification offers security professionals a chance to boost their cloud security knowledge. Expert Mike O. Villegas explains the details and how it differs from CISSP.Continue Reading

• Cisco Email Security Appliance: Product overview

  Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.Continue Reading

• Weighing the value of deception techniques for enterprises

  Deception techniques aren't new to security strategies, but they could be on the rise. Is it really necessary for enterprises to hack back? Expert Kevin Beaver examines.Continue Reading

• Top five tips for perimeterless network perimeter security

  As enterprise networks go perimeterless, new network perimeter security strategies gain importance. Expert Johna Till Johnson shares five top tips for perimeterless protection.Continue Reading

• The pros and cons of cybervigilantes and Wifatch

  Vigilante malware called Wifatch aims to protect IoT devices and home routers. Expert Nick Lewis explores cybervigilantism and potential risks and benefits to enterprises.Continue Reading

• Windows 10 privacy settings: Concerns versus reality

  New Windows 10 privacy settings require balancing the benefits of new features against the risk of revealing too much personal information online. Expert Michael Cobb explains.Continue Reading

• How to amp up enterprise security with a suite of tools

  Vendors are increasingly offering security via a suite of tools. Here's how to use them to improve enterprise security while avoiding the drawbacks like functions overlap.Continue Reading

• What's the best way to prevent accelerometer tracking?

  Attackers can use accelerometer tracking on mobile devices as an eavesdropping tool. Here are some ways to reduce the threat to your device.Continue Reading

• How can enterprises protect against Rombertik malware?

  Rombertik malware is a new advanced malware that can trigger a system to self-destruct if it's detected. Expert Nick Lewis explains Rombertik and how to keep it from crippling your system.Continue Reading

• Should enterprises use the Let's Encrypt open certificate authority?

  Let's Encrypt, a new open certificate authority, is coming soon. Expert Michael Cobb explores the merits of using free and open CAs and whether or not enterprises should explore them.Continue Reading

• Swiss Army knife security? How to vet cybersecurity tools suites

  Vendors are offering new delivery models for cybersecurity tools as product categories mature and become commoditized. More security technology from a handful of providers can be a good thing. But compilations of cybersecurity tools and services ...Continue Reading

• Integrated security suite advantages and drawbacks

  Can an integrated security suite provide advantages in cost and performance? We look at key focus areas for security practitioners as security tools increasingly converge.Continue Reading

• WMI tools make the perfect crime 'malware-free'

  Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it?Continue Reading

• Readers' top picks for application security tools

  The top companies and application security products that organizations consider when they seek to reduce their application vulnerabilities.Continue Reading

• Virtualization security tools defend across clouds

  Several vendors offer ways to protect virtual machines both in the data center and in the cloud. How do these products differ from what's available from VMware or Amazon Web Services?Continue Reading

• Integrated security suite? How to avoid tool overlap

  The versatility of Swiss Army knife-like platforms may override existing security controls. Here's how to cut out overlap and get the most function out of multi-tools.Continue Reading

• Integrated IT security tools may hit the 'suite' spot

  Compilations of security tools and services make it hard for enterprises to figure out what some products offer, but efforts to avoid overlap can pay off.Continue Reading

• Can facial recognition authentication improve mobile security?

  MasterCard is testing a new facial recognition authentication system for mobile payments. Expert Michael Cobb explains how it works, and what it means for users.Continue Reading

• Android M security: Is it enterprise-ready?

  The latest version of Google's mobile operating system addresses some key enterprise security concerns. Expert Michael Cobb explains what's new in Android M.Continue Reading

• How has the NIST random number generation guidance changed?

  The NIST has changed its recommendations on random number generation for cryptographic keys. Expert Michael Cobb outlines the changes and explains why they were made.Continue Reading

• Five factors for evaluating big data security analytics platforms

  Expert Dan Sullivan outlines criteria for evaluating big data security analytics platforms for collecting, analyzing and managing large volumes of data generated for information security purposes.Continue Reading

• Four pen testing tools for improving midmarket security

  The best approach for penetration testing is to use a combination of tools with different approaches. Here are several pen testing tools for midmarket companies.Continue Reading

• The business case for big data security analytics

  Expert Dan Sullivan explores the emerging category of big data security analytics and outlines the vital capabilities and key benefits of the technology for enterprises.Continue Reading

• How should enterprises use the OWASP Top Ten list?

  The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get the most out of OWASP Top Ten.Continue Reading

• What data breach notification policy should enterprises follow?

  A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.Continue Reading

• How does tokenization technology affect PCI DSS compliance?

  Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can help with PCI DSS compliance.Continue Reading

• Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview

  Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.Continue Reading

• EMC RSA Security Analytics: SIEM product overview

  Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.Continue Reading

• AlienVault OSSIM: SIEM Product overview

  Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.Continue Reading

• Splunk Enterprise: SIEM product overview

  Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.Continue Reading

• SolarWinds Log and Event Manager: SIEM product overview

  Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.Continue Reading

• IBM Security QRadar: SIEM product overview

  Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.Continue Reading

• LogRhythm's Security Intelligence Platform: SIEM product overview

  Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.Continue Reading

• How does OpenPGP encryption improve messaging security?

  Facebook added OpenPGP encryption to its messaging services to help improve messaging safety. Expert Michael Cobb explains the benefits of the approach.Continue Reading

• Can Google's Chrome extension policy improve Web security?

  The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.Continue Reading

• Comparing the best intrusion prevention systems

  Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.Continue Reading

• Supply chain security: Controlling third-party risks

  Third-party contractors and business partners can create risks for enterprises. Expert Eric Cole offers guidance on improving supply chain security and controlling third-party risks.Continue Reading

• How should enterprises start the vendor management process?

  The security vendor management process can be tricky, especially at the beginning when deciding what to buy and from whom. Expert Mike O. Villegas has some advice.Continue Reading

• Three steps to prevent and mitigate router security issues

  Numerous router security threats have made the news, threatening the integrity of enterprise data. Expert Kevin Beaver offers three steps for maintaining router safety.Continue Reading

• Database security products: A buyer's guide

  Learn how to evaluate and buy the right database security tools for your organization with this database security tool buyer's guide.Continue Reading

• What are enterprise social media best practices for CISOs?

  CISOs need to follow certain enterprise social media best practices if they want to safely maintain public profiles. Expert Mike O. Villegas has ten best practices for social media.Continue Reading

• Lessons from the Conficker botnet, seven years later

  Though one of the largest botnets ever was sinkholed seven years ago, it still infects millions of machines. Expert Nick Lewis explains what enterprises can learn from Conficker.Continue Reading

• Comparing the top Web fraud detection systems

  Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.Continue Reading

• The best endpoint security approach in this interconnected age

  Some endpoint security suites have reached a level where they create almost all the capabilities of an enterprise in microcosm. New emphasis has been placed on protections that don't depend on traditional static scanning, but how well are these ...Continue Reading

• Security startups tackle the art of deception techniques

  Distributed decoy systems aim to take deception by defenders to the next level. Will a network of traps and lies change the rules of engagement?Continue Reading

• Q&A: Secure application development in the age of mashups

  How do you integrate the needs of the business and third-party services with security? Veracode’s Chief Strategy Officer Sam King has some answers.Continue Reading

• Readers’ top picks for advanced threat detection

  Companies and functionality organizations are targeting when they seek to bolster their defenses through threat detection and analytics.Continue Reading

• Readers’ top picks for enterprise firewalls

  The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.Continue Reading

• Leaky enterprise: Data loss tops mobile security threats

  With the absence of high-profile breaches, mobile data protection is still on the backburner at some organizations. Why it’s time to change course.Continue Reading

• The search for answers to ‘advanced threat’ defense

  Visibility into what is happening on your network may matter more than stopping an attack. Can technology keep up with advanced threats?Continue Reading

• Leaky enterprise? Data loss tops mobile security threats

  Many CISOs are now in the hot seat, seeking better ways to embrace mobility while combating high-priority mobile security threats. As mobile devices become productivity tools, security professionals need to pay attention to data classification and ...Continue Reading

• Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool

  Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.Continue Reading

• Ensuring network perimeter security in a perimeterless age

  The increasingly porous enterprise perimeter, challenged by BYOD, private and public Wi-Fi and other access options, makes traditional network perimeter security obsolete.Continue Reading

• Three criteria for selecting the right IPS products

  Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.Continue Reading

• Vormetric Transparent Encryption: Product overview

  Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.Continue Reading

• HP Security Voltage's SecureData Enterprise: Product overview

  Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.Continue Reading

• Trustwave DbProtect: Database security tool overview

  Expert Ed Tittel checks out Trustwave DbProtect, a centrally managed enterprise-level database activity monitor that includes vulnerability assessment functionality.Continue Reading

• Protegrity Database Protector: Database security tool overview

  Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.Continue Reading

• Fortinet FortiDB: Database security tool overview

  Expert Ed Tittel examines Fortinet FortiDB, an add-on product for better securing databases through database activity monitoring and vulnerability assessment.Continue Reading

• Oracle Advanced Security: Database security tool overview

  Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.Continue Reading

• McAfee Database Activity Monitoring: Database security tool overview

  Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.Continue Reading

• Imperva SecureSphere: Database security tool overview

  Expert Ed Tittel examines Imperva SecureSphere Database Activity Monitoring and Database Assessment, products that are deployed as an inline bridge or as a lightweight agent to assess and monitor local database access.Continue Reading

• IBM Guardium: Database security tool overview

  Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities.Continue Reading

• The latest advances in SIEM products

  There are many factors to consider when selecting a security incident and event management (SIEM) product. Read on to learn about the latest SIEM tech advances.Continue Reading

• What factors should drive your choice of SSO service?

  OpenID or SAML? These are but two choices you need to make when setting up SSO service for your enterprise employees. Learn what factors are at play in this crucial access decision.Continue Reading

• Why aren't merchants adopting EMV technology yet?

  EMV technology has been adopted by a small number of merchants despite the Oct. 1 liability deadline, and it may stay that way for a while. Here's why.Continue Reading

• Enterprise benefits of network intrusion prevention systems

  Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies.Continue Reading

• Why did Anthem resist government vulnerability assessments?

  Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.Continue Reading

• Emerging security threats from every which way

  Lethal threats to enterprise information security are emerging from every which way. This ISM Insider Edition looks at what security professionals are up against: state-sponsored attacks, the rise of hacking via social media, and the spread ...Continue Reading

• What should you look for in candidates for a CISO position?

  The CISO position can be tough to fill, especially when enterprises set high expectations for the candidates. Expert Mike O. Villegas discusses key CISO qualifications.Continue Reading

• Is a security cloud service your best endpoint defense?

  Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise?Continue Reading

• The best SSL VPN products for you: A buyer's guide

  Learn how to evaluate and buy the best SSL VPN products for your organization with this SSL VPN buyer's guide.Continue Reading

• What threat intelligence service is best for your company?

  Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data. Learn how to find the best service for your situation.Continue Reading

• What does PCI say about physical point-of-sale security?

  Physical point-of-sale security is covered in PCI DSS. Expert Mike Chapple explains how to use good security practices and understand PCI requirements for POS terminals.Continue Reading

• What to look for in vulnerability management

  Every enterprise has its security vulnerabilities and some are easy to spot. The trick is how to prioritize and fix the flaws in the system. This is an increasingly difficult task for information security teams, and therefore the right vulnerability...Continue Reading

• Five criteria for purchasing Web fraud detection systems

  Expert Ed Tittel describes the purchasing criteria for Web fraud detection systems and explains how they can protect banking, e-commerce and other industries.Continue Reading

• Comparing the best data loss prevention products

  Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading

• Hacking and Penetration Testing with Low Power Devices

  In this excerpt of Hacking and Penetration Testing with Low Power Devices, author Philip Polstra describes "The Deck" -- a custom Linux distribution -- that breaks the traditional penetration model by providing pen testers an OS that runs on ...Continue Reading

• Can white-box cryptography save your apps?

  With the Internet of Things, software-based secure elements could hold the key.Continue Reading

• The CISO role's evolution from IT security to policy wonk

  As the need for a dedicated information security officer catches fire beyond firewalls, how should companies engineer the expanding CISO role?Continue Reading

• Choose the best vulnerability assessment tools

  This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings.Continue Reading

• Cybersecurity investment pays more than monetary dividends

  Companies are investing in cybersecurity startups to reap the benefits of working with problem-solving technology.Continue Reading

• Should security funds be dedicated to hiring or tools?

  Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools?Continue Reading

• How is the NIST Cybersecurity Framework being received?

  The NIST Cybersecurity Framework gets mixed reviews, but it could be a good starting point for organizations looking to better manage cybersecurity.Continue Reading

• How will the Cybersecurity Information Sharing Act affect enterprises?

  The Cybersecurity Information Sharing Act has ruffled some feathers in the security industry. What is the CISA and what is the debate around it?Continue Reading