Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Emerging security threats from every which way
Lethal threats to enterprise information security are emerging from every which way. This ISM Insider Edition looks at what security professionals are up against: state-sponsored attacks, the rise of hacking via social media, and the spread ... Continue Reading
What should you look for in candidates for a CISO position?
The CISO position can be tough to fill, especially when enterprises set high expectations for the candidates. Expert Mike O. Villegas discusses key CISO qualifications. Continue Reading
Is a security cloud service your best endpoint defense?
Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise? Continue Reading
-
The best SSL VPN products for you: A buyer's guide
Learn how to evaluate and buy the best SSL VPN products for your organization with this SSL VPN buyer's guide. Continue Reading
What threat intelligence service is best for your company?
Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data. Learn how to find the best service for your situation. Continue Reading
What does PCI say about physical point-of-sale security?
Physical point-of-sale security is covered in PCI DSS. Expert Mike Chapple explains how to use good security practices and understand PCI requirements for POS terminals.Continue Reading
What to look for in vulnerability management
Every enterprise has its security vulnerabilities and some are easy to spot. The trick is how to prioritize and fix the flaws in the system. This is an increasingly difficult task for information security teams, and therefore the right vulnerability...Continue Reading
Five criteria for purchasing Web fraud detection systems
Expert Ed Tittel describes the purchasing criteria for Web fraud detection systems and explains how they can protect banking, e-commerce and other industries.Continue Reading
Comparing the best data loss prevention products
Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading
Hacking and Penetration Testing with Low Power Devices
In this excerpt of Hacking and Penetration Testing with Low Power Devices, author Philip Polstra describes "The Deck" -- a custom Linux distribution -- that breaks the traditional penetration model by providing pen testers an OS that runs on ...Continue Reading
-
Can white-box cryptography save your apps?
With the Internet of Things, software-based secure elements could hold the key.Continue Reading
The CISO role's evolution from IT security to policy wonk
As the need for a dedicated information security officer catches fire beyond firewalls, how should companies engineer the expanding CISO role?Continue Reading
Choose the best vulnerability assessment tools
This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings.Continue Reading
Cybersecurity investment pays more than monetary dividends
Companies are investing in cybersecurity startups to reap the benefits of working with problem-solving technology.Continue Reading
Should security funds be dedicated to hiring or tools?
Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools?Continue Reading
How is the NIST Cybersecurity Framework being received?
The NIST Cybersecurity Framework gets mixed reviews, but it could be a good starting point for organizations looking to better manage cybersecurity.Continue Reading
How will the Cybersecurity Information Sharing Act affect enterprises?
The Cybersecurity Information Sharing Act has ruffled some feathers in the security industry. What is the CISA and what is the debate around it?Continue Reading
How to deploy the right DLP products for the right jobs
Expert Bill Hayes maps specific data loss prevention products to three deployment scenarios to better help readers make their own purchase decisions.Continue Reading
How NIST SP 800-171 affects the protection of CUI
The recently released NIST SP 800-171 is designed to protect controlled unclassified information (CUI) outside of the government. Expert Mike O. Villegas explores the impact of these guidelines.Continue Reading
Can a thermal sensor pull data from an air-gapped computer?
An air-gapped computer is supposed to be safe from over-the-air attacks, yet new research exposed a vulnerability that allows heat and thermal sensors to extract data. Expert Nick Lewis explains how to address the threat.Continue Reading
njRAT: How can .NET malware be detected and mitigated?
A Trojan called njRAT has emerged that is written in .NET rather than the traditional C/C++. Expert Nick Lewis explains how to detect and avoid the threat.Continue Reading
The best SSL VPN products in the market
SSL VPNs are essential for securing network connections and communications. Here's a look at the best SSL VPN products in the industry.Continue Reading
How global threat intelligence fits into a security strategy
Global threat intelligence services can be part of your security arsenal, but to prevent phishing and other threats basic defenses like strong passwords are vital too.Continue Reading
Comparing the best Web application firewalls in the industry
Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading
How can a compliance management plan help enterprises avoid fatigue?
Complex compliance mandates can lead to compliance fatigue. Expert Mike Chapple explains how to develop an effective compliance management plan.Continue Reading
What are the security benefits of self-healing networks?
How do self-healing networks function? Expert Kevin Beaver looks at the benefits such a network has to offer, as well as the key concepts self-healing networks bring to an enterprise security strategy.Continue Reading
Should the Netdump flaw deter enterprise ODL SDN use?
The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may not want to pass on OpenDayligh just yet.Continue Reading
Is network port security a worthwhile enterprise security strategy?
The benefits of network port security as it relates to network access control has come under the microscope. Expert Kevin Beaver explains the benefits of this approach as well as its drawbacks.Continue Reading
Can a threat intelligence service improve your security posture?
This guide looks at the global threats to security in the enterprise and the role a threat intelligence service can play in enterprise defense strategy. It focuses, first, on how hackers are breaking into systems, then zeroes in on threat ...Continue Reading
How can mobile certificate security risks be reduced?
According to recent research, mobile certificate usage is riddled with security issues. Expert Michael Cobb explains how to best control and secure mobile certificates in the enterprise.Continue Reading
Four enterprise scenarios for Web fraud detection systems
Expert Ed Tittel describes use cases for Web fraud detection systems and products and explains how they can increase account and transaction security.Continue Reading
Is Project Shumway a viable enterprise option to replace Flash?
Mozilla's Project Shumway was designed to replace the security-troubled Flash Player, so should it be on an enterprise's radar? Expert Michael Cobb discusses.Continue Reading
What QSAs need to know about new PCI requirements
The PCI SSC changed the requirements for QSAs. Here's what current and future Qualified Security Assessors need to know about the PCI update.Continue Reading
How can geofencing improve an enterprise security strategy?
Geofencing technology creates a virtual fence on employee devices, adding a crucial extra layer of security. But do privacy concerns negate the benefits of this feature? Expert Michael Cobb explains.Continue Reading
Do third-party DNS providers pose security risks?
Third-party DNS providers claim to improve browsing times and speeds, but are they a secure enterprise option? Expert Michael Cobb explains.Continue Reading
App security: Surviving the merger and acquisition process
Some companies are trying to head off information security glitches before they sign on the dotted line, with help from security officers.Continue Reading
What's the best way for enterprises to avoid shelfware?
Shelfware is an increasing concern for enterprises, but expert Mike O. Villegas has some suggestions to help combat the problem.Continue Reading
Wearables security: Do enterprises need a separate WYOD policy?
Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines how to create a WYOD policy.Continue Reading
Should risk management planning include root cause analysis?
Incorporating root cause analysis in risk management planning could be beneficial to developing a security plan, but is it the best time for it?Continue Reading
Managed security service providers: Weighing the pros and cons
Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading
What's the best way to protect sensitive information while traveling?
Security professionals often have to travel with important data, but that introduces many security risks. Here are some tips to protect sensitive information while traveling.Continue Reading
Are cybersecurity certifications a key requirement for new hires?
Cybersecurity certifications are attractive qualifications in a candidate, but hiring managers should always look for other traits when hiring security professionals.Continue Reading
What are the compliance requirements for Web application firewalls?
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.Continue Reading
What are the key takeaways from the SEC financial security report?
An SEC financial security report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at common trends.Continue Reading
What happens if the Data Accountability and Trust Act becomes a law?
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.Continue Reading
If mobile remote wipe isn't an option, will selective wipe do?
Remote wipe isn't always an option when it comes to securing enterprise BYOD use. Learn how selective wipe and enterprise wipe technology can help erase corporate data on lost devices without compromising personal data.Continue Reading
Buyer's Essentials: What to look for in a Web application scanner
Today enterprises are running multiple Web applications on their network -- both those created internally and those obtained from third parties. To be certain that your apps are secure you need to regularly test them.
Web app scanners are ...Continue ReadingProtecting data on the go
Ever since the dawn of the BYOD era, personal and business data have comingled. Enterprise security pros need to not only secure company-owned devices; they must also protect the business data that ends up, inevitably, on smartphones, tablets and ...Continue Reading
Can a walled garden approach help secure Web browsers?
While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading
Can a new encryption trick prevent reverse engineering?
Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or HARES.Continue Reading
Security threat intelligence services: A buyer's guide
In this SearchSecurity buyer's guide, learn how security threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.Continue Reading
Comparing the top database security tools
Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision.Continue Reading
How is a smart sandbox different from traditional sandbox technology?
Expert Michael Cobb explains what a smart sandbox is, how it differs from traditional sandbox technology, and when one should be considered for enterprise use.Continue Reading
Gary McGraw discusses the security risks of dynamic code
Gary McGraw says secure software development gets tricky when your programming environment shifts like sand.Continue Reading
A closer look at the changes of PCI DSS version 3.1
PCI DSS version 3.1 includes some minor updates that are far less prominent than the SSL/early TLS changes, but are equally as important. Here's a look at vulnerability scanning and POS device security changes.Continue Reading
Email security gateways vs. Web security gateways: Do you need both?
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.Continue Reading
Nine steps for purchasing database security tools
Expert Adrian Lane lays out the criteria for procuring the right database security software for your enterprise.Continue Reading
Microsoft Edge security features raise the bar in Web browser safety
Learn about the new and improved security features in the upcoming Microsoft Edge browser, including on-by-default sandboxes, Passport and HTML5.Continue Reading
Can a read-only domain controller maximize DMZ security?
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading
Do enterprises need an internal firewall?
Internal firewalls are on the market, but how do they differ from traditional firewalls? Expert Kevin Beaver explains the benefits and drawbacks.Continue Reading
How has enterprise SSO technology evolved?
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.Continue Reading
Can the security industry handle a chief information risk officer?
Chief information risk officers seem to be on the horizon as CISOs become inundated with responsibilities, but adding another c-level could cause more harm than good.Continue Reading
The FIDO authentication framework: What do enterprises need to know?
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most important points of the UAF.Continue Reading
Which is safer: an HSM appliance or a virtual appliance?
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.Continue Reading
Comparing the top wireless intrusion prevention systems
Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading
Is third-party vendor management the next IAM frontier?
Identity and access management deployments are notoriously complex. And things are getting worse as legacy technology meets next-generation applications. As the traditional network perimeter continues to disappear, robust IAM becomes more important ...Continue Reading
Which authentication method is better: 2FA or MFA?
Which authentication method is better for securing enterprise devices and systems: two-factor authentication or multifactor authentication?Continue Reading
Becoming jaded with Security BSides' Jack Daniel
The financial success of the security industry has created "breach" ambulance-chasers. Can grassroots efforts still move InfoSec forward?Continue Reading
Is third-party access the next IAM frontier?
Identity and access management of employees is so complex that many companies have faltered when it comes to securing programs for trusted partners.Continue Reading
Cybersecurity skills shortage? Hackers wanted
The problem-solving skills that many enterprises need to counter threats are hard to identity, let alone multiply.Continue Reading
The top threat intelligence services for enterprises
Threat intelligence takes data from multiple sources and turns it into actionable, contextual information. Expert Ed Tittel takes a look at the top threat intelligence services.Continue Reading
What VoLTE security risks should enterprises be aware of?
Mobile devices are coming enabled for VoLTE for voice and video calling, but what are the risks? Network security expert Kevin Beaver explains.Continue Reading
How can the Border Router Security Tool improve enterprise security?
The Border Router Security Tool aims to improve router security to boost Internet safety. Expert Kevin Beaver explains its place in the enterprise.Continue Reading
Security alerts: What's the best way to reduce false positives?
False positive security alerts are troublesome, costly and time-consuming. Expert Kevin Beaver explains how to reduce the number of false positivesContinue Reading
How to perform IPv6 network reconnaissance
While network reconnaissance is a critical step in identifying potential vulnerabilities, performing an IPv6 network audit without the right tools can be a challenge. Learn about the tools available and how to properly use them.Continue Reading
How can the SSDP protocol be secured to prevent DDoS attacks?
Attackers are targeting the SSDP protocol to amplify the effects of DDoS attacks. Learn what this protocol does and how to secure it.Continue Reading
How can the Angler exploit kit's latest capabilities be mitigated?
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick Lewis advises how to mitigate the threat.Continue Reading
Third-party risk management: Avoid the dangers of weak controls
If you know where the risk points are, you can request additional safeguards to protect the system and data access of trusted business partners.Continue Reading
Comparing the best UTM products in the industry
Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading
PCI DSS 3.1 marks the end of SSL/early TLS encryption for retailers
The early arrival of PCI DSS 3.1 could leave organizations scrambling. The biggest change to the standard -- and the top priority for organizations -- is the end of SSL and early TLS.Continue Reading
How does the PFP Cybersecurity power consumption tool detect malware?
A new tool claims to detect malware by monitoring power consumption -- but is it good for enterprise use? Enterprise threats expert Nick Lewis explains.Continue Reading
How can an HTTP referer header help maintain user Web privacy?
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not leaked.Continue Reading
Will TLS 1.3 solve the problems of certificate authorities?
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocols have long been the cornerstone of Web application security, and the whole process finds its root (quite literally) in a system of signed certificates. The trouble ...Continue Reading
How network traffic analysis helps defeat advanced malware
In this podcast learn how advanced malware works and why network traffic analysis is essential to protect your enterprise's network.Continue Reading
Certificate authorities are limited but new TLS versions can help
SSL/TLS, long the cornerstone of Web security, has become a security vulnerability due to problems with certificate authorities. Learn what solutions the industry is pursuing.Continue Reading
Block ciphers: REESSE3+ vs. International Data Encryption Algorithm
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.Continue Reading
A closer look at the Certified Information Security Manager certification
The Certified Information Security Manager certification has been around for over a decade now, and it's only grown in prominence. What makes the ISACA CISM so important and how does it compare to its peers?Continue Reading
Does Peerio offer secure enterprise messaging and file sharing?
A new app for end-to-end encrypted messaging and file sharing is available, but is it ready for enterprise use? Expert Michael Cobb explains.Continue Reading
Can application whitelisting help retailers improve POS security?
POS security continues to be a pain point for retailers. Whitelisting can help, but it can't fix the problem alone.Continue Reading
Endpoint security tools: A buyer's guide
Learn how to evaluate and buy the right endpoint security products for your organization with this antimalware buyer's guide.Continue Reading
How UTM products can benefit your enterprise network environment
Expert Ed Tittel explains why unified threat management is the right holistic IT security approach for SMBs and how it can fit into the enterprise, as well.Continue Reading
What privacy controls are in the HITRUST Common Security Framework?
The updated HITRUST Common Security Framework allows organizations to manage privacy, security and compliance with one framework. Here's how it works and what the update includes.Continue Reading
Comparing the top security analytics tools in the industry
Expert Dan Sullivan examines the top security analytics products to help readers determine which may be best for their organization.Continue Reading
How to choose the right email security gateway
Email security gateways (ESGs) are an efficient tool for protecting the network of organizations of all sizes from email-borne threats. ESGs are an efficient means for preventing the delivery of email that violates an organization’s policies. These ...Continue Reading
Insider Edition: Advanced security monitoring scrubs networks clean
The era of the Internet of Things, bring your own devices and social media has also become an era of highly sophisticated malware. Advanced security monitoring tools are crucial in the fight to protect the enterprise network.
This Insider ...Continue ReadingIs a data breach warranty worth the investment?
A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple examines.Continue Reading
Tips for creating a data classification policy
Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading
A new trend in cybersecurity regulations could mean tougher compliance
State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading
What's the difference between extortionware and ransomware?
Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them.Continue Reading
Scour your enterprise with network security monitoring tools
Advanced network security monitoring tools offer new hope for catching malware threats that fly under the traditional radar.Continue Reading