Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Gary McGraw discusses the security risks of dynamic code

  Gary McGraw says secure software development gets tricky when your programming environment shifts like sand. Continue Reading

• A closer look at the changes of PCI DSS version 3.1

  PCI DSS version 3.1 includes some minor updates that are far less prominent than the SSL/early TLS changes, but are equally as important. Here's a look at vulnerability scanning and POS device security changes. Continue Reading

• Email security gateways vs. Web security gateways: Do you need both?

  When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains. Continue Reading

• Emerging hacking trends worry seasoned security professionals

  Video: Some new hacking trends have security professionals worried, including Robert "RSnake" Hansen, who notes the speed and motivation of today's attackers. Continue Reading

• Nine steps for purchasing database security tools

  Expert Adrian Lane lays out the criteria for procuring the right database security software for your enterprise. Continue Reading

• Microsoft Edge security features raise the bar in Web browser safety

  Learn about the new and improved security features in the upcoming Microsoft Edge browser, including on-by-default sandboxes, Passport and HTML5.Continue Reading

• Can a read-only domain controller maximize DMZ security?

  Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading

• Do enterprises need an internal firewall?

  Internal firewalls are on the market, but how do they differ from traditional firewalls? Expert Kevin Beaver explains the benefits and drawbacks.Continue Reading

• How has enterprise SSO technology evolved?

  Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.Continue Reading

• Can the security industry handle a chief information risk officer?

  Chief information risk officers seem to be on the horizon as CISOs become inundated with responsibilities, but adding another c-level could cause more harm than good.Continue Reading

• The right approach for a security vulnerability disclosure policy

  Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.Continue Reading

• The FIDO authentication framework: What do enterprises need to know?

  Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most important points of the UAF.Continue Reading

• Which is safer: an HSM appliance or a virtual appliance?

  A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.Continue Reading

• Comparing the top wireless intrusion prevention systems

  Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading

• Is third-party vendor management the next IAM frontier?

  Identity and access management deployments are notoriously complex. And things are getting worse as legacy technology meets next-generation applications. As the traditional network perimeter continues to disappear, robust IAM becomes more important ...Continue Reading

• Which authentication method is better: 2FA or MFA?

  Which authentication method is better for securing enterprise devices and systems: two-factor authentication or multifactor authentication?Continue Reading

• Becoming jaded with Security BSides' Jack Daniel

  The financial success of the security industry has created "breach" ambulance-chasers. Can grassroots efforts still move InfoSec forward?Continue Reading

• Is third-party access the next IAM frontier?

  Identity and access management of employees is so complex that many companies have faltered when it comes to securing programs for trusted partners.Continue Reading

• Cybersecurity skills shortage? Hackers wanted

  The problem-solving skills that many enterprises need to counter threats are hard to identity, let alone multiply.Continue Reading

• The top threat intelligence services for enterprises

  Threat intelligence takes data from multiple sources and turns it into actionable, contextual information. Expert Ed Tittel takes a look at the top threat intelligence services.Continue Reading

• What VoLTE security risks should enterprises be aware of?

  Mobile devices are coming enabled for VoLTE for voice and video calling, but what are the risks? Network security expert Kevin Beaver explains.Continue Reading

• Security operations centers could be key to better security

  Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.Continue Reading

• How can the Border Router Security Tool improve enterprise security?

  The Border Router Security Tool aims to improve router security to boost Internet safety. Expert Kevin Beaver explains its place in the enterprise.Continue Reading

• Security alerts: What's the best way to reduce false positives?

  False positive security alerts are troublesome, costly and time-consuming. Expert Kevin Beaver explains how to reduce the number of false positivesContinue Reading

• How to perform IPv6 network reconnaissance

  While network reconnaissance is a critical step in identifying potential vulnerabilities, performing an IPv6 network audit without the right tools can be a challenge. Learn about the tools available and how to properly use them.Continue Reading

• How can the SSDP protocol be secured to prevent DDoS attacks?

  Attackers are targeting the SSDP protocol to amplify the effects of DDoS attacks. Learn what this protocol does and how to secure it.Continue Reading

• How can the Angler exploit kit's latest capabilities be mitigated?

  As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick Lewis advises how to mitigate the threat.Continue Reading

• Third-party risk management: Avoid the dangers of weak controls

  If you know where the risk points are, you can request additional safeguards to protect the system and data access of trusted business partners.Continue Reading

• Comparing the best UTM products in the industry

  Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading

• The Sony Pictures hack: A lesson in enterprise incident response

  The Sony Pictures hack was a breach unlike others. John Dickson, principal at Denim Group, talked to SearchSecurity at RSA Conference 2015 about what enterprises should take from the attack.Continue Reading

• PCI DSS 3.1 marks the end of SSL/early TLS encryption for retailers

  The early arrival of PCI DSS 3.1 could leave organizations scrambling. The biggest change to the standard -- and the top priority for organizations -- is the end of SSL and early TLS.Continue Reading

• How does the PFP Cybersecurity power consumption tool detect malware?

  A new tool claims to detect malware by monitoring power consumption -- but is it good for enterprise use? Enterprise threats expert Nick Lewis explains.Continue Reading

• How can an HTTP referer header help maintain user Web privacy?

  Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not leaked.Continue Reading

• Will TLS 1.3 solve the problems of certificate authorities?

  Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocols have long been the cornerstone of Web application security, and the whole process finds its root (quite literally) in a system of signed certificates. The trouble ...Continue Reading

• Women in security: Charting an InfoSec career path

  At RSA Conference 2015, Cloudmark's Angela Knox discussed how she started a career in InfoSec and how the security industry can appeal to women like her.Continue Reading

• How network traffic analysis helps defeat advanced malware

  In this podcast learn how advanced malware works and why network traffic analysis is essential to protect your enterprise's network.Continue Reading

• Certificate authorities are limited but new TLS versions can help

  SSL/TLS, long the cornerstone of Web security, has become a security vulnerability due to problems with certificate authorities. Learn what solutions the industry is pursuing.Continue Reading

• Block ciphers: REESSE3+ vs. International Data Encryption Algorithm

  Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.Continue Reading

• A closer look at the Certified Information Security Manager certification

  The Certified Information Security Manager certification has been around for over a decade now, and it's only grown in prominence. What makes the ISACA CISM so important and how does it compare to its peers?Continue Reading

• Does Peerio offer secure enterprise messaging and file sharing?

  A new app for end-to-end encrypted messaging and file sharing is available, but is it ready for enterprise use? Expert Michael Cobb explains.Continue Reading

• Can application whitelisting help retailers improve POS security?

  POS security continues to be a pain point for retailers. Whitelisting can help, but it can't fix the problem alone.Continue Reading

• Endpoint security tools: A buyer's guide

  Learn how to evaluate and buy the right endpoint security products for your organization with this antimalware buyer's guide.Continue Reading

• How UTM products can benefit your enterprise network environment

  Expert Ed Tittel explains why unified threat management is the right holistic IT security approach for SMBs and how it can fit into the enterprise, as well.Continue Reading

• Too much emphasis on threat intelligence sharing, Gula says

  Tenable founder Ron Gula says sharing information to detect threats is great, but getting the security posture properly designed is the better option.Continue Reading

• What privacy controls are in the HITRUST Common Security Framework?

  The updated HITRUST Common Security Framework allows organizations to manage privacy, security and compliance with one framework. Here's how it works and what the update includes.Continue Reading

• Comparing the top security analytics tools in the industry

  Expert Dan Sullivan examines the top security analytics products to help readers determine which may be best for their organization.Continue Reading

• How to choose the right email security gateway

  Email security gateways (ESGs) are an efficient tool for protecting the network of organizations of all sizes from email-borne threats. ESGs are an efficient means for preventing the delivery of email that violates an organization’s policies. These ...Continue Reading

• Insider Edition: Advanced security monitoring scrubs networks clean

  The era of the Internet of Things, bring your own devices and social media has also become an era of highly sophisticated malware. Advanced security monitoring tools are crucial in the fight to protect the enterprise network.
  
  This Insider ...Continue Reading

• Is a data breach warranty worth the investment?

  A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple examines.Continue Reading

• Why Web browser security is a goldmine for attackers

  Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.Continue Reading

• Tips for creating a data classification policy

  Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading

• A new trend in cybersecurity regulations could mean tougher compliance

  State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading

• What's the difference between extortionware and ransomware?

  Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them.Continue Reading

• Scour your enterprise with network security monitoring tools

  Advanced network security monitoring tools offer new hope for catching malware threats that fly under the traditional radar.Continue Reading

• The top antimalware protection products for endpoint security

  Antimalware protection is essential for securing client computers and devices. Here's a look at the top endpoint protection products in the industry.Continue Reading

• Is it time for a DLP system in your enterprise?

  It’s been a relatively quiet few months in data loss prevention. Not as commonly deployed as firewalls and malware protection, DLP has proven itself as a worthy security control, and its role may continue to grow. The environment DLP seeks to ...Continue Reading

• What's the best defense against BlackEnergy malware?

  The BlackEnergy malware has evolved from DDoS launching to a crimeware tool to an APT. Learn more about its changes and new defense measures for combatting the threat.Continue Reading

• What to look for in enterprise mobility management

  Any given vendor's enterprise mobility management offering is likely to come from a starting point in one or another of the core "previous generation" of mobile management products, mobile device management (MDM), mobile application management (MAM)...Continue Reading

• What features do you need in an EMM tool?

  Enterprise mobility management products evolved from different types of mobility management tools, and so can vary greatly. Review capabilities and features you’ll want to consider before you buy.Continue Reading

• The importance of soft skills development for security professionals

  While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering.Continue Reading

• What's the best way to provide Wi-Fi guest network security?

  Expert Kevin Beaver explains the steps enterprises should take to ensure secure guest wireless networks for visitors and the enterprise alike.Continue Reading

• Six criteria for buying data loss prevention products

  Expert Bill Hayes lays out six steps to take in order to buy the right data loss protection (DLP) products for your organization.Continue Reading

• Can eavesdropping over the SS7 protocol be prevented?

  Recently revealed insecurities in SS7 have left many unsure about the well-used protocol needed for phone connections. However, the answer to achieving security is not easily obtained.Continue Reading

• Four enterprise scenarios for deploying database security tools

  Expert Adrian Lane describes the use cases and ways database security tools are used to boost enterprise security.Continue Reading

• Can simple photography beat biometric systems?

  Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.Continue Reading

• Network anomaly detection: The essential antimalware tool

  Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware.Continue Reading

• Find network anomalies and you'll ax advanced malware

  Learn how advanced malware evades perimeter defenses and why tools to detect network anomalies are essential to keep your network secure.Continue Reading

• What does bimodal IAM mean for user credentials?

  Bimodal IAM may be a new term, but this new way to use user credentials should probably already be in practice among secure organizations.Continue Reading

• Stale, dead apps emerging as serious mobile security risks

  At RSA 2015, Appthority president and co-founder Domingo Guerra outlines emerging mobile security risks enterprises must be aware of -- and the issues aren't limited to just bring your own devices (BYOD).Continue Reading

• Can reviewing credential dumps protect identity information?

  Reviewing credential dumps could potentially save identity information from being stolen and used in a data breach. Expert Randall Gamby explains why it's worth the extra work.Continue Reading

• Why security operations centers are the key to the future

  Security operations centers (SOCs) can help enterprises gain better visibility into their environments. Expert Eric Cole explains how to get the most out of SOCs.Continue Reading

• What do organizations need to know about the final FFIEC guidance?

  The final FFIEC guidance covers a wide range of security subjects, but there are specific takeaways regarding authentication that enterprises should pay attention to.Continue Reading

• From the frontlines: Horror stories on information breach response

  Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.Continue Reading

• The business case for data loss prevention products

  Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading

• Will Certificate Transparency solve certificate authority trust issues?

  Explore how Certificate Transparency can help resolve certificate and certificate authority issues plaguing enterprises today.Continue Reading

• Why are software bundles an enterprise software security issue?

  Third-party software bundling is not uncommon, but can present many issues to enterprise software security. Expert Michael Cobb discusses.Continue Reading

• How can a cross-certificate make Android devices crash?

  Cross-signed certificates are causing Android devices to crash, and it's not the first time there's been a problem. Learn more about this issue and its potential security risks.Continue Reading

• After Windows Server 2003 end of life: An emergency action plan

  Microsoft is ending support for Windows Server 2003 in July 2015, yet many organizations will still run W2K3 beyond this date. Learn how to keep your enterprise safe.Continue Reading

• Is the Boeing Black self-destructing phone enterprise-grade?

  The Boeing Black self-destructing phone puts security first, but does it fit into an enterprise's mobile security scheme? Expert Michael Cobb explains.Continue Reading

• McGraw: Software security testing is increasingly automated

  Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.Continue Reading

• Beyond the Page: What's the latest in virtualization security tools?

  Learn how malware is responding to the spread of virtualization in enterprise systems and how to choose the best tools to secure your virtual environment.Continue Reading

• Breaking down the CISO reporting structure

  The CISO reporting structure has come under fire after a long line of high-profile data breaches, so who should CISOs report to?Continue Reading

• Block chain startups signal new approaches to data integrity

  Bitcoin 2.0 is fueling technology development and services. The block chain mechanisms that secure the Bitcoin network hold real promise for security.Continue Reading

• User behavior analytics: Conquering the human vulnerability factor

  How do they know it’s really you? New behavioral technologies use data science to monitor user activity within the network.Continue Reading

• Catfish, super users and USB drives: We do the math

  The data science that reprogrammed Wall St. trading models may offer lessons for security.Continue Reading

• Malware analysis beyond the sandbox

  Researchers estimate that 70% of organizations will have implemented virtual servers by the end of 2015, representing a tipping point in enterprises’ adoption of virtualization. Virtual machines (VMs) must be protected from malware like other ...Continue Reading

• How can phishing attacks that use proxy programs be stopped?

  Phishing attacks are adopting new functionality to avoid detection, including the use of proxy programs to simplify the attack process. Learn how to defend against this type of risk.Continue Reading

• How to buy the best EMM tools for your enterprise system

  Any given vendor's enterprise mobility management offering is likely to come from a starting point in one or another of the core "previous generation" of mobile management products, mobile device management (MDM), mobile application management (MAM)...Continue Reading

• How can CISOs avoid executive turnover after a data breach?

  The executive turnover at enterprises after a data breach is fairly high. Expert Mike Villegas gives some advice on how CISOs can avoid losing their job.Continue Reading

• Cisco Security Services set for 2x product growth in 2015

  Cisco's Bryan Palma discusses Cisco's strategy for security services and talks about the recent Neohapsis acquisition.Continue Reading

• Should privacy professionals be legal minds or techies?

  Hiring privacy professionals for your enterprise can be a daunting task. Expert Mike O. Villegas explains the role and what qualities to look for in candidates.Continue Reading

• A look at the development of an ICS security framework

  Building an ICS security framework was an in-depth process and combined many different cybersecurity standards. Here's a look at how it developed.Continue Reading

• Buyer’s Essentials: What to look for in user behavioral analytics tools

  Now that the hype surrounding big data has cooled, it's time for organizations to sort out what capabilities big data contributes to the analytics techniques being applied to security products. One capability, which may be more useful than glamorous...Continue Reading

• Three enterprise benefits of email security gateways

  Virtually every enterprise can benefit from email security gateways. Expert Karen Scarfone examines the primary benefits of the products.Continue Reading

• How can HIPAA security risk analysis help with compliance?

  HHS recommends security risk analysis as an early step to become HIPAA compliant, so how should organizations put this tip into practice?Continue Reading

• User behavioral analytics tools can thwart security attacks

  This guide to user behavioral analytics tools helps InfoSec pros determine what features they should consider before making a purchase and reviews both deployment strategies and reasonable performance expectations.Continue Reading

• Can the Wyvern programming language improve Web app security?

  A new programming language called Wyvern is helping developers use multiple languages in one app securely. Application security expert Michael Cobb discusses.Continue Reading

• Finding clarity: Unified threat management systems vs. next-gen firewalls

  The line between unified threat management systems and next-gen firewalls has grown increasingly unclear. Here, learn more about UTM vs. NGFW and choose the right technology for your enterprise.Continue Reading

• Are HTML5 mobile apps an enterprise security concern?

  Gartner predicts more than half of all mobile apps will use HTML5 by 2016, but what threats will this cause the enterprise? Expert Michael Cobb discusses.Continue Reading

• Is global email an enterprise email security risk?

  Ubiquitous global email is right around the corner. But what effect will it have on enterprises? Expert Michael Cobb explains.Continue Reading