Get started

Data Security and Cloud Computing

• Q&A: Rethink compensating controls, says Warner Bros. CISO

  It is not hard to make the shift from independent controls for defense in depth to interlocking strategies, Ron Dilley tells Marcus Ranum, but careful planning is required. Continue Reading

• Wi-Fi Sense

  Windows Wi-Fi Sense allows Windows 10 users to get Internet access from public hotspots and private wireless local area networks (WLANs) that have been shared by friends. Although Wi-Fi Sense is enabled by default in all editions of Windows 10, the ... Continue Reading

• How should CISOs present a security assessment report?

  CISOs regularly have to present a security assessment report to the board of directors. Expert Mike O. Villegas has some tips to make it more engaging. Continue Reading

• The enterprise potential of behavioral biometrics

  Biometric authentication has quickly evolved to include behavioral identifiers. Expert Michael Cobb explores the benefits of behavioral biometric technology for enterprises. Continue Reading

• How to buy multifactor authentication tools

  Multifactor authentication (MFA) is a security technology that takes something that end users possess, such as a security token ... Continue Reading

• Definitions to Get Started

  • What is Cybersecurity? Everything You Need to Know
  • risk analysis
  • asymmetric cryptography (public key cryptography)
  • juice jacking

  • DNS attack
  • Advanced Encryption Standard (AES)
  • intrusion detection system (IDS)
  • Secure Shell (SSH)

  View All Definitions

• Network perimeter security in a perimeterless world

  The old enterprise network perimeter is becoming perimeterless. Here’s how to revamp old network perimeter security strategies to cope with the new reality.Continue Reading

• What happens if you ignore information security compliance?

  If an enterprise decides to ignore its information security compliance obligations, what happens? Expert Mike Chapple explains what willful noncompliance means.Continue Reading

• Introduction to big data security analytics in the enterprise

  Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection.Continue Reading

• network behavior anomaly detection (NBAD)

  Network behavior anomaly detection (NBAD) is the continuous monitoring of a proprietary network for unusual events or extraordinary trends.Continue Reading

• Supply chain security: Controlling third-party risks

  Third-party contractors and business partners can create risks for enterprises. Expert Eric Cole offers guidance on improving supply chain security and controlling third-party risks.Continue Reading

• How should enterprises start the vendor management process?

  The security vendor management process can be tricky, especially at the beginning when deciding what to buy and from whom. Expert Mike O. Villegas has some advice.Continue Reading

• Three steps to prevent and mitigate router security issues

  Numerous router security threats have made the news, threatening the integrity of enterprise data. Expert Kevin Beaver offers three steps for maintaining router safety.Continue Reading

• What are enterprise social media best practices for CISOs?

  CISOs need to follow certain enterprise social media best practices if they want to safely maintain public profiles. Expert Mike O. Villegas has ten best practices for social media.Continue Reading

• What should CISOs include in security reports?

  Security reports are a good way for CISOs to communicate with the board of directors. Here are specific topics that should be included in the reporting.Continue Reading

• Indicators of Compromise (IOC)

  Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor.Continue Reading

• bimodal IAM (bimodal identity access management)

  Bimodal identity and access management (IAM) uses two forms of credentials, internal and external, as a method of authentication.Continue Reading

• Can opportunistic encryption improve browser security?

  Opportunistic encryption offers encryption for servers that don't support HTTPS. Expert Michael Cobb explains how it works and how it can help Web security.Continue Reading

• What does the CASP certification update include?

  CompTIA released updates to the CASP certification. Expert Mike O. Villegas reviews the changes and discusses whether they add value to the certification.Continue Reading

• Is data center cleaning a compliance requirement?

  Data center cleaning may not be mandated, but it's still a good idea to do. Some best practices include using HEPA technology and specific cleaning products.Continue Reading

• HIPAA and HITECH compliance: Who should perform assessments?

  Here are some important criteria for hiring a partner to review your information security program, with a focus on HIPAA and HITECH compliance.Continue Reading

• Comparing the best data loss prevention products

  Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading

• Building an Information Security Awareness Program

  In this excerpt of Building an Information Security Awareness Program, authors Bill Gardner and Valerie Thomas discuss why lecturing is an ineffective method of security awareness programs and offer alternative measures enterprises should consider.Continue Reading

• How can security leaders create a positive work environment?

  It's the responsibility of security leaders to create a positive work environment for security teams, which can be tough to do in such a demanding field. Here's how.Continue Reading

• How is the NIST Cybersecurity Framework being received?

  The NIST Cybersecurity Framework gets mixed reviews, but it could be a good starting point for organizations looking to better manage cybersecurity.Continue Reading

• How will the Cybersecurity Information Sharing Act affect enterprises?

  The Cybersecurity Information Sharing Act has ruffled some feathers in the security industry. What is the CISA and what is the debate around it?Continue Reading

• STIX (Structured Threat Information eXpression)

  STIX (Structured Threat Information eXpression) is an XML programming language that allows cybersecurity threat data to be shared.Continue Reading

• Comparing the best Web application firewalls in the industry

  Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading

• How can a compliance management plan help enterprises avoid fatigue?

  Complex compliance mandates can lead to compliance fatigue. Expert Mike Chapple explains how to develop an effective compliance management plan.Continue Reading

• Is a DNSSEC implementation an enterprise necessity?

  While there are numerous security benefits to a DNSSEC implementation, there are drawbacks as well. Expert Kevin Beaver explains.Continue Reading

• Improve corporate data protection with foresight, action

  Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack.Continue Reading

• Learn from the past: Ensure a secure future of information security

  To ensure the future of information security, enterprises must learn from the past, launch proper training and install the right technologies.Continue Reading

• Trading Microsoft Patch Tuesday in for Windows Update for Business

  While the consumer world is going Patch Tuesday-less, Microsoft is evolving its Patch Tuesday into Windows Update for Business for enterprise software. Learn what this change means.Continue Reading

• How can geofencing improve an enterprise security strategy?

  Geofencing technology creates a virtual fence on employee devices, adding a crucial extra layer of security. But do privacy concerns negate the benefits of this feature? Expert Michael Cobb explains.Continue Reading

• CSSLP (certified secure software lifecycle professional)

  The CSSLP (certified secure software lifecycle professional) is a certification for security professionals who wish to strengthen and demonstrate their knowledge about application security.Continue Reading

• watering hole attack

  A watering hole attack targets a specific group of users by infecting websites group members like to visit. The name watering hole attack is inspired by predators in the natural world who lurk near watering holes, looking for opportunities to attack...Continue Reading

• Wearables security: Do enterprises need a separate WYOD policy?

  Wearable technology is infiltrating the enterprise, much like BYOD has. Expert Michael Cobb discusses the security concerns of wearables and outlines how to create a WYOD policy.Continue Reading

• Gula talks Nessus agents and Nessus cloud

  Video: SearchSecurity spoke with Tenable co-founder Ron Gula about recent additions to the Nessus feature set, including a version that lives in the cloud.Continue Reading

• Choosing a threat intelligence platform: What enterprises should know

  Video: Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.Continue Reading

• What happens if the Data Accountability and Trust Act becomes a law?

  The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.Continue Reading

• Introduction to Web fraud detection systems

  Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.Continue Reading

• Can a walled garden approach help secure Web browsers?

  While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading

• Six areas of importance in the PCI Penetration Testing Guidance

  Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes.Continue Reading

• Knock advanced malware out cold with network anomaly detection

  This Security School will get you up to speed on why network anomaly detection is crucial in the battle against advanced malware.Continue Reading

• Comparing the top database security tools

  Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision.Continue Reading

• Email security gateways vs. Web security gateways: Do you need both?

  When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.Continue Reading

• Nine steps for purchasing database security tools

  Expert Adrian Lane lays out the criteria for procuring the right database security software for your enterprise.Continue Reading

• What do end-of-software development dates mean for security?

  Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.Continue Reading

• Can a read-only domain controller maximize DMZ security?

  Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading

• How has enterprise SSO technology evolved?

  Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.Continue Reading

• The right approach for a security vulnerability disclosure policy

  Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.Continue Reading

• Which is safer: an HSM appliance or a virtual appliance?

  A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.Continue Reading

• Comparing the top wireless intrusion prevention systems

  Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading

• Which authentication method is better: 2FA or MFA?

  Which authentication method is better for securing enterprise devices and systems: two-factor authentication or multifactor authentication?Continue Reading

• end-to-end encryption (E2EE)

  End-to-end encryption is a secure method of transferring data from one end device to another without allowing third-party interference.Continue Reading

• The top threat intelligence services for enterprises

  Threat intelligence takes data from multiple sources and turns it into actionable, contextual information. Expert Ed Tittel takes a look at the top threat intelligence services.Continue Reading

• LogRhythm Security Intelligence: Threat intelligence services overview

  In this threat intelligence service overview, Expert Ed Tittel looks at the LogRhythm Security Intelligence threat intelligence platform, designed for simple setup and ease of use.Continue Reading

• ERP security: How to defend against SAP vulnerabilities

  A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.Continue Reading

• How can the Border Router Security Tool improve enterprise security?

  The Border Router Security Tool aims to improve router security to boost Internet safety. Expert Kevin Beaver explains its place in the enterprise.Continue Reading

• How to perform IPv6 network reconnaissance

  While network reconnaissance is a critical step in identifying potential vulnerabilities, performing an IPv6 network audit without the right tools can be a challenge. Learn about the tools available and how to properly use them.Continue Reading

• How can the SSDP protocol be secured to prevent DDoS attacks?

  Attackers are targeting the SSDP protocol to amplify the effects of DDoS attacks. Learn what this protocol does and how to secure it.Continue Reading

• How (ISC)2 plans to get millennials into cybersecurity careers

  Video: Getting millennials into cybersecurity careers is a crucial way to close the hiring gap facing the security industry. David Shearer of (ISC)2 discusses how to make this happen.Continue Reading

• Comparing the best UTM products in the industry

  Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading

• How can the Siri attack, 'iStegSiri,' be mitigated?

  A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against such threats.Continue Reading

• endpoint security management

  Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources.Continue Reading

• How does user behavior analytics compare to security awareness training?

  User behavior analytics is emerging as a technology to prevent malware infections and end-user attacks, but how viable is it? Expert Nick Lewis outlines the pros and cons.Continue Reading

• How does the PFP Cybersecurity power consumption tool detect malware?

  A new tool claims to detect malware by monitoring power consumption -- but is it good for enterprise use? Enterprise threats expert Nick Lewis explains.Continue Reading

• Six ways to improve endpoint device security

  Endpoint devices are often the root cause of data breaches. Expert Eric Cole explains the best ways to improve endpoint protection.Continue Reading

• EINSTEIN

  EINSTEIN monitors and analyzes Internet traffic when it moves in and out of U.S. federal computer networks.Continue Reading

• Six criteria for purchasing unified threat management appliances

  Expert Ed Tittel explores key criteria for evaluating unified threat management (UTM) appliances to determine the best choice for your organization.Continue Reading

• IT consultants leading edge of Internet of Everything security

  Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.Continue Reading

• Block ciphers: REESSE3+ vs. International Data Encryption Algorithm

  Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.Continue Reading

• A closer look at the Certified Information Security Manager certification

  The Certified Information Security Manager certification has been around for over a decade now, and it's only grown in prominence. What makes the ISACA CISM so important and how does it compare to its peers?Continue Reading

• Bloom cookies: Privacy without prohibiting Web personalization?

  While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help enhance privacy while maintaining personalization.Continue Reading

• Does Peerio offer secure enterprise messaging and file sharing?

  A new app for end-to-end encrypted messaging and file sharing is available, but is it ready for enterprise use? Expert Michael Cobb explains.Continue Reading

• How can we secure enterprise email at home and abroad?

  Emails often contain sensitive information, yet the proper measures are not always taken to secure them. Learn how to keep corporate email safe both at home and in foreign countries.Continue Reading

• From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan

  PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.Continue Reading

• PoSeidon: Inside the evolving world of point-of-sale malware

  Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it.Continue Reading

• What do organizations need to know about privacy in a HIPAA audit?

  A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.Continue Reading

• Tips for creating a data classification policy

  Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading

• A new trend in cybersecurity regulations could mean tougher compliance

  State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading

• What's the difference between extortionware and ransomware?

  Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them.Continue Reading

• Advice to help today's CISOs succeed at security leadership

  Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.Continue Reading

• strong cryptography

  Strong cryptography is used by most governments around the world to protect communications. It involves secreted and encrypted communication that is not amenable to cryptographic analysis.Continue Reading

• PCI gap assessment

  A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first step for a merchant seeking to become PCI ...Continue Reading

• The top antimalware protection products for endpoint security

  Antimalware protection is essential for securing client computers and devices. Here's a look at the top endpoint protection products in the industry.Continue Reading

• network vulnerability scanning

  A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.Continue Reading

• Is it time for a DLP system in your enterprise?

  It’s been a relatively quiet few months in data loss prevention. Not as commonly deployed as firewalls and malware protection, DLP has proven itself as a worthy security control, and its role may continue to grow. The environment DLP seeks to ...Continue Reading

• How to keep track of sensitive data with a data flow map

  Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading

• How can we detect and uninstall bloatware?

  Unwanted preinstalled software -- also known as bloatware -- has made its way onto PCs and mobile devices alike. Expert Nick Lewis explains how to detect and uninstall the potential threat.Continue Reading

• The importance of soft skills development for security professionals

  While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering.Continue Reading

• What's the best way to provide Wi-Fi guest network security?

  Expert Kevin Beaver explains the steps enterprises should take to ensure secure guest wireless networks for visitors and the enterprise alike.Continue Reading

• Watters: 'Cyber officers' are now risk officers for businesses

  More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.Continue Reading

• State of the Network study: How security tasks are dominating IT staff

  The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading

• Four enterprise scenarios for deploying database security tools

  Expert Adrian Lane describes the use cases and ways database security tools are used to boost enterprise security.Continue Reading

• What does bimodal IAM mean for user credentials?

  Bimodal IAM may be a new term, but this new way to use user credentials should probably already be in practice among secure organizations.Continue Reading

• Introduction to database security tools for the enterprise

  Expert Adrian Lane explains why database security tools play a significant, if not the majority, role in protecting data in the enterprise data center.Continue Reading

• What do organizations need to know about the final FFIEC guidance?

  The final FFIEC guidance covers a wide range of security subjects, but there are specific takeaways regarding authentication that enterprises should pay attention to.Continue Reading

• Three usage scenarios for deploying data loss prevention products

  Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading

• Browser and device fingerprinting: Undeletable cookies of the future?

  Browser and device fingerprinting create cookies that users cannot prevent nor delete. Expert Michael Cobb explains how to address the threat.Continue Reading

• The business case for data loss prevention products

  Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading