Get started
Bring yourself up to speed with our introductory content.
Data Security and Cloud Computing
Introduction to Web fraud detection systems
Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce. Continue Reading
Can a walled garden approach help secure Web browsers?
While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why. Continue Reading
Six areas of importance in the PCI Penetration Testing Guidance
Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes. Continue Reading
-
Knock advanced malware out cold with network anomaly detection
This Security School will get you up to speed on why network anomaly detection is crucial in the battle against advanced malware. Continue Reading
Comparing the top database security tools
Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision. Continue Reading
Email security gateways vs. Web security gateways: Do you need both?
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.Continue Reading
Nine steps for purchasing database security tools
Expert Adrian Lane lays out the criteria for procuring the right database security software for your enterprise.Continue Reading
What do end-of-software development dates mean for security?
Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.Continue Reading
Can a read-only domain controller maximize DMZ security?
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading
How has enterprise SSO technology evolved?
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.Continue Reading
-
The right approach for a security vulnerability disclosure policy
Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.Continue Reading
Which is safer: an HSM appliance or a virtual appliance?
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.Continue Reading
Comparing the top wireless intrusion prevention systems
Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading
Which authentication method is better: 2FA or MFA?
Which authentication method is better for securing enterprise devices and systems: two-factor authentication or multifactor authentication?Continue Reading
end-to-end encryption (E2EE)
End-to-end encryption is a secure method of transferring data from one end device to another without allowing third-party interference.Continue Reading
The top threat intelligence services for enterprises
Threat intelligence takes data from multiple sources and turns it into actionable, contextual information. Expert Ed Tittel takes a look at the top threat intelligence services.Continue Reading
LogRhythm Security Intelligence: Threat intelligence services overview
In this threat intelligence service overview, Expert Ed Tittel looks at the LogRhythm Security Intelligence threat intelligence platform, designed for simple setup and ease of use.Continue Reading
ERP security: How to defend against SAP vulnerabilities
A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.Continue Reading
How can the Border Router Security Tool improve enterprise security?
The Border Router Security Tool aims to improve router security to boost Internet safety. Expert Kevin Beaver explains its place in the enterprise.Continue Reading
How to perform IPv6 network reconnaissance
While network reconnaissance is a critical step in identifying potential vulnerabilities, performing an IPv6 network audit without the right tools can be a challenge. Learn about the tools available and how to properly use them.Continue Reading
How can the SSDP protocol be secured to prevent DDoS attacks?
Attackers are targeting the SSDP protocol to amplify the effects of DDoS attacks. Learn what this protocol does and how to secure it.Continue Reading
How (ISC)2 plans to get millennials into cybersecurity careers
Video: Getting millennials into cybersecurity careers is a crucial way to close the hiring gap facing the security industry. David Shearer of (ISC)2 discusses how to make this happen.Continue Reading
Comparing the best UTM products in the industry
Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading
How can the Siri attack, 'iStegSiri,' be mitigated?
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against such threats.Continue Reading
endpoint security management
Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources.Continue Reading
How does user behavior analytics compare to security awareness training?
User behavior analytics is emerging as a technology to prevent malware infections and end-user attacks, but how viable is it? Expert Nick Lewis outlines the pros and cons.Continue Reading
How does the PFP Cybersecurity power consumption tool detect malware?
A new tool claims to detect malware by monitoring power consumption -- but is it good for enterprise use? Enterprise threats expert Nick Lewis explains.Continue Reading
Six ways to improve endpoint device security
Endpoint devices are often the root cause of data breaches. Expert Eric Cole explains the best ways to improve endpoint protection.Continue Reading
EINSTEIN
EINSTEIN monitors and analyzes Internet traffic when it moves in and out of U.S. federal computer networks.Continue Reading
Six criteria for purchasing unified threat management appliances
Expert Ed Tittel explores key criteria for evaluating unified threat management (UTM) appliances to determine the best choice for your organization.Continue Reading
IT consultants leading edge of Internet of Everything security
Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.Continue Reading
Block ciphers: REESSE3+ vs. International Data Encryption Algorithm
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.Continue Reading
A closer look at the Certified Information Security Manager certification
The Certified Information Security Manager certification has been around for over a decade now, and it's only grown in prominence. What makes the ISACA CISM so important and how does it compare to its peers?Continue Reading
Bloom cookies: Privacy without prohibiting Web personalization?
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help enhance privacy while maintaining personalization.Continue Reading
Does Peerio offer secure enterprise messaging and file sharing?
A new app for end-to-end encrypted messaging and file sharing is available, but is it ready for enterprise use? Expert Michael Cobb explains.Continue Reading
How can we secure enterprise email at home and abroad?
Emails often contain sensitive information, yet the proper measures are not always taken to secure them. Learn how to keep corporate email safe both at home and in foreign countries.Continue Reading
From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan
PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.Continue Reading
PoSeidon: Inside the evolving world of point-of-sale malware
Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it.Continue Reading
What do organizations need to know about privacy in a HIPAA audit?
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.Continue Reading
Tips for creating a data classification policy
Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading
A new trend in cybersecurity regulations could mean tougher compliance
State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading
What's the difference between extortionware and ransomware?
Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them.Continue Reading
Advice to help today's CISOs succeed at security leadership
Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.Continue Reading
strong cryptography
Strong cryptography is used by most governments around the world to protect communications. It involves secreted and encrypted communication that is not amenable to cryptographic analysis.Continue Reading
PCI gap assessment
A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first step for a merchant seeking to become PCI ...Continue Reading
The top antimalware protection products for endpoint security
Antimalware protection is essential for securing client computers and devices. Here's a look at the top endpoint protection products in the industry.Continue Reading
network vulnerability scanning
A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.Continue Reading
Is it time for a DLP system in your enterprise?
It’s been a relatively quiet few months in data loss prevention. Not as commonly deployed as firewalls and malware protection, DLP has proven itself as a worthy security control, and its role may continue to grow. The environment DLP seeks to ...Continue Reading
How to keep track of sensitive data with a data flow map
Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading
The importance of soft skills development for security professionals
While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering.Continue Reading
What's the best way to provide Wi-Fi guest network security?
Expert Kevin Beaver explains the steps enterprises should take to ensure secure guest wireless networks for visitors and the enterprise alike.Continue Reading
Watters: 'Cyber officers' are now risk officers for businesses
More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.Continue Reading
State of the Network study: How security tasks are dominating IT staff
The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading
Four enterprise scenarios for deploying database security tools
Expert Adrian Lane describes the use cases and ways database security tools are used to boost enterprise security.Continue Reading
What does bimodal IAM mean for user credentials?
Bimodal IAM may be a new term, but this new way to use user credentials should probably already be in practice among secure organizations.Continue Reading
Introduction to database security tools for the enterprise
Expert Adrian Lane explains why database security tools play a significant, if not the majority, role in protecting data in the enterprise data center.Continue Reading
What do organizations need to know about the final FFIEC guidance?
The final FFIEC guidance covers a wide range of security subjects, but there are specific takeaways regarding authentication that enterprises should pay attention to.Continue Reading
Three usage scenarios for deploying data loss prevention products
Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading
Browser and device fingerprinting: Undeletable cookies of the future?
Browser and device fingerprinting create cookies that users cannot prevent nor delete. Expert Michael Cobb explains how to address the threat.Continue Reading
The business case for data loss prevention products
Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading
Introduction to data loss prevention products
Expert Bill Hayes describes how data loss prevention (DLP) products can help identify and plug information leaks and improve enterprise security.Continue Reading
Can Detekt identify remote administration Trojans and spyware?
State-sponsored malware and commercial surveillance software can be difficult to identify. Expert Nick Lewis explains how the Detekt tool can help.Continue Reading
Schneier: Weighing the costs of mass surveillance
Security expert Bruce Schneier says his new book, Data and Goliath, lays out a compelling case against government mass surveillance.Continue Reading
Endpoint protection: How to select virtualization security tools
Most virtualization security tools still follow dedicated agent models, but some technologies are starting to offload resources to a dedicated VM and leverage hypervisor APIs.Continue Reading
How to buy the best EMM tools for your enterprise system
Any given vendor's enterprise mobility management offering is likely to come from a starting point in one or another of the core "previous generation" of mobile management products, mobile device management (MDM), mobile application management (MAM)...Continue Reading
What is the best mobile malware protection against NotCompatible.C?
A sophisticated variant of the NotCompatible malware has emerged that is difficult to detect and defend against. Expert Nick Lewis offers tips for handling NotCompatible.C.Continue Reading
Seven criteria for purchasing a wireless intrusion prevention system
Expert George V. Hulme details the important criteria to weigh when evaluating wireless intrusion prevention systems for enterprise security.Continue Reading
Virtualization security tools adapt to malware
Expert Dave Shackleford examines how malware can now detect virtualization and the range of security tools available for endpoint protection.Continue Reading
Six criteria for procuring security analytics software
Security analytics software can be beneficial to enterprises. Expert Dan Sullivan explains how to select the right product to fit your organization's needs.Continue Reading
Buyer’s Essentials: What to look for in user behavioral analytics tools
Now that the hype surrounding big data has cooled, it's time for organizations to sort out what capabilities big data contributes to the analytics techniques being applied to security products. One capability, which may be more useful than glamorous...Continue Reading
How can health organizations prepare for HIPAA audits?
The long-awaited HIPAA audits conducted randomly by HHS are finally supposed to happen in 2015, but with stricter requirements. Here's how organizations can get ready.Continue Reading
Network security improved by Cisco data mining
Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.Continue Reading
web server security
Web server security is the protection of information assets that can be accessed from a Web server.Continue Reading
BSA updates: What's new in the Bank Secrecy Act?
The Bank Secrecy Act (BSA) updates will help firms prepare for the 2015 bank examinations. Here are some of the basics from this lengthy guidance.Continue Reading
User behavioral analytics tools can thwart security attacks
This guide to user behavioral analytics tools helps InfoSec pros determine what features they should consider before making a purchase and reviews both deployment strategies and reasonable performance expectations.Continue Reading
Can the Wyvern programming language improve Web app security?
A new programming language called Wyvern is helping developers use multiple languages in one app securely. Application security expert Michael Cobb discusses.Continue Reading
Can public key pinning improve Mozilla Firefox security?
Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains how it works and its benefits.Continue Reading
The moving target defense: Turning the tables on polymorphic malware
Security startups are using the techniques of polymorphic malware to better protect enterprises. Expert David Strom explores the moving target defense.Continue Reading
When is a breach detection system better than an IDS or NGFW?
Breach detection systems are gaining steam, but when would they be more appropriate to use than an IDS or NGFW? Expert Kevin Beaver explains.Continue Reading
Introduction to unified threat management appliances
Expert Ed Tittel describes unified threat management (UTM) appliances and features, and explains its advantages to organizations of all sizes.Continue Reading
PHP security tips to ensure enterprise Web safety
Research shows more than three-quarters of PHP installations run with at least one vulnerability. Learn the steps for ensuring PHP security in the enterprise workplace.Continue Reading
Breaking bad password habits in the enterprise
A bad password brings unnecessary risk into organizations, but how bad are they really? Expert Randall Gamby assesses just how dire the situation is.Continue Reading
What are the benefits of a having a CISO title in an organization?
Is a CISO title really necessary in an organization? Expert Mike O. Villegas explains why the title matters, as well as the qualities CISOs need to have to assert their importance.Continue Reading
The optional PCI DSS 3.0 requirements are about to become mandatory
Organizations need to review the PCI DSS 3.0 requirements and prepare for the mandatory changes coming in June 2015. Expert Mike Chapple explains how to prepare for the deadline.Continue Reading
Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.Continue Reading
Four criteria for selecting the right SSL VPN products
SSL VPNs can offer critical protection for enterprise network communications. Expert Karen Scarfone examines the most important criteria for evaluating SSL VPN products.Continue Reading
ISSA (Information Systems Security Association)
The Information Systems Security Association, commonly known as ISSA, is an international, nonprofit organization for information security professionals.Continue Reading
The three enterprise benefits of SSL VPN products
Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations.Continue Reading
Microsoft Schannel (Microsoft Secure Channel)
The Microsoft Secure Channel or Schannel is a security package that facilitates the use of Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) encryption on Windows platforms.Continue Reading
card-not-present fraud (card-not-present transaction)
Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.Continue Reading
What is the best VPN traffic monitoring tool for enterprises?
Monitoring VPN traffic is a critical task. Expert Kevin Beaver explains what to look for in a VPN traffic monitoring tool and offers a few free and open source options for enterprises to consider.Continue Reading
Introduction to SSL VPN products in the enterprise
Virtual private networks secure the confidentiality and integrity of network communications. Expert Karen Scarfone explains how SSL VPN products work.Continue Reading
Regin malware
Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular approach to infect its targets for the purpose of monitoring user activity and stealing data.Continue Reading
Google Project Zero
Google Project Zero is a security research unit within Google Inc.Continue Reading
Android WebView
Android WebView is a component that allows Web developers to render a web page within an Android app.Continue Reading
evil twin
An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.Continue Reading
What is the best super-sized cookie denial-of-service attack defense?
Super-sized cookies are behind an innovative new denial-of-service attack. Enterprise threats expert Nick Lewis discusses how to prevent these cookies from getting onto your network.Continue Reading
Bring Your Own Authentication (BYOA)
Bring Your Own Authentication (BYOA) is a computing concept in which employee-owned devices are used as authentication credentials within the enterprise.Continue Reading
Creating an end-of-life policy for mobile products in the enterprise
When mobile vendors stop maintaining security on their devices, enterprise data is at risk. Expert Michael Cobb discusses how to assess mobile product end of life and how to create end-of-life policies and controls to maintain BYOD safety.Continue Reading
Ways to secure Web apps: WAFs, RASP and more
Protecting a Web application increasingly means tuning your protections to the individual characteristics of your applications. There’s more than one way to go about this, though. In this three-part guide we review best practices for taking your Web...Continue Reading