Get started
Bring yourself up to speed with our introductory content.
Data Security and Cloud Computing
What's the difference between extortionware and ransomware?
Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them. Continue Reading
Advice to help today's CISOs succeed at security leadership
Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs. Continue Reading
strong cryptography
Strong cryptography is used by most governments around the world to protect communications. It involves secreted and encrypted communication that is not amenable to cryptographic analysis. Continue Reading
-
PCI gap assessment
A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first step for a merchant seeking to become PCI ... Continue Reading
The top antimalware protection products for endpoint security
Antimalware protection is essential for securing client computers and devices. Here's a look at the top endpoint protection products in the industry. Continue Reading
network vulnerability scanning
A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.Continue Reading
Is it time for a DLP system in your enterprise?
It’s been a relatively quiet few months in data loss prevention. Not as commonly deployed as firewalls and malware protection, DLP has proven itself as a worthy security control, and its role may continue to grow. The environment DLP seeks to ...Continue Reading
How to keep track of sensitive data with a data flow map
Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading
How can we detect and uninstall bloatware?
Unwanted preinstalled software -- also known as bloatware -- has made its way onto PCs and mobile devices alike. Expert Nick Lewis explains how to detect and uninstall the potential threat.Continue Reading
The importance of soft skills development for security professionals
While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering.Continue Reading
-
What's the best way to provide Wi-Fi guest network security?
Expert Kevin Beaver explains the steps enterprises should take to ensure secure guest wireless networks for visitors and the enterprise alike.Continue Reading
Watters: 'Cyber officers' are now risk officers for businesses
More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.Continue Reading
State of the Network study: How security tasks are dominating IT staff
The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading
Four enterprise scenarios for deploying database security tools
Expert Adrian Lane describes the use cases and ways database security tools are used to boost enterprise security.Continue Reading
What does bimodal IAM mean for user credentials?
Bimodal IAM may be a new term, but this new way to use user credentials should probably already be in practice among secure organizations.Continue Reading
Introduction to database security tools for the enterprise
Expert Adrian Lane explains why database security tools play a significant, if not the majority, role in protecting data in the enterprise data center.Continue Reading
What do organizations need to know about the final FFIEC guidance?
The final FFIEC guidance covers a wide range of security subjects, but there are specific takeaways regarding authentication that enterprises should pay attention to.Continue Reading
Three usage scenarios for deploying data loss prevention products
Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading
Browser and device fingerprinting: Undeletable cookies of the future?
Browser and device fingerprinting create cookies that users cannot prevent nor delete. Expert Michael Cobb explains how to address the threat.Continue Reading
The business case for data loss prevention products
Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading
Introduction to data loss prevention products
Expert Bill Hayes describes how data loss prevention (DLP) products can help identify and plug information leaks and improve enterprise security.Continue Reading
Can Detekt identify remote administration Trojans and spyware?
State-sponsored malware and commercial surveillance software can be difficult to identify. Expert Nick Lewis explains how the Detekt tool can help.Continue Reading
Schneier: Weighing the costs of mass surveillance
Security expert Bruce Schneier says his new book, Data and Goliath, lays out a compelling case against government mass surveillance.Continue Reading
Endpoint protection: How to select virtualization security tools
Most virtualization security tools still follow dedicated agent models, but some technologies are starting to offload resources to a dedicated VM and leverage hypervisor APIs.Continue Reading
How to buy the best EMM tools for your enterprise system
Any given vendor's enterprise mobility management offering is likely to come from a starting point in one or another of the core "previous generation" of mobile management products, mobile device management (MDM), mobile application management (MAM)...Continue Reading
What is the best mobile malware protection against NotCompatible.C?
A sophisticated variant of the NotCompatible malware has emerged that is difficult to detect and defend against. Expert Nick Lewis offers tips for handling NotCompatible.C.Continue Reading
Seven criteria for purchasing a wireless intrusion prevention system
Expert George V. Hulme details the important criteria to weigh when evaluating wireless intrusion prevention systems for enterprise security.Continue Reading
Virtualization security tools adapt to malware
Expert Dave Shackleford examines how malware can now detect virtualization and the range of security tools available for endpoint protection.Continue Reading
Six criteria for procuring security analytics software
Security analytics software can be beneficial to enterprises. Expert Dan Sullivan explains how to select the right product to fit your organization's needs.Continue Reading
Buyer’s Essentials: What to look for in user behavioral analytics tools
Now that the hype surrounding big data has cooled, it's time for organizations to sort out what capabilities big data contributes to the analytics techniques being applied to security products. One capability, which may be more useful than glamorous...Continue Reading
How can health organizations prepare for HIPAA audits?
The long-awaited HIPAA audits conducted randomly by HHS are finally supposed to happen in 2015, but with stricter requirements. Here's how organizations can get ready.Continue Reading
Network security improved by Cisco data mining
Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.Continue Reading
web server security
Web server security is the protection of information assets that can be accessed from a Web server.Continue Reading
BSA updates: What's new in the Bank Secrecy Act?
The Bank Secrecy Act (BSA) updates will help firms prepare for the 2015 bank examinations. Here are some of the basics from this lengthy guidance.Continue Reading
User behavioral analytics tools can thwart security attacks
This guide to user behavioral analytics tools helps InfoSec pros determine what features they should consider before making a purchase and reviews both deployment strategies and reasonable performance expectations.Continue Reading
Can the Wyvern programming language improve Web app security?
A new programming language called Wyvern is helping developers use multiple languages in one app securely. Application security expert Michael Cobb discusses.Continue Reading
Can public key pinning improve Mozilla Firefox security?
Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains how it works and its benefits.Continue Reading
The moving target defense: Turning the tables on polymorphic malware
Security startups are using the techniques of polymorphic malware to better protect enterprises. Expert David Strom explores the moving target defense.Continue Reading
When is a breach detection system better than an IDS or NGFW?
Breach detection systems are gaining steam, but when would they be more appropriate to use than an IDS or NGFW? Expert Kevin Beaver explains.Continue Reading
Introduction to unified threat management appliances
Expert Ed Tittel describes unified threat management (UTM) appliances and features, and explains its advantages to organizations of all sizes.Continue Reading
PHP security tips to ensure enterprise Web safety
Research shows more than three-quarters of PHP installations run with at least one vulnerability. Learn the steps for ensuring PHP security in the enterprise workplace.Continue Reading
Breaking bad password habits in the enterprise
A bad password brings unnecessary risk into organizations, but how bad are they really? Expert Randall Gamby assesses just how dire the situation is.Continue Reading
What are the benefits of a having a CISO title in an organization?
Is a CISO title really necessary in an organization? Expert Mike O. Villegas explains why the title matters, as well as the qualities CISOs need to have to assert their importance.Continue Reading
The optional PCI DSS 3.0 requirements are about to become mandatory
Organizations need to review the PCI DSS 3.0 requirements and prepare for the mandatory changes coming in June 2015. Expert Mike Chapple explains how to prepare for the deadline.Continue Reading
Common Vulnerabilities and Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.Continue Reading
Four criteria for selecting the right SSL VPN products
SSL VPNs can offer critical protection for enterprise network communications. Expert Karen Scarfone examines the most important criteria for evaluating SSL VPN products.Continue Reading
ISSA (Information Systems Security Association)
The Information Systems Security Association, commonly known as ISSA, is an international, nonprofit organization for information security professionals.Continue Reading
The three enterprise benefits of SSL VPN products
Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations.Continue Reading
Microsoft Schannel (Microsoft Secure Channel)
The Microsoft Secure Channel or Schannel is a security package that facilitates the use of Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) encryption on Windows platforms.Continue Reading
card-not-present fraud (card-not-present transaction)
Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.Continue Reading
What is the best VPN traffic monitoring tool for enterprises?
Monitoring VPN traffic is a critical task. Expert Kevin Beaver explains what to look for in a VPN traffic monitoring tool and offers a few free and open source options for enterprises to consider.Continue Reading
Introduction to SSL VPN products in the enterprise
Virtual private networks secure the confidentiality and integrity of network communications. Expert Karen Scarfone explains how SSL VPN products work.Continue Reading
Regin malware
Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular approach to infect its targets for the purpose of monitoring user activity and stealing data.Continue Reading
Google Project Zero
Google Project Zero is a security research unit within Google Inc.Continue Reading
Android WebView
Android WebView is a component that allows Web developers to render a web page within an Android app.Continue Reading
evil twin
An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.Continue Reading
What is the best super-sized cookie denial-of-service attack defense?
Super-sized cookies are behind an innovative new denial-of-service attack. Enterprise threats expert Nick Lewis discusses how to prevent these cookies from getting onto your network.Continue Reading
Bring Your Own Authentication (BYOA)
Bring Your Own Authentication (BYOA) is a computing concept in which employee-owned devices are used as authentication credentials within the enterprise.Continue Reading
Creating an end-of-life policy for mobile products in the enterprise
When mobile vendors stop maintaining security on their devices, enterprise data is at risk. Expert Michael Cobb discusses how to assess mobile product end of life and how to create end-of-life policies and controls to maintain BYOD safety.Continue Reading
Ways to secure Web apps: WAFs, RASP and more
Protecting a Web application increasingly means tuning your protections to the individual characteristics of your applications. There’s more than one way to go about this, though. In this three-part guide we review best practices for taking your Web...Continue Reading
RASP is latest grasp at secure software delivery
Runtime application self-protection could provide more secure software applications after delivery, but you need to recognize its limitations.Continue Reading
The top full disk encryption products on the market today
Full disk encryption can be a key component of an enterprise's desktop and laptop security strategy. Here's a look at some of the top FDE products in the industry.Continue Reading
How will Android encryption by default affect enterprise BYOD?
Google is beginning to encrypt data by default on its Android devices. Expert Michael Cobb explains how this change will affect enterprise BYOD security.Continue Reading
How does the Melbourne Shuffle prevent data access pattern recognition?
Access pattern recognition in the cloud is becoming an enterprise risk. Expert Michael Cobb explains how the Melbourne Shuffle can improve access pattern security.Continue Reading
How to bake security into your Wi-Fi deployment
A Wi-Fi deployment is the preferred method for network access for most enterprises; it’s the InfoSec’s job to make that Wi-Fi secure.Continue Reading
The secrets of proper firewall maintenance and security testing techniques
The Verizon 2015 PCI Compliance Report cited a lack of firewall maintenance and security testing as major causes for compliances breaches. Expert Kevin Beaver offers tips to successfully manage these tasks.Continue Reading
How can organizations prepare for a HIPAA audit?
HIPAA audits are finally on the way, and organizations need to be ready. Expert Mike Chapple reveals the best way to prepare your company for a HIPAA audit.Continue Reading
Login credential security: How to defend against tabnapping
Tabnapping can be used to capture user login credentials. Enterprise threats expert Nick Lewis explains how to defend against the risk.Continue Reading
The benefits of open source identity management software
Organizations are often looking to minimize costs without compromising on security. Expert Randall Gamby examines the benefits of open source identity management software.Continue Reading
What are the secrets to SIEM deployment success?
Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation.Continue Reading
Beyond PCI: Out-of-band security tips for credit card data protection
Securing credit card data -- both online and at brick-and-mortar stores -- requires security measures beyond those mandated by PCI DSS. Expert Philip Alexander outlines six out-of-band security controls to consider.Continue Reading
Introduction to security analytics tools in the enterprise
Expert Dan Sullivan explains how security analysis and analytics tools work, and how they provide enterprises with valuable information about impending attacks or threats.Continue Reading
How should agencies prepare for federal security scanning?
What do agencies need to consider before going through the Department of Homeland Security's network security scanning? Expert Mike Chapple answers.Continue Reading
International Information Systems Security Certification Consortium (ISC)2
The International Information Systems Security Certification Consortium -- (ISC)2 -- is a non-profit organization that provides security training and certificates.Continue Reading
Four questions to ask before buying a Web application firewall
Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.Continue Reading
Five network security lessons learned from the Sony Pictures hack
Following the Sony Pictures hack, several of the company's network security shortcomings were revealed. Expert Kevin Beaver explains how better network security may have prevented the extent of the breach.Continue Reading
multifactor authentication (MFA)
Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.Continue Reading
What to look for in secure file transfer products
As the prospect of significant breaches grows, the argument for secure file transfer becomes more compelling—but what exactly are you buying?
At its most basic, file transfer technology is simply a mechanism to transport a file from one ...Continue ReadingWhy SSL security matters
This video introduces SSL and describes SSL certificates and certificate authorities. It explains the concept capturing plain text traffic and SSL-encrypted traffic to show how easily an attacker can grab data as it travels across seemingly secure ...Continue Reading
Six ways to use wireless intrusion prevention systems in the enterprise
Expert George V. Hulme presents six real-world use cases for the deployment of WIPS to beef up wireless network security in the enterprise.Continue Reading
single-factor authentication (SFA)
Single-factor authentication (SFA) is the traditional security process that requires a user name and password before granting access to the user.Continue Reading
Can Vawtrak malware block enterprise security software?
Emerging malware, like the Vawtrak banking malware, has the ability to block enterprise antimalware measures. Expert Nick Lewis explains how to mitigate the risk.Continue Reading
Intrusion detection project design and rollout
Evaluating intrusion detection technology requires an understanding of its capabilities. Get help with getting started on an intrusion system program design and uncover technical considerations your enterprise needs to know.Continue Reading
Introduction to intrusion detection and prevention technologies
Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important.Continue Reading
Emotet: How can traffic-sniffing banking malware be thwarted?
A new variety of banking malware can sniff traffic from APIs. Enterprise threats expert Nick Lewis outlines how to mitigate the risk.Continue Reading
Types of intrusion detection products: Suite vs. best-of-breed
When evaluating types of intrusion detection products, it is important to distinguish whether a best-of-breed or suite-based product is the right match for your enterprise. Expert Bill Hayes offers guidance to help you decide.Continue Reading
Evaluating intrusion detection and prevention systems and vendors
Protecting the corporate network from intruders is a difficult task. Learn how intrusion systems help prevent, identify and minimize the effects of a breach.Continue Reading
Oracle Critical Patch Update (Oracle CPU)
The Oracle Critical Patch Update (CPU) is an ongoing series of regularly issued fixes for security flaws in products made by or maintained by software giant Oracle Corp.Continue Reading
Business-use scenarios for a Web application firewall deployment
Web application firewalls can be a critical security layer for many companies. Expert Brad Causey explains when and how to deploy a WAF in the enterprise.Continue Reading
How can jailbroken devices be detected within the enterprise?
Jailbroken devices pose significant enterprise risks in BYOD environments. Security expert Michael Cobb discusses how to detect and mitigate the risks of jailbroken BYODs.Continue Reading
knowledge-based authentication (KBA)
In a KBA scheme, the user is asked to answer at least one "secret" question before being allowed to change account settings or reset a password.Continue Reading
Why is the Certified Ethical Hacker certification suddenly popular?
The Certified Ethical Hacker certification gained in popularity recently. Expert Joseph Granneman explains the CEH and why it's relevant again.Continue Reading
pass the hash attack
A pass the hash attack is an NT LAN Manager (NTLM)-based technique in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick a Windows-based authentication system into creating a new authenticated session on ...Continue Reading
Getting to know the new GIAC certification: GCCC
The new GIAC certification, GCCC, is not a very specific certification, but it could prove useful in organizations. Expert Joseph Granneman explains why.Continue Reading
How to evaluate IPv6 network security with SI6 Networks IPv6 Toolkit
Some security pros underestimate the importance of IPv6 network security assessment tools. Expert Fernando Gont offers an illustrated guide on how to use SI6 Networks' free IPv6 toolkit.Continue Reading
Defend against APTs with big data security analytics
Without a trace: Cybersecurity incident response teams must follow the thread of security events through volumes of log data from increasingly diverse sources.Continue Reading
Mini risk assessments: Simplifying protection of critical assets
Expert Eric Cole explains how his simplified, risk-based approach to security will help enterprises better identify -- and prevent -- the most dangerous threats.Continue Reading
Can virtual directory services ease messy Active Directory management?
Video: A Radiant Logic executive explains how virtual directory services ease the pain of integrating legacy Active Directory and identity systems with cloud-based applications and user-owned devices.Continue Reading
What's the best way to find enterprise compliance tools?
Looking for compliance tools? Expert Mike Chapple explains why the best place to start the search is within your own information security infrastructure.Continue Reading
Understanding endpoint security products, features and vendors
Securing a plethora of enterprise endpoints is challenging. This guide will help you evaluate endpoint security capabilities, products and vendors.Continue Reading