Get started

Data Security and Cloud Computing

• Introduction to Web fraud detection systems

  Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce. Continue Reading

• Can a walled garden approach help secure Web browsers?

  While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why. Continue Reading

• Six areas of importance in the PCI Penetration Testing Guidance

  Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes. Continue Reading

• Knock advanced malware out cold with network anomaly detection

  This Security School will get you up to speed on why network anomaly detection is crucial in the battle against advanced malware. Continue Reading

• Comparing the top database security tools

  Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision. Continue Reading

• Definitions to Get Started

  • backdoor (computing)
  • post-quantum cryptography
  • cybercrime
  • CVSS (Common Vulnerability Scoring System)

  • Dridex malware
  • identity management (ID management)
  • SOAR (Security Orchestration, Automation and Response)
  • Certified Information Systems Auditor (CISA)

  View All Definitions

• Email security gateways vs. Web security gateways: Do you need both?

  When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.Continue Reading

• Nine steps for purchasing database security tools

  Expert Adrian Lane lays out the criteria for procuring the right database security software for your enterprise.Continue Reading

• What do end-of-software development dates mean for security?

  Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.Continue Reading

• Can a read-only domain controller maximize DMZ security?

  Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading

• How has enterprise SSO technology evolved?

  Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses.Continue Reading

• The right approach for a security vulnerability disclosure policy

  Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.Continue Reading

• Which is safer: an HSM appliance or a virtual appliance?

  A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why.Continue Reading

• Comparing the top wireless intrusion prevention systems

  Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading

• Which authentication method is better: 2FA or MFA?

  Which authentication method is better for securing enterprise devices and systems: two-factor authentication or multifactor authentication?Continue Reading

• end-to-end encryption (E2EE)

  End-to-end encryption is a secure method of transferring data from one end device to another without allowing third-party interference.Continue Reading

• The top threat intelligence services for enterprises

  Threat intelligence takes data from multiple sources and turns it into actionable, contextual information. Expert Ed Tittel takes a look at the top threat intelligence services.Continue Reading

• LogRhythm Security Intelligence: Threat intelligence services overview

  In this threat intelligence service overview, Expert Ed Tittel looks at the LogRhythm Security Intelligence threat intelligence platform, designed for simple setup and ease of use.Continue Reading

• ERP security: How to defend against SAP vulnerabilities

  A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.Continue Reading

• How can the Border Router Security Tool improve enterprise security?

  The Border Router Security Tool aims to improve router security to boost Internet safety. Expert Kevin Beaver explains its place in the enterprise.Continue Reading

• How to perform IPv6 network reconnaissance

  While network reconnaissance is a critical step in identifying potential vulnerabilities, performing an IPv6 network audit without the right tools can be a challenge. Learn about the tools available and how to properly use them.Continue Reading

• How can the SSDP protocol be secured to prevent DDoS attacks?

  Attackers are targeting the SSDP protocol to amplify the effects of DDoS attacks. Learn what this protocol does and how to secure it.Continue Reading

• How (ISC)2 plans to get millennials into cybersecurity careers

  Video: Getting millennials into cybersecurity careers is a crucial way to close the hiring gap facing the security industry. David Shearer of (ISC)2 discusses how to make this happen.Continue Reading

• Comparing the best UTM products in the industry

  Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading

• How can the Siri attack, 'iStegSiri,' be mitigated?

  A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against such threats.Continue Reading

• endpoint security management

  Endpoint security management is a policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources.Continue Reading

• How does user behavior analytics compare to security awareness training?

  User behavior analytics is emerging as a technology to prevent malware infections and end-user attacks, but how viable is it? Expert Nick Lewis outlines the pros and cons.Continue Reading

• How does the PFP Cybersecurity power consumption tool detect malware?

  A new tool claims to detect malware by monitoring power consumption -- but is it good for enterprise use? Enterprise threats expert Nick Lewis explains.Continue Reading

• Six ways to improve endpoint device security

  Endpoint devices are often the root cause of data breaches. Expert Eric Cole explains the best ways to improve endpoint protection.Continue Reading

• EINSTEIN

  EINSTEIN monitors and analyzes Internet traffic when it moves in and out of U.S. federal computer networks.Continue Reading

• Six criteria for purchasing unified threat management appliances

  Expert Ed Tittel explores key criteria for evaluating unified threat management (UTM) appliances to determine the best choice for your organization.Continue Reading

• IT consultants leading edge of Internet of Everything security

  Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.Continue Reading

• Block ciphers: REESSE3+ vs. International Data Encryption Algorithm

  Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.Continue Reading

• A closer look at the Certified Information Security Manager certification

  The Certified Information Security Manager certification has been around for over a decade now, and it's only grown in prominence. What makes the ISACA CISM so important and how does it compare to its peers?Continue Reading

• Bloom cookies: Privacy without prohibiting Web personalization?

  While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help enhance privacy while maintaining personalization.Continue Reading

• Does Peerio offer secure enterprise messaging and file sharing?

  A new app for end-to-end encrypted messaging and file sharing is available, but is it ready for enterprise use? Expert Michael Cobb explains.Continue Reading

• How can we secure enterprise email at home and abroad?

  Emails often contain sensitive information, yet the proper measures are not always taken to secure them. Learn how to keep corporate email safe both at home and in foreign countries.Continue Reading

• From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan

  PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.Continue Reading

• PoSeidon: Inside the evolving world of point-of-sale malware

  Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it.Continue Reading

• What do organizations need to know about privacy in a HIPAA audit?

  A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.Continue Reading

• Tips for creating a data classification policy

  Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading

• A new trend in cybersecurity regulations could mean tougher compliance

  State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading

• What's the difference between extortionware and ransomware?

  Enterprise threats expert Nick Lewis explains the difference between extortionware and ransomware in terms of what they are and how to defend against them.Continue Reading

• Advice to help today's CISOs succeed at security leadership

  Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.Continue Reading

• strong cryptography

  Strong cryptography is used by most governments around the world to protect communications. It involves secreted and encrypted communication that is not amenable to cryptographic analysis.Continue Reading

• PCI gap assessment

  A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first step for a merchant seeking to become PCI ...Continue Reading

• The top antimalware protection products for endpoint security

  Antimalware protection is essential for securing client computers and devices. Here's a look at the top endpoint protection products in the industry.Continue Reading

• network vulnerability scanning

  A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.Continue Reading

• Is it time for a DLP system in your enterprise?

  It’s been a relatively quiet few months in data loss prevention. Not as commonly deployed as firewalls and malware protection, DLP has proven itself as a worthy security control, and its role may continue to grow. The environment DLP seeks to ...Continue Reading

• How to keep track of sensitive data with a data flow map

  Expert Bill Hayes describes how to create a data flow map to visualize where sensitive data is processed, how it transits the network and where it's stored.Continue Reading

• The importance of soft skills development for security professionals

  While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering.Continue Reading

• What's the best way to provide Wi-Fi guest network security?

  Expert Kevin Beaver explains the steps enterprises should take to ensure secure guest wireless networks for visitors and the enterprise alike.Continue Reading

• Watters: 'Cyber officers' are now risk officers for businesses

  More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.Continue Reading

• State of the Network study: How security tasks are dominating IT staff

  The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.Continue Reading

• Four enterprise scenarios for deploying database security tools

  Expert Adrian Lane describes the use cases and ways database security tools are used to boost enterprise security.Continue Reading

• What does bimodal IAM mean for user credentials?

  Bimodal IAM may be a new term, but this new way to use user credentials should probably already be in practice among secure organizations.Continue Reading

• Introduction to database security tools for the enterprise

  Expert Adrian Lane explains why database security tools play a significant, if not the majority, role in protecting data in the enterprise data center.Continue Reading

• What do organizations need to know about the final FFIEC guidance?

  The final FFIEC guidance covers a wide range of security subjects, but there are specific takeaways regarding authentication that enterprises should pay attention to.Continue Reading

• Three usage scenarios for deploying data loss prevention products

  Expert Bill Hayes details usage scenarios for deploying data loss prevention: standalone suites, integrated tools and standalone/integrated DLP combined.Continue Reading

• Browser and device fingerprinting: Undeletable cookies of the future?

  Browser and device fingerprinting create cookies that users cannot prevent nor delete. Expert Michael Cobb explains how to address the threat.Continue Reading

• The business case for data loss prevention products

  Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading

• Introduction to data loss prevention products

  Expert Bill Hayes describes how data loss prevention (DLP) products can help identify and plug information leaks and improve enterprise security.Continue Reading

• Can Detekt identify remote administration Trojans and spyware?

  State-sponsored malware and commercial surveillance software can be difficult to identify. Expert Nick Lewis explains how the Detekt tool can help.Continue Reading

• Schneier: Weighing the costs of mass surveillance

  Security expert Bruce Schneier says his new book, Data and Goliath, lays out a compelling case against government mass surveillance.Continue Reading

• Endpoint protection: How to select virtualization security tools

  Most virtualization security tools still follow dedicated agent models, but some technologies are starting to offload resources to a dedicated VM and leverage hypervisor APIs.Continue Reading

• How to buy the best EMM tools for your enterprise system

  Any given vendor's enterprise mobility management offering is likely to come from a starting point in one or another of the core "previous generation" of mobile management products, mobile device management (MDM), mobile application management (MAM)...Continue Reading

• What is the best mobile malware protection against NotCompatible.C?

  A sophisticated variant of the NotCompatible malware has emerged that is difficult to detect and defend against. Expert Nick Lewis offers tips for handling NotCompatible.C.Continue Reading

• Seven criteria for purchasing a wireless intrusion prevention system

  Expert George V. Hulme details the important criteria to weigh when evaluating wireless intrusion prevention systems for enterprise security.Continue Reading

• Virtualization security tools adapt to malware

  Expert Dave Shackleford examines how malware can now detect virtualization and the range of security tools available for endpoint protection.Continue Reading

• Six criteria for procuring security analytics software

  Security analytics software can be beneficial to enterprises. Expert Dan Sullivan explains how to select the right product to fit your organization's needs.Continue Reading

• Buyer’s Essentials: What to look for in user behavioral analytics tools

  Now that the hype surrounding big data has cooled, it's time for organizations to sort out what capabilities big data contributes to the analytics techniques being applied to security products. One capability, which may be more useful than glamorous...Continue Reading

• How can health organizations prepare for HIPAA audits?

  The long-awaited HIPAA audits conducted randomly by HHS are finally supposed to happen in 2015, but with stricter requirements. Here's how organizations can get ready.Continue Reading

• Network security improved by Cisco data mining

  Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.Continue Reading

• web server security

  Web server security is the protection of information assets that can be accessed from a Web server.Continue Reading

• BSA updates: What's new in the Bank Secrecy Act?

  The Bank Secrecy Act (BSA) updates will help firms prepare for the 2015 bank examinations. Here are some of the basics from this lengthy guidance.Continue Reading

• User behavioral analytics tools can thwart security attacks

  This guide to user behavioral analytics tools helps InfoSec pros determine what features they should consider before making a purchase and reviews both deployment strategies and reasonable performance expectations.Continue Reading

• Can the Wyvern programming language improve Web app security?

  A new programming language called Wyvern is helping developers use multiple languages in one app securely. Application security expert Michael Cobb discusses.Continue Reading

• Can public key pinning improve Mozilla Firefox security?

  Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains how it works and its benefits.Continue Reading

• The moving target defense: Turning the tables on polymorphic malware

  Security startups are using the techniques of polymorphic malware to better protect enterprises. Expert David Strom explores the moving target defense.Continue Reading

• When is a breach detection system better than an IDS or NGFW?

  Breach detection systems are gaining steam, but when would they be more appropriate to use than an IDS or NGFW? Expert Kevin Beaver explains.Continue Reading

• Introduction to unified threat management appliances

  Expert Ed Tittel describes unified threat management (UTM) appliances and features, and explains its advantages to organizations of all sizes.Continue Reading

• PHP security tips to ensure enterprise Web safety

  Research shows more than three-quarters of PHP installations run with at least one vulnerability. Learn the steps for ensuring PHP security in the enterprise workplace.Continue Reading

• Breaking bad password habits in the enterprise

  A bad password brings unnecessary risk into organizations, but how bad are they really? Expert Randall Gamby assesses just how dire the situation is.Continue Reading

• What are the benefits of a having a CISO title in an organization?

  Is a CISO title really necessary in an organization? Expert Mike O. Villegas explains why the title matters, as well as the qualities CISOs need to have to assert their importance.Continue Reading

• The optional PCI DSS 3.0 requirements are about to become mandatory

  Organizations need to review the PCI DSS 3.0 requirements and prepare for the mandatory changes coming in June 2015. Expert Mike Chapple explains how to prepare for the deadline.Continue Reading

• Common Vulnerabilities and Exposures (CVE)

  Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.Continue Reading

• Four criteria for selecting the right SSL VPN products

  SSL VPNs can offer critical protection for enterprise network communications. Expert Karen Scarfone examines the most important criteria for evaluating SSL VPN products.Continue Reading

• ISSA (Information Systems Security Association)

  The Information Systems Security Association, commonly known as ISSA, is an international, nonprofit organization for information security professionals.Continue Reading

• The three enterprise benefits of SSL VPN products

  Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations.Continue Reading

• Microsoft Schannel (Microsoft Secure Channel)

  The Microsoft Secure Channel or Schannel is a security package that facilitates the use of Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) encryption on Windows platforms.Continue Reading

• card-not-present fraud (card-not-present transaction)

  Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.Continue Reading

• What is the best VPN traffic monitoring tool for enterprises?

  Monitoring VPN traffic is a critical task. Expert Kevin Beaver explains what to look for in a VPN traffic monitoring tool and offers a few free and open source options for enterprises to consider.Continue Reading

• Introduction to SSL VPN products in the enterprise

  Virtual private networks secure the confidentiality and integrity of network communications. Expert Karen Scarfone explains how SSL VPN products work.Continue Reading

• Regin malware

  Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular approach to infect its targets for the purpose of monitoring user activity and stealing data.Continue Reading

• Google Project Zero

  Google Project Zero is a security research unit within Google Inc.Continue Reading

• Android WebView

  Android WebView is a component that allows Web developers to render a web page within an Android app.Continue Reading

• evil twin

  An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.Continue Reading

• What is the best super-sized cookie denial-of-service attack defense?

  Super-sized cookies are behind an innovative new denial-of-service attack. Enterprise threats expert Nick Lewis discusses how to prevent these cookies from getting onto your network.Continue Reading

• Bring Your Own Authentication (BYOA)

  Bring Your Own Authentication (BYOA) is a computing concept in which employee-owned devices are used as authentication credentials within the enterprise.Continue Reading

• Creating an end-of-life policy for mobile products in the enterprise

  When mobile vendors stop maintaining security on their devices, enterprise data is at risk. Expert Michael Cobb discusses how to assess mobile product end of life and how to create end-of-life policies and controls to maintain BYOD safety.Continue Reading

• Ways to secure Web apps: WAFs, RASP and more

  Protecting a Web application increasingly means tuning your protections to the individual characteristics of your applications. There’s more than one way to go about this, though. In this three-part guide we review best practices for taking your Web...Continue Reading