Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
Firewalls play by new rules
Modern firewalls offer greater application awareness and user controls. Protect your migration strategy with these tips from the pros. Continue Reading
Security incident response procedures: When to do a system shutdown
At times, security incident response procedures require drastic measures. Expert Nick Lewis explains when and how to perform a system shutdown. Continue Reading
Open source code management: How to safely use open source libraries
Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries. Continue Reading
-
Enterprise mobile security by the numbers
Almost 60% of respondents in our 2013 Enterprise Mobile Security Survey believe mobile devices present more risk now than in Q2 2012. What’s changed? Continue Reading
Third-party risk management: Horror stories? You are not alone
The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements. Continue Reading
Unlock new pathways to network security architecture
Cover story: Want to shed appliances? Consolidation and new platforms hold promise for security teams.Continue Reading
Ten years later: The legacy of SB 1386 compliance on data privacy laws
A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.Continue Reading
How to define SIEM strategy, management and success in the enterprise
Enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Learn how to achieve success with SIEM in your organization.Continue Reading
Web application session management issues, and how to avoid a hijacking
Two-factor authentication options, use cases and best practices
It may seem daunting, but two-factor authentication options are manageable for nearly all enterprises. Learn how to get started in this 2FA primer.Continue Reading
-
How to enact Apache security best practices for Web server security
With Apache Web servers becoming ever more popular with attackers, organizations should follow Apache security best practices to avoid compromise.Continue Reading
How to use ThreadFix to simplify the vulnerability management process
Video: Keith Barker of CBT Nuggets demonstrates how Denim Group's ThreadFix helps simplify the enterprise vulnerability management process.Continue Reading
How key MDM features affect mobile security policy management
As MDM features become more robust, enterprises must not only look for mature products, but also evolve mobile security policies accordingly.Continue Reading
Big data analytics: New patterns emerge for security
Will big data analytics make security better? With data scientists in short supply, solution providers rush to provide big data analytics tools.Continue Reading
Identity and access management solutions: The basics and issues
With the surge of disruptive technologies like cloud-based systems, mobile apps and BYOD, identity and access management (IAM) has become unruly and complex for organizations. This TechGuide covers the fundamentals of and issues associated with the ...Continue Reading
How to reduce IT security risk with IT asset management
IT asset management expert Barb Rembiesa explains how ITAM best practices like IT asset standardization and rationalization reduce IT security risk.Continue Reading
Improving security management processes with SIEM
In our newest Security School lesson, Mike Rothman covers how to get the best data to improve incident response.Continue Reading
BSIMM4 measures and advances secure application development
The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.Continue Reading
SIEM best practices for advanced attack detection
SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step.Continue Reading
Federal Information Security Management Act
The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.Continue Reading
The evolution of threat detection and management
Enterprises must understand the latest threat detection options to keep up with advanced cybercriminals who can bypass enterprise security defenses.Continue Reading
Data breach protection requires new barriers
Assumption of breach is the new norm. Can this shift help organizations build better levels of data breach protection?Continue Reading
Apple security update: Is it ready for the enterprise?
It’s hard to declare Apple security as superior to its competitors, but it’s also hard to fault it as inferior.Continue Reading
Microsoft FIM (Microsoft Forefront Identity Manager)
Microsoft Forefront Identity Manager (FIM) is a self-service identity management software suite.Continue Reading
Quiz: Using SIEM technology to improve security management processes
In this five question quiz, test your knowledge of our Security School lesson on using SIEM technology to improve security management processes.Continue Reading
How to configure a VLAN to achieve the benefits of VLAN security
Expert Brad Casey explains how to configure a VLAN in order to achieve the benefits of VLAN security, including protection against insider attacks.Continue Reading
DLP management tools and reporting: Key considerations
When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.Continue Reading
Should syslog format be mandatory in a log management product?
Matt Pascucci discusses what to look for when evaluating a log management product and whether syslog format should be a requirement.Continue Reading
Address IPv6 security before your time runs out
Most networks have partial deployment of IPv6 often without IT realizing it. It’s time to take stock of the security implications before attackers do.Continue Reading
Botnet takedowns: A dramatic defense
The infections and cyberattacks that botnets are used to launch remain hard-to-detect malware threats that have moved beyond PCs to mobile devices.Continue Reading
Managing big data privacy concerns: Tactics for proactive enterprises
The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading
Antivirus evasion techniques show ease in avoiding antivirus detection
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading
Outsourcing security services in the enterprise: Where to begin
Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading
Well-rounded information security education benefits IT professionals
A security-savvy IT staff can help reduce risk. Learn about information security training and education options for IT professionals.Continue Reading
Quiz: Managing BYOD endpoint security
In this six question quiz, test your knowledge of our Security School lesson on managing BYOD endpoint security.Continue Reading
How to implement firewall policy management with a 5-tuple firewall
Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons.Continue Reading
Exploring the security risks of network management outsourcing
Is network management outsourcing the future of network security or too great a risk? Matthew Pascucci discusses the risks and rewards.Continue Reading
BYOD security strategies: Balancing BYOD risks and rewards
Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.Continue Reading
The Huawei security risk: Factors to consider before buying Chinese IT
Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading
SSL certificate management: Avoiding common mistakes
Errors are bound to occur when SSL certificate management is handled manually. Learn how to avoid these common mistakes.Continue Reading
Thirteen principles to ensure enterprise system security
Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading
Private market growing for zero-day exploits and vulnerabilities
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.Continue Reading
Chief information security officer skills go beyond customary technical roles
A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.Continue Reading
Download: Log management best practices: Six tips for success
In this expert e-guide from SearchSecurity.com you'll discover Six tips for success in Log managementContinue Reading
Implement software development security best practices to support WAFs
WAFs aren't a panacea for all Web security woes. Software development security best practices are still vital. Expert Michael Cobb discusses why.Continue Reading
Secure Web gateway overview: Implementation best practices
In this secure Web gateway overview, learn how to implement, configure and maintain a Web security gateway to support other security devices.Continue Reading
Aligning enterprise identity and access management with CIO priorities
Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM.Continue Reading
Protecting Intellectual Property: Best Practices
Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading
Cloud Compliance: Tackling Compliance in the Cloud
Moving to a cloud environment brings compliance challenges, but they’re not insurmountable.Continue Reading
Metasploit Review: Ten Years Later, Are We Any More Secure?
Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.Continue Reading
The new era of big data security analytics
The information security industry needs to shift its focus to data-driven security.Continue Reading
FISMA Compliance and the Evolution to Continuous Monitoring
The U.S. Department of State developed a system for improving federal cybersecurity.Continue Reading
GRC Management and Critical Infrastructure Protection
GRC needs to adapt to become a truly effective risk management tool for critical infrastructure.Continue Reading
Developing a BYOD Strategy: Weigh the Risks, Challenges and Benefits
Organizations need to consider benefits and risks as they embrace BYOD.Continue Reading
Pros and Cons of Information Security Certifications
Educating the security professional requires far more than a certification exam.Continue Reading
Can ISO 27002 be used as a standalone guide for security management?
Learn the difference between ISO 27001 and ISO 27002, and how the latter can be used to build an infosec program.Continue Reading
How to comply with updated NIST incident response guidelines
NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan.Continue Reading
PDF download: Information Security magazine October 2012
In this issue, find out who won this year's Readers' Choice Awards. Also learn about threat management best practices and how hacktivists are impacting the threat landscape.Continue Reading
Five tips to improve a threat and vulnerability management program
Utilize these five simple tips from expert Diana Kelley to improve your enterprise's threat and vulnerability management program.Continue Reading
Threat prevention techniques: Best practices for threat management
A successful threat management program requires effective processes, layered technology and user education.Continue Reading
Network log management on a budget: How to streamline log analysis
Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.Continue Reading
pfSense tutorial: Configure pfSense as an SMB-caliber firewall
Video: Keith Barker of CBT Nuggets provides a brief pfSense tutorial. Learn how to configure pfSense, a free yet surprisingly capable firewall.Continue Reading
PDF download: Information Security magazine September 2012
In this issue, learn about the pros and cons of cloud-based security services and mobile application security considerations.Continue Reading
A new framework for preventing XSS attacks
Understand how cross-site scripting attacks work and how to prevent them.Continue Reading
Security as a Service: Benefits and risks of cloud-based security
Know the pros and cons to cloud-based security services before making the leap.Continue Reading
Log management and analysis: How, when and why
In this presentation, John Burke discusses how to make the most of logs to augment an organization’s overall security posture.Continue Reading
How to manage feedback in the compliance review process
The compliance review process can be complicated, especially when getting input from others. Mike Chapple offers advice to streamline the process.Continue Reading
Firewall security best practices: Get firewall network security advice
Get to know your firewall inside and out with this compilation of resources on firewall vulnerabilities, configuration and more.Continue Reading
Survey: Firewall rules sprawl makes firewall policy management a mess
Bloated firewall rules are making security unmanageable and audits a nightmare, according to a survey by firewall management vendor Athena.Continue Reading
PDF download: Information Security magazine July/August 2012
In this issue, learn pen testing best practices and how to build an internal pen testing team.Continue Reading
How to pen test: Why you need an internal security pen testing program
Learn pen testing best practices and how to build an internal pen testing team.Continue Reading
Securing SharePoint: SharePoint security best practices
SharePoint has become ubiquitous in the enterprise, but organizations can overlook security. Learn SharePoint security best practices in this article.Continue Reading
LinkedIn password leak: Lessons to be learned from LinkedIn breach
Breach at the professional networking site highlights password practices, storage procedures.Continue Reading
Network Forensics: Tracking Hackers through Cyberspace
Authors Sherri Davidoff and Jonathan Ham discuss the benefits of Web proxies and caching for forensic analysts in this chapter excerpt from their co-authored book, Network Forensics: Tracking Hackers through Cyberspace.Continue Reading
Privilege access management: User account provisioning best practices
Broad user account provisioning can give users too much access. Randall Gamby offers privilege access management advice to prevent 'privilege creep.'Continue Reading
PDF download: Information Security magazine June 2012
In this issue, learn how organizations are overcoming challenges in sharing cyberthreat information.Continue Reading
Secure remote access best practices: Guidelines for the enterprise
Remote access threats are on the rise. Use expert Randall Gamby's secure remote access best practices to help users make good security decisions.Continue Reading
MDM architecture considerations for enterprise identity management
Randall Gamby details which enterprise identity management features to look for when evaluating products as the basis for an MDM architecture.Continue Reading
Password compliance and password management for PCI DSS
Can poor password management lead to PCI DSS non-compliance? Mike Chapple outlines key password compliance best practices.Continue Reading
Cybersecurity information sharing initiatives on the rise
Businesses and government agencies work to improve sharing of cyberthreat information.Continue Reading
Challenges with data protection in the cloud
Capabilities such as encryption and DLP can be complicated in the cloud.Continue Reading
Information security threats: Building risk resilience
Enterprises need an agile risk management strategy to deal with today’s evolving threats.Continue Reading
Division of CISO responsibilities may prevent burnout
CISO responsibilities can be overwhelming, according to a new IBM survey. One solution may be to divide the role into two jobs.Continue Reading
PDF download: Information Security magazine May 2012
In this issue, security expert Lisa Phifer examines mobile device management technology.Continue Reading
Mobile device management systems help mitigate BYOD risks
Understand the benefits and limitations of multi-platform MDM technology.Continue Reading
Cybersecurity education vs. cybersecurity training
Security professionals need to understand the difference and plan accordingly.Continue Reading
Security staffing: Why information security positions go unfilled
Be aware of potential roadblocks and adjust your recruiting accordingly.Continue Reading
SIEM vs. DAM technology: Enterprise DAM implementation best practices
Mike Cobb analyzes the differences between a SIEM and DAM implementation and how to successfully configure an enterprise DAM.Continue Reading
DoS attack responses demand better business continuity plans
Expert Nick Lewis says an effective DoS attack responses demand better business continuity plans, including pre-negotiating with providers.Continue Reading
Security School: Cloud app security best practices
In this Security School lesson, expert Diana Kelley examines what enterprises need to know about application security in the cloud.Continue Reading
PDF download: Information Security magazine April 2012
In this issue, read about enterprise requirements for unified threat management systems. Also read about tokenization and AMI security issues.Continue Reading
UTM for the enterprise
Unified threat management isn’t just for the SMB market anymore.Continue Reading
Secure remote access? Security-related remote access problems abound
Is there really such a thing as secure remote access? Editor Eric B. Parizo says there are too many security-related remote access problems to ignore.Continue Reading
Understanding tokenization: What is tokenization and when to use it
Tokenization protects sensitive data to reduce the compliance burden.Continue Reading
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Continue Reading
Dynamic authorization vs. other access management technologies
Randall Gamby discusses the advantages of dynamic authorization vs. other access management strategies and implementation best practices.Continue Reading
SaaS access management: Finding the best single sign-on technology
Expert Randall Gamby details key strategies for SaaS access management and contemporary single sign-on technology that's truly interoperable.Continue Reading
Managing remote employees: How to secure remote network access
This SearchSecurity.com mini learning guide is a compilation of tips from our experts on how to secure remote network access. The guide offers best practices for managing remote employees and helping them set up a secure home network, as well as ...Continue Reading
Secure network architecture best practices: DMZ and VLAN security
This mini learning guide will cover best practices for achieving and maintaining a secure network architecture, discussing several aspects of DMZ security and VLAN security.Continue Reading
PDF download: Information Security magazine March 2012
This month's features include a discussion of how SIEM technology can help an organization if implemented properly, and an in-depth analysis of how the RSA breach impacted the industry.Continue Reading