Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
How to track and prevent crimeware attacks
Crimeware is on the rise and enterprises that track attacks can discover malicious software trying to breach the environment. Continue Reading
After Windows Server 2003 end of life: An emergency action plan
Microsoft is ending support for Windows Server 2003 in July 2015, yet many organizations will still run W2K3 beyond this date. Learn how to keep your enterprise safe. Continue Reading
Can Detekt identify remote administration Trojans and spyware?
State-sponsored malware and commercial surveillance software can be difficult to identify. Expert Nick Lewis explains how the Detekt tool can help. Continue Reading
-
Breaking down the CISO reporting structure
The CISO reporting structure has come under fire after a long line of high-profile data breaches, so who should CISOs report to? Continue Reading
Password malware: Can Trojans that capture passwords be mitigated?
A variant of the Citadel malware emerged that compromises password management and authentication products. Enterprise threats expert Nick Lewis explains how to prevent and overcome the threat. Continue Reading
Malware analysis beyond the sandbox
Researchers estimate that 70% of organizations will have implemented virtual servers by the end of 2015, representing a tipping point in enterprises’ adoption of virtualization. Virtual machines (VMs) must be protected from malware like other ...Continue Reading
DDoS prevention: The latest means and methods
Last year distributed denial-of-service attacks, also known as DDoS, rose to record levels of not just frequency but also strength, with attack traffic reaching rates as high as 400 Gbps. DDoS attacks are still a popular means of hacking and they’re...Continue Reading
How can phishing attacks that use proxy programs be stopped?
Phishing attacks are adopting new functionality to avoid detection, including the use of proxy programs to simplify the attack process. Learn how to defend against this type of risk.Continue Reading
Understanding and mitigating a FREAK vulnerability attack
After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it.Continue Reading
What is the best mobile malware protection against NotCompatible.C?
A sophisticated variant of the NotCompatible malware has emerged that is difficult to detect and defend against. Expert Nick Lewis offers tips for handling NotCompatible.C.Continue Reading
-
How can CISOs avoid executive turnover after a data breach?
The executive turnover at enterprises after a data breach is fairly high. Expert Mike Villegas gives some advice on how CISOs can avoid losing their job.Continue Reading
Should privacy professionals be legal minds or techies?
Hiring privacy professionals for your enterprise can be a daunting task. Expert Mike O. Villegas explains the role and what qualities to look for in candidates.Continue Reading
Secure updates are difficult, but less risky than not patching
Recent malware issues with Lenovo's automatic update system have some worried about the risks associated with automatic updates. Experts say secure update processes are better than ever and result in less risk than waiting to patch vulnerabilities.Continue Reading
Should information security assessments be done by consultants?
Information security assessments can be performed by consulting firms, but is that a better option than handling assessments with in-house staff? Expert Mike O. Villegas discusses.Continue Reading
Is paying the ransom the only way to remove ransomware?
Should organizations pay the money to save their attacker-encrypted data and remove ransomware? Expert Mike O. Villegas advises enterprises on the best approach.Continue Reading
Network security improved by Cisco data mining
Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.Continue Reading
How can HIPAA security risk analysis help with compliance?
HHS recommends security risk analysis as an early step to become HIPAA compliant, so how should organizations put this tip into practice?Continue Reading
Security lessons from the NSA malware defense report
The NSA's Information Assurance Directorate released a report on malware defense. Uncover which guidance and best practices would be fruitful to integrate into your enterprise security plan.Continue Reading
Are HTML5 mobile apps an enterprise security concern?
Gartner predicts more than half of all mobile apps will use HTML5 by 2016, but what threats will this cause the enterprise? Expert Michael Cobb discusses.Continue Reading
Fighting crimeware, RAM scraping and other modern mischief
There's a good possibility that the attacks you see this year will be harder to detect than in years past, particularly as malware generation toolkits make these more advanced techniques easy to incorporate with existing systems.
In this ...Continue Reading
Offensive countermeasures: How they can slow down adversaries
Sometimes the best defense is a good offense. Expert Eric Cole explains the merits of offensive countermeasures in the enterprise.Continue Reading
Can public key pinning improve Mozilla Firefox security?
Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains how it works and its benefits.Continue Reading
Is global email an enterprise email security risk?
Ubiquitous global email is right around the corner. But what effect will it have on enterprises? Expert Michael Cobb explains.Continue Reading
Getting the CISOs on equal footing with other C-level positions
CISOs sometimes need to work a bit harder to gain the same respect given to other C-level positions, but there are ways for CISOs to gain more respect.Continue Reading
The Third Network: What are the security risks for Ethernet as a service?
Ethernet as a service, or the Third Network, aims to deliver faster services to users across carriers and providers, but what are the risks? Network security expert Kevin Beaver explains.Continue Reading
Google's Adrian Ludwig talks about fighting Android threats
Google is fighting a constant battle against Android malware and vulnerabilities, and Adrian Ludwig, Google's lead for Android security, talks to SearchSecurity about how protections are getting better.Continue Reading
Are enterprise devices vulnerable to NAT-PMP security threats?
Network Address Translation - Port Mapping Protocol implementations may cause vulnerabilities on networking devices. Expert Kevin Beaver offers pointers for testing and mitigating such risks.Continue Reading
How should we hire for specialized information security roles?
A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals.Continue Reading
Breaking bad password habits in the enterprise
A bad password brings unnecessary risk into organizations, but how bad are they really? Expert Randall Gamby assesses just how dire the situation is.Continue Reading
The CEO refuses cybersecurity best practices: Now what?
Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation.Continue Reading
How can security pros cope with a limited information security budget?
Many security professionals have to operate within a small information security budget. Expert Mike O. Villegas reviews some tips to maximizing the budget and persuading management to increase it.Continue Reading
New boundaries: Four strategies for perimeter network security
Perimeter network security at most organizations has evolved beyond "four walls." Many of today's data centers are no longer on-premises. As cloud and mobile technologies extend the reach of network infrastructure, the notion of a network edge that ...Continue Reading
Are one-day wonders enterprise Web security risks?
One-day wonders are websites that persist for 24 hour or less. Should these phenomena be an enterprise security concern? Expert Michael Cobb explains.Continue Reading
Are mobile persistent cookies a threat to enterprise data security?
While cookies can be helpful, mobile persistent cookies can pose a serious threat to users and enterprises. Expert Michael Cobb explains how to mitigate the risk and eliminate the threat.Continue Reading
How does public key pinning improve website security?
Certificate authority confidence is waning, but the emergence of public key pinning can help keep websites secure. Expert Michael Cobb explains how.Continue Reading
Schneier: Incident response management key to surviving a data breach
Video: Bruce Schneier, CTO of Resilient Systems, talks to SearchSecurity about the importance of strong incident response management in reaction to the 'year of the data breach.'Continue Reading
Is homomorphic encryption the answer to enterprise encryption issues?
Homomorphic encryption can be used to bypass encryption, but it's for the good of all. Application security expert Michael Cobb explains.Continue Reading
How enterprises can bolster their crisis communication strategy
Developing a thorough crisis communication strategy in the event of a data breach is an important task for CISOs. Expert Mike Villegas explains what the strategy should involve.Continue Reading
Accidental insider threats and four ways to prevent them
Most insider attacks to enterprises are accidental, not intentional. SANS Faculty Senior Fellow Eric Cole, Ph.D., explains why security awareness training isn't enough to stop these threats.Continue Reading
Cybersecurity information sharing: Industries join forces
Industry peers are increasingly focused on disseminating risk and incident information to allow for a collective defense. Is there room for Uncle Sam?Continue Reading
In the API economy, API security moves to center stage
Integrating systems and data could pay off big. But publishing an API requires a lifetime commitment to monitoring its use.Continue Reading
Enterprises call on API management for better API security
Poor API hygiene can put your organization’s health at risk.Continue Reading
How can malware using bulletproof hosting sites be stopped?
Expert Nick Lewis explains what bulletproof hosting is and how enterprises can best defend against malware that uses it as part of its attack scheme.Continue Reading
Unmasking the Masque attack: Inside the iOS security flaw
The Masque attack is a malicious threat, yet Apple has downplayed the risk. Expert Nick Lewis explains how to keep employees from being tricked into installing malware.Continue Reading
Malvertising: How can enterprises defend against malicious ads?
Malicious ads are becoming an increasing threat vector. Expert Nick Lewis explains how to defend your enterprise against the risks of malvertising.Continue Reading
Advanced persistent threat detection: Can it find custom malware?
Signature-based antimalware tools can't always detect custom malware and advanced persistent threats. Expert Nick Lewis explains how to combat these menaces.Continue Reading
Creating an end-of-life policy for mobile products in the enterprise
When mobile vendors stop maintaining security on their devices, enterprise data is at risk. Expert Michael Cobb discusses how to assess mobile product end of life and how to create end-of-life policies and controls to maintain BYOD safety.Continue Reading
Are there new spam rules to mitigate spam techniques?
Expert Nick Lewis explores the latest spam defense methods and products that will help enterprises defend against new and emerging spam techniques.Continue Reading
Ways to secure Web apps: WAFs, RASP and more
Protecting a Web application increasingly means tuning your protections to the individual characteristics of your applications. There’s more than one way to go about this, though. In this three-part guide we review best practices for taking your Web...Continue Reading
Is RASP the answer to secure software delivery?
Traditionally, ensuring secure software delivery has meant relying on static scanning and dynamic fuzzing. There’s now an alternative: the runtime application self-protection, or RASP, method. This ISM Insider Edition looks at all that's gone...Continue Reading
Android browser security: How can AOSP browser flaws be fixed?
While Google fixed the issue on its Android OS, many browsers still fall victim to a known same-origin bypass AOSP browser flaw. Expert Michael Cobb discusses how to avoid the risk.Continue Reading
From devices to ransomware targeting servers: Is your security ready?
The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center.Continue Reading
How does Pretty Easy Privacy secure online communications?
The open source Pretty Easy Privacy project is a user interface that helps users secure communication channels. Expert Michael Cobb outlines how it works.Continue Reading
Why PCI non-compliance is a problem for many
PCI DSS requirement 2 specifies companies must change vendor-supplied default passwords, but only 50% were in compliance. Expert Mike Chapple explains why.Continue Reading
Algorithm substitution attacks: Ensuring encryption algorithm security
Algorithm substitution attacks can decrypt secure communications and potentially expose enterprise data in plaintext. Learn how to mitigate the threat.Continue Reading
How to detect malware that leaves no file on disk
Malware that leaves no file on disk can throw enterprises' malware-detection capabilities for a loop. Learn how to detect and defend against fileless malware.Continue Reading
Social engineering: You got nailed!
Move beyond prevention to fast detection to combat a stealthy social engineering attack.Continue Reading
Q&A: Marcus Ranum chats with Privacy Professor CEO Rebecca Herold
Organizations will be judged by the company they keep, warns Herold. Don’t let third parties skate, when your data security is at risk.Continue Reading
Information security jobs unfilled as labor pains grow
Why cybersecurity hiring is the real cyberwar.Continue Reading
Defending against the digital invasion
As attackers move beyond “spray and pray” tactics to advanced persistent threats -- having better security than your competitors is no longer enough. Targeted attacks today are often for financial gain through extortion and threats to expose or ...Continue Reading
Repackaged apps: Defending against fake apps in the enterprise
Repackaged applications can present multiple enterprise security risks. Expert Nick Lewis explains what these fake apps are and how to defend against them.Continue Reading
Can a smartphone gyroscope be an eavesdropping tool?
Smartphones with gyroscopes can be exploited to serve as an eavesdropping tool. Expert Nick Lewis explains how to mitigate smartphone gyroscope risk.Continue Reading
Can remote wipe completely erase mobile phone data?
Remote wipe is the option most people think of when looking to erase data on mobile phones, but it isn't always the most effective. Expert Nick Lewis explores how to fully remove data from a device.Continue Reading
Which controls can prevent multifunction printer security risks?
Hackers are infiltrating the enterprise through multifunction printers. Expert Kevin Beaver explains how to mitigate the threat and improve printer security.Continue Reading
How can malicious apps posing as real apps be detected?
Malware masquerading as legitimate applications is a rising problem. Enterprise threats expert Nick Lewis outlines how to detect and mitigate this type of malware.Continue Reading
Beyond PCI: Out-of-band security tips for credit card data protection
Securing credit card data -- both online and at brick-and-mortar stores -- requires security measures beyond those mandated by PCI DSS. Expert Philip Alexander outlines six out-of-band security controls to consider.Continue Reading
NAS security: How to combat network-attached storage device risks
Network-attached storage devices can present a plethora of security issues to an enterprise. Expert Kevin Beaver explains how to detect and mitigate the risks.Continue Reading
Is the CISO job description getting out of hand?
CISO roles and responsibilities are built on impossible standards and unrealistic expecations. Expert Joseph Granneman explains this trend and why enterprises need to reverse it.Continue Reading
How will Shellshock affect PCI DSS audits for enterprises?
PCI DSS audits are sure to include a look at Shellshock mitigation. Expert Mike Chapple discusses how organizations can prepare.Continue Reading
Four questions to ask before buying a Web application firewall
Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.Continue Reading
How can shortened URLs carrying malicious links be detected?
While shortened URLs are convenient and space-saving, they can potentially lead users to malicious websites. Enterprise threats expert Nick Lewis explains how to avoid the threat.Continue Reading
Five network security lessons learned from the Sony Pictures hack
Following the Sony Pictures hack, several of the company's network security shortcomings were revealed. Expert Kevin Beaver explains how better network security may have prevented the extent of the breach.Continue Reading
How to prevent firewall failures with proper testing and maintenance
Expert Eric Cole explains how to remedy an underperforming or failing firewall with proper maintenance and testing.Continue Reading
How can drive-by download attacks be prevented?
Expert Nick Lewis offers some strategies that enterprises can use to avoid the threat of drive-by download attacks and improve employee awareness of the risks.Continue Reading
How can outdated ActiveX controls be blocked?
Outdated ActiveX controls can pose serious security risks. Enterprise threats expert Nick Lewis discusses how to block them in the enterprise.Continue Reading
Should enterprises enforce harsher penalties for phishing victims?
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph Granneman discusses why this approach may have merit.Continue Reading
Are SIEM products delivering on advanced analytics?
Faced with a deluge of security and log information, enterprises are overwhelmed by different types of data and finding it harder to respond to potential security events. Interest in security information and event management (SIEM) is increasing ...Continue Reading
New scrutiny on bug bounties: Is there strength in numbers?
Bug bounty programs are a cool idea and often work, so why haven't they taken off for non-tech companies?Continue Reading
How can macro malware and macro virus threats be prevented?
Macro viruses are back in the form of macro malware, creating a potentially major issue for enterprises. Expert Nick Lewis explains how to ensure your organization doesn't fall victim.Continue Reading
Can Vawtrak malware block enterprise security software?
Emerging malware, like the Vawtrak banking malware, has the ability to block enterprise antimalware measures. Expert Nick Lewis explains how to mitigate the risk.Continue Reading
How does snowshoe spam evade spam blockers?
Spam can use a process called 'snowshoe' to evade spam filters. Enterprise threats expert Nick Lewis explains how to block snowshoe spam.Continue Reading
Can internal threats be distinguished from outside malware coders?
Differentiating between insider and non-insider malware threats can be challenging. Expert Nick Lewis offers pointers for distinguishing malware coders from internal threats.Continue Reading
Emotet: How can traffic-sniffing banking malware be thwarted?
A new variety of banking malware can sniff traffic from APIs. Enterprise threats expert Nick Lewis outlines how to mitigate the risk.Continue Reading
What the Community Health Systems breach can teach your organization
The Community Health Systems breach in 2014 provided a learning opportunity for organizations handling PHI. Expert Mike Chapple reviews the key takeaways from the breach.Continue Reading
How to stop card-not-present scams and keep customers happy
Merchants need to balance buyers' online experiences and their controls for analyzing suspicious purchasing behavior to prevent card-not-present scams.Continue Reading
Transaction analytics tools can rescue companies from fraud
Implementing data analytics tools to examine transactions will help companies detect fraud and prevent losses for their customers.Continue Reading
Credit card protection tactics: Technology vs. standards
In 2014 shoppers spent almost $300 billion dollars online (a number expected to grow in future years). There was a significant number of online fraud attempts, too—and about 78% of those were made through website applications. (In contrast, only 3% ...Continue Reading
Is cybersecurity insurance valuable to enterprises?
Cybersecurity insurance is used as a fallback after data breaches, but does it really cover everything an organization needs? Joseph Granneman provides some answers.Continue Reading
How should organizations make a cybersecurity policy a top priority?
Supporting a cybersecurity policy should be a priority for executive boards. Expert Joseph Granneman explains how CISOs can effectively communicate its importance.Continue Reading
What advice does the PCI Special Interest Group have for compliance?
A new PCI Special Interest Group document gives advice to enterprises on staying PCI DSS compliant after audits. Expert Mike Chapple highlights the key takeaways.Continue Reading
In denial about DDoS: Defense planning falls short
Advanced distributed denial-of-service attackers are using a mix of techniques to hit targeted victims in ways all too similar to advanced persistent threats. DDoS defense planning is still lax at many enterprises, but if you do not have mitigation ...Continue Reading
Cybersecurity education: Planting seeds for the future
Southern Methodist University's Chang says the school's cybersecurity education program addresses the skills gap for trained staff in enterprises.Continue Reading
Breaches reignite intellectual property protection
Enterprises revisit data classification and protection strategies after rocky 2014.Continue Reading
Defend against APTs with big data security analytics
Without a trace: Cybersecurity incident response teams must follow the thread of security events through volumes of log data from increasingly diverse sources.Continue Reading
The business case for email encryption software
Email encryption is a valuable security tool for enterprises, but where and how should it be deployed? Expert Karen Scarfone outlines specific use cases for email encryption software.Continue Reading
Mini risk assessments: Simplifying protection of critical assets
Expert Eric Cole explains how his simplified, risk-based approach to security will help enterprises better identify -- and prevent -- the most dangerous threats.Continue Reading
Are third-party security awareness training programs effective?
Security awareness training can be effective, but how should enterprises select the right third-party program? Expert Joe Granneman offers some advice.Continue Reading
Understanding and responding to POS malware
Organizations must confront threats like Backoff malware to their point-of-sale systems. This guide reviews the POS malware dangers out there and offers remediation tactics.Continue Reading
What's the best way to find enterprise compliance tools?
Looking for compliance tools? Expert Mike Chapple explains why the best place to start the search is within your own information security infrastructure.Continue Reading
Should mobile fitness apps be HIPAA-compliant?
Mobile fitness apps can contain personal data, so should they be HIPAA-compliant? Expert Mike Chapple explains why that's not the right approach.Continue Reading