Network intrusion detection and prevention (IDS-IPS)

Find the latest information on intrusion prevention systems (IPS) and network intrusion detection systems (IDS), including tools and tactics, how to manage host-based and network-based IDSes, minimizing false positives, and how to use intrusion detection methods and devices.

August 05, 2015 05 Aug'15
Security machine learning methods needed to adapt to evolving threats

Data science can sort through huge data stores in order to find and stop advanced attackers and malware, but new methods are needed to make sure the machine learning keeps up with evolving threats.
June 03, 2015 03 Jun'15
Adversaries never sleep: unknown malware downloaded every 34 seconds

In its 2015 Security Report, Check Point Software has found adversaries are exploiting the ease of creating unknown malware to boost the chance of a successful attack, and sandboxing adoption may be the best way to mitigate risk.
May 21, 2015 21 May'15
Too many false positives, security alerts inundate enterprise, study says

A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.
April 29, 2015 29 Apr'15
Port monitoring critical to detecting, mitigating attacks using SSL

As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them.

Bring yourself up to speed with our introductory content

virtual honeypot

A virtual honeypot is software that emulates a vulnerable system or network to attract intruders and study their behavior. Virtual honeypots contrast with hardware-based honeypots, which are dedicated computers, networks or network segments designed... Continue Reading
unified threat management (UTM)

A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and ... Continue Reading
CISSP Domain 7: Security operations

Learn about important cybersecurity techniques and technologies that serve as the foundation of both day-to-day security operations and incident response. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

What does the expansion of MANRS mean for BGP security?

The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security. Continue Reading
Deception technology applied to pharma cybersecurity

Thanks to automation and virtualization, deception technology may make inroads into healthcare. Here is one pharmaceutical company's approach to using the technology. Continue Reading
SOC services: How to find the right provider for your company

SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best. Continue Reading

Learn to apply best practices and optimize your operations.

How entropy sources interact with security and privacy plans

NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role. Continue Reading
What is missing from the NIST/DHS botnet security report?

The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis. Continue Reading
Insider threat behavior: How to identify warning signs

Enterprises can prevent insider threat incidents if they know what to look for. Peter Sullivan explains the precursors to and precipitating events for insider threat behavior. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How do hackers use legitimate admin tools to compromise networks?

Hackers use legitimate admin tools to exfiltrate data in living off the land attacks that are hard to detect. Learn about this cyberattack tactic from expert Michael Cobb. Continue Reading
How can a hardcoded password vulnerability affect Cisco PCP?

Cisco patched a hardcoded password vulnerability found in their PCP software. Learn how the software works and how attackers can exploit this vulnerability with Judith Myerson. Continue Reading
How should BGP route hijacking be addressed?

A new report from NIST shows how BGP route hijacking can threaten the internet. Expert Judith Myerson reviews the guidance for improving BGP security. Continue Reading