Tips

Tips

• Evaluate biometric authentication pros and cons, implications

  Hoping for a passwordless future? Multifactor authentication using biometrics may be the answer. Consider biometric authentication's pros, cons and implications before deploying.  Continue Reading

• Best practices for threat modeling service mesh, microservices

  In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods.  Continue Reading

• Answering the top IoT risk management questions

  Vulnerable IoT devices are commonly installed on enterprise networks, putting IT on the lookout for security issues. Here are answers to the biggest IoT risk management questions.  Continue Reading

• How to prevent buffer overflow attacks

  Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe.  Continue Reading

• 4 tips to ensure secure remote working during COVID-19 pandemic

  Don't let teleworkers compromise your enterprise's security. Follow these tips to ensure secure remote working in the event of a teleworker boom during a pandemic.  Continue Reading

• Updating the data discovery process in the age of CCPA

  Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR.  Continue Reading

• How nation-state cyberattacks affect the future of infosec

  Any company can be a nation-state cyberattack victim. Brush up on the latest and most common nation-state techniques and their implications on the threat landscape of tomorrow.  Continue Reading

• 5G network slicing security benefits IoT, mobile

  The fifth generation of mobile cellular technology offers a unique benefit its predecessors don't: network slicing. Learn more about these virtual slices and their security benefits.  Continue Reading

• Use this CCPA compliance checklist to get up to speed

  California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist.  Continue Reading

• Tips for cybersecurity pandemic planning in the workplace

  Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event.  Continue Reading

• 6 cybersecurity strategies to solidify personal data protection

  As consumers add more connected devices to personal networks, cybersecurity risk is hitting close to home. Here are steps individuals can take to ensure personal data protection.  Continue Reading

• Use TODO comments for secure software, development to production

  Security is often considered a software development burden, despite its importance. Learn app developer tricks to ensure security controls make it from development to production.  Continue Reading

• How an island-hopping cyberattack works and how to fight back

  Being part of island-hopping is no day at the beach when it comes to cyberattacks. Learn how to avoid being either a victim or an attacker's unwitting accomplice.  Continue Reading

• Stop business email compromise with three key approaches

  Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets.  Continue Reading

• AI-driven cybersecurity teams are all about human augmentation

  AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them.  Continue Reading

• Who wins the security vs. privacy debate in the age of AI?

  When trying to maintain balance between security and privacy in an AI-enabled world, who decides which side should tip and when? So continues the security vs. privacy debate.  Continue Reading

• How to handle nation-state cyberattacks on the enterprise

  It's only a matter of time before nation-state cyberattacks that threaten government entities today target the enterprise. Follow our expert's tips to prepare in time.  Continue Reading

• 4 enterprise database security best practices

  Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices.  Continue Reading

• In-house vs. outsourced cybersecurity operations center capabilities

  Cybersecurity operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource these capabilities.  Continue Reading

• Protect against evolving data security threats

  As data security threats evolve, knowing how to protect your data is more important than ever. Learn about the latest security threats and how to ward them off.  Continue Reading

• How does antimalware software work and what are the detection types?

  Virus detection techniques used by antimalware tools can be a huge boost to enterprise cybersecurity programs. Learn how antimalware software works and its benefits in this tip.  Continue Reading

• 3 tips for writing a quality penetration testing report

  Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one.  Continue Reading

• Improve data security in the modern enterprise

  From growing attack surfaces to new regulations, these data security considerations must be on every company's radar.  Continue Reading

• Building an effective security operations center framework

  An effective security operations center framework includes more than just monitoring and analysis. AI and machine learning can also play a role.  Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data.  Continue Reading

• HIPAA compliance checklist: The key to staying compliant in 2020

  Putting together a HIPAA compliance program can be fraught with difficulty. Review best practices and a HIPAA compliance checklist to avoid common pitfalls and pass an audit.  Continue Reading

• Top 10 cybersecurity predictions: 2020 edition

  When it comes to cybersecurity predictions, in many ways, 2020 is a continuation of the present. Emerging trends include nation-state activity, IoT infrastructure attacks and more.  Continue Reading

• AI and machine learning in cybersecurity: Trends to watch

  AI and machine learning in cybersecurity are not so much useful to security teams today as they are necessary. Examine cybersecurity automation trends and benefits.  Continue Reading

• NIST CSF provides guidelines for risk-based cybersecurity

  Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection.  Continue Reading

• IT vs. OT security -- and how to get them to work together

  While IT and OT security have historically been separate, the advent of IoT is forcing the two together. Cross-pollinating IT with OT is critical to ensuring IoT security.  Continue Reading

• Perimeterless security still has borders -- and APIs need it

  Many people believe perimeterless security means borders are a thing of the past. But virtual borders secure APIs needed by mobile users and cloud workloads. Check out how to manage them.  Continue Reading

• Master IoT and edge computing security challenges

  Edge devices are not necessarily designed with security in mind. Organizations need to think critically about how to approach today's edge computing security challenges.  Continue Reading

• Use a data privacy framework to keep your information secure

  Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats.  Continue Reading

• As cybersecurity insurance coverage becomes common, buyer beware

  Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy.  Continue Reading

• Key features in building a security operations center

  Building a security operations center means understanding the key features you need to ensure your network remains protected against threats.  Continue Reading

• The top 3 use cases for AI endpoint security tools

  Endpoint attack surfaces are growing, and cybersecurity pros struggle to keep up. Consider the following use cases for AI endpoint security techniques in the enterprise.  Continue Reading

• How to use and manage BitLocker encryption

  Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it.  Continue Reading

• Boost network security visibility with these 4 technologies

  The network is where it's at if you want to stop malicious actors. But first you need to up your network visibility. Learn about four technologies that can help.  Continue Reading

• Network visibility and monitoring tools now amp up security

  Three technology trends are currently making network visibility even more central to security tools. Learn more about the impact of big data, AI and APIs.  Continue Reading

• Use network traffic analysis to detect next-gen threats

  Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats.  Continue Reading

• A fresh look at enterprise firewall management

  Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization.  Continue Reading

• Zero-trust framework creates challenges for app dev

  Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers.  Continue Reading

• 3 security and ethics considerations for modern-day CISOs

  Many conversations today revolve around security and ethics. A strong CISO voice is crucial to keeping enterprises safe while embracing this critical cultural awakening.  Continue Reading

• Understand the top 4 use cases for AI in cybersecurity

  AI applications in security offers organizations four unique benefits. Learn how machine learning advances can change industry approaches to threat detection and prevention.  Continue Reading

• How to address cloud IAM challenges

  Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges.  Continue Reading

• Heed 5 security operations center best practices before outsourcing

  Understanding the five steps needed to ensure security operations center best practices will help organizations decide whether to outsource their SOC initiatives.  Continue Reading

• Essential instruments for a pen test toolkit

  Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific tools for wireless, network and web app pen testing.  Continue Reading

• Virtual network security measures to thwart access threats

  Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues.  Continue Reading

• How can DNS privacy issues be addressed?

  Learn two techniques for improving end-user DNS privacy protection that prevent DNS from exposing information about websites users visit and the people users communicate with.  Continue Reading

• Top enterprise 5G security concerns and how to address them

  The benefits of 5G are aplenty, but the next-generation LTE technology also presents a number of risks. Learn how to securely deploy 5G in your enterprise.  Continue Reading

• The 3 types of DNS servers and how they work

  DNS is a core internet technology, instrumental in mapping human-readable domains into corresponding IP addresses. Learn about the three DNS server types and their roles in the internet.  Continue Reading

• Build an agile cybersecurity program with Scrum

  Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams.  Continue Reading

• How software-defined perimeter authentication ups security

  Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security.  Continue Reading

• How to shore up your third-party risk management program

  A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks.  Continue Reading

• Create a manageable, secure IT/OT convergence strategy in 3 steps

  An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT.  Continue Reading

• Tips and tricks to integrate IT and OT teams securely

  IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined.  Continue Reading

• What's the role of people in IT/OT security?

  To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures.  Continue Reading

• How to encrypt and secure a website using HTTPS

  The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data.  Continue Reading

• Cybersecurity frameworks hold key to solid security strategy

  Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options.  Continue Reading

• How to use Metasploit commands and exploits for penetration tests

  These step-by-step instructions demonstrate how to use Metasploit for enterprise vulnerability and penetration testing.  Continue Reading

• RPA security best practices include access control, system integration

  Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good.  Continue Reading

• 6 types of insider threats and how to prevent them

  Compromised, negligent and malicious employees put enterprises at risk. Here are six problems they pose and the insider threat prevention strategies to protect your enterprise.  Continue Reading

• What it takes to be a DevSecOps engineer

  To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer.  Continue Reading

• IoT security risks persist; here's what to do about them

  Nontech manufacturers building IoT devices combined with resource constraints is a recipe for disaster. It's the reality of IoT security issues, and the problem isn't going away.  Continue Reading

• How to navigate the often challenging CISO career path

  There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey.  Continue Reading

• Network traffic analysis tools secure a new, crucial role

  Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security.  Continue Reading

• CISO challenges include building credibility within the business

  No matter what comes at them in terms of cybersecurity issues, the main CISO challenge comes down to building credibility as a trustworthy person.  Continue Reading

• DevOps security checklist requires proper integration

  There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation.  Continue Reading

• Wireshark tutorial: How to use Wireshark to sniff network traffic

  Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection.  Continue Reading

• 5 enterprise patch management best practices

  It might not be the most exciting of responsibilities, but the value of enterprise patch management cannot be denied. Review these best practices to build a smooth patching process.  Continue Reading

• How to start building a DevSecOps model

  To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams.  Continue Reading

• SD-WAN security benefits go beyond the obvious

  SD-WAN does more than extend corporate networks. Key SD-WAN security benefits that capitalize on the technique's architecture could change the face of SD-WAN in the enterprise.  Continue Reading

• 3 ways to shore up third-party risk management programs

  A new Nemertes research study shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams.  Continue Reading

• Which is better: anomaly-based IDS or signature-based IDS?

  Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions.  Continue Reading

• The benefits of IAM can far outweigh the costs

  Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network.  Continue Reading

• Office 365 security challenges and how to solve them

  To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription.  Continue Reading

• Boost application security in DevOps with DevSecOps

  Without DevSecOps, application security can end up on the back burner during application development. Learn how DevSecOps can bake security back into the process.  Continue Reading

• How to beef up Office 365 email security features

  Companies looking to fortify their Office 365 email security can assess options from a variety of third-party vendors. Find out which features are the most important.  Continue Reading

• Building the best incident response framework for your enterprise

  Understanding the incident response framework standards and how to build the best framework for your organization is essential to preventing threats and mitigating cyber incidents.  Continue Reading

• Strategies to mitigate cybersecurity incidents need holistic plans

  Every organization needs strategies to mitigate cybersecurity incidents, but what areas should the strategies address? Find out what experts suggest to protect the entire organization.  Continue Reading

• CERT vs. CSIRT vs. SOC: What's the difference?

  What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization.  Continue Reading

• How to prevent cybersecurity attacks using this 4-part strategy

  It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way.  Continue Reading

• Incident response: How to implement a communication plan

  Communication is critical to an effective incident response plan. Here are five best practices an organization can use to gather and share information.  Continue Reading

• How to retool incident response best practices for the digital age

  As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible.  Continue Reading

• Where does IMAP security fall short, and how can it be fixed?

  Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates.  Continue Reading

• IPsec vs. SSL VPN: Comparing speed, security risks and technology

  IPsec VPNs and SSL VPNs both encrypt network data, but they do it differently. Learn about the differences and how to determine the right solution for your organization.  Continue Reading

• What identity governance tools can do for your organization

  Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data.  Continue Reading

• 4 steps to critical infrastructure protection readiness

  Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR.  Continue Reading

• The case for continuous security monitoring

  When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program.  Continue Reading

• 5 ways to achieve a risk-based security strategy

  Learn five steps to implement a risk-based security strategy that naturally delivers compliance as a consequence of an improved security posture.  Continue Reading

• Zero-trust security model means more than freedom from doubt

  A zero-trust security model has a catchy name, but the methodology means more than not trusting any person or device on the network. What you need to know.  Continue Reading

• Top 7 IT security frameworks and standards explained

  Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization.  Continue Reading

• How to find an MSP to protect you from outsourcing IT risks

  Check out what questions to ask MSPs to make sure they have the right security systems in place to protect your organization against outsourcing IT risks.  Continue Reading

• How do buffer overflow attacks work?

  Buffer overflow attacks are simple exploits that can give an attacker control over a program or process. Learn how these attacks work and how to make sure they don't happen to you.  Continue Reading

• 2019's top email security best practices for employees

  Attackers exploit email every day to break into your network, but you can reduce risk for everyone by promoting these email security strategies for employees.  Continue Reading

• Endpoint security tools get an essential upgrade

  Malware, APTs and other threats are getting smarter, but so are endpoint detection and response products. Learn what the latest versions can do to keep threats away.  Continue Reading

• Building a cybersecurity awareness training program

  Cybersecurity awareness training programs are sometimes perceived as an extraneous waste of time and energy, but are essential to building a strong security culture.  Continue Reading

• How to perform a building security assessment

  There are four major systems to review in a building security assessment. Learn what they are and how to review their potential cyber and physical risks.  Continue Reading

• How to conduct a security risk review on a large building

  Assessors cannot dive into a security risk review of a large building; they have to prepare and strategize ahead of time. Learn how to get ready for this type of security assessment.  Continue Reading

• How can organizations build cybersecurity awareness among employees?

  A high level of cybersecurity awareness among employees is essential to protect corporate data. To build this awareness, start with a strong cybersecurity culture.  Continue Reading