Tips

Tips

• The 3 types of DNS servers and how they work

  DNS is a core internet technology, instrumental in mapping human-readable domains into corresponding IP addresses. Learn about the three DNS server types and their roles in the internet.  Continue Reading

• Build an agile cybersecurity program with Scrum

  Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams.  Continue Reading

• How software-defined perimeter authentication ups security

  Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security.  Continue Reading

• How to shore up your third-party risk management program

  A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks.  Continue Reading

• Create a manageable, secure IT/OT convergence strategy in 3 steps

  An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT.  Continue Reading

• Tips and tricks to integrate IT and OT teams securely

  IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined.  Continue Reading

• What's the role of people in IT/OT security?

  To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures.  Continue Reading

• How to encrypt and secure a website using HTTPS

  The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data.  Continue Reading

• Cybersecurity frameworks hold key to solid security strategy

  Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options.  Continue Reading

• How to use Metasploit commands and exploits for penetration tests

  These step-by-step instructions demonstrate how to use Metasploit for enterprise vulnerability and penetration testing.  Continue Reading

• RPA security best practices include access control, system integration

  Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good.  Continue Reading

• 6 types of insider threats and how to prevent them

  Compromised, negligent and malicious employees put enterprises at risk. Here are six problems they pose and the insider threat prevention strategies to protect your enterprise.  Continue Reading

• What it takes to be a DevSecOps engineer

  To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer.  Continue Reading

• IoT security risks persist; here's what to do about them

  Nontech manufacturers building IoT devices combined with resource constraints is a recipe for disaster. It's the reality of IoT security issues, and the problem isn't going away.  Continue Reading

• How to navigate the often challenging CISO career path

  There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey.  Continue Reading

• Network traffic analysis tools secure a new, crucial role

  Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security.  Continue Reading

• CISO challenges include building credibility within the business

  No matter what comes at them in terms of cybersecurity issues, the main CISO challenge comes down to building credibility as a trustworthy person.  Continue Reading

• DevOps security checklist requires proper integration

  There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation.  Continue Reading

• Wireshark tutorial: How to use Wireshark to sniff network traffic

  Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection.  Continue Reading

• 5 enterprise patch management best practices

  It might not be the most exciting of responsibilities, but the value of enterprise patch management cannot be denied. Review these best practices to build a smooth patching process.  Continue Reading

• How to start building a DevSecOps model

  To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams.  Continue Reading

• SD-WAN security benefits go beyond the obvious

  SD-WAN does more than extend corporate networks. Key SD-WAN security benefits that capitalize on the technique's architecture could change the face of SD-WAN in the enterprise.  Continue Reading

• 3 ways to shore up third-party risk management programs

  A new Nemertes research study shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams.  Continue Reading

• Which is better: anomaly-based IDS or signature-based IDS?

  Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions.  Continue Reading

• The benefits of IAM can far outweigh the costs

  Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network.  Continue Reading

• Office 365 security challenges and how to solve them

  To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription.  Continue Reading

• Boost application security in DevOps with DevSecOps

  Without DevSecOps, application security can end up on the back burner during application development. Learn how DevSecOps can bake security back into the process.  Continue Reading

• How to beef up Office 365 email security features

  Companies looking to fortify their Office 365 email security can assess options from a variety of third-party vendors. Find out which features are the most important.  Continue Reading

• Building the best incident response framework for your enterprise

  Understanding the incident response framework standards and how to build the best framework for your organization is essential to preventing threats and mitigating cyber incidents.  Continue Reading

• How to prevent cybersecurity attacks using this 4-part strategy

  It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way.  Continue Reading

• Strategies to mitigate cybersecurity incidents need holistic plans

  Every organization needs strategies to mitigate cybersecurity incidents, but what areas should the strategies address? Find out what experts suggest to protect the entire organization.  Continue Reading

• Incident response: How to implement a communication plan

  Communication is critical to an effective incident response plan. Here are five best practices an organization can use to gather and share information.  Continue Reading

• How to retool incident response best practices for the digital age

  As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible.  Continue Reading

• CERT vs. CSIRT vs. SOC: What's the difference?

  What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization.  Continue Reading

• Where does IMAP security fall short, and how can it be fixed?

  Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates.  Continue Reading

• IPsec vs. SSL VPN: Comparing speed, security risks and technology

  IPsec VPNs and SSL VPNs both encrypt network data, but they do it differently. Learn about the differences and how to determine the right solution for your organization.  Continue Reading

• What identity governance tools can do for your organization

  Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data.  Continue Reading

• 4 steps to critical infrastructure protection readiness

  Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR.  Continue Reading

• The case for continuous security monitoring

  When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program.  Continue Reading

• 5 ways to achieve a risk-based security strategy

  Learn five steps to implement a risk-based security strategy that naturally delivers compliance as a consequence of an improved security posture.  Continue Reading

• Zero-trust security model means more than freedom from doubt

  A zero-trust security model has a catchy name, but the methodology means more than not trusting any person or device on the network. What you need to know.  Continue Reading

• Top 7 IT security frameworks and standards explained

  Several IT security frameworks and cybersecurity standards are available to help protect company data. Here's advice for choosing the right one for your organization.  Continue Reading

• How to find an MSP to protect you from outsourcing IT risks

  Check out what questions to ask MSPs to make sure they have the right security systems in place to protect your organization against outsourcing IT risks.  Continue Reading

• How do buffer overflow attacks work?

  Buffer overflow attacks are simple exploits that can give an attacker control over a program or process. Learn how these attacks work and how to make sure they don't happen to you.  Continue Reading

• 2019's top email security best practices for employees

  Attackers exploit email every day to break into your network, but you can reduce risk for everyone by promoting these email security strategies for employees.  Continue Reading

• Endpoint security tools get an essential upgrade

  Malware, APTs and other threats are getting smarter, but so are endpoint detection and response products. Learn what the latest versions can do to keep threats away.  Continue Reading

• Building a cybersecurity awareness training program

  Cybersecurity awareness training programs are sometimes perceived as an extraneous waste of time and energy, but are essential to building a strong security culture.  Continue Reading

• How to perform a building security assessment

  There are four major systems to review in a building security assessment. Learn what they are and how to review their potential cyber and physical risks.  Continue Reading

• How to conduct a security risk review on a large building

  Assessors cannot dive into a security risk review of a large building; they have to prepare and strategize ahead of time. Learn how to get ready for this type of security assessment.  Continue Reading

• How can organizations build cybersecurity awareness among employees?

  A high level of cybersecurity awareness among employees is essential to protect corporate data. To build this awareness, start with a strong cybersecurity culture.  Continue Reading

• 2019's top 5 free enterprise network intrusion detection tools

  Snort is one of the industry's top network intrusion detection tools, but plenty of other open source alternatives are available. Discover new and old favorites for packet sniffing and more.  Continue Reading

• Implementing the top 6 email security best practices for employees

  The list of email security best practices for employees can get long. To include the necessary options, check out the six essentials. Where does your organization stand?  Continue Reading

• How to improve application security testing when it falls short

  Application security testing is a critical component of enterprise security. Find out what steps you can take to make sure your testing procedures fit the bill.  Continue Reading

• The top 3 email security threats and how to defuse them

  Understanding the nature of the top 3 email security threats -- malware, phishing and spoofed domains -- can help reduce their impact.  Continue Reading

• Top risks of deploying zero-trust cybersecurity model

  Adopting a zero-trust model for cybersecurity brings many benefits -- but also risks. Find out why a zero-trust approach to security is not a panacea.  Continue Reading

• Identity and access management trends show new access roles

  Identity and access management trends reflect a changing cybersecurity landscape. Learn how IAM is changing and what you should do before buying an IAM tool.  Continue Reading

• AI, machine learning in cybersecurity focused on behavior

  Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now.  Continue Reading

• A look at security threats to critical infrastructure

  Threats to critical infrastructure, like Operation Sharpshooter, should motivate CI sectors to take cybersecurity seriously. Learn about the threats and how to defend against them.  Continue Reading

• Top 5 reasons for a zero-trust approach to network security

  As network perimeters disintegrate and enterprises adopt cloud computing, discover the top reasons organizations are opting for a zero-trust approach to network security.  Continue Reading

• Simplify incident response for zero-day vulnerability protection and beyond

  Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets.  Continue Reading

• 4 steps to ensure virtual machine security in cloud computing

  Enterprises are now operating in a cloud-virtual world. Understanding four steps to ensure virtual machine security in cloud computing environments is crucial.  Continue Reading

• Four container security vulnerabilities and how to avoid them

  Find out how container security best practices can address the four most common types of container and orchestrator vulnerabilities. Then mitigate threats with the right processes and tools.  Continue Reading

• How to secure network devices in a hostile world

  Find out how to secure network devices by locking down the biggest, riskiest holes to protect them from exploits long before some or all of the network crashes.  Continue Reading

• 8 ways to protect building management systems

  Security threats to building management systems can come from numerous sources. Expert Ernie Hayden outlines these potential threats and how to protect against them.  Continue Reading

• How automated patch management using SOAR can slash risk

  Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management.  Continue Reading

• Automating incident response with security orchestration

  Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks.  Continue Reading

• How does BGP hijacking work and what are the risks?

  The lack of security protections in BGP means that route hijacking can be easy, especially for organized crime or state-backed threat actors. Here are ways to deal with it.  Continue Reading

• Find out whether secure email really protects user data in transit

  Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email.  Continue Reading

• Plugging the cybersecurity skills gap with security automation

  Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder.  Continue Reading

• An introduction to building management system vulnerabilities

  Understanding what a building management system is and does is important for organizations to have stronger security postures. Expert Ernie Hayden examines the BMS and its flaws.  Continue Reading

• 5 common web application vulnerabilities and how to avoid them

  Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits.  Continue Reading

• Nine email security features to help prevent phishing attacks

  Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list.  Continue Reading

• How bellwether cybersecurity technologies predict success

  Bellwether cybersecurity technologies -- advanced endpoint security, behavioral threat analytics and a trio of cloud-based apps -- are used by successful cybersecurity teams. Find out why.  Continue Reading

• The developer's role in application security strategy

  Developers often pay lip service about being integral to application security, but they usually don't consider vulnerabilities until much too late in the dev process.  Continue Reading

• Understanding the new breed of command-and-control servers

  Command-and-control servers are now using public cloud services, social media and other resources to evade detection. What should enterprises do to combat these threats?  Continue Reading

• Top 5 email security issues to address in 2019

  The top five email security issues come from a variety of places, from email phishing to account takeovers. Our security expert recommends being vigilant and poised to take action.  Continue Reading

• Weighing the cost of mitigating Spectre variant 2

  Fixes for the Spectre variant 2 vulnerability affect system performance, so some in the tech sector wonder whether they're worth it. Expert Michael Cobb examines that question.  Continue Reading

• Key steps to put your zero-trust security plan into action

  There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company.  Continue Reading

• Microsegmentation security: Your key to zero trust

  Zero trust is the path forward to secure corporate IT assets. Learn how to put into place a zero-trust security model with a microsegmentation strategy.  Continue Reading

• Vet third-party apps to reduce supply chain threats

  Enterprises are more vulnerable than ever before to supply chain threats from third-party apps and modules. Last fall's compromised NPM package is one cautionary tale.  Continue Reading

• 5-step checklist for web application security testing

  This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws.  Continue Reading

• More Ghostscript vulnerabilities, more PostScript problems

  Researchers keep finding PostScript interpreter bugs. Find out how a new Ghostscript vulnerability enables remote code execution against web services and Linux desktop users.  Continue Reading

• How to create a more effective application security program

  To mitigate software-related security risks, fine-tune your application security program to get the right people involved, document your standards and manage your weak points.  Continue Reading

• Steps to improve an application environment and fix flaws

  Eliminating application security flaws from an enterprise's server can be a complex task. Learn steps to take in order to improve application security with expert Kevin Beaver.  Continue Reading

• How to comply with the California privacy act

  Organizations that handle California consumer data have a year to comply with CCPA. Expert Steven Weil discusses what enterprises need to know about the California privacy law.  Continue Reading

• How a Windows antimalware tool helps endpoint security

  The Windows Defender Antivirus program was updated to include sandbox network security. Learn why this is so important and why security professionals have been asking for it.  Continue Reading

• The evolution of the Let's Encrypt certificate authority

  Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate.  Continue Reading

• Cybersecurity maturity model lays out four readiness levels

  To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches.  Continue Reading

• How to perform an ICS risk assessment in an industrial facility

  An important step to secure an industrial facility is performing an ICS risk assessment. Expert Ernie Hayden outlines the process and why each step matters.  Continue Reading

• Updating TLS? Use cryptographic entropy for more secure keys

  Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson.  Continue Reading

• Key customer identity access management features to consider

  Evaluating customer identity access management products is complicated but necessary. Learn what’s new and what you need most right now.  Continue Reading

• CIAM vs. IAM: The key differences 'customer' makes

  Find out everything you need to know about the nuances that differentiate customer IAM from traditional IAM so that you can implement the CIAM system at your organization.  Continue Reading

• How NIST is preparing to defend against quantum attacks

  The NSA has begun the transition from ECC to new algorithms to resist quantum attacks. Learn about the threat posed by quantum computing from expert Michael Cobb.  Continue Reading

• What Moody's cyber-risk ratings mean for enterprises

  Moody's announced it will soon begin composing cyber-risk ratings for enterprises. Kevin McDonald explores the move and what it could mean for enterprises and the infosec industry.  Continue Reading

• How to ensure your enterprise doesn't have compromised hardware

  Enterprise protections are crucial in order to guarantee the safety of your hardware. Discover best practices to guard your enterprise's hardware with Nick Lewis.  Continue Reading

• For effective customer IAM, bundle security and performance

  CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now.  Continue Reading

• How a flaw in Apple DEP misuses an MDM server

  Hackers are able to enroll their devices in an organization's MDM server via a flaw in Apple DEP. Expert Michael Cobb explains how hackers conduct these attacks.  Continue Reading

• How the SHA-3 competition declared a winning hash function

  NIST tested competing hash functions over a period of five years for the SHA-3 algorithm competition. Learn the details of what they discovered from Judith Myerson.  Continue Reading

• 5 actionable deception-tech steps to take to fight hackers

  Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture.  Continue Reading

• Testing applications in production vs. non-production benefits

  To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons.  Continue Reading