Tips

Tips

• The effects of the EU General Data Protection Regulation

  The EU General Data Protection Regulation will have an impact on data privacy, but it could also have an effect on enterprise compliance costs. Expert Mike Chapple explains.  Continue Reading

• Identifying the warning signs of network intrusions

  Detecting network intrusions requires a plethora of information. Expert Kevin Beaver explains why security teams need to take a big picture view of the network.  Continue Reading

• Adjusting a continuous monitoring strategy to a hybrid era

  Your monitoring strategy is vital to keeping networks and data secure. Learn the latest on how to factor the hybrid cloud variable into the security equation.  Continue Reading

• Coping with new Windows 10 patch security issues

  Microsoft's new approach to mandatory Windows 10 patching raises new security issues for businesses. Expert Paul DeGroot explains what the problems are and how to deal with them.  Continue Reading

• What an advanced firewall must have to be truly 'next generation'

  To be able to call your new firewall 'next generation,' it must have certain advanced firewall capabilities. Learn what these are in this technical tip.  Continue Reading

• How to limit privileged accounts and boost security

  Too many privileged accounts can result in access abuse in enterprises. Expert Mike O. Villegas discusses which account privileges should be limited to reduce security incidents.  Continue Reading

• Three ways to build an open source security toolkit

  Enterprises should have a diverse set of open source security tools in their arsenal. Here are three factors that can help guide them in building the right security toolkit.  Continue Reading

• The enterprise potential of behavioral biometrics

  Biometric authentication has quickly evolved to include behavioral identifiers. Expert Michael Cobb explores the benefits of behavioral biometric technology for enterprises.  Continue Reading

• Adapting an infosec program for emerging threats

  An enterprise's information security program must be adaptable to new threats and risks. Expert Nick Lewis explains how to update and evolve these programs.  Continue Reading

• How the Trans-Pacific Partnership agreement affects security

  The Trans-Pacific Partnership agreement has riled up many in the security industry with some of its controversial provisions. Expert Mike Chapple explains its effect on cybersecurity.  Continue Reading

• Microsoft Device Guard tackles Windows 10 malware

  A new Microsoft security feature takes aim at Windows 10 malware. Expert Michael Cobb explains what enterprises should know about Device Guard.  Continue Reading

• FCC compliance may spell trouble for Wi-Fi router security

  Wi-Fi security could be in for a change, thanks to newly proposed FCC compliance rules. Expert Kevin Beaver explains what enterprises need to know about the FCC's proposal.  Continue Reading

• Inside the changing DDoS threat and how to mitigate it

  Attackers have discovered new ways to conduct DDoS attacks. Expert Nick Lewis explains how they work, and what enterprises can do about them.  Continue Reading

• Understanding the Wassenaar Arrangement controversy

  The Wassenaar Arrangement is the subject of heated debate, but what are the finer points of the argument? Expert Mike O. Villegas explains the arrangement and the debate.  Continue Reading

• Analyzing the integrity of the Diffie-Hellman key exchange

  New research has cast doubt on the security of the Diffie-Hellman key exchange method. Expert Michael Cobb explains if enterprises should be concerned.  Continue Reading

• Cybersecurity Information Sharing Act's impact on security

  The Cybersecurity Information Sharing Act has many in the security industry nervous, but expert Mike Chapple discusses the bill's minimal impact on enterprise security.  Continue Reading

• Why relying on network perimeter security alone is a failure

  A network perimeter security strategy alone can no longer protect enterprises. Expert Paul Henry explains why organizations must adapt.  Continue Reading

• Weighing the value of deception techniques for enterprises

  Deception techniques aren't new to security strategies, but they could be on the rise. Is it really necessary for enterprises to hack back? Expert Kevin Beaver examines.  Continue Reading

• The pros and cons of cybervigilantes and Wifatch

  Vigilante malware called Wifatch aims to protect IoT devices and home routers. Expert Nick Lewis explores cybervigilantism and potential risks and benefits to enterprises.  Continue Reading

• How best to monitor today's murky threat environment

  Today's threat environment can be murky. Learn the latest means for rooting out the fast-moving malicious actors that populate it.  Continue Reading

• Windows 10 privacy settings: Concerns versus reality

  New Windows 10 privacy settings require balancing the benefits of new features against the risk of revealing too much personal information online. Expert Michael Cobb explains.  Continue Reading

• Integrated security suite advantages and drawbacks

  Can an integrated security suite provide advantages in cost and performance? We look at key focus areas for security practitioners as security tools increasingly converge.  Continue Reading

• Vendor relationship management: Breaking up is hard to do

  Ending a security vendor relationship is a tricky process and should be handled with care. Expert Mike O. Villegas discusses how and when to end vendor contracts safely.  Continue Reading

• Improve SDN security with a proper risk management plan

  Enterprise SDN controllers can be vulnerable to attacks, but a proper risk management plan can improve SDN controller security. Judith Myerson explains how to get started.  Continue Reading

• Four pen testing tools for improving midmarket security

  The best approach for penetration testing is to use a combination of tools with different approaches. Here are several pen testing tools for midmarket companies.  Continue Reading

• Securing APIs is key to counter attacks

  Application programming interfaces are in wide use, and hackers know it. Securing APIs needs to become a top IT priority.  Continue Reading

• Life after the Safe Harbor agreement: How to stay compliant

  Now that the Safe Harbor agreement is invalid, U.S. and EU organizations need to find new ways to securely handle data so they can stay in business.  Continue Reading

• Manage vendor access for industrial control systems security

  Industrial control systems should be securely managed by the enterprise, specifically when vendors need access to them. Here are some ways to handle industrial control systems security.  Continue Reading

• Supply chain security: Controlling third-party risks

  Third-party contractors and business partners can create risks for enterprises. Expert Eric Cole offers guidance on improving supply chain security and controlling third-party risks.  Continue Reading

• Three steps to prevent and mitigate router security issues

  Numerous router security threats have made the news, threatening the integrity of enterprise data. Expert Kevin Beaver offers three steps for maintaining router safety.  Continue Reading

• Lessons from the Conficker botnet, seven years later

  Though one of the largest botnets ever was sinkholed seven years ago, it still infects millions of machines. Expert Nick Lewis explains what enterprises can learn from Conficker.  Continue Reading

• Throttling mobile malware with per-app VPNs

  How can enterprises enable mobility while insulating corporate networks from mobile malware? Per-app VPN tunnels offer secure remote access when combined with other measures.  Continue Reading

• Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool

  Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.  Continue Reading

• Ensuring network perimeter security in a perimeterless age

  The increasingly porous enterprise perimeter, challenged by BYOD, private and public Wi-Fi and other access options, makes traditional network perimeter security obsolete.  Continue Reading

• How to strengthen bring your own device security

  Bring your own device security requires comprehensive management, including policies, compliance and MDM. Here's what to cover to mitigate BYOD security issues.  Continue Reading

• How to manage BYOD security policies and stay compliant

  The best BYOD security policies help enterprises stay compliant with security and privacy regulations. Here's what BYOD policies should include and how best to manage them.  Continue Reading

• The latest advances in SIEM products

  There are many factors to consider when selecting a security incident and event management (SIEM) product. Read on to learn about the latest SIEM tech advances.  Continue Reading

• What factors should drive your choice of SSO service?

  OpenID or SAML? These are but two choices you need to make when setting up SSO service for your enterprise employees. Learn what factors are at play in this crucial access decision.  Continue Reading

• Why aren't merchants adopting EMV technology yet?

  EMV technology has been adopted by a small number of merchants despite the Oct. 1 liability deadline, and it may stay that way for a while. Here's why.  Continue Reading

• Enterprise wireless security: Secure Wi-Fi today and beyond

  Enterprise wireless security issues are popping up left and right, wreaking havoc on individuals and enterprises alike. Expert Kevin Beaver looks at how to secure Wi-Fi.  Continue Reading

• Is a security cloud service your best endpoint defense?

  Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise?  Continue Reading

• The malware lifecycle: Knowing when to analyze threats

  Not responding to low-level threats can be perilous, yet enterprises can't always examine each issue. Expert Nick Lewis explains when an investigation is imperative.  Continue Reading

• What threat intelligence service is best for your company?

  Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data. Learn how to find the best service for your situation.  Continue Reading

• Getting to the bottom of the software vulnerability disclosure debate

  The vulnerability disclosure debate rages on: Enterprises should know they are at risk, but vendors need time to patch flaws. Which side should prevail? Expert Michael Cobb discusses.  Continue Reading

• How NIST SP 800-171 affects the protection of CUI

  The recently released NIST SP 800-171 is designed to protect controlled unclassified information (CUI) outside of the government. Expert Mike O. Villegas explores the impact of these guidelines.  Continue Reading

• How global threat intelligence fits into a security strategy

  Global threat intelligence services can be part of your security arsenal, but to prevent phishing and other threats basic defenses like strong passwords are vital too.  Continue Reading

• Microsegmentation strategies for smarter security

  Microsegmentation and zones of zero trust are security strategies inherent in software-defined networking. Expert Kevin Beaver explains how to get started.  Continue Reading

• Improve corporate data protection with foresight, action

  Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack.  Continue Reading

• Defending against the current generation of macro malware

  Attackers are increasingly phishing with macro malware. Expert Nick Lewis explains how to effectively defend against this new version of an old threat.  Continue Reading

• Trading Microsoft Patch Tuesday in for Windows Update for Business

  While the consumer world is going Patch Tuesday-less, Microsoft is evolving its Patch Tuesday into Windows Update for Business for enterprise software. Learn what this change means.  Continue Reading

• What QSAs need to know about new PCI requirements

  The PCI SSC changed the requirements for QSAs. Here's what current and future Qualified Security Assessors need to know about the PCI update.  Continue Reading

• Managed security service providers: Weighing the pros and cons

  Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.  Continue Reading

• Cyberhunting: Why enterprises need to hunt for signs of compromise

  Cyberhunting can be a critical component of enterprise security. Expert Eric Cole explains how it can prevent attacks.  Continue Reading

• Six areas of importance in the PCI Penetration Testing Guidance

  Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes.  Continue Reading

• A closer look at the changes of PCI DSS version 3.1

  PCI DSS version 3.1 includes some minor updates that are far less prominent than the SSL/early TLS changes, but are equally as important. Here's a look at vulnerability scanning and POS device security changes.  Continue Reading

• Three steps to better mobile app security

  Better mobile app security in the enterprise starts with a few steps -- protect data confidentiality, integrity and access.  Continue Reading

• Microsoft Edge security features raise the bar in Web browser safety

  Learn about the new and improved security features in the upcoming Microsoft Edge browser, including on-by-default sandboxes, Passport and HTML5.  Continue Reading

• Can the security industry handle a chief information risk officer?

  Chief information risk officers seem to be on the horizon as CISOs become inundated with responsibilities, but adding another c-level could cause more harm than good.  Continue Reading

• How to protect corporate data from government surveillance

  News of government surveillance programs is appearing almost daily. Enterprises need to do what they can to protect corporate data from potential eavesdropping -- but how? Expert Kevin Beaver offers some best practices.  Continue Reading

• ERP security: How to defend against SAP vulnerabilities

  A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.  Continue Reading

• How to perform IPv6 network reconnaissance

  While network reconnaissance is a critical step in identifying potential vulnerabilities, performing an IPv6 network audit without the right tools can be a challenge. Learn about the tools available and how to properly use them.  Continue Reading

• Third-party risk management: Avoid the dangers of weak controls

  If you know where the risk points are, you can request additional safeguards to protect the system and data access of trusted business partners.  Continue Reading

• PCI DSS 3.1 marks the end of SSL/early TLS encryption for retailers

  The early arrival of PCI DSS 3.1 could leave organizations scrambling. The biggest change to the standard -- and the top priority for organizations -- is the end of SSL and early TLS.  Continue Reading

• Six ways to improve endpoint device security

  Endpoint devices are often the root cause of data breaches. Expert Eric Cole explains the best ways to improve endpoint protection.  Continue Reading

• Certificate authorities are limited but new TLS versions can help

  SSL/TLS, long the cornerstone of Web security, has become a security vulnerability due to problems with certificate authorities. Learn what solutions the industry is pursuing.  Continue Reading

• A closer look at the Certified Information Security Manager certification

  The Certified Information Security Manager certification has been around for over a decade now, and it's only grown in prominence. What makes the ISACA CISM so important and how does it compare to its peers?  Continue Reading

• From SSL and early TLS to TLS 1.2: Creating a PCI DSS 3.1 migration plan

  PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place.  Continue Reading

• PoSeidon: Inside the evolving world of point-of-sale malware

  Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it.  Continue Reading

• A new trend in cybersecurity regulations could mean tougher compliance

  State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.  Continue Reading

• The importance of soft skills development for security professionals

  While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering.  Continue Reading

• State of the Network study: How security tasks are dominating IT staff

  The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it.  Continue Reading

• Network anomaly detection: The essential antimalware tool

  Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware.  Continue Reading

• Find network anomalies and you'll ax advanced malware

  Learn how advanced malware evades perimeter defenses and why tools to detect network anomalies are essential to keep your network secure.  Continue Reading

• Is Equation Group malware a game changer for advanced attack defense?

  Equation Group is one of the most advanced cyber-espionage actors out there, so how can the average enterprise defend against its attacks? Expert Nick Lewis explains.  Continue Reading

• Why security operations centers are the key to the future

  Security operations centers (SOCs) can help enterprises gain better visibility into their environments. Expert Eric Cole explains how to get the most out of SOCs.  Continue Reading

• Manage compliance controls with Adobe Common Controls Framework

  Adobe's Common Controls Framework sets an example for enterprises struggling to manage multiple compliance standards and looking to build their own compliance framework.  Continue Reading

• How to track and prevent crimeware attacks

  Crimeware is on the rise and enterprises that track attacks can discover malicious software trying to breach the environment.  Continue Reading

• After Windows Server 2003 end of life: An emergency action plan

  Microsoft is ending support for Windows Server 2003 in July 2015, yet many organizations will still run W2K3 beyond this date. Learn how to keep your enterprise safe.  Continue Reading

• Breaking down the CISO reporting structure

  The CISO reporting structure has come under fire after a long line of high-profile data breaches, so who should CISOs report to?  Continue Reading

• Endpoint protection: How to select virtualization security tools

  Most virtualization security tools still follow dedicated agent models, but some technologies are starting to offload resources to a dedicated VM and leverage hypervisor APIs.  Continue Reading

• Understanding and mitigating a FREAK vulnerability attack

  After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it.  Continue Reading

• A look at the development of an ICS security framework

  Building an ICS security framework was an in-depth process and combined many different cybersecurity standards. Here's a look at how it developed.  Continue Reading

• Security lessons from the NSA malware defense report

  The NSA's Information Assurance Directorate released a report on malware defense. Uncover which guidance and best practices would be fruitful to integrate into your enterprise security plan.  Continue Reading

• Finding clarity: Unified threat management systems vs. next-gen firewalls

  The line between unified threat management systems and next-gen firewalls has grown increasingly unclear. Here, learn more about UTM vs. NGFW and choose the right technology for your enterprise.  Continue Reading

• Offensive countermeasures: How they can slow down adversaries

  Sometimes the best defense is a good offense. Expert Eric Cole explains the merits of offensive countermeasures in the enterprise.  Continue Reading

• Getting the CISOs on equal footing with other C-level positions

  CISOs sometimes need to work a bit harder to gain the same respect given to other C-level positions, but there are ways for CISOs to gain more respect.  Continue Reading

• The moving target defense: Turning the tables on polymorphic malware

  Security startups are using the techniques of polymorphic malware to better protect enterprises. Expert David Strom explores the moving target defense.  Continue Reading

• Bring your own device policy: Six questions to ask security providers

  Security managers increasingly combine existing tools to implement an overall BYOD security posture. Key security features can make the job easier.  Continue Reading

• PHP security tips to ensure enterprise Web safety

  Research shows more than three-quarters of PHP installations run with at least one vulnerability. Learn the steps for ensuring PHP security in the enterprise workplace.  Continue Reading

• Breaking bad password habits in the enterprise

  A bad password brings unnecessary risk into organizations, but how bad are they really? Expert Randall Gamby assesses just how dire the situation is.  Continue Reading

• The optional PCI DSS 3.0 requirements are about to become mandatory

  Organizations need to review the PCI DSS 3.0 requirements and prepare for the mandatory changes coming in June 2015. Expert Mike Chapple explains how to prepare for the deadline.  Continue Reading

• Will HTTP/2 satisfy the need for speed and enterprise Web security?

  HTTP/2 is close to becoming a formal Internet specification -- but how will it affect enterprise Web security? Expert Michael Cobb discusses how features, including compression and encryption, may help boost HTTP's safety.  Continue Reading

• How enterprises can bolster their crisis communication strategy

  Developing a thorough crisis communication strategy in the event of a data breach is an important task for CISOs. Expert Mike Villegas explains what the strategy should involve.  Continue Reading

• Accidental insider threats and four ways to prevent them

  Most insider attacks to enterprises are accidental, not intentional. SANS Faculty Senior Fellow Eric Cole, Ph.D., explains why security awareness training isn't enough to stop these threats.  Continue Reading

• Unmasking the Masque attack: Inside the iOS security flaw

  The Masque attack is a malicious threat, yet Apple has downplayed the risk. Expert Nick Lewis explains how to keep employees from being tricked into installing malware.  Continue Reading

• Creating an end-of-life policy for mobile products in the enterprise

  When mobile vendors stop maintaining security on their devices, enterprise data is at risk. Expert Michael Cobb discusses how to assess mobile product end of life and how to create end-of-life policies and controls to maintain BYOD safety.  Continue Reading

• How to bake security into your Wi-Fi deployment

  A Wi-Fi deployment is the preferred method for network access for most enterprises; it’s the InfoSec’s job to make that Wi-Fi secure.  Continue Reading

• The secrets of proper firewall maintenance and security testing techniques

  The Verizon 2015 PCI Compliance Report cited a lack of firewall maintenance and security testing as major causes for compliances breaches. Expert Kevin Beaver offers tips to successfully manage these tasks.  Continue Reading

• Why PCI non-compliance is a problem for many

  PCI DSS requirement 2 specifies companies must change vendor-supplied default passwords, but only 50% were in compliance. Expert Mike Chapple explains why.  Continue Reading

• The benefits of open source identity management software

  Organizations are often looking to minimize costs without compromising on security. Expert Randall Gamby examines the benefits of open source identity management software.  Continue Reading