Tips

Tips

• PCI e-commerce compliance guidelines for third-party payment processors

  Expert Mike Chapple details the PCI SSC's third-party processor rules and how to outsource card processing and stay PCI DSS compliant.  Continue Reading

• How key MDM features affect mobile security policy management

  As MDM features become more robust, enterprises must not only look for mature products, but also evolve mobile security policies accordingly.  Continue Reading

• Intro to two-factor authentication in Web authentication scenarios

  The Web's top brands are implementing two-factor authentication for consumer Web authentication. Learn 2FA benefits, burdens and how to get started.  Continue Reading

• Aligning business and IT security: Learning from South Carolina breach

  Ernie Hayden details how South Carolina's Department of Revenue breach proves business and IT security are often out of alignment, and how to fix it.  Continue Reading

• How to reduce IT security risk with IT asset management

  IT asset management expert Barb Rembiesa explains how ITAM best practices like IT asset standardization and rationalization reduce IT security risk.  Continue Reading

• Using network flow analysis to improve network security visibility

  To overcome network security issues from advanced attackers and BYOD, security professionals are turning to network flow analysis to gain improved network security visibility.  Continue Reading

• Exploit kits evolved: How to defend against the latest attack toolkits

  Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.  Continue Reading

• A HIPAA compliance checklist for corporate mergers and acquisitions

  Learn about the important HIPAA compliance best practices that can help maintain compliance before and after a corporate merger or acquisition.  Continue Reading

• SIEM best practices for advanced attack detection

  SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step.  Continue Reading

• How to use compliance automation to reduce compliance risk

  Tony UcedaVelez offers tips for automating compliance tasks to reduce IT security and compliance risk while easing the pain of arduous compliance audits.  Continue Reading

• The evolution of threat detection and management

  Enterprises must understand the latest threat detection options to keep up with advanced cybercriminals who can bypass enterprise security defenses.  Continue Reading

• Choosing among antimalware products: Final considerations

  Mike Rothman discusses important last-minute considerations when choosing among antimalware products from finalist antimalware vendors.  Continue Reading

• How to choose the best antimalware products: Questions to ask vendors

  Mike Rothman offers 10 critical questions to ask antimalware vendors when seeking out the best antimalware products for enterprise use.  Continue Reading

• Technical considerations for selecting the best antimalware technology

  Mike Rothman discusses the evolution of malware and how today's antimalware products should handle detection and remediation.  Continue Reading

• Antimalware software introduction: Business benefits and drawbacks

  Mike Rothman discusses how antimalware software has evolved to develop various business and technology issues, but also still holds many benefits.  Continue Reading

• The Red October malware campaign uncovered: What enterprises can learn

  Expert Nick Lewis details the recently uncovered Red October malware campaign, plus the new and existing controls needed to thwart cyberespionage.  Continue Reading

• Enterprise information security employee retention strategies

  Expert Ernie Hayden offers employee retention strategies. Learn how to keep good enterprise infosec staff for the long haul.  Continue Reading

• Mining for infosec talent: How CISOs can fill security positions

  Expert Ernie Hayden advises CISOs on best practices for filling security positions within the enterprise when faced with a lack of talent.  Continue Reading

• How to configure a VLAN to achieve the benefits of VLAN security

  Expert Brad Casey explains how to configure a VLAN in order to achieve the benefits of VLAN security, including protection against insider attacks.  Continue Reading

• Remediation planning for Ruby on Rails security vulnerabilities

  The recent Ruby on Rails security vulnerabilities can be patched. Expert Michael Cobb discusses the fallout and offers help with remediation planning.  Continue Reading

• Stopping privilege creep: Limiting user privileges with access reviews

  Most enterprises suffer from privilege creep among long-time employees. Peter Gregory explains how to limit user privileges with access reviews and automation.  Continue Reading

• NoSQL security: Do NoSQL database security features stack up to RDBMS?

  With NoSQL databases increasingly being used to tackle big data challenges, expert Michael Cobb examines NoSQL security in comparison to RDBMS.  Continue Reading

• DLP management tools and reporting: Key considerations

  When it comes to DLP management tools, installation and maintenance of a single centralized management console to house all rules and alerts are key.  Continue Reading

• Using DLP tools for data leakage alerting and preventive actions

  When evaluating DLP tools, it's important to determine data leakage alerting and preventive action needs for potential violations and blocking.  Continue Reading

• DLP monitoring: Defining policies to monitor data

  DLP monitoring policies help define what data to evaluate, how data monitoring processes should occur, and what enforcement and alerting actions to take.  Continue Reading

• Effective DLP products need data discovery and data fingerprinting

  Effective DLP products must be able to handle data discovery to identify and monitor sensitive data. Learn why these features matter.  Continue Reading

• The HIPAA omnibus rule: How the changes affect IT security pros

  The new HIPAA omnibus rule begins a new chapter in HIPAA compliance. Learn how the changes will affect IT security pros and how to comply.  Continue Reading

• Gauging UPnP security risks: Is UPnP secure enough for enterprise use?

  Is UPnP secure enough for enterprise use? Network security expert Brad Casey assesses UPnP security risks and offers advice for mitigating the threat.  Continue Reading

• Assumption of breach: How a new mindset can help protect critical data

  By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains.  Continue Reading

• Protect intellectual property with data breach prep, cost analysis

  Heidi Shey of Forrester Research says enterprises must protect intellectual property better or else face 'death by 1,000 cuts.'  Continue Reading

• Cyberwar calls for software and system investment, not hacking back

  Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.  Continue Reading

• MySQL security analysis: Mitigating MySQL zero-day flaws

  In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed?  Continue Reading

• Understanding PCI mobile payment processing security guidelines

  Mike Chapple discusses the new PCI Mobile Payment Acceptance Security Guidelines and the mobile payment processing implications for merchants.  Continue Reading

• Improving enterprise email security: Systems and tips

  Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.  Continue Reading

• Targeted attack protection: Step-by-step preparation and mitigation

  Targeted attacks can be stopped with a defense-in-depth strategy. Michael Cobb explains how to implement a targeted attack prevention plan.  Continue Reading

• Defending against watering hole attacks: Consider using a secure VM

  Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them.  Continue Reading

• Low-cost methods for secure, large file transfer

  Transferring large files safely can be a costly process. Matt Pascucci offers low-cost options for secure, large file transfers in the enterprise.  Continue Reading

• How do international data privacy laws compare to the Patriot Act?

  What level of data privacy exists in the global cloud? Expert Francoise Gilbert compares international data privacy laws with the Patriot Act.  Continue Reading

• Reassess embedded systems security in light of printer vulnerabilities

  Recent high-profile printer vulnerabilities illustrate why enterprises need to be aware of embedded systems security. Expert Nick Lewis discusses.  Continue Reading

• Analysis: Inside the new PCI DSS risk assessment

  Mike Chapple outlines the recommendations in the PCI DSS Risk Assessment Guidelines and explains how they can make a compliance program stronger.  Continue Reading

• Gigabit Wi-Fi security: Is the new 802.11ac standard worth an upgrade?

  Will Gigabit Wi-Fi significantly alter network security, or will it mean business as usual? Expert Brad Casey discusses the new 802.11ac standard.  Continue Reading

• Software patching 2.0: Cutting costs with virtual patching, automation

  Struggling to bring the cost of the patch management process down? Expert Michael Cobb suggests virtual patching and automated tools can play a role.  Continue Reading

• How to negate business logic attack risk: Improve security in the SDLC

  Expert Nick Lewis details the threat posed by business logic attacks and how stressing the importance of security in the SDLC can reduce that threat.  Continue Reading

• Defense-in-depth security: How to establish an ultra-redundant network

  Matthew Pascucci discusses layered security, explaining how to apply defense-in-depth principles toward an ultra-redundant network security posture.  Continue Reading

• NIST picks Keccak: How enterprises can prepare for the SHA-3 algorithm

  Expert Michael Cobb digs into Keccak, the winner of NIST's SHA-3 algorithm competition, to guide infosec teams on how to prepare for its arrival.  Continue Reading

• SSL certificate management: Avoiding common mistakes

  Errors are bound to occur when SSL certificate management is handled manually. Learn how to avoid these common mistakes.  Continue Reading

• BYOD platform support: Why an iOS and Android strategy makes sense

  All BYOD platform options come with cost and risk. Craig Mathias explains why an iOS and Android BYOD program is viable for most organizations.  Continue Reading

• Adobe attack analysis: Addressing Adobe security certificate issues

  After a recent attack on Adobe, what mitigations should be put in place to avoid security issues with Adobe certificates? Expert Nick Lewis advises.  Continue Reading

• How a next-generation firewall prevents application-layer attacks

  Next-generation firewalls can block common yet dangerous SQL-injection and buffer-overflow attacks. Learn how an NGFW stops application-layer attacks.  Continue Reading

• Updated COPPA regulations add to child Internet protection guidelines

  After 15 years, the FTC announced updated COPPA regulations effective July 2013. Learn how to deal with this updated child Internet privacy mandate.  Continue Reading

• BYOD security: How to remotely wipe iPhone and Android devices

  Remote data wipe is key to any BYOD security policy, but each OS handles it differently. Lisa Phifer covers how to use it with other controls to protect data.  Continue Reading

• Windows Server 2012 security: Is it time to upgrade?

  Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release.  Continue Reading

• Stored Communications Act ruling muddles business online data privacy

  A state supreme court decision addressing webmail hacking under the Stored Communications Act affects email privacy and the ability to sue hackers.  Continue Reading

• Overview: New PCI mobile application development guidelines

  The PCI SSC recently released mobile application development security guidelines. Mike Chapple outlines the document and highlights key takeaways.  Continue Reading

• How to avoid security issues with VPN leaks on dual-stack networks

  The ongoing transition to IPv6 has revealed security issues with VPN leaks on dual-stack networks. Fernando Gont explains and offers mitigations.  Continue Reading

• Why the role of a CISO can reduce the average cost of a data breach

  Filling the CISO position with the right person can reduce the costs a company will experience from a data breach. Expert Ernest Hayden explains why.  Continue Reading

• How to secure Java amid growing Java security vulnerabilities

  Constant Java security vulnerabilities plague Oracle and enterprises alike. Expert Nick Lewis offers tips on how to use Java and the JRE securely.  Continue Reading

• PCI validation: Requirements for merchants covered by PCI DSS

  Mike Chapple details the PCI validation requirements for merchants covered by PCI DSS.  Continue Reading

• Analysis: Windows 8 security features improve on Windows 7 security

  Expert Michael Cobb says Windows 8's security features, like Windows Defender and Secure Boot, are a step forward for desktop and BYOD security.  Continue Reading

• After antimalware: Moving toward endpoint antivirus alternatives

  Is it time to "cut the cord" with endpoint antimalware? Matthew Pascucci discusses possible antivirus alternatives.  Continue Reading

• Secure Web gateway overview: Implementation best practices

  In this secure Web gateway overview, learn how to implement, configure and maintain a Web security gateway to support other security devices.  Continue Reading

• Aligning enterprise identity and access management with CIO priorities

  Randall Gamby says aligning enterprise identity and access management with business and CIO priorities demands a more strategic approach to IAM.  Continue Reading

• SAP security overview: Server-side request forgery attack mitigation

  Expert Michael Cobb provides an SAP security overview, including steps enterprises can take to defend against server-side request forgery attacks.  Continue Reading

• How to begin corporate security awareness training for executives

  Expert Ernie Hayden provides advice for enterprises that are establishing security awareness training for their security-unaware executives.  Continue Reading

• Security big data: Preparing for a big data collection implementation

  Learn how security big data initiatives support enterprise information security and how to prepare for a big data collection implementation.  Continue Reading

• Options for mitigating digital security certificate problems

  Is your enterprise struggling with digital security certificate problems? Expert Nick Lewis discusses mitigations for digital certificate attacks.  Continue Reading

• How to comply with updated NIST incident response guidelines

  NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan.  Continue Reading

• Under the Surface: How Windows tablet security meets BYOD challenges

  Expert Michael Cobb says the forthcoming Windows tablet security features on Microsoft's Surface could help meet enterprise BYOD challenges.  Continue Reading

• Software-defined networking: Exploring SDN security pros and cons

  Matthew Pascucci offers an intro to software-defined networking and explains why SDN security relies on securing the SDN controller at all costs.  Continue Reading

• Five tips to improve a threat and vulnerability management program

  Utilize these five simple tips from expert Diana Kelley to improve your enterprise's threat and vulnerability management program.  Continue Reading

• Forrester's GRC framework: Using three lines of defense

  Chris McClean of Forrester Research provides a GRC framework. It offers three lines of defense to boost participation rates and define clear roles.  Continue Reading

• Network log management on a budget: How to streamline log analysis

  Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.  Continue Reading

• Five tips for rebuilding information security processes, culture

  Change is hard, but expert Claudia Girrbach provides five techniques to help enterprises establish new information security processes and culture.  Continue Reading

• Flame malware analysis: How to defend against fraudulent certificates

  Security expert Nick Lewis analyzes Flame malware, plus gives tips for dealing with Flame's most unique function: its use of fraudulent certificates.  Continue Reading

• The cost of compliance: Data center server virtualization compliance

  Security expert Mike Chapple explores whether the cost of compliance outweighs the benefits afforded by enterprise data center server virtualization.  Continue Reading

• Why focus on SIEM integration, coverage maximizes anomaly detection

  Reliable anomaly detection using a SIEM hinges on collecting a wide range of security events. Andrew Hutchison covers SIEM integration best practices.  Continue Reading

• Firewall vs. IPS: Will next-generation firewalls nix stand-alone IPS?

  News analysis: Will the evolution of next-generation firewalls eliminate the stand-alone IPS market? Sean Martin discusses firewalls vs. IPS.  Continue Reading

• Essential enterprise mobile device security controls

  Learn about the mobile security controls you should consider when formulating an enterprise mobile security strategy.  Continue Reading

• Web application firewalls: Patching, SDLC key for security, compliance

  Mike Chapple on improving defense-in-depth security with Web application firewalls (WAFs) and a strong software development lifecycle (SDLC) process.  Continue Reading

• The case for using anomaly-based monitoring in zero-day detection

  Expert Char Sample explains how anomaly-based monitoring may be a key step forward in uncovering zero-day vulnerabilities.  Continue Reading

• Intro: How big data benefits enterprise information security posture

  Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape.  Continue Reading

• Antivirus alternatives: Evolving enterprise endpoint security strategy

  Do any viable antivirus alternatives exist? Security expert Matt Pascucci offers an endpoint security strategy that looks beyond AV to fight malware.  Continue Reading

• Information security controls for data exfiltration prevention

  Enterprises may be amazed to discover how valuable their data is to attackers. Learn five information security controls to prevent data exfiltration.  Continue Reading

• Exploring new features, uses for secure Web gateway appliances

  Expert Michael Cobb reviews secure Web gateway appliance features that can better shield endpoints, plus SWG deployment options.  Continue Reading

• How diligent user account security thwarts password recovery attacks

  The recent CloudFlare hack showed how poor user account security and password recovery can be compromised. Learn how to avoid a similar incident.  Continue Reading

• Balancing mobile payment processing and merchant PCI compliance

  Merchant PCI compliance is hard enough, but now mobile payment processing adds a new wrinkle. Learn how P2P encryption can help you stay compliant.  Continue Reading

• Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks

  Surviving cyberwar is now a priority for enterprises, with more Stuxnet malware-style attacks sure to come. Expert Nick Lewis has a defensive primer.  Continue Reading

• Using the network to prevent an Oracle TNS Listener poison attack

  Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications.  Continue Reading

• IPS/IDS technologies: Innovations and changes

  Haven’t shopped for an IDS/IPS in a while? Karen Scarfone details important recent innovations to IDS/IPS technologies.  Continue Reading

• Social engineering penetration testing: Four effective techniques

  Social engineering penetration testing is now a must for enterprises. Learn about the four methods your pen tests should use.  Continue Reading

• Visa's PCI compliance policy change: The end of the PCI assessment?

  Does Visa's PCI compliance policy change mean the end of the PCI assessment? Mike Chapple discusses what it means for security professionals.  Continue Reading

• Remote Desktop Protocol security: How to secure RDP network endpoints

  What is RDP and why does it pose a security threat? Expert Matt Pascucci explains why it’s needed and how best to secure RDP it in the enterprise.  Continue Reading

• Comparing enterprise data anonymization techniques

  Compare data anonymization techniques including encryption, substitution, shuffing, number and data variance and nulling out data.  Continue Reading

• Reassessing Mac enterprise security in face of Flashback malware

  Expert Nick Lewis discusses how Mac enterprise security must evolve to combat the rising Mac malware tide, spearheaded by the Flashback malware.  Continue Reading

• Extended enterprise poses identity and access management challenges

  Cloud and distributed computing have caused many enterprise IAM challenges. Eve Maler details how Forrester's Zero Trust model can help.  Continue Reading

• CISO responsibilities: Commit senior management to security governance

  A CISO’s responsibilities must include convincing executives to take an active role in security governance. Expert Ernie Hayden explains how.  Continue Reading

• Diagram outside firm role early in security incident response process

  Expert Nick Lewis provides criteria for selecting outside incident response firms and how to define security incident response process needs early on.  Continue Reading

• With JOBS Act, Sarbanes-Oxley compliance likely won't get easier

  While SMBs may benefit from the JOBS Act, Sarbanes-Oxley compliance for enterprises may remain largely unchanged. Expert Mike Chapple explains why.  Continue Reading

• Free or paid antivirus: Effective enterprise antivirus at no cost?

  When looking for effective enterprise antivirus software, does it matter whether it is free or paid antivirus? Yes it does, says expert Michael Cobb.  Continue Reading

• Analysis: Vast IPv6 address space actually enables IPv6 attacks

  For World IPv6 Launch Day 2012, Fernando Gont covers why common ways of generating IPv6 addresses actually make an attacker’s job easier.  Continue Reading