Videos
-
AI security concerns keeping infosec leaders up at night
Conversations about 'AI as a solution' may overlook potentially grave AI security issues. Explore the potential infosec implications of the emerging technology in this video.
-
Identify common cybersecurity problems with fresh approach
It pays to expect the unexpected in information security. In this webinar, learn how starting with a blank slate helps identify and mitigate common cybersecurity problems.
-
Telework security requires meticulous caution, communication
Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.
-
Future of IoT: Security improvements remain the focus
The future of IoT security will be driven by technological and societal shifts. Learn how regulatory efforts, biometrics and edge computing will affect IoT markets this year.
-
Mastercard CTO on cybersecurity and AI integration
Mastercard CTO Kush Saxena describes his approach to cybersecurity and AI as two-fold. Learn how AI and machine learning impacts the cybersecurity practice in the enterprise.
-
JetBlue: Biometrics initiative will improve travel experience
In this SearchSecurity video, JetBlue's chief digital and technology officer Eash Sundaram talks about the company's biometrics and security initiatives.
-
Where does security fit into SDLC phases?
In each phase of the software development life cycle, there is an opportunity for infosec pros to add value. Learn more in this video with expert Adam Gordon.
-
Network intrusion detection systems ID threats
Learn how to stop threats before they turn into real danger. Expert Adam Gordon provides a deep dive into tools and technologies that should be in every infosec pro's back pocket.
-
Why locking down privileged accounts is a security essential
Access to the accounts of privileged users top most hackers' wish lists. Expert Michael Cobb reviews how hackers target these accounts and outlines ways to keep them locked tight.
-
To prevent a firewall breach, adapt to the new environment
Data center operations have changed, making firewalls potentially weaker and breaches more likely. Next-gen firewalls, though, are better adapted to today’s DC environment.
-
Use an authenticated vulnerability scan to find system flaws
If unsafe computer systems scare the living daylights out of you, tune into this webinar on how to do authenticated vulnerability scans to avoid system damage.
-
Security behavioral analytics: The impact of real-time BTA
Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture.
-
Say hello to the future of authentication, bye to passwords
Passwords and tokens are a thing of the past. No way, you say? Our webcast on the likely ways authentication will work in the future may make a believer out of you.
-
App design, software validation testing need infosec input
Security and function don’t have to compete. By working together, information security pros and systems administrators can build better, more secure software.
-
Protecting the virtualization layer from emerging threats
VMware's Tom Corn discusses the looming threats to the virtualization layer of enterprise data centers and explains why simplifying environments and security controls can help.
-
DDoS attack protection: When should it be taken seriously?
The online landscape is constantly changing, along with the way attackers plan and perform cyberattacks. Learn more about crucial DDoS attack protection steps with expert Mike Cobb.
-
Proper management techniques help with securing endpoints
Learning to secure endpoints will increase your ability to keep data safe. First thing to do: Find and fix any weaknesses that hackers can use to enter your system.
-
DDoS defense: Changing the approach to handle new threats
Corero Network Security CEO Ashley Stephenson talks with SearchSecurity about the recent wave of powerful distributed denial-of-service attacks and how DDoS defense has changed.
-
Targeted attack awareness gives firms edge against hackers
Cybercriminals use targeted attacks to endanger the future of your organization. Learn what defensive moves you can put in place now to avoid more severe attacks later on.
-
The OSI model layers explained: Get to know the network
Do you know what each layer of the OSI model represents? Infosec expert Adam Gordon helps you get up to speed in preparation for Domain 4 of the CISSP exam.
-
Cybersecurity engineering: CISSP demands broad IT knowledge
Boost your CISSP exam prep with this video reviewing key concepts covered in Domain 3 of the CISSP exam, Security Engineering.
-
Identify and maintain ownership of data: A guide for CISSPs
CISSPs must lead the way in driving good data management, which begins with defining data ownership and access policies. Learn more in this video with infosec expert Adam Gordon.
-
As privacy requirements evolve, CISSPs must stay informed
Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements.
-
How a threat intelligence platform can anticipate future attacks
Threat intelligence technology can analyze data to forecast future attacks and provide actionable countermeasures. Learn if it is suitable for your enterprise.
-
Bolster your DLP strategy with help from the cloud and CASBs
As data is increasingly stored in the cloud, it's difficult to maintain a DLP strategy if you're faced with poor data visibility. Find out how you can harness cloud to improve the process.
-
How big data tools and technologies can be protected from risk
Big data tools and technologies can contribute to your enterprise's overall security, but they also require protection. Find out the controls your enterprise can implement.
-
Privileged user access: Managing and monitoring accounts
Maintaining the security principle of least privilege can prevent abuse of privileged user accounts. Learn about the best practices for monitoring privileged access.
-
Preparing for new DDoS techniques: Mitigating the inevitable attack
Attackers are using DDoS techniques that focus on IoT and IPv6. Learn how to build a response plan, select mitigation solutions and recover from an attack.
-
Recent SSL attacks: How to protect your organization
SSL attacks such as Heartbleed, POODLE and Shellshock have placed countless enterprises at risk. Learn how these different attacks work, and how they can be prevented or mitigated.
-
How Android 5 security compares to other mobile OSes
Do the significant improvements made by Google to Android 5 security mean Android devices are ready for enterprise use? Learn how Android stacks up against other mobile OS.
-
Expanding the IAM infrastructure to meet emerging challenges
Your IAM infrastructure should cut through the 'access excess' that is plaguing most companies. Learn how to overcome the challenges posed by migration to cloud and mobility.
-
Dave Shackleford: Tips for IT security tools convergence
More IT security products will be purchased as part of a suite offering from a single vendor. We offer guidance on how to evaluate these products and avoid tool overlap.
-
Adjusting your network perimeter security
Expert Johna Till Johnson explains how the enterprise perimeter became obsolete, and how to replace network perimeter security with an approach to perimeterless security.
-
Learn strategies for plugging a mobile data leak
The loss of data via mobile devices employees bring into their enterprise is becoming a bigger and bigger risk. Learn leak-stopping security strategies.
-
Learn from the past: Ensure a secure future of information security
To ensure the future of information security, enterprises must learn from the past, launch proper training and install the right technologies.
-
Innovative security key to solving big picture enterprise security woes
Innovative security should be on everyone's mind according to Eric Cole Ph.D. of the SANS Institute. Learn how to look beyond only day-to-day enterprise security.
-
Gula talks Nessus agents and Nessus cloud
Video: SearchSecurity spoke with Tenable co-founder Ron Gula about recent additions to the Nessus feature set, including a version that lives in the cloud.
-
CISOs: Application security programs need improvements
An up-to-date application security program -- as well as knowing how to connect with stakeholders -- is critical to being a successful CISO today, said Renee Guttmann, vice president, Office of the CISO at Accuvant Inc.
-
Choosing a threat intelligence platform: What enterprises should know
Video: Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.
-
From CCSP to CISSP: A look at (ISC)2 cybersecurity certifications
Video: Cybersecurity certifications are not in short supply, but (ISC)2 still dominates the field with CISSP and the new CCSP certification from its CSA partnership.
-
Addressing wearables security, the next wave of BYOD concerns
Wearables are the next wave of BYO devices infiltrating the enterprise. Domingo Guerra, president and co-founder of Appthority, talked to SearchSecurity at RSA Conference 2015 about how to address the onslaught.
-
Emerging hacking trends worry seasoned security professionals
Video: Some new hacking trends have security professionals worried, including Robert "RSnake" Hansen, who notes the speed and motivation of today's attackers.
-
Emerging security trends enterprises should keep an eye on
Video: KPMG's Ronald Plesco discusses the main emerging security trends -- security analytics, the Internet of Things and virtualization -- and what else is on the horizon for the industry.
-
The right approach for a security vulnerability disclosure policy
Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.
-
Security operations centers could be key to better security
Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.
-
How (ISC)2 plans to get millennials into cybersecurity careers
Video: Getting millennials into cybersecurity careers is a crucial way to close the hiring gap facing the security industry. David Shearer of (ISC)2 discusses how to make this happen.
-
Managing third parties with enterprise IAM
In this video, Michael Cobb discusses how to control third parties with enterprise IAM before it's too late.
-
The Sony Pictures hack: A lesson in enterprise incident response
The Sony Pictures hack was a breach unlike others. John Dickson, principal at Denim Group, talked to SearchSecurity at RSA Conference 2015 about what enterprises should take from the attack.
-
Women in security: Charting an InfoSec career path
At RSA Conference 2015, Cloudmark's Angela Knox discussed how she started a career in InfoSec and how the security industry can appeal to women like her.
-
IT consultants leading edge of Internet of Everything security
Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.
-
Security information sharing, visibility a missed opportunity
Video: Security information sharing and visibility platforms are being overlooked, according to Cisco's Martin Roesch, and that's a mistake.
-
Too much emphasis on threat intelligence sharing, Gula says
Tenable founder Ron Gula says sharing information to detect threats is great, but getting the security posture properly designed is the better option.
-
Why Web browser security is a goldmine for attackers
Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.
-
Advice to help today's CISOs succeed at security leadership
Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.
-
Haven't suffered a network security breach recently? Think again
If you think your organization hasn't suffered a network security breach in the last six months, you're just not looking closely enough, according to Eric Cole at RSA Conference 2015.
-
Growing threats make security vulnerability management essential
At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.
-
Watters: 'Cyber officers' are now risk officers for businesses
More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.
-
Advanced malware detection is crucial to enterprise defense
Advanced malware is stealthy and deadly. Learn how defend your network and data against it with tools that provide advanced malware detection capabilities.
-
Stale, dead apps emerging as serious mobile security risks
At RSA 2015, Appthority president and co-founder Domingo Guerra outlines emerging mobile security risks enterprises must be aware of -- and the issues aren't limited to just bring your own devices (BYOD).
-
From the frontlines: Horror stories on information breach response
Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.
-
(ISC)2 responds to criticism with global academic program
(ISC)2 executive director David Shearer responds to criticisms about the organization's lack of introductory certifications within its global academic program.
-
McGraw: Software security testing is increasingly automated
Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.
-
Schneier: Weighing the costs of mass surveillance
Security expert Bruce Schneier says his new book, Data and Goliath, lays out a compelling case against government mass surveillance.
-
Virtualization security tools adapt to malware
Expert Dave Shackleford examines how malware can now detect virtualization and the range of security tools available for endpoint protection.
-
Cisco Security Services set for 2x product growth in 2015
Cisco's Bryan Palma discusses Cisco's strategy for security services and talks about the recent Neohapsis acquisition.
-
Network security improved by Cisco data mining
Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.
-
Want to increase IT security budget dollars? Get in your CEO's head
John Dickson, principal at Denim Group, talks to SearchSecurity at RSA Conference 2015 about tried and true ways security admins have been able to attain security dollars despite tight resources.
-
McGraw: IEEE helps find software development design flaws
Secure software expert Gary McGraw says the IEEE Center for Secure Design can help companies find patterns in their software security flaws.
-
Google's Adrian Ludwig talks about fighting Android threats
Google is fighting a constant battle against Android malware and vulnerabilities, and Adrian Ludwig, Google's lead for Android security, talks to SearchSecurity about how protections are getting better.
-
Inside the WhiteHat Aviator Web browser controversy
Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.
-
Four strategies to protect the new perimeter network
Today's protection strategies are trying to take the perimeter and collapse it inwards by focusing more controls across the network on a misbehaving machine or application.
-
Schneier: Incident response management key to surviving a data breach
Video: Bruce Schneier, CTO of Resilient Systems, talks to SearchSecurity about the importance of strong incident response management in reaction to the 'year of the data breach.'
-
From devices to ransomware targeting servers: Is your security ready?
The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center.
-
Why SSL security matters
This video introduces SSL and describes SSL certificates and certificate authorities. It explains the concept capturing plain text traffic and SSL-encrypted traffic to show how easily an attacker can grab data as it travels across seemingly secure networks.
-
Are SIEM systems delivering on advanced analytics?
Information overload from false positives and the continued failure to detect signs of advanced attacks remain major problems for security teams.
-
Are you in denial about DDoS defense planning?
John Pescatore discusses local and cloud-based DDoS mitigation strategies and the value of preparedness.
-
Will online authentication ever be free of passwords?
Will online authentication ever be password-free? The webcast reviews the problems of online authentication and considers a passwordless future.
-
Can virtual directory services ease messy Active Directory management?
Video: A Radiant Logic executive explains how virtual directory services ease the pain of integrating legacy Active Directory and identity systems with cloud-based applications and user-owned devices.
-
Security tabletop exercises enable better security incident response
Video: Tenable's Marcus Ranum says even if a security incident doesn't go as planned, simulating incidents with tabletop exercises can save time and money during an incident response process.
-
Consumer identity management: Will it replace identity provisioning?
Video: A Radiant Logic executive explains why the growing consumer identity management trend may be the death knell for traditional enterprise identity provisioning systems.
-
Expert: Mobile malware risk rising, but still largely Android malware
Video: Mobile malware expert Chester Wisniewski of Sophos says most enterprises need not fear mobile malware today, but Android malware is a growing threat.
-
Password security issues show case for privileged identity management
Video: Lieberman Software CEO Philip Lieberman explains how privileged identity management can shore up the many weaknesses of password-based authentication.
-
ICS security training needed to boost awareness, response
Video: Expert Ernie Hayden says before industrial control systems security can improve, the industry must be taught that security is just as important as availability.
-
PCI 3.0 changes: A PCI compliance requirements checklist for 2015
In this presentation, compliance expert Nancy Rodriguez offers a line-by-line review of the key PCI DSS changes that become mandatory as of Jan. 1, 2015.
-
Tools and strategy to build a continuous monitoring program
Dave Shackleford discusses how to implement a continuous monitoring strategy with existing tools and help from vendors who are focused on this area.
-
How to use VMware ESXi hosts for sandbox testing
Video: Keith Barker of CBT Nuggets shows how to use VMware ESXi hosts to perform sandbox testing on virtual machines.
-
How to use BeEF, a free penetration testing framework
Video: Keith Barker of CBT Nuggets shows how to use the BeEF Project, a free penetration testing framework, to train employees on Internet browser security.
-
The gaping hole in your vulnerability management program
Authenticated vulnerability scanning may be just what your organization needs to complete its vulnerability management program. In this video, expert Kevin Beaver offers pointers for performing an authenticated vulnerability scan.
-
Non-malicious insiders: The biggest insider threat of all?
Video: Insider threats expert Randy Trzeciak explains why non-malicious insiders, particularly developers, pose as much risk to an enterprise as intentionally malicious insiders.
-
How to use BlackStratus' LOG Storm, a free log management tool
Keith Barker of CBT Nuggets demonstrates how to use LOG Storm, a free log management system from BlackStratus that organizes and prioritizes enterprise log data.
-
Why information security basics are key to managing threat landscape
Video: Sophos' Chester Wisniewski assesses the threat landscape and details why information security basics are needed to slow evolving attackers.
-
Why advanced threats are less dangerous than simple attacks
Video: BeyondTrust's Marc Maiffret explains why simple attacks are often more effective than advanced threats.
-
The past, present and future of SIEM technology
Security information and event management technology isn't new but it's changing rapidly. In this webcast viewers will learn SIEM's history, current uses and likely future as a security big data analytical device.
-
Bruce Schneier: Incident response management breaking new ground
Incident response management is Co3's focus, says its recently appointed CTO and security expert Bruce Schneier.
-
Why privileged account management is hard to scale
Philip Lieberman of Lieberman Software discusses privileged accounts and how automated tools can help organizations monitor their use.
-
How to use TripWire SecureScan, a free vulnerability scanning tool
Video: Learn how to use TripWire SecureScan, the free vulnerability scanning tool that helps enterprises detect Heartbleed on networks and devices.
-
PCI analysis: Marcus Ranum on why PCI DSS sets the bar too low
Tenable CSO Marcus Ranum says Target-like breaches occurred even with PCI compliance because PCI established only a minimal set of requirements.
-
Chris Wysopal reveals new ways to monitor open source code security
Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.
-
John Pescatore: Critical Security Controls boost operational security
John Pescatore on why the SANS Institute's Critical Security Controls make up for other security deficiencies; plus, secrets of working with Gartner.
-
Enterprise mobility management must cover all the security bases
A solid and secure EMM framework starts with a formal policy and covers devices, apps, data, identity and more.
Photo Stories
-
The evolution of MFA security tokens
-
Is FIDO authentication the future of online authentication products?
-
Slideshow: Five common Web application vulnerabilities and mitigations
-
Mobile security survey 2012 audio slideshow
Podcasts
-
Risk & Repeat: Inside the SolarWinds Senate hearing
-
Risk & Repeat: SolarWinds and the hacking back debate
-
Risk & Repeat: Oldsmar water plant breach raises concerns
-
Risk & Repeat: Diving into the dark web
-
Risk & Repeat: SolarWinds attacks come into focus
-
Risk & Repeat: SolarWinds backdoor shakes infosec industry