Videos

AI security concerns keeping infosec leaders up at night

Conversations about 'AI as a solution' may overlook potentially grave AI security issues. Explore the potential infosec implications of the emerging technology in this video.
Identify common cybersecurity problems with fresh approach

It pays to expect the unexpected in information security. In this webinar, learn how starting with a blank slate helps identify and mitigate common cybersecurity problems.

Telework security requires meticulous caution, communication

Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work.
Future of IoT: Security improvements remain the focus

The future of IoT security will be driven by technological and societal shifts. Learn how regulatory efforts, biometrics and edge computing will affect IoT markets this year.
Mastercard CTO on cybersecurity and AI integration

Mastercard CTO Kush Saxena describes his approach to cybersecurity and AI as two-fold. Learn how AI and machine learning impacts the cybersecurity practice in the enterprise.
JetBlue: Biometrics initiative will improve travel experience

In this SearchSecurity video, JetBlue's chief digital and technology officer Eash Sundaram talks about the company's biometrics and security initiatives.
Where does security fit into SDLC phases?

In each phase of the software development life cycle, there is an opportunity for infosec pros to add value. Learn more in this video with expert Adam Gordon.
Network intrusion detection systems ID threats

Learn how to stop threats before they turn into real danger. Expert Adam Gordon provides a deep dive into tools and technologies that should be in every infosec pro's back pocket.
Why locking down privileged accounts is a security essential

Access to the accounts of privileged users top most hackers' wish lists. Expert Michael Cobb reviews how hackers target these accounts and outlines ways to keep them locked tight.
To prevent a firewall breach, adapt to the new environment

Data center operations have changed, making firewalls potentially weaker and breaches more likely. Next-gen firewalls, though, are better adapted to today’s DC environment.
Use an authenticated vulnerability scan to find system flaws

If unsafe computer systems scare the living daylights out of you, tune into this webinar on how to do authenticated vulnerability scans to avoid system damage.
Security behavioral analytics: The impact of real-time BTA

Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture.
Say hello to the future of authentication, bye to passwords

Passwords and tokens are a thing of the past. No way, you say? Our webcast on the likely ways authentication will work in the future may make a believer out of you.
App design, software validation testing need infosec input

Security and function don’t have to compete. By working together, information security pros and systems administrators can build better, more secure software.
Protecting the virtualization layer from emerging threats

VMware's Tom Corn discusses the looming threats to the virtualization layer of enterprise data centers and explains why simplifying environments and security controls can help.
DDoS attack protection: When should it be taken seriously?

The online landscape is constantly changing, along with the way attackers plan and perform cyberattacks. Learn more about crucial DDoS attack protection steps with expert Mike Cobb.
Proper management techniques help with securing endpoints

Learning to secure endpoints will increase your ability to keep data safe. First thing to do: Find and fix any weaknesses that hackers can use to enter your system.
DDoS defense: Changing the approach to handle new threats

Corero Network Security CEO Ashley Stephenson talks with SearchSecurity about the recent wave of powerful distributed denial-of-service attacks and how DDoS defense has changed.
Targeted attack awareness gives firms edge against hackers

Cybercriminals use targeted attacks to endanger the future of your organization. Learn what defensive moves you can put in place now to avoid more severe attacks later on.
The OSI model layers explained: Get to know the network

Do you know what each layer of the OSI model represents? Infosec expert Adam Gordon helps you get up to speed in preparation for Domain 4 of the CISSP exam.
Cybersecurity engineering: CISSP demands broad IT knowledge

Boost your CISSP exam prep with this video reviewing key concepts covered in Domain 3 of the CISSP exam, Security Engineering.
Identify and maintain ownership of data: A guide for CISSPs

CISSPs must lead the way in driving good data management, which begins with defining data ownership and access policies. Learn more in this video with infosec expert Adam Gordon.
As privacy requirements evolve, CISSPs must stay informed

Just as technology constantly changes, so too do the laws and regulations that govern data privacy. CISSPs must remain aware of their organization's individual requirements.
How a threat intelligence platform can anticipate future attacks

Threat intelligence technology can analyze data to forecast future attacks and provide actionable countermeasures. Learn if it is suitable for your enterprise.
Bolster your DLP strategy with help from the cloud and CASBs

As data is increasingly stored in the cloud, it's difficult to maintain a DLP strategy if you're faced with poor data visibility. Find out how you can harness cloud to improve the process.
How big data tools and technologies can be protected from risk

Big data tools and technologies can contribute to your enterprise's overall security, but they also require protection. Find out the controls your enterprise can implement.
Privileged user access: Managing and monitoring accounts

Maintaining the security principle of least privilege can prevent abuse of privileged user accounts. Learn about the best practices for monitoring privileged access.
Preparing for new DDoS techniques: Mitigating the inevitable attack

Attackers are using DDoS techniques that focus on IoT and IPv6. Learn how to build a response plan, select mitigation solutions and recover from an attack.
Recent SSL attacks: How to protect your organization

SSL attacks such as Heartbleed, POODLE and Shellshock have placed countless enterprises at risk. Learn how these different attacks work, and how they can be prevented or mitigated.
How Android 5 security compares to other mobile OSes

Do the significant improvements made by Google to Android 5 security mean Android devices are ready for enterprise use? Learn how Android stacks up against other mobile OS.
Expanding the IAM infrastructure to meet emerging challenges

Your IAM infrastructure should cut through the 'access excess' that is plaguing most companies. Learn how to overcome the challenges posed by migration to cloud and mobility.
Dave Shackleford: Tips for IT security tools convergence

More IT security products will be purchased as part of a suite offering from a single vendor. We offer guidance on how to evaluate these products and avoid tool overlap.
Adjusting your network perimeter security

Expert Johna Till Johnson explains how the enterprise perimeter became obsolete, and how to replace network perimeter security with an approach to perimeterless security.
Learn strategies for plugging a mobile data leak

The loss of data via mobile devices employees bring into their enterprise is becoming a bigger and bigger risk. Learn leak-stopping security strategies.
Learn from the past: Ensure a secure future of information security

To ensure the future of information security, enterprises must learn from the past, launch proper training and install the right technologies.
Innovative security key to solving big picture enterprise security woes

Innovative security should be on everyone's mind according to Eric Cole Ph.D. of the SANS Institute. Learn how to look beyond only day-to-day enterprise security.
Gula talks Nessus agents and Nessus cloud

Video: SearchSecurity spoke with Tenable co-founder Ron Gula about recent additions to the Nessus feature set, including a version that lives in the cloud.
CISOs: Application security programs need improvements

An up-to-date application security program -- as well as knowing how to connect with stakeholders -- is critical to being a successful CISO today, said Renee Guttmann, vice president, Office of the CISO at Accuvant Inc.
Choosing a threat intelligence platform: What enterprises should know

Video: Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.
From CCSP to CISSP: A look at (ISC)2 cybersecurity certifications

Video: Cybersecurity certifications are not in short supply, but (ISC)2 still dominates the field with CISSP and the new CCSP certification from its CSA partnership.
Addressing wearables security, the next wave of BYOD concerns

Wearables are the next wave of BYO devices infiltrating the enterprise. Domingo Guerra, president and co-founder of Appthority, talked to SearchSecurity at RSA Conference 2015 about how to address the onslaught.
Emerging hacking trends worry seasoned security professionals

Video: Some new hacking trends have security professionals worried, including Robert "RSnake" Hansen, who notes the speed and motivation of today's attackers.
Emerging security trends enterprises should keep an eye on

Video: KPMG's Ronald Plesco discusses the main emerging security trends -- security analytics, the Internet of Things and virtualization -- and what else is on the horizon for the industry.
The right approach for a security vulnerability disclosure policy

Qualys CTO Wolfgang Kandek discussed the hot topic of responsible vulnerability disclosure policies, and the friction between Google and Microsoft, at RSA Conference 2015.
Security operations centers could be key to better security

Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.
How (ISC)2 plans to get millennials into cybersecurity careers

Video: Getting millennials into cybersecurity careers is a crucial way to close the hiring gap facing the security industry. David Shearer of (ISC)2 discusses how to make this happen.
Managing third parties with enterprise IAM

In this video, Michael Cobb discusses how to control third parties with enterprise IAM before it's too late.
The Sony Pictures hack: A lesson in enterprise incident response

The Sony Pictures hack was a breach unlike others. John Dickson, principal at Denim Group, talked to SearchSecurity at RSA Conference 2015 about what enterprises should take from the attack.
Women in security: Charting an InfoSec career path

At RSA Conference 2015, Cloudmark's Angela Knox discussed how she started a career in InfoSec and how the security industry can appeal to women like her.
IT consultants leading edge of Internet of Everything security

Cisco security services SVP Bryan Palma discusses how Cisco's consulting teams have an early view of how the Internet of Everything will roll out.
Security information sharing, visibility a missed opportunity

Video: Security information sharing and visibility platforms are being overlooked, according to Cisco's Martin Roesch, and that's a mistake.
Too much emphasis on threat intelligence sharing, Gula says

Tenable founder Ron Gula says sharing information to detect threats is great, but getting the security posture properly designed is the better option.
Why Web browser security is a goldmine for attackers

Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.
Advice to help today's CISOs succeed at security leadership

Renee Guttmann, vice president of the Office of the CISO at Accuvant, talks to SearchSecurity about security leadership, and offers advice to today's aspiring CISOs.
Haven't suffered a network security breach recently? Think again

If you think your organization hasn't suffered a network security breach in the last six months, you're just not looking closely enough, according to Eric Cole at RSA Conference 2015.
Growing threats make security vulnerability management essential

At RSA Conference 2015, Qualys CTO Wolfgang Kandek said enterprises need to be smart about how they tackle security vulnerabilities because there are simply too many for organizations to handle.
Watters: 'Cyber officers' are now risk officers for businesses

More data is thought to be a good thing in terms of threat intelligence, but iSight CEO John Watters says enterprises need to be aware of the quality and context of the data when assessing risk.
Advanced malware detection is crucial to enterprise defense

Advanced malware is stealthy and deadly. Learn how defend your network and data against it with tools that provide advanced malware detection capabilities.
Stale, dead apps emerging as serious mobile security risks

At RSA 2015, Appthority president and co-founder Domingo Guerra outlines emerging mobile security risks enterprises must be aware of -- and the issues aren't limited to just bring your own devices (BYOD).
From the frontlines: Horror stories on information breach response

Video: KPMG's Ronald Plesco has seen some crazy things in his time helping organizations in security incident response, and he shares some of them with SearchSecurity.
(ISC)2 responds to criticism with global academic program

(ISC)2 executive director David Shearer responds to criticisms about the organization's lack of introductory certifications within its global academic program.
McGraw: Software security testing is increasingly automated

Security software expert Gary McGraw says testing for security flaws must be automated if everything is going to be checked.
Schneier: Weighing the costs of mass surveillance

Security expert Bruce Schneier says his new book, Data and Goliath, lays out a compelling case against government mass surveillance.
Virtualization security tools adapt to malware

Expert Dave Shackleford examines how malware can now detect virtualization and the range of security tools available for endpoint protection.
Cisco Security Services set for 2x product growth in 2015

Cisco's Bryan Palma discusses Cisco's strategy for security services and talks about the recent Neohapsis acquisition.
Network security improved by Cisco data mining

Cisco network security involves numerous users and products; Martin Roesch explains why the huge amount of data that results from this is a good thing.
Want to increase IT security budget dollars? Get in your CEO's head

John Dickson, principal at Denim Group, talks to SearchSecurity at RSA Conference 2015 about tried and true ways security admins have been able to attain security dollars despite tight resources.
McGraw: IEEE helps find software development design flaws

Secure software expert Gary McGraw says the IEEE Center for Secure Design can help companies find patterns in their software security flaws.
Google's Adrian Ludwig talks about fighting Android threats

Google is fighting a constant battle against Android malware and vulnerabilities, and Adrian Ludwig, Google's lead for Android security, talks to SearchSecurity about how protections are getting better.
Inside the WhiteHat Aviator Web browser controversy

Robert 'Rsnake' Hansen of WhiteHat Security discusses the Aviator Web browser, why Google lashed out against it, the challenges of browser security and lessons learned for developing secure software.
Four strategies to protect the new perimeter network

Today's protection strategies are trying to take the perimeter and collapse it inwards by focusing more controls across the network on a misbehaving machine or application.
Schneier: Incident response management key to surviving a data breach

Video: Bruce Schneier, CTO of Resilient Systems, talks to SearchSecurity about the importance of strong incident response management in reaction to the 'year of the data breach.'
From devices to ransomware targeting servers: Is your security ready?

The next wave of cyberthreats will combine two trends in new ways, says SANS' Johannes B. Ullrich, head of the Internet Storm Center.
Why SSL security matters

This video introduces SSL and describes SSL certificates and certificate authorities. It explains the concept capturing plain text traffic and SSL-encrypted traffic to show how easily an attacker can grab data as it travels across seemingly secure networks.
Are SIEM systems delivering on advanced analytics?

Information overload from false positives and the continued failure to detect signs of advanced attacks remain major problems for security teams.
Are you in denial about DDoS defense planning?

John Pescatore discusses local and cloud-based DDoS mitigation strategies and the value of preparedness.
Will online authentication ever be free of passwords?

Will online authentication ever be password-free? The webcast reviews the problems of online authentication and considers a passwordless future.
Can virtual directory services ease messy Active Directory management?

Video: A Radiant Logic executive explains how virtual directory services ease the pain of integrating legacy Active Directory and identity systems with cloud-based applications and user-owned devices.
Security tabletop exercises enable better security incident response

Video: Tenable's Marcus Ranum says even if a security incident doesn't go as planned, simulating incidents with tabletop exercises can save time and money during an incident response process.
Consumer identity management: Will it replace identity provisioning?

Video: A Radiant Logic executive explains why the growing consumer identity management trend may be the death knell for traditional enterprise identity provisioning systems.
Expert: Mobile malware risk rising, but still largely Android malware

Video: Mobile malware expert Chester Wisniewski of Sophos says most enterprises need not fear mobile malware today, but Android malware is a growing threat.
Password security issues show case for privileged identity management

Video: Lieberman Software CEO Philip Lieberman explains how privileged identity management can shore up the many weaknesses of password-based authentication.
ICS security training needed to boost awareness, response

Video: Expert Ernie Hayden says before industrial control systems security can improve, the industry must be taught that security is just as important as availability.
PCI 3.0 changes: A PCI compliance requirements checklist for 2015

In this presentation, compliance expert Nancy Rodriguez offers a line-by-line review of the key PCI DSS changes that become mandatory as of Jan. 1, 2015.
Tools and strategy to build a continuous monitoring program

Dave Shackleford discusses how to implement a continuous monitoring strategy with existing tools and help from vendors who are focused on this area.
How to use VMware ESXi hosts for sandbox testing

Video: Keith Barker of CBT Nuggets shows how to use VMware ESXi hosts to perform sandbox testing on virtual machines.
How to use BeEF, a free penetration testing framework

Video: Keith Barker of CBT Nuggets shows how to use the BeEF Project, a free penetration testing framework, to train employees on Internet browser security.
The gaping hole in your vulnerability management program

Authenticated vulnerability scanning may be just what your organization needs to complete its vulnerability management program. In this video, expert Kevin Beaver offers pointers for performing an authenticated vulnerability scan.
Non-malicious insiders: The biggest insider threat of all?

Video: Insider threats expert Randy Trzeciak explains why non-malicious insiders, particularly developers, pose as much risk to an enterprise as intentionally malicious insiders.
How to use BlackStratus' LOG Storm, a free log management tool

Keith Barker of CBT Nuggets demonstrates how to use LOG Storm, a free log management system from BlackStratus that organizes and prioritizes enterprise log data.
The past, present and future of SIEM technology

Security information and event management technology isn't new but it's changing rapidly. In this webcast viewers will learn SIEM's history, current uses and likely future as a security big data analytical device.
How to use TripWire SecureScan, a free vulnerability scanning tool

Video: Learn how to use TripWire SecureScan, the free vulnerability scanning tool that helps enterprises detect Heartbleed on networks and devices.
Enterprise mobility management must cover all the security bases

A solid and secure EMM framework starts with a formal policy and covers devices, apps, data, identity and more.
How to use Kismet: A free Wi-Fi network-monitoring tool

In this video, CBT Nuggets' Keith Barker shows how to use the free Wi-Fi network monitoring tool Kismet to find possibly malicious wireless networks.
NIST cybersecurity framework: Assessing the strengths and weaknesses

Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved.
Information security spending in 2014: The top enterprise priorities

Video: Editorial Director Robert Richardson examines enterprises planned 2014 security spending and whether it will lead to long-term success.
Gathering forensic data with CrowdResponse

Video: Keith Barker of CBT Nuggets shows how to use CrowdStrike's security incident response tool, CrowdResponse, to gather forensic information.
AxCrypt tutorial: How to use AxCrypt for simple file encryption

Video: In this AxCrypt tutorial, Keith Barker of CBT Nuggets shows how to use AxCrypt, a free, open source tool for quick, simple file encryption.
Security analytics tools that improve visibility, provide protection

In this webcast Josh Sokol explores the system visibility problem and how IT pros can better spot and thwart threats in real time.
How to use OpenPuff steganography to send sensitive info securely

Video: Keith Barker of CBT Nuggets demonstrates how to use OpenPuff steganography to hide sensitive information from prying eyes during transmission.

Photo Stories

View all Photo Stories

Podcasts

View all Podcasts