Features
Features
-
DevSecOps model requires security get out of its comfort zone
Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
-
Choosing between an SSL/TLS VPN vs. IPsec VPN
Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here. Continue Reading
-
To secure DevOps, break culture and tooling barriers
The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading
-
The 3 pillars of a DevSecOps model
In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading
-
How security teams benefit from traffic mirroring in the cloud
Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks. Continue Reading
-
Your third-party risk management best practices need updating
Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips. Continue Reading
-
Top tips for using the Kali Linux pen testing distribution
It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman. Continue Reading
-
How to use SOAR tools to simplify enterprise infosec programs
SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
-
Using DNS RPZ to pump up cybersecurity awareness
Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading
-
New evasive spear phishing attacks bypass email security measures
Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate. Continue Reading
-
Designing IoT security: Experts warn against cutting corners
Security, though costly, is essential for IoT devices; a single breach can destroy a company's reputation. IoT security by design can avoid devastating incidents. Continue Reading
-
How does AttackSurfaceMapper help with attack surface mapping?
A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement. Continue Reading
-
Varied options to solving the cybersecurity skills shortage
There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik. Continue Reading
-
VMware's internal Service-defined Firewall reimagines firewalling
VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments. Continue Reading
-
How to identify and evaluate cybersecurity frameworks
Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how to go about choosing and using one. Continue Reading
-
Research shows cloud security vulnerabilities grow
Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises. Continue Reading
-
Cybersecurity automation won't fix the skills gap alone
Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs. Continue Reading
-
CEO on collaboration tool security, insider threats, skills gap
Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO. Continue Reading
-
5 email security appliance comparison criteria to consider
Identifying the best email security appliance on the market can be hard. This article discusses the criteria to consider when choosing one for your organization. Continue Reading
-
Why is third-party risk management essential to cybersecurity?
Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
-
Lack of cybersecurity skills fuels workforce shortage
Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk. Continue Reading
-
For board of directors, cybersecurity literacy is essential
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way. Continue Reading
-
Fitting cybersecurity frameworks into your security strategy
Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication. Continue Reading
-
New tech steers identity and access management evolution
IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets. Continue Reading
-
Tackling IT security awareness training with a county CISO
A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved. Continue Reading
-
Digital transformation redefines cybersecurity skills, careers
The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think. Continue Reading
-
How to pass the CISSP exam on your first try: Tips to get a good score
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more. Continue Reading
-
Quantum computers mean cryptography needs to change, and soon
As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront. Continue Reading
-
Portrait of a CISO: Roles and responsibilities
Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
-
5 best practices to choose the right email security software
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise. Continue Reading
-
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
-
Cybersecurity skills shortage prompts new hiring approach
Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting. Continue Reading
-
How does an island hopping attack work?
Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them. Continue Reading
-
Building a threat intelligence framework: Here's how
A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading
-
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
-
Words to go: Identity and access management security
IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
-
Build a proactive cybersecurity approach that delivers
Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
-
Biometric authentication terms to know
Consumers are on board with biometric authentication, but enterprises aren't so sure. Here's a breakdown of the must-know terms for companies considering biometric authentication. Continue Reading
-
As cloud complexities increase, cybersecurity skills gap worsens
Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments. Continue Reading
-
SANS security awareness credential paves new career path
The SANS Security Awareness Professional credential gives enterprises a new method to recognize and promote cybersecurity awareness in the organization. Continue Reading
-
Red alerts: Inside Cisco's incident response best practices
Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises. Continue Reading
-
Security awareness training for executives keeps whaling at bay
Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait. Continue Reading
-
Explore this NGFW comparison of leading vendors on the market
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision Continue Reading
-
Dark data raises challenges, opportunities for cybersecurity
Dark data is the data enterprises didn't know they had. Splunk CTO Tim Tully explains where this data is hiding, why it's important and how to use and secure it. Continue Reading
-
10 ways to prevent computer security threats from insiders
Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders. Continue Reading
-
What makes BSA's secure software development framework unique?
BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all. Continue Reading
-
Words to go: GPS tracking security
GPS and location-based services may be some of the most significant recent technological advancements, but they can also put personal privacy in jeopardy. Continue Reading
-
Women in cybersecurity work to grow voice in US lawmaking
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress. Continue Reading
-
6 firewall selection criteria to purchase NGFWs
These six key factors will help your company determine the best NGFW product for your organization's needs. Continue Reading
-
DDoS attacks among top 5G security concerns
DDoS attacks top the list of primary security concerns for mobile operators now that 5G wireless is advancing as the number of connected devices grows. Continue Reading
-
Next-generation firewall comparison based on company needs
Compare leading next-generation firewalls to help find the option that best fits your IT environment and security needs. Continue Reading
-
Next-generation firewalls vs. traditional and UTMs
Learn the advantages of next-generation firewalls that protect enterprise networks from attacks and intrusion, as well as the differences between NGFWs and traditional firewalls. Continue Reading
-
The risks of multi-cloud security compared to single cloud
Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise. Continue Reading
-
5 common authentication factors to know
Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA. Continue Reading
-
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
-
Top cloud security risks that keep experts up at night
Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error. Continue Reading
-
How information sharing can reduce cybersecurity vulnerabilities
Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence. Continue Reading
-
Inside 'Master134': Propeller Ads connected to malvertising campaign
A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign. Continue Reading
-
Inside 'Master134': Ad networks' 'blind eye' threatens enterprises
Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated. Continue Reading
-
'Master134' malvertising campaign raises questions for online ad firms
Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop. Continue Reading
-
Inside 'Master134': ExoClick tied to previous malvertising campaigns
Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats. Continue Reading
-
Inside 'Master134': More ad networks tied to malvertising campaign
Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved. Continue Reading
-
Inside 'Master134': Adsterra's history shows red flags, abuses
Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign. Continue Reading
-
Words to go: Multi-cloud security strategy
For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment. Continue Reading
-
10 endpoint security products to protect your business
Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting. Continue Reading
-
Challenges and benefits of using the Mitre ATT&CK framework
Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started. Continue Reading
-
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
HPE takes aim at STEM and cybersecurity education, awareness
HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry. Continue Reading
-
New game provides cybersecurity education for Girl Scouts
A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
-
Symantec Web Security Service vs. Zscaler Internet Access
Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support. Continue Reading
-
6 questions to ask before evaluating secure web gateways
Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway. Continue Reading
-
As compliance evolves, it's time to re-address data classification
Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data. Continue Reading
-
Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders. Continue Reading
-
Find the right tool using this antimalware software comparison
Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings. Continue Reading
-
Explore multifactor authentication products in-depth
Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision. Continue Reading
-
USB attacks: Big threats to ICS from small devices
USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations. Continue Reading
-
Compare the top multifactor authentication vendors
What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products. Continue Reading
-
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
-
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
-
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
-
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading
-
RSAC's diversity and inclusion initiative stresses equality on keynote stage
RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference. Continue Reading
-
Infoblox's Cricket Liu explains DNS over HTTPS security issues
Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises. Continue Reading
-
Three examples of multifactor authentication use cases
When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading
-
Purchasing multifactor authentication tools: What to consider
Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits. Continue Reading
-
Exploring multifactor authentication benefits and technology
Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud. Continue Reading
-
CCPA compliance begins with data inventory assessment
In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date. Continue Reading
-
Security, compliance standards help mitigate BIOS security vulnerabilities
Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
-
Product roundup: Features of top SIEM software on the market
Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier. Continue Reading
-
Testing email security products: Results and analysis
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies. Continue Reading
-
IAM system strategy identifies metrics that work for business
Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
-
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
-
Testing email security products: Challenges and methodologies
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies. Continue Reading
-
Mobile security trends: app containers, app wrapping for BYOD
Threats evolve, and so should mobile security strategies. Mike Chapple explains how an app containers and app wrapping can protect enterprise devices and corporate assets. Continue Reading
-
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading
-
Seven criteria for evaluating today's leading SIEM tools
Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization. Continue Reading
-
CISOs face third-party risk management challenges
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties. Continue Reading
-
Teramind CTO talks insider threat prevention, employee monitoring
A fear of insider threats on Wall Street led one software engineer to start his own security company. Continue Reading
-
Diversity at cybersecurity conferences is too important to ignore
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage. Continue Reading
-
Innovation Women founder strives to close gender gap at conferences
Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers. Continue Reading