Features
Features
-
Weighing privileged identity management tools' pros and cons
Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company. Continue Reading
-
SIEM evaluation criteria: Choosing the right SIEM products
Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask. Continue Reading
-
OneLogin security chief delivers new security model
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
-
10 unified access management questions for OneLogin CSO Justin Calmus
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
-
SIEM benefits include efficient incident response, compliance
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading
-
Bugcrowd CTO explains crowdsourced security benefits and challenges
In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges. Continue Reading
-
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
-
Women in cybersecurity: How to make conferences more diverse
The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap. Continue Reading
-
Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'
Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy. Continue Reading
-
Citrix's Peter Lefkowitz on impact of GDPR privacy requirements
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general. Continue Reading
-
A comprehensive guide to SIEM products
Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security. Continue Reading
-
Cisco's chief privacy officer on the future of data after GDPR
Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation. Continue Reading
-
Security in Network Functions Virtualization
In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV. Continue Reading
-
Endgame's Devon Kerr on what it takes to be a threat hunter
Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading
-
Port Cybersecurity
In this excerpt from chapter 3 of Port Cybersecurity, author Nineta Polemi discusses Security of Ports' Critical Information Infrastructures. Continue Reading
-
Accenture's Justin Harvey explains why cyber attribution isn't important
Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution. Continue Reading
-
Seeking the Truth from Mobile Evidence
In this excerpt from chapter 19 of Seeking the Truth from Mobile Evidence, author John Bair discusses Android user enabled security in terms of passwords and gestures. Continue Reading
-
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
-
Accenture's Tammy Moskites on the cybersecurity gender gap
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it. Continue Reading
-
Accenture's Tammy Moskites explains how the CISO position is changing
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
-
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
-
Stranger things: IoT security concerns extend CISOs' reach
The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities. Continue Reading
-
McAfee CISO explains why diversity in cybersecurity matters
Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas. Continue Reading
-
Illumio: Subtle data manipulation attacks pose serious threats
Illumio CTO P.J. Kirner discusses the threat of data manipulation and explains why subtle, hard to detect attacks could have devastating effects on enterprises. Continue Reading
-
SOC services: How to find the right provider for your company
SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best. Continue Reading
-
Cybersecurity defense in depth means more than ticking boxes
F-Secure's Tom Van de Wiele explains the realities of cybersecurity defense in depth, and why companies need to have the right attitude to defend against cyberattacks. Continue Reading
-
AWS S3 bucket security falls short at high-profile companies
Everyone is putting their data in the cloud, from IT staff to department heads. With functionality galore, basic security measures too often go unchecked. Continue Reading
-
New cloud threats as attackers embrace the power of cloud
Safeguarding your critical data is getting harder as threat actors embrace the advantages -- and missteps -- of cloud. Here's what to watch out for in 2018. Continue Reading
-
CPE for CISSP: Top 10 ways to master continuing education
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements. Continue Reading
-
SAP CSO Justin Somaini on using blockchain for security
Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software. Continue Reading
-
How machine learning anomaly detection works inside SAP
SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms. Continue Reading
-
GDPR breach notification: Time to focus on the requirements
Some large U.S. companies have been working behind the scenes on GDPR requirements for more than a year, but there's strong evidence that many have not been as diligent. Continue Reading
-
David Neuman: The CISO position and keeping the cloud safe
The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector. Continue Reading
-
CISOs map out their cybersecurity plan for 2018
What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans. Continue Reading
-
Cybersecurity professionals: Lack of training leaves skills behind
Cybersecurity professionals' increased workloads leave little time for training, leaving their skill sets -- and their companies' data security -- vulnerable to outside threats. Continue Reading
-
The top six EMM vendors offering MDM capabilities
With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities. Continue Reading
-
Comparing the leading mobile device management products
Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization. Continue Reading
-
Six questions to ask before buying enterprise MDM products
Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products. Continue Reading
-
Understand the basics of mobile device management products
Implementing MDM products has traditionally been the go-to answer for securing mobile devices, but with the role of mobile devices in the enterprise growing, admins need a more comprehensive security option. Continue Reading
-
Three enterprise scenarios for MDM products
Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data. Continue Reading
-
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading
-
Three reasons to implement an NAC system
The growth in devices on the network has heightened the need for network access control products. This article presents scenarios where an enterprise might need an NAC system. Continue Reading
-
John Germain lands the new CISO position at Duck Creek
Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats. Continue Reading
-
CISOs take notice as GPS vulnerabilities raise alarms
GPS has been extraordinarily reliable, but there's a growing chorus of experts who say it's time to assess GPS security and consider protective strategies. Continue Reading
-
Thor's OS Xodus
In this excerpt from chapter one of Thor's OS Xodus, author Timothy "Thor" Mullen discusses OS X, privacy, and online safety. Continue Reading
-
Security Controls Evaluation, Testing, and Assessment Handbook
In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control. Continue Reading
-
Security for applications: What tools and principles work?
Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job. Continue Reading
-
Transitioning to the role of CISO: Dr. Alissa Johnson
Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem." Continue Reading
-
The vulnerability management process after Equifax
Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach. Continue Reading
-
Are security operations centers doing enough?
SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead. Continue Reading
-
The Basics of Cyber Safety
In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security. Continue Reading
-
Grossman: Cyberinsurance market is like the 'Wild West'
Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the value of cyberinsurance and why the rapidly growing market needs to mature. Continue Reading
-
The art of the cyber warranty and guaranteeing protection
Jeremiah Grossman, chief of security strategy at SentinelOne, talks with SearchSecurity about the science of developing a cyber warranty for threat detection products. Continue Reading
-
The CISO job seems to be finally getting the credit it's due
The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities. Continue Reading
-
Agnes Kirk on the role of CISO, Washington's state of mind
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security. Continue Reading
-
What SIEM features are essential for your company?
On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products. Continue Reading
-
Machine learning in cybersecurity: How to evaluate offerings
Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech? Continue Reading
-
Symantec Data Loss Prevention: Product overview
Expert Bill Hayes checks out the Symantec Data Loss Prevention suite, featuring an architecture consisting of content-aware detection servers, endpoint agents and unified management. Continue Reading
-
Why WannaCry and other computer worms may inherit the earth
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission. Continue Reading
-
HTTPS interception gets a bad rap; now what?
Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it. Continue Reading
-
Top cybersecurity conferences for when Black Hat and RSA aren't right
The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle. Continue Reading
-
Electronic voting systems in the U.S. need post-election audits
Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems? Continue Reading
-
Learn what network access control systems can do for you
Network access control systems keep rogue or compromised devices off of corporate networks. See how they work and the other security technologies with which they work. Continue Reading
-
Valerie Plame: U.S. government cyberdefense must be improved
Former CIA officer Valerie Plame discusses why America's cyberdefense is lagging behind -- and what the government and private sector should do to reverse the trend. Continue Reading
-
U.S. attorney: Gathering cybercrime evidence can be difficult
Assistant U.S. attorney says jurors and courts are getting smarter about cybercrime evidence, although digital cases overall may be getting more difficult to prosecute. Continue Reading
-
How FBI cyber investigations handle obfuscation techniques
An FBI agent discusses cyber investigations, how they handle obfuscation techniques, the anonymizing features of the deep web and how to catch the right person. Continue Reading
-
FBI: Cyber investigations no different from real world
Despite a loud group claiming the burden of proof is harder to meet with digital evidence, an agent says FBI cyber investigations are not much different from traditional cases. Continue Reading
-
Symantec Endpoint Protection and the details for buyers to know
Expert Ed Tittel examines Symantec Endpoint Protection, an intrusion prevention, firewall and antimalware product for physical and virtual endpoints. Continue Reading
-
A closer look at Kaspersky antimalware protection services
Expert Ed Tittel looks at Kaspersky antimalware product Endpoint Security, which provides multilayered protection against malware, phishing attacks and other exploits. Continue Reading
-
Deborah Wheeler lands role of CISO at Delta Air Lines
The new CISO at Delta Air Lines earned her wings by sticking with security from the start. As the airline industry faces new challenges, Deborah Wheeler takes on a leadership role. Continue Reading
-
Details of Trend Micro Worry-Free Business Security Services
Expert Ed Tittel takes a closer look at Trend Micro Worry-Free Business Security Services, an antivirus and antimalware product for small organizations. Continue Reading
-
Trend Micro OfficeScan endpoint protection software and its offerings
Expert contributor Ed Tittel takes a look at Trend Micro OfficeScan, an endpoint protection product with antivirus and antimalware functionality for physical and virtualized endpoints. Continue Reading
-
The various offers of Microsoft System Center Endpoint Protection
Expert Ed Tittel examines System Center Endpoint Protection, Microsoft's native Windows antivirus and antimalware security product. Continue Reading
-
An in-depth look into McAfee Endpoint Threat Protection
McAfee Endpoint Threat Protection is an antimalware protection product that is designed to secure Windows systems against malware, data loss and other threats in standalone or networked environments. Continue Reading
-
Sophos Endpoint Protection and an overview of its features
Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more. Continue Reading
-
The GDPR right to be forgotten: Don't forget it
Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it. Continue Reading
-
Protecting Patient Information
In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data breaches in healthcare. Continue Reading
-
Mobile Security and Privacy
In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity in terms of mathematics. Continue Reading
-
Federal Cloud Computing
In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government. Continue Reading
-
Advanced Persistent Security
In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations. Continue Reading
-
Evaluating endpoint security products for antimalware protection
Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization. Continue Reading
-
Q&A: Ping CEO on contextual authentication, intelligent identity
Ping Identity CEO Andre Durand talks with SearchSecurity about the data-driven move toward contextual authentication and intelligent identity and what this means for enterprises. Continue Reading
-
Advanced endpoint protection takes on the latest exploits
Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints. Continue Reading
-
Patch management tool comparison: What are the best products?
With so many different vendors in the market, it isn't easy to pick the right patch management tool. Read this product comparison to see which is best for your company. Continue Reading
-
(ISC)2 CEO on cybersecurity workforce expansion and 2017 Congress
Recently, SearchSecurity editorial director Robert Richardson checked in with (ISC)2's CEO David Shearer as the organization prepares for its fall Security Congress. Continue Reading
-
Know why patch management tools are required in the IT infrastructure
Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses. Continue Reading
-
IT security trends: 2017 prioritizes cloud, network, endpoints
The 2017 TechTarget IT Priorities Survey reports a number of key IT security trends about where enterprises and infosec professionals place their time and resources. Continue Reading
-
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says. Continue Reading
-
Acquiring cybersecurity insurance: Why collaboration is key
Cybersecurity insurance is becoming more important to enterprises as threats increase. Sean Martin explains why enterprise departments need to work together to acquire it. Continue Reading
-
Trustwave Data Loss Prevention: Product overview
Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises. Continue Reading
-
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading
-
Okta Adaptive MFA gives companies flexible authentication
Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access. Continue Reading
-
RSA Authentication Manager offers a variety of authentication methods
With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication. Continue Reading
-
Summing up Symantec VIP Service, a multifactor authentication tool
Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security. Continue Reading
-
An in-depth look at Gemalto's SafeNet Authentication Service
Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security. Continue Reading
-
SecureAuth IdP: An overview of its multifactor authentication ability
Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product. Continue Reading
-
Timeline: Symantec certificate authority improprieties
Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant. Continue Reading
-
VASCO IDENTIKEY Authentication Server and a look at its key features
Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market. Continue Reading
-
Quest Defender protects businesses with two-factor authentication
Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity. Continue Reading
-
Is threat hunting the next step for modern SOCs?
The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats. Continue Reading