Features

Features

• Is threat hunting the next step for modern SOCs?

  The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats.  Continue Reading

• Polycom CISO focused on ISO 27001 certification, data privacy

  Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.  Continue Reading

• Challenging role of CISO presents many opportunities for change

  With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited.  Continue Reading

• Introduction to Social Media Investigation: A Hands-on Approach

  In this excerpt from chapter four of Introduction to Social Media Investigation: A Hands-on Approach, author Jennifer Golbeck discusses privacy controls on social media.  Continue Reading

• Handbook of System Safety and Security

  In this excerpt from chapter 10 of Handbook of System Safety and Security, editor Edward Griffor discusses cloud and mobile cloud architecture and security.  Continue Reading

• Identity and access management strategy: Time to modernize?

  More likely than not, your company's identity and access management strategy needs an update. Learn how to decide if that's the case and, if so, what you should do now.  Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.  Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.  Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.  Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.  Continue Reading

• SecureWorks threat intelligence and what it can do for your enterprise

  Expert Ed Tittel examines the features and capabilities of SecureWorks, which gathers its intelligence from thousands of SecureWorks global customers.  Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.  Continue Reading

• Politics of cyber attribution pose risk for private industry

  Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies.  Continue Reading

• In her new role of CISO, Annalea Ilg is curious, driven and paranoid

  The vice president and CISO of ViaWest, Ilg is tasked with keeping the IT managed service provider and its cloud services secure.  Continue Reading

• MSSPs add advanced threats as managed security services gain hold

  Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?  Continue Reading

• Pulse Connect Secure offers a variety of authentication options

  Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels.  Continue Reading

• SonicWALL SSL VPN provides security for organizations of any size

  The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features.  Continue Reading

• RSA Data Loss Prevention Suite: Product overview

  Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.  Continue Reading

• Cisco IOS SSL VPN offers security through internet routers

  Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.  Continue Reading

• MIAX Options CSO on security's role in business continuity

  Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it.  Continue Reading

• Security looks to machine learning technology for a cognitive leg up

  Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next?  Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.  Continue Reading

• Role of CISO: FICO enlists CISO in security product management

  As head of FICO's information security program, Vickie Miller's role is wide-ranging.  Continue Reading

• Looming cloud security threats: How attacks will follow your data

  You can move your data to cloud-based systems and web services, but you can't hide it there. Hackers and predators have more ways to find it.  Continue Reading

• How to buy digital certificates for your enterprise

  In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.  Continue Reading

• Industrial Network Security

  In this excerpt from chapter 3 of Industrial Network Security, authors Eric D. Knapp and Joel Langill discuss the history and trends of industrial cybersecurity.  Continue Reading

• Hacking Web Intelligence

  In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy.  Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.  Continue Reading

• Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations

  In this excerpt from chapter five of Google Earth Forensics, authors Michael Harrington and Michael Cross discuss the process of digital forensics.  Continue Reading

• Digital Guardian for Data Loss Prevention: Product overview

  Expert Bill Hayes examines Digital Guardian for Data Loss Prevention and more of the vendor's DLP product lineup, which cover data in use, data in transit and data in the cloud.  Continue Reading

• CA Technologies Data Protection: DLP product overview

  Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.  Continue Reading

• Tripwire IP360: Vulnerability management product overview

  Expert Ed Tittel examines vulnerability management products from Tripwire, including the rack-mounted IP360 appliance and the cloud- based PureCloud Enterprise service.  Continue Reading

• Tenable Nessus Vulnerability Scanner: Product overview

  Expert Ed Tittel examines the Nessus vulnerability scanner series from Tenable Network Security, which includes client, cloud and on-premises vulnerability management products.  Continue Reading

• Want a board-level cybersecurity expert? They're hard to find

  Members of the board must be ready to defend their fiduciary decisions, corporate policies, compliance actions and, soon, cybersecurity preparedness.  Continue Reading

• Rapid7 Nexpose: Vulnerability management product overview

  Ed Tittel examines Rapid7 Nexpose, a vulnerability management product for physical, virtual, cloud and mobile environments that discovers assets and scans for vulnerabilities.  Continue Reading

• Qualys Vulnerability Management: Product overview

  Expert Ed Tittel examines Qualys Vulnerability Management, a product for organizations of all sizes that is designed to help admins identify, monitor and mitigate vulnerabilities.  Continue Reading

• Splunk Enterprise Security: Product overview

  Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events.  Continue Reading

• Choosing the best web fraud detection system for your company

  This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company.  Continue Reading

• RSA NetWitness Logs and Packets: Security analytics product overview

  Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats.  Continue Reading

• When to take a bug bounty program public -- and how to do it

  Bug-finding programs are valuable to enterprises, but they require a lot of planning and effort to be effective. Sean Martin looks at what goes into taking a bug bounty program public.  Continue Reading

• The security ratings game grades third-party vendors

  Can security ratings services patterned on consumer credit scores offer insight into the security postures of third parties and other business partners?  Continue Reading

• Blue Coat DLP: Data loss prevention product overview

  Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products.  Continue Reading

• Blue Coat Security Analytics Platform: Product overview

  Expert Dan Sullivan takes a look at the Blue Coat Security Analytics Platform, which is designed to capture comprehensive network information and apply targeted security analytics.  Continue Reading

• WinMagic SecureDoc: Full-disk encryption product overview

  Expert Karen Scarfone examines the features of WinMagic's SecureDoc, a full-disk encryption product for laptops, desktops, mobile devices and servers.  Continue Reading

• Mojo AirTight WIPS overview

  Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks.  Continue Reading

• Automated Security Analysis of Android and iOS Applications

  In this excerpt of Automated Security Analysis of Android and iOS Applications with Mobile Security Framework, authors Ajin Abraham and Henry Dalziel discuss mobile application penetration testing.  Continue Reading

• How to start building an enterprise application security program

  Building an effective application security program can be daunting. Sean Martin talks with experts about the best first steps enterprises should take.  Continue Reading

• Cybersecurity blind spots: Mitigating risks and vulnerabilities

  Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge.  Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.  Continue Reading

• Aruba RFProtect WIPS: Product overview

  Expert Karen Scarfone examines the features of Aruba RFProtect, a wireless intrusion prevention system to detect and block WLAN attacks against enterprise networks.  Continue Reading

• Check Point Next Generation Firewall: Product overview

  Check Point Next Generation Firewall family combines firewalls with unified threat management technology, VPNs and more. Expert Mike O. Villegas takes a closer look.  Continue Reading

• Cisco ASA with FirePOWER: NGFW product overview

  Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.  Continue Reading

• Strong authentication methods: Are you behind the curve?

  Not sure who's really behind that username and password? Google, Facebook and others may finally give multifactor authentication technology the 'push' it needs.  Continue Reading

• Proper network segments may prevent the next breach

  Companies still fail to implement secure network segmentation and role-based access. Here's how to protect your sensitive data and stay out of the headlines.  Continue Reading

• Voltage SecureMail encryption tool: Product overview

  Expert contributor Karen Scarfone takes a look at Voltage SecureMail for encrypting email messages in the enterprise.  Continue Reading

• Symantec Desktop Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.  Continue Reading

• Integrated Security Systems Design

  In this excerpt of Integrated Security Systems Design, author Thomas L. Norman explains the tools of security system design, the place of electronics in the process, how to establish electronic security program objectives and the types of design ...  Continue Reading

• Information Governance and Security: Protecting and Managing Your Company's Proprietary

  In this excerpt of Information Governance and Security, authors John G. Iannarelli and Michael O'Shaughnessy offer tips for establishing guidelines for all departments or sectors of a business.  Continue Reading

• Securing VoIP: Keeping Your VoIP Networks Safe

  In this excerpt of Securing VoIP: Keeping your VoIP Network Safe, author Regis (Bud) Bates outlines different approaches to VoIP security and offers best practices to ensure infrastructure security is intact.  Continue Reading

• Detecting and Combating Malicious Email

  In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims.  Continue Reading

• Designing and Building Security Operations center

  In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security.  Continue Reading

• Comparing the best network access control products

  Expert Rob Shapland takes a look at the best network access control products on the market today and examines the features and capabilities that distinguish the top vendors in this space.  Continue Reading

• Comparing the top big data security analytics tools

  Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization.  Continue Reading

• Comparing the top vulnerability management tools

  Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization.  Continue Reading

• Windows 10 Wi-Fi Sense for hotspot sharing: Is it safe?

  Microsoft's Windows 10 Wi-Fi Sense was designed to make hotspot sharing easy, but experts debate if the security risks are real and whether the new feature offers substantial benefits and relative safety.  Continue Reading

• Fortinet FortiGate UTM: Product overview

  Expert Ed Tittel looks at Fortinet FortiGate UTM appliances, which combine different network infrastructure protection features into a single device.  Continue Reading

• Cisco Meraki MX appliances: UTM product overview

  Expert Ed Tittel examines Cisco's Meraki MX UTM Appliances, a series of UTM products that combines various network security and protection features into a single device.  Continue Reading

• Check Point UTM Threat Prevention Appliances: Product review

  Check Point UTM Threat Prevention Appliances are recognized by our reviewer as consistent software architectures that are easy to configure.  Continue Reading

• Seven criteria for buying vulnerability management tools

  Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises.  Continue Reading

• The business case for vulnerability management tools

  Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products.  Continue Reading

• Introduction to vulnerability management tools

  Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers.  Continue Reading

• Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

  Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats.  Continue Reading

• Proofpoint Enterprise Protection: Product overview

  Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats.  Continue Reading

• McAfee Email Protection, Security for Email Servers: Product overview

  Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages.  Continue Reading

• Clearswift SECURE Email Gateway: Product overview

  Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails.  Continue Reading

• Fortinet FortiMail: Product overview

  Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization.  Continue Reading

• Cisco Email Security Appliance: Product overview

  Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.  Continue Reading

• 'Going dark': Weighing the public safety costs of end-to-end encryption

  'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.  Continue Reading

• Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview

  Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.  Continue Reading

• EMC RSA Security Analytics: SIEM product overview

  Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.  Continue Reading

• AlienVault OSSIM: SIEM Product overview

  Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.  Continue Reading

• Splunk Enterprise: SIEM product overview

  Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.  Continue Reading

• SolarWinds Log and Event Manager: SIEM product overview

  Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.  Continue Reading

• IBM Security QRadar: SIEM product overview

  Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.  Continue Reading

• LogRhythm's Security Intelligence Platform: SIEM product overview

  Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.  Continue Reading

• Introduction to big data security analytics in the enterprise

  Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection.  Continue Reading

• Comparing the best intrusion prevention systems

  Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.  Continue Reading

• Lessons in mobile data loss protection for enterprise IT pros

  With mobile devices everywhere in the enterprise now, learning tactics for data loss protection must become an IT priority.  Continue Reading

• Comparing the top Web fraud detection systems

  Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.  Continue Reading

• Readers’ top picks for enterprise firewalls

  The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.  Continue Reading

• Three criteria for selecting the right IPS products

  Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.  Continue Reading

• Vormetric Transparent Encryption: Product overview

  Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.  Continue Reading

• HP Security Voltage's SecureData Enterprise: Product overview

  Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.  Continue Reading

• Protegrity Database Protector: Database security tool overview

  Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.  Continue Reading

• Oracle Advanced Security: Database security tool overview

  Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.  Continue Reading

• McAfee Database Activity Monitoring: Database security tool overview

  Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.  Continue Reading

• Imperva SecureSphere: Database security tool overview

  Expert Ed Tittel examines Imperva SecureSphere Database Activity Monitoring and Database Assessment, products that are deployed as an inline bridge or as a lightweight agent to assess and monitor local database access.  Continue Reading

• IBM Guardium: Database security tool overview

  Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities.  Continue Reading

• Enterprise benefits of network intrusion prevention systems

  Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies.  Continue Reading

• The basics of network intrusion prevention systems

  Expert Karen Scarfone explores intrusion prevention systems and their acquisition, deployment and management within the enterprise.  Continue Reading