Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• User provisioning and deprovisioning: Why it matters for IAM

  Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading

• SIEM vs. SOAR vs. XDR: Evaluate the key differences

  SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading

• EDR vs. XDR vs. MDR: Key differences and benefits

  One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading

• Top 10 identity and access management risks

  Organizational security is undermined by a number of identity and access management problems. Learn what those risks are and get ideas on how to solve them. Continue Reading

• Address skills shortages with third-party data discovery tools

  Homegrown might be best in some scenarios, but resource-constrained security teams should consider third-party tools for data discovery and resilience. Continue Reading

• 3 key generative AI data privacy and security concerns

  Those charged with protecting and ensuring the privacy of user data are facing new challenges in the age of generative AI.Continue Reading

• 10 API security testing tools to mitigate risk

  Securing APIs properly requires testing throughout their design lifecycle. Explore 10 leading API security testing tools for automated, continuous security testing.Continue Reading

• Top AI security certifications to consider

  AI security certifications, much like AI itself, are evolving. Does it make sense to go through the time and money to obtain a credential, given how quickly the field is changing?Continue Reading

• Study shows securing SaaS applications growing in importance

  Securing all types of SaaS applications ranks high among security pros, but the broad mandate can mean the need for better SaaS security platforms and tools.Continue Reading

• How to achieve crypto-agility and future-proof security

  Quantum computing will render current asymmetric encryption algorithms obsolete. Organizations need to deploy crypto-agile systems to remain protected.Continue Reading

• EDR vs. SIEM: Key differences, benefits and use cases

  Endpoint detection and response and security information and event management tools offer organizations benefits, but each plays a specific role, so it's worth having both.Continue Reading

• How to define cyber-risk appetite as a security leader

  In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite.Continue Reading

• What is risk management? Importance, benefits and guide

  Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.Continue Reading

• API security maturity model to assess API security posture

  As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities.Continue Reading

• Research reveals strategies to improve cloud-native security

  As organizations focus on the cloud to deliver and scale applications, security teams struggle to keep up. Recent research points to how teams can effectively manage cloud security risk.Continue Reading

• DNS security best practices to implement now

  DNS is a key component in any enterprise network. Auditing DNS servers and encrypting DNS traffic are just two of the steps to take to protect your organization's DNS deployment.Continue Reading

• Top vulnerability management challenges for organizations

  Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on.Continue Reading

• Microsoft Copilot for Security: 5 use cases

  Copilot for Security can assist security pros -- from managers and CISOs to incident responders and SOC members -- in maintaining security posture and addressing security gaps.Continue Reading

• How AI could change threat detection

  AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures.Continue Reading

• What is threat detection and response (TDR)? Complete guide

  Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization.Continue Reading

• 6 steps toward proactive attack surface management

  With organizations' attack surfaces growing, new research shows better asset management, tighter access policies like zero trust and consistent configuration standards can help.Continue Reading

• Cyber-risk quantification challenges and tools that can help

  While cybersecurity risk should inform budget and strategy decisions, quantifying risk and the ROI of mitigation efforts isn't easy. Cyber-risk quantification tools can help.Continue Reading

• Cyber-risk management remains challenging

  Strong cyber-risk management demands collaboration and coordination across business management, IT operations, security and software development in an ever-changing environment.Continue Reading

• What is network detection and response (NDR)?

  Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack.Continue Reading

• Threat hunting frameworks, techniques and methodologies

  Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, methodologies and techniques that make it so effective.Continue Reading

• 4 AI cybersecurity jobs to consider now and in the future

  Now hiring: At the intersection of AI and cybersecurity, career opportunities are emerging. Explore four new jobs that combine AI and security expertise.Continue Reading

• Why is SecOps becoming both easier and more difficult?

  While SecOps has become easier in some ways, enterprises still struggle with areas such as data volumes, threat intelligence analysis and security alert volume and complexity.Continue Reading

• 5 open source Mitre ATT&CK tools

  Security teams that use the Mitre ATT&CK framework should consider using these open source tools to help map attacker techniques to the knowledge base.Continue Reading

• Security teams need to prioritize DSPM, review use cases

  New research showed data resilience is a top priority for security teams, as data security posture management grows to help manage and protect data and improve GenAI.Continue Reading

• CrowdStrike outage lessons learned: Questions to ask vendors

  In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur.Continue Reading

• Cyber-risk management: Key takeaways from Black Hat 2024

  Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks.Continue Reading

• How to select an MDR security service

  With the threat landscape as challenging as it is, organizations are looking for reinforcements. One option is to bolster detection and response via third-party MDR services.Continue Reading

• Black Hat USA 2024 takeaways for data security and IAM

  Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security.Continue Reading

• EDR testing: How to validate EDR tools

  Cutting through an EDR tool's marketing hype is difficult. Ask vendors questions, and conduct testing before buying a tool to determine if it solves your organization's pain points.Continue Reading

• How invisible MFA works to reduce UX friction

  Traditional MFA provides benefits but tests users' patience. Explore how invisible MFA can make it easier to access resources and reduce MFA fatigue.Continue Reading

• Highlights from CloudNativeSecurityCon 2024

  This year's Cloud Native Computing Foundation CloudNativeSecurityCon highlighted cloud-native security issues to its many attendees who don't hold security-focused roles.Continue Reading

• How to prepare for a secure post-quantum future

  Quantum computing is expected to arrive within the next decade and break current cryptographic algorithms. SANS' Andy Smith explains how to start securing your company now.Continue Reading

• How to assess SOC-as-a-service benefits and challenges

  While in-house SOCs are costly and complex to build and maintain, SOC as a service provides a more affordable, cloud-based alternative. Explore benefits and challenges.Continue Reading

• Be prepared for breach disclosure and a magnitude assessment

  Organizations need to take a proactive approach to monitoring data stores continuously, and in the case of a breach, assess the magnitude quickly and accurately. DSPM can help you.Continue Reading

• Evolving ZeroFont phishing attacks target Outlook users

  Threat actors are using a new twist on a longtime phishing tactic to compel corporate end users to open malicious emails. Learn how ZeroFont attacks work and how to prevent them.Continue Reading

• 5 key capabilities for effective cyber-risk management

  Faced with relentless cyberattacks, organizations need to shore up their cyber-risk management programs by updating legacy tools and checking out new vendor options.Continue Reading

• CISO advice for addressing cyber-risk management challenges

  Cyber-risk management is simple in concept and difficult in practice. CISOs weigh in on some potential ways to reign in the chaos, educate executives and mitigate cyber-risks.Continue Reading

• The differences between open XDR vs. native XDR

  Extended detection and response tools are open or native. Learn the differences between them, and get help choosing the right XDR type for your organization.Continue Reading

• The ultimate guide to cybersecurity planning for businesses

  This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks.Continue Reading

• 8 cloud detection and response use cases

  Unsure whether cloud detection and response is useful for your organization? These eight use cases could make CDR indispensable.Continue Reading

• CrowdStrike chaos casts a long shadow on cybersecurity

  As organizations recover from today’s outages, the cybersecurity industry will need to develop new security software evaluation criteria and requirements and learn to parlay risks.Continue Reading

• Is today's CrowdStrike outage a sign of the new normal?

  A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them.Continue Reading

• CISOs on how to improve cyberthreat intelligence programs

  Organizations need to take a focused approach to gain visibility into targeted threats for cyber-risk mitigation and incident response.Continue Reading

• How AI-driven SOC tech eased alert fatigue: Case study

  Alert fatigue is real, and it can cause big problems in the SOC. Learn how generative AI can improve security outcomes and reduce analysts' frustration in this case study.Continue Reading

• EDR vs. antivirus: What's the difference?

  Endpoint detection and response and antivirus tools both protect enterprise networks, and both have distinct advantages. Which is better for your organization?Continue Reading

• AWS makes strong case for its security advantages at re:Inforce

  At re:Inforce 2024, AWS shared details of its secure-by-design measures to protect customer data.Continue Reading

• CASB vs. CSPM vs. CWPP: Comparing cloud security tool types

  Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things.Continue Reading

• The enduring importance of digital trust

  Digital trust is an increasingly important issue, yet confusion remains about what exactly it is, how to achieve it and how to get started.Continue Reading

• Identiverse 2024: Key takeaways in identity security

  The 2024 Identiverse conference addressed identity access management challenges, AI's ability to streamline IAM workflows and nonhuman identity management for identity pros.Continue Reading

• The 10 best cloud security certifications for IT pros in 2024

  Certifications can help security pros prove their baseline knowledge of infosec topics. Consider adding these top cloud security certifications to your arsenal.Continue Reading

• Why it's SASE and zero trust, not SASE vs. zero trust

  When it comes to adopting SASE or zero trust, it's not a question of either/or, but using SASE to establish and enable zero-trust network access.Continue Reading

• Reporting ransomware attacks: Steps to take

  The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. This expert advice outlines the process.Continue Reading

• What is cloud security management? A strategic guide

  This cloud security guide explains challenges enterprises face today; best practices for securing and managing SaaS, IaaS and PaaS; and comparisons of cloud-native security tools.Continue Reading

• Using ChatGPT as a SAST tool to find coding errors

  ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security.Continue Reading

• Dell Technologies World was all about AI; what about security?

  At Dell Technologies World 2024, Dell made it crystal clear that it is all-in on AI, but the company must also emphasize the importance of cybersecurity.Continue Reading

• RSA Conference wrap-up: The state of cybersecurity disconnect

  The cybersecurity industry isn't prepared for massive changes in play. It needs to focus more on the mission rather than cybersecurity technology widgets.Continue Reading

• Top 6 benefits of zero-trust security for businesses

  The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here.Continue Reading

• How to converge networking and security teams: Key steps

  Companies can reap a lot of benefits by merging their networking and security teams. But it takes careful planning to make it work.Continue Reading

• 10 risk-related security updates you might have missed at RSAC

  AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture.Continue Reading

• 5 Mitre ATT&CK framework use cases

  The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity.Continue Reading

• CISSP or CISM: Which should you pursue?

  For hopeful practitioners, the question of whether to pursue CISSP or CISM depends on their career goals and interests. For some, the question should be, 'Why not both?'Continue Reading

• How AI-driven patching could transform cybersecurity

  At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities.Continue Reading

• 3 reasons Synopsys is selling its app security business

  Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry.Continue Reading

• Lessons learned from high-profile data breaches

  Equifax. Colonial Pipeline. Sony. Target. All are high-profile data breaches, and all offer key lessons to learn that prevent your organization from falling victim to an attack.Continue Reading

• 5 key takeaways from RSA Conference 2024

  At RSA Conference 2024, the infosec industry showed their efforts to push forward in AI and to fill gaps that should help security practitioners do their jobs more effectively.Continue Reading

• RSAC panel debates confidence in post-quantum cryptography

  The Cryptographers' Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability.Continue Reading

• SSPM vs. CSPM: What's the difference?

  Posture management in the cloud is key, but evaluating different tools, such as SaaS security posture management and cloud security posture management platforms, can be confusing.Continue Reading

• AWS to protect its cloud using CrowdStrike security products

  AWS is replacing a variety of security products with the CrowdStrike Falcon Platform to further secure applications and data on its cloud.Continue Reading

• Security updates from Google Cloud Next '24 center on GenAI

  Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time.Continue Reading

• RSAC 2024: Real-world cybersecurity uses for GenAI

  Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity.Continue Reading

• 3 ways AI is transforming cloud security, according to experts

  Generative AI only recently burst into the collective consciousness, but experts say it is already changing cloud security -- on both the defensive and offensive sides.Continue Reading

• Traditional MFA isn't enough, phishing-resistant MFA is key

  Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails.Continue Reading

• 4 steps CISOs can take to raise trust in their business

  When CISOs align their investments with CIOs' tech investments, both can fuel business success and enable greater trust with customers, employees and partners.Continue Reading

• 3 Keycloak authorization strategies to secure app access

  Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access.Continue Reading

• Optimize encryption and key management in 2024

  Enterprise Strategy Group research highlighted the encryption challenges enterprises face, including lack of encryption, cryptographic infrastructure inadequacies and more.Continue Reading

• 4 types of cloud security tools organizations need in 2024

  From CIEM to SSE, these four types of cloud security tools help boost security efforts as organizations continue to expand their cloud environments.Continue Reading

• Pros and cons of 7 breach and attack simulation tools

  Breach and attack simulation software can significantly beef up an organization's network defense strategy. But not all tools are made equally.Continue Reading

• 5 trends in the cyber insurance evolution

  As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market.Continue Reading

• Benefits and challenges of NetOps-SecOps collaboration

  Organizations need to tread carefully when planning how to converge their networking and security teams to achieve potential benefits and mitigate the challenges.Continue Reading

• Identity, data security expectations for RSA Conference 2024

  Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM.Continue Reading

• 5 areas to help secure your cyber-risk management program

  To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets.Continue Reading

• Private vs. public cloud security: Benefits and drawbacks

  Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security and multi-cloud security -- before deciding on an enterprise deployment modelContinue Reading

• Top 6 data security posture management use cases

  Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities.Continue Reading

• Agent vs. agentless security: Learn the differences

  Enterprises can either use an agent or agentless approach to monitor and secure their networks. Each approach has benefits and drawbacks.Continue Reading

• U.S. data privacy protection laws: 2024 guide

  Concerns about how personal data is processed and stored is leading to the passage of new privacy regulations that govern how companies handle consumer data.Continue Reading

• Surprising ways Microsoft Copilot for Security helps infosec

  Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures.Continue Reading

• Cloud detection and response is, and will stay, a team sport

  CISOs should push for federated technologies, common processes and formal communications between teams to ensure cloud detection and response is effective and efficient.Continue Reading

• Cybersecurity market researchers forecast significant growth

  The cybersecurity market is growing and changing at a rapid pace, leading to major opportunities for vendors, heightened confusion for buyers and new challenges for CISOs.Continue Reading

• Threat intelligence programs need updating -- and CISOs know it

  Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services.Continue Reading

• Why companies need attack surface management in 2024

  The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed.Continue Reading

• Ransomware preparedness kicks off 2024 summit series

  BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here.Continue Reading

• Benefits and challenges of managed cloud security services

  The rapid drive to hybrid and multi-cloud environments has organizations scrambling to get proper protections into place. For many, external security support is critical.Continue Reading

• Top 7 data loss prevention tools for 2024

  Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't.Continue Reading

• Shadow AI poses new generation of threats to enterprise IT

  AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it.Continue Reading

• GenAI development should follow secure-by-design principles

  Every company wants a piece of the GenAI pie, but rushing to develop a product without incorporating secure-by-design principles could harm their business and customers.Continue Reading