Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• 4 identity predictions for 2023

  Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more. Continue Reading

• Understanding the importance of data encryption

  Encryption is a foundational element of cybersecurity. Organizations should implement encryption to counter the ever-growing threat of data breaches. Continue Reading

• What cybersecurity consolidation means for enterprises

  Experts predict cybersecurity consolidation will increase in the months and years ahead. Security leaders should consider what that means for their purchasing strategies. Continue Reading

• 5 ethical hacker certifications to consider

  From Offensive Security Certified Professional to GIAC Web Application Penetration Tester, learn about the certifications worth earning to begin your ethical hacker career. Continue Reading

• How cyber deception technology strengthens enterprise security

  They say the best defense is a good offense. Cyber deception puts that philosophy into practice in the enterprise, using a combination of technology and social engineering. Continue Reading

• 5 ways to enable secure software development in 2023

  Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task.Continue Reading

• 8 cybersecurity roles to consider

  Cybersecurity is an exciting and increasingly important field with a wealth of career opportunities. Explore eight cybersecurity roles and the skills, talent and experience required.Continue Reading

• How to select a security analytics platform, plus vendor options

  Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools.Continue Reading

• 6 cybersecurity buzzwords to know in 2023

  Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out.Continue Reading

• Top 10 ICS cybersecurity threats and challenges

  Industrial control systems are subject to both unique and common cybersecurity threats and challenges. Learn about the top ones here and how to mitigate them.Continue Reading

• 3 enterprise network security predictions for 2023

  It's shaping up to be another banner year for network security. 2023 may see decryption-less threat detection, connected home-caused enterprise breaches and new SASE drivers.Continue Reading

• Understanding current XDR elements and options

  What do existing extended detection and response products provide? Learn about EDR+, SIEM+ and Comprehensive options, which all provide varying levels of XDR.Continue Reading

• 11 cybersecurity predictions for 2023

  Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true?Continue Reading

• Low-code/no-code security risks climb as tools gain traction

  Organizations are looking for ways to reduce their application development costs, but automated coding can usher in some unpleasant surprises if you're unprepared.Continue Reading

• After the CISO role: Navigating what comes next

  Former chief information security officers may have numerous career options available but no clear path forward. Here's how to navigate life after the CISO role.Continue Reading

• Understanding malware analysis and its challenges

  Discover what to expect in a malware analyst career, from the types of malware you'll encounter to important tools to use to difficulties that arise for those new to the field.Continue Reading

• Why is malware analysis important?

  Malware continues to plague all organizations, causing data loss and reputational damage. Discover how malware analysis helps protect companies from such attacks.Continue Reading

• How to implement least privilege access in the cloud

  More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud.Continue Reading

• XDR definitions don't matter, outcomes do

  Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023.Continue Reading

• Top 5 vulnerability scanning tools for security teams

  Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more.Continue Reading

• Do companies need cyber insurance?

  As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks.Continue Reading

• Top Kali Linux tools and how to use them

  Learning to use Kali Linux is a journey, the first step of which is discovering which of the hundreds of cybersecurity tools included are most relevant to the task at hand.Continue Reading

• Reality check: CISO compensation packages run the gamut

  A capable security executive is invaluable -- a fact organizations increasingly recognize. CISOs' salaries are generally trending up, but the range in compensation is wide.Continue Reading

• How Wireshark OUI lookup boosts network security

  Learn why using Wireshark OUI lookup for tracking devices by their network interface's organizationally unique identifier is such an important tool for security pros.Continue Reading

• Secure development focus at KubeCon + CloudNativeCon 2022

  The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon.Continue Reading

• Multichannel communications need more than email security

  To remain protected against social engineering attacks in all communication channels, enterprises need new security strategies that extend beyond email to new collaboration tools.Continue Reading

• Types of vulnerability scanning and when to use each

  Vulnerability scanning gives companies a key weapon when looking for security weaknesses. Discovery, assessment and threat prioritization are just a few of its benefits.Continue Reading

• 3 best professional certifications for CISOs and aspiring CISOs

  While one doesn't necessarily need professional cybersecurity certifications to become a CISO, they don't hurt. Explore the best certifications for CISOs and aspiring CISOs.Continue Reading

• Ideal CISO reporting structure is to high-level business leaders

  CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best.Continue Reading

• It's time to rethink security certification for OT devices

  Security certifications don't protect OT devices from vulnerable processes and insecure-by-design practices. It's time to update security certs for the connected OT age.Continue Reading

• Enterprise ransomware preparedness improving but still lacking

  An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks.Continue Reading

• How Sheltered Harbor helps banks navigate cyber-recovery

  Banks must be able to recover quickly from a cyber attack -- a difficult task, given the volume and sophistication of attacks. The not-for-profit Sheltered Harbor aims to help.Continue Reading

• Why it's time to expire mandatory password expiration policies

  Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security.Continue Reading

• Top security-by-design frameworks

  Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle.Continue Reading

• The top 5 ethical hacker tools to learn

  Ethical hackers have a wealth of tools at their disposal that search for vulnerabilities in systems. Learn about five such tools that should be part of any hacker's tool set.Continue Reading

• What is the zero-trust security model?

  The zero-trust security model is a cybersecurity approach that denies access to an enterprise's digital resources by default and grants authenticated users and devices tailored, siloed access to only the applications, data, services and systems they...Continue Reading

• Compare vulnerability assessment vs. vulnerability management

  Vulnerability assessments and vulnerability management are different but similar-sounding security terms. Discover their similarities and differences.Continue Reading

• The role of transparency in digital trust

  To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust.Continue Reading

• Why Kali Linux is the go-to distribution for penetration testing

  Discover why penetration testers prefer to use the Kali Linux distribution for offensive security, from collecting useful tools together to being usable from multiple devices.Continue Reading

• Perimeter security vs. zero trust: It's time to make the move

  Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future.Continue Reading

• Top zero-trust certifications and training courses

  Most organizations are expected to implement zero trust in the next few years. Learn about zero-trust certifications and trainings that can help prepare your security team.Continue Reading

• Top zero-trust use cases in the enterprise

  Still hesitating to adopt zero trust? Learn about the main zero-trust use cases, as well as its benefits, myths and trends that are beginning to emerge.Continue Reading

• Multifactor authentication isn't perfect, passwordless is better

  Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy.Continue Reading

• Compare zero trust vs. the principle of least privilege

  Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies.Continue Reading

• 10 PCI DSS best practices to weigh as new standard rolls out

  PCI's Security Standards Council revamped the requirements governing how organizations store payment card information. Companies need to act fast to ensure they are in compliance.Continue Reading

• Does AI-powered malware exist in the wild? Not yet

  AI sending out malware attacks may invoke images of movielike, futuristic technology, but it may not be too far from reality. Read up on the future of AI-powered malware.Continue Reading

• 10 security-by-design principles to include in the SDLC

  Security is rarely a priority in the SDLC, but it should be. Adhere to these security-by-design principles for secure software and learn the importance of threat modeling.Continue Reading

• Discover the benefits and challenges of bug bounty programs

  Bug bounty programs have a number of benefits and challenges. Before adopting such a program at your organization, read up on the pros and cons to decide if it would be a good fit.Continue Reading

• How SOCs can identify the threat actors behind the threats

  Learn how SOC teams can track threat actors by understanding the factors that influence an attack, such as the type of infrastructure used or commonly targeted victims.Continue Reading

• What is the future of cybersecurity?

  Cybersecurity is top of mind for businesses and their boards amid a relentless rise in cyber threats. What does the future of cybersecurity look like?Continue Reading

• PCI DSS v4.0 is coming, here's how to prepare to comply

  Organizations need to start laying the groundwork to reap the benefits of the forthcoming PCI DSS v4.0 specification. Creating a team to focus on the upgrade is one good step.Continue Reading

• 5 key questions to evaluate cloud detection and response

  Consider these five questions before deciding to invest in a specialized cloud detection and response product.Continue Reading

• How to conduct a secure code review

  Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities.Continue Reading

• 8 secure file transfer services for the enterprise

  With a plethora of options, finding the best secure file transfer service for your business can pose a challenge. Learn how to make an informed decision.Continue Reading

• 5 reasons to integrate ESG and cybersecurity

  Every business faces global systemic risks, yet most have failed to integrate cybersecurity with ESG programs. Here are five reasons why integration makes good business sense.Continue Reading

• Data security as a layer in defense in depth against ransomware

  Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack.Continue Reading

• Why 2023 is the year of passwordless authentication

  Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication.Continue Reading

• What is data security? The ultimate guide

  Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe.Continue Reading

• Compare SAST vs. DAST vs. SCA for DevSecOps

  SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from.Continue Reading

• 10 top open source security testing tools

  From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is.Continue Reading

• 5 data security challenges enterprises face today

  Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet.Continue Reading

• Importance of enterprise endpoint security during a pandemic

  Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it.Continue Reading

• Cybersecurity lessons learned from COVID-19 pandemic

  Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans.Continue Reading

• The importance of data security in the enterprise

  Three industry experts discuss the criticality of data security in the enterprise, including the significance of data breaches and compliance regulations.Continue Reading

• Top 10 UEBA enterprise use cases

  The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks.Continue Reading

• 10 biggest data breaches in history, and how to prevent them

  Did you know the biggest data breach in history exposed a whopping 3 billion records? Learn more about the largest data breaches and get advice on how to prevent similar attacks.Continue Reading

• Cyber-war game case study: Preparing for a ransomware attack

  In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan.Continue Reading

• Clearing up cybersecurity architecture confusion, challenges

  There's no lack of cybersecurity frameworks, but there is a lack of resources to help small and midsize organizations build a cybersecurity architecture -- until now.Continue Reading

• 4 criteria to measure cybersecurity goal success

  Measuring the success of cybersecurity goals is challenging because they are components of larger goals and often probabilistic rather than deterministic.Continue Reading

• How to write a cybersecurity job posting

  Is your organization struggling to find cybersecurity talent? Your job descriptions could be the problem. Learn how to write a good cybersecurity job posting.Continue Reading

• A 'CISO evolution' means connecting business value to security

  As cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite.Continue Reading

• How to find your niche in cybersecurity

  It's difficult to navigate a career in cybersecurity, especially with all the varying roles. A veteran CISO offers advice on how to find your niche in the security industry.Continue Reading

• Why the next-gen telecom ecosystem needs better regulations

  The telecom industry keeps the world connected but also poses national and cybersecurity risks. Learn why the sector needs better -- and uniform -- regulations.Continue Reading

• An enterprise bug bounty program vs. VDP: Which is better?

  Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground.Continue Reading

• What's driving converged endpoint management and security?

  Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG.Continue Reading

• Top cloud security takeaways from RSA 2022

  Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG.Continue Reading

• How hackers use AI and machine learning to target enterprises

  AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks.Continue Reading

• How to evaluate security service edge products

  As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction.Continue Reading

• 11 open source automated penetration testing tools

  From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks.Continue Reading

• 8 benefits of DevSecOps automation

  DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks.Continue Reading

• Using SSH tunneling for good and evil

  Secure Shell tunneling takes the secure application protocol to the next level for bypassing firewalls and creating secure connections everywhere.Continue Reading

• How ransomware kill chains help detect attacks

  Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack.Continue Reading

• Top 4 source code security best practices

  Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code.Continue Reading

• ESG analysts discuss how to manage compliance, data privacy

  ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture.Continue Reading

• Apple, Microsoft, Google expand FIDO2 passwordless support

  Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS.Continue Reading

• How cryptocurrencies enable attackers and defenders

  Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike.Continue Reading

• How micropatching could help close the security update gap

  Countless known but unpatched vulnerabilities pose significant, ongoing risk to the typical enterprise. Learn how micropatching could help close the security update gap.Continue Reading

• Case study: Scaling DevSecOps at Comcast

  Comcast's DevSecOps transformation started small but quickly gained steam, resulting in 85% fewer security incidents in production. Learn more in this case study.Continue Reading

• The top secure software development frameworks

  Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks.Continue Reading

• Do phishing simulations work? Sometimes

  Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question.Continue Reading

• Data security requires DLP platform convergence

  Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features.Continue Reading

• What are the benefits and challenges of microsegmentation?

  Administrators are assessing microsegmentation to beef up access control and security. But deploying microsegmentation can be complex.Continue Reading

• Unethical vulnerability disclosures 'a disgrace to our field'

  The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says.Continue Reading

• Comparing network segmentation vs. microsegmentation

  Network segmentation and microsegmentation both control access but vary in how they do it, as well as how granular their approach is. Learn the differences here.Continue Reading

• Traditional IT vs. critical infrastructure cyber-risk assessments

  When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging.Continue Reading

• Study attests: Cloud apps, remote users add to data loss

  A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic.Continue Reading

• Making sense of conflicting third-party security assessments

  Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective.Continue Reading

• The benefits and challenges of managed PKIs

  Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization.Continue Reading

• Should companies ask for a SaaS software bill of materials?

  Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why.Continue Reading

• How secure are one-time passwords from attacks?

  Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs.Continue Reading