Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Do phishing simulations work? Sometimes
Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question. Continue Reading
Data security requires DLP platform convergence
Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features. Continue Reading
What are the benefits and challenges of microsegmentation?
Administrators are assessing microsegmentation to beef up access control and security. But deploying microsegmentation can be complex. Continue Reading
-
Unethical vulnerability disclosures 'a disgrace to our field'
The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
Comparing network segmentation vs. microsegmentation
Network segmentation and microsegmentation both control access but vary in how they do it, as well as how granular their approach is. Learn the differences here. Continue Reading
Traditional IT vs. critical infrastructure cyber-risk assessments
When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging.Continue Reading
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic.Continue Reading
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective.Continue Reading
The benefits and challenges of managed PKIs
Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization.Continue Reading
Should companies ask for a SaaS software bill of materials?
Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why.Continue Reading
-
How secure are one-time passwords from attacks?
Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs.Continue Reading
How effective is security awareness training? Not enough
Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program.Continue Reading
The importance of HR's role in cybersecurity
HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so.Continue Reading
Why CISOs need to understand the business
While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company.Continue Reading
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security.Continue Reading
Review Microsoft Defender for endpoint security pros and cons
Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls.Continue Reading
2 zero-trust cloud security models emerge as demands shift
Security teams are beefing up enterprise defenses as cloud services become more essential. Zero trust -- tailored to assets, as well as users -- is an integral part of the equation.Continue Reading
3 benefits of sustainable cybersecurity in the enterprise
Sustainable cybersecurity means taking the long view on cyber-risk mitigation. Explore the technical, financial, societal and reputational wins it can net for the enterprise.Continue Reading
Top DevSecOps certifications and trainings
Check out some of the top DevSecOps certifications and trainings that can help professionals learn how to shift security left in the software development lifecycle.Continue Reading
Use digital identity proofing to verify account creation
Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address.Continue Reading
Implement API rate limiting to reduce attack surfaces
Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here.Continue Reading
API security methods developers should use
Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated.Continue Reading
Top 6 critical infrastructure cyber-risks
Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here.Continue Reading
Pros and cons of manual vs. automated penetration testing
Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization.Continue Reading
The importance of a policy-driven threat modeling approach
An expanding threat landscape, combined with increasing cloud use and a cybersecurity skill shortage, is driving the need for a policy-driven threat modeling approach.Continue Reading
IaC security options help reduce software development risk
The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk.Continue Reading
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond?Continue Reading
5 infosec predictions for 2022
If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months.Continue Reading
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach.Continue Reading
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs.Continue Reading
GDPR as we enter 2022: Challenges, enforcement and fines
Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more.Continue Reading
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links.Continue Reading
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more.Continue Reading
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers.Continue Reading
The components and objectives of privacy engineering
Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives.Continue Reading
The intersection of privacy by design and privacy engineering
Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how.Continue Reading
Ultimate guide to secure remote access
This comprehensive secure remote access guide outlines the strategies, tools and best practices to provide anywhere access while protecting data, systems and users.Continue Reading
How to evaluate and deploy an XDR platform
Not all extended detection and response platforms are created equal. Don't take the XDR plunge before knowing exactly what to look for in an XDR platform.Continue Reading
10 CCPA enforcement cases from the law's first year
It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance.Continue Reading
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go.Continue Reading
The benefits of an IT management response
Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too?Continue Reading
3 components to consider when selecting an MDR service
In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision.Continue Reading
CompTIA SYO-601 exam pivots to secure bigger attack surface
The latest CompTIA Security+ exam, SYO-601, tests skills and knowledge for dealing with an expanded attack surface and the latest forms of assault on cybersecurity defenses.Continue Reading
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge.Continue Reading
17 ransomware removal tools to protect enterprise networks
Check out this list of ransomware removal platforms to detect possible security threats, block attacks, and erase any malware lingering on devices and enterprise networks.Continue Reading
Blockchain for identity management: Implications to consider
Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization.Continue Reading
Why zero-trust models should replace legacy VPNs
Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option.Continue Reading
How privacy engineers promote innovation and trust
Forward-thinking companies are hiring privacy engineers. Could your organization benefit? Uncover how these experts promote innovation and fortify customer trust.Continue Reading
Cloud-native security benefits and use cases
'Cloud native' has described applications and services for years, but its place in security is less clear. Get insight into cloud-native security from expert Dave Shackleford.Continue Reading
10 ways blockchain can improve IAM
DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM.Continue Reading
Federate and secure identities with enterprise BYOI
Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend.Continue Reading
Network security in the return-to-work era
IT teams are dealing with the challenge of reconnecting devices to office networks as employees return to work. Here's how your organization can overcome that challenge.Continue Reading
Balancing the benefits with the risks of emerging technology
Emerging technologies enable companies to maintain a competitive edge through their various benefits but can come with high risks. A balancing act is required.Continue Reading
Comparing top identity and access management certifications
In addition to learning security fundamentals applicable to identity and access management, the top IAM certifications can yield rewarding career and networking opportunities.Continue Reading
5 IAM trends shaping the future of security
The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help.Continue Reading
10 identity and access management tools to protect networks
IAM tools keep enterprises safe by ensuring only authorized users can access sensitive data and applications. Read this in-depth product overview of top tools on the market.Continue Reading
Top 5 benefits of a new cybersecurity market model
Companies are struggling to identify the cybersecurity technology that would actually be useful for their use cases. It's time for a new market model around efficacy instead.Continue Reading
How cloud adoption is shaping digital identity trends in 2021
Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust.Continue Reading
Corral superuser access via SDP, privileged access management
Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM?Continue Reading
Security observability vs. visibility and monitoring
Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture.Continue Reading
Security observability tools step up threat detection, response
A step beyond security monitoring are security observability tools, which provide greater context into the events of an incident to perform a more effective responseContinue Reading
What is secure remote access in today's enterprise?
Out with the old, in with the new. The meaning of secure remote access, and how organizations achieve it, is changing. Here's what you need to know.Continue Reading
Inept cybersecurity education and training feed into skills gap
Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap.Continue Reading
Network reconnaissance techniques for beginners
In this excerpt of 'How Cybersecurity Really Works,' author Sam Grubb breaks down common network reconnaissance techniques used by adversaries to attack wired networks.Continue Reading
Why cloud changes everything around network security
Vishal Jain examines why the data center mindset doesn't work for network security when it comes to using the public cloud and how companies should think instead.Continue Reading
RSA Conference 2021: 3 hot cybersecurity trends explained
In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE.Continue Reading
How to build a cloud security observability strategy
Security observability in the cloud involves more than workload monitoring. Read up on the essential observability components and tools needed to reap the security benefits.Continue Reading
12 essential features of advanced endpoint security tools
In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies.Continue Reading
Cyber Defense Matrix makes sense of chaotic security market
The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals.Continue Reading
Endpoint security strategy: Focus on endpoints, apps or both?
Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both.Continue Reading
Enterprises mull 5G vs. Wi-Fi security with private networks
While Wi-Fi security can be implemented just as securely as 5G, mechanisms built into 5G offer some compelling benefits to enterprises considering private 5G networks.Continue Reading
Container vs. VM security: Which is better?
Security professionals often compare containers vs. VMs when determining whether virtualization or containerization is better for their company's security strategy.Continue Reading
Despite confusion, zero-trust journey underway for many
Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today.Continue Reading
How to use CIS benchmarks to improve public cloud security
Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level.Continue Reading
6 ways to spur cybersecurity board engagement
New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow.Continue Reading
Applying web application reconnaissance to offensive hacking
Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman.Continue Reading
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers.Continue Reading
How cloud monitoring dashboards improve security operations
Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options.Continue Reading
CCISO exam guide authors discuss the changing CISO role
Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape.Continue Reading
Threat intelligence frameworks to bolster security
Organizations have many threat intelligence frameworks to work with, each with its own advantages. From for-profit to nonprofit, here's help to figure out which ones you need.Continue Reading
Exploring GRC automation benefits and challenges
Governance, risk and compliance is a crucial enterprise task but can be costly and time-consuming. This is where GRC automation fits in. Learn about its benefits and challenges.Continue Reading
Can a new DHS cybersecurity strategy help the private sector?
The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated.Continue Reading
Ultimate guide to cybersecurity incident response
Learn actionable incident response strategies that your IT and enterprise security teams can use to meet today's security threats and vulnerabilities more effectively.Continue Reading
6 AIOps security use cases to safeguard the cloud
Explore six AIOps security use cases in cloud environments, such as threat intelligence analysis and malware detection, as well as expert advice on implementation considerations.Continue Reading
Top incident response tools to boost network protection
Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks.Continue Reading
Implement Kubernetes for multi-cloud architecture security
Uncover how orchestration tools benefit multi-cloud environments, and get help selecting the right deployment model for Kubernetes in multi-cloud architectures.Continue Reading
Endpoint security vs. network security: Why both matter
As the security perimeter blurs, companies often debate the merits of endpoint security vs. network security. However, it shouldn't be an either-or decision.Continue Reading
3 ransomware distribution methods popular with attackers
To prevent cyber attacks, understanding how they work is half the battle. Explore the most common ransomware distribution methods in this excerpt of 'Preventing Ransomware.'Continue Reading
Malware researcher speculates on the future of ransomware
Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals.Continue Reading
5 cyber threat intelligence feeds to evaluate
Cyber threat intelligence feeds help organizations up their security game. While the 'best' feeds vary depending on a company's needs, here are five leading services to consider.Continue Reading
SolarWinds fallout has enterprise CISOs on edge
As investigators uncover more about the massive SolarWinds hack, enterprise CISOs' concerns about digital supply chain security grow.Continue Reading
Using content disarm and reconstruction for malware protection
Content disarm and reconstruction is a modern approach to removing malicious code from files, key to detecting and thwarting successful phishing and malware attacks.Continue Reading
The security battle over entitlements and permissions creep
IT must continually keep track of entitlements and permissions for all their cloud services, with methods such as CI/CD tools, increased visibility and continuous monitoring.Continue Reading
2021 cybersecurity predictions: Oh, where cybersecurity may go
Jonathan Meyers sees 2021 bringing cybersecurity challenges to the forefront, like more cyberattacks on local governments, BYOD security issues and AI and ML overhype.Continue Reading
Select a customer IAM architecture to boost business, security
Not all customer IAM platforms are created equal. Will a security-focused or marketing-focused CIAM architecture best meet your organization's needs? Read on for help deciding.Continue Reading
Extended detection and response tools take EDR to next level
Extended detection and response tools offer new capabilities -- among them greater visibility -- to enterprises searching for better ways to protect their endpoints.Continue Reading
Biometric security technology could see growth in 2021
Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits.Continue Reading
Editor's picks: Top cybersecurity articles of 2020
As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months.Continue Reading
What is SecOps? Everything you need to know
SecOps, formed from a combination of security and IT operations staff, is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets, often operating from a security operations center, or SOC.Continue Reading
Technology a double-edged sword for U.S. election security
Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election.Continue Reading