Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Essential instruments for a pen test toolkit
Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific tools for wireless, network and web app pen testing. Continue Reading
Defining and evaluating SOC as a service
As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise. Continue Reading
Choosing between an SSL/TLS VPN vs. IPsec VPN
Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here. Continue Reading
-
How security teams benefit from traffic mirroring in the cloud
Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks. Continue Reading
Should I invest in attack simulation tools?
Attack simulation tools -- along with third-party penetration testing -- can help improve an organization's enterprise security. Find out why. Continue Reading
Do network layer and application layer DDoS attacks differ?
Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects.Continue Reading
How software-defined perimeter authentication ups security
Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security.Continue Reading
Designing IoT security: Experts warn against cutting corners
Security, though costly, is essential for IoT devices; a single breach can destroy a company's reputation. IoT security by design can avoid devastating incidents.Continue Reading
Gigamon launches platform to improve application visibility
Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection.Continue Reading
Why CASB tools are crucial to your cloud security
CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT.Continue Reading
-
Complexity requires new cloud-based patch management strategies
Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike.Continue Reading
The difference between zero-day vulnerability and zero-day exploit
A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list.Continue Reading
DevOps security checklist requires proper integration
There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation.Continue Reading
How to identify and evaluate cybersecurity frameworks
Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how to go about choosing and using one.Continue Reading
4 necessary steps to evaluate public cloud security
The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected.Continue Reading
5 email security appliance comparison criteria to consider
Identifying the best email security appliance on the market can be hard. This article discusses the criteria to consider when choosing one for your organization.Continue Reading
Why is third-party risk management essential to cybersecurity?
Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals.Continue Reading
What secure email gateways can do for your enterprise
Discover email security gateways in this buyer's guide that outlines architecture, cost and uses of email security products.Continue Reading
Digital transformation redefines cybersecurity skills, careers
The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think.Continue Reading
How to pass the CISSP exam on your first try: Tips to get a good score
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.Continue Reading
SD-WAN security benefits go beyond the obvious
SD-WAN does more than extend corporate networks. Key SD-WAN security benefits that capitalize on the technique's architecture could change the face of SD-WAN in the enterprise.Continue Reading
What are the pros and cons of outsourcing IT security?
Companies are facing increased costs when maintaining an internal security group. Outsourcing IT security has its advantages, but there are some challenges to keep in mind.Continue Reading
Quantum computers mean cryptography needs to change, and soon
As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront.Continue Reading
5 best practices to choose the right email security software
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.Continue Reading
The benefits of IAM can far outweigh the costs
Identity and access management is a critical piece of enterprise information security. But the benefits of IAM go beyond illuminating who -- and what -- might be using your network.Continue Reading
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap.Continue Reading
Who's to blame for ransomware attacks -- beyond the attackers?
Cyberattackers are to blame for ransomware attacks, but what about companies that release flawed software or don't install patches? Our expert looks at where the buck stops.Continue Reading
Do I need to adopt a cybersecurity framework?
A comprehensive cybersecurity framework can help businesses avoid costly attacks. But there are other advantages.Continue Reading
How to beef up Office 365 email security features
Companies looking to fortify their Office 365 email security can assess options from a variety of third-party vendors. Find out which features are the most important.Continue Reading
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents.Continue Reading
What identity governance tools can do for your organization
Learn how to evaluate available security tools that manage the governance of your users' identity and access to company systems and data.Continue Reading
SANS security awareness credential paves new career path
The SANS Security Awareness Professional credential gives enterprises a new method to recognize and promote cybersecurity awareness in the organization.Continue Reading
Zero-trust security model means more than freedom from doubt
A zero-trust security model has a catchy name, but the methodology means more than not trusting any person or device on the network. What you need to know.Continue Reading
Why are fewer companies using SMS 2FA for authentication?
Instead of SMS two-factor authentication, some companies are switching to 2FA through messaging apps and social media platforms. Learn what's behind this authentication trend.Continue Reading
Explore this NGFW comparison of leading vendors on the market
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decisionContinue Reading
How to select and implement a next-gen firewall
This buyer's guide examines next-generation firewalls and how to select the correct one for your organization based on comparison of product features.Continue Reading
What makes BSA's secure software development framework unique?
BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all.Continue Reading
6 firewall selection criteria to purchase NGFWs
These six key factors will help your company determine the best NGFW product for your organization's needs.Continue Reading
How does an identity and access management framework work?
A comprehensive identity and access management framework is an IT necessity. But how do the two components work together?Continue Reading
Why centralization in a multi-cloud security strategy is key
When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls.Continue Reading
Next-generation firewall comparison based on company needs
Compare leading next-generation firewalls to help find the option that best fits your IT environment and security needs.Continue Reading
Next-generation firewalls vs. traditional and UTMs
Learn the advantages of next-generation firewalls that protect enterprise networks from attacks and intrusion, as well as the differences between NGFWs and traditional firewalls.Continue Reading
How information sharing can reduce cybersecurity vulnerabilities
Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence.Continue Reading
10 endpoint security products to protect your business
Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting.Continue Reading
Challenges and benefits of using the Mitre ATT&CK framework
Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started.Continue Reading
Top 5 reasons for a zero-trust approach to network security
As network perimeters disintegrate and enterprises adopt cloud computing, discover the top reasons organizations are opting for a zero-trust approach to network security.Continue Reading
Assess secure web gateways to suit your network security needs
Secure web gateways play an important role in minimizing security risks associated with website vulnerabilities, user behaviors and endpoint weaknesses.Continue Reading
Assess endpoint security tools to fulfill organizational needs
Learn about the evolution of endpoint security tools, and how to procure and buy the right antimalware protection products for your organization.Continue Reading
Symantec Web Security Service vs. Zscaler Internet Access
Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support.Continue Reading
6 questions to ask before evaluating secure web gateways
Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway.Continue Reading
Can PDF digital signatures be trusted?
Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures.Continue Reading
Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders.Continue Reading
How can I detect fileless malware attacks?
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns.Continue Reading
Who needs security orchestration, automation and response?
Who needs SOAR? Only those companies with understaffed, overworked IT security teams. Learn how SOAR tools free up security pros to tackle the more demanding projects.Continue Reading
Plugging the cybersecurity skills gap with security automation
Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder.Continue Reading
An introduction to building management system vulnerabilities
Understanding what a building management system is and does is important for organizations to have stronger security postures. Expert Ernie Hayden examines the BMS and its flaws.Continue Reading
Find the right tool using this antimalware software comparison
Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings.Continue Reading
How bellwether cybersecurity technologies predict success
Bellwether cybersecurity technologies -- advanced endpoint security, behavioral threat analytics and a trio of cloud-based apps -- are used by successful cybersecurity teams. Find out why.Continue Reading
The developer's role in application security strategy
Developers often pay lip service about being integral to application security, but they usually don't consider vulnerabilities until much too late in the dev process.Continue Reading
Multifactor authentication methods, use cases and products
Protect your organization from financial and client loss with multifactor authentication tools that keep your company safe from potential cyberattacks.Continue Reading
A guide to SIEM platforms, benefits and features
Evaluate the top SIEM platforms before making a buying decision. Explore how the top SIEM platform tools protect enterprises by collecting security event data for centralized analysis.Continue Reading
Can a zero-trust approach fill the security perimeter void?
With the enterprise perimeter a mere memory, how can enterprises hope to secure their mission-critical data and systems?Continue Reading
Should I use GitHub's new private repositories?
Is GitHub's new private repositories service robust enough to serve the needs of enterprises? Nick Lewis examines what works -- and what doesn't.Continue Reading
Explore multifactor authentication products in-depth
Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision.Continue Reading
Vet third-party apps to reduce supply chain threats
Enterprises are more vulnerable than ever before to supply chain threats from third-party apps and modules. Last fall's compromised NPM package is one cautionary tale.Continue Reading
Compare the top multifactor authentication vendors
What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products.Continue Reading
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019.Continue Reading
Cutting SecOps breach response time is key to success
A new survey measures the success of security operations breach response by how long it takes to complete a three-step process to detect, understand and contain incidents.Continue Reading
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers.Continue Reading
The evolution of the Let's Encrypt certificate authority
Certificate authorities work differently since the open source Let's Encrypt project went into effect. Expert Fernando Gont explains how both CAs and Let's Encrypt operate.Continue Reading
Infoblox's Cricket Liu explains DNS over HTTPS security issues
Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises.Continue Reading
Three examples of multifactor authentication use cases
When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation.Continue Reading
Purchasing multifactor authentication tools: What to consider
Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits.Continue Reading
Exploring multifactor authentication benefits and technology
Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud.Continue Reading
How unsecured Firebase databases put critical data at risk
Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases.Continue Reading
Key customer identity access management features to consider
Evaluating customer identity access management products is complicated but necessary. Learn what’s new and what you need most right now.Continue Reading
CIAM vs. IAM: The key differences 'customer' makes
Find out everything you need to know about the nuances that differentiate customer IAM from traditional IAM so that you can implement the CIAM system at your organization.Continue Reading
How NIST is preparing to defend against quantum attacks
The NSA has begun the transition from ECC to new algorithms to resist quantum attacks. Learn about the threat posed by quantum computing from expert Michael Cobb.Continue Reading
The pros and cons of proxy-based security in the cloud
Is proxy-based security in the cloud right for you? Expert Ed Moyle looks at the benefits and drawbacks of using proxies for Office 365 and other cloud platforms.Continue Reading
How to apply cloud security controls in the network
Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services.Continue Reading
A guide to SIEM platforms, benefits and features
Evaluate the top SIEM platforms before making a buying decision. Explore how the top SIEM platform tools protect enterprises by collecting security event data for centralized analysis.Continue Reading
For effective customer IAM, bundle security and performance
CIAM can verify identity, manage access and deliver a smooth experience for customers. Get an expert's insights on how to tackle customer IAM now.Continue Reading
Product roundup: Features of top SIEM software on the market
Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier.Continue Reading
Can deception security tactics turn the tables on attackers?
Is the latest news on an onslaught of advanced threats causing you to despair? Maybe it's time to consider taking a 'deceptive' approach to IT security.Continue Reading
What's different about Google Asylo for confidential computing?
The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings.Continue Reading
How does TLS 1.3 differ from TLS 1.2?
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic algorithms.Continue Reading
How do L1TF vulnerabilities compare to Spectre?
Foreshadow, a set of newly discovered L1TF vulnerabilities, exploits Intel processors via side-channel attacks. Learn about L1TF and its variations from expert Michael Cobb.Continue Reading
What are the security risks of third-party app stores?
Unlike most apps developed in app stores, users can download Fortnite from Epic Games' website. Expert Michael Cobb explains the security risks of third-party app stores.Continue Reading
How supply chain security has evolved over two decades
Both physical and cyber supply chain security are critically important. Expert Ernie Hayden outlines the recent history of supply chain defenses and what enterprises need to know.Continue Reading
Zero-trust security means new thinking plus practical steps
Implementing a security policy that, essentially, trusts no one and nothing doesn't have to be overwhelming if you understand the basics behind the security model.Continue Reading
How the Microsoft Authenticator app integrates with Azure AD
Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security.Continue Reading
How is Plead malware used for cyberespionage attacks?
Cyberespionage hackers have used stolen digital certificates to steal data. Expert Michael Cobb explains how hackers sign Plead malware to conduct these attacks.Continue Reading
How deception technologies improve threat hunting, response
Deception tech tools enable more effective threat hunting and incident response. Learn how these tools can give security pros an edge in defending their company systems and data.Continue Reading
Mobile security trends: app containers, app wrapping for BYOD
Threats evolve, and so should mobile security strategies. Mike Chapple explains how an app containers and app wrapping can protect enterprise devices and corporate assets.Continue Reading
What Microsoft's InPrivate Desktop feature could mean for enterprises
Microsoft's secretive, potential new feature InPrivate Desktop could give security teams access to disposable sandboxes. Expert Ed Moyle explains how the feature could work.Continue Reading
Guide to identifying and preventing OSI model security risks: Layers 4 to 7
Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7.Continue Reading
How security, compliance standards prevent OSI layer vulnerabilities
Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices.Continue Reading
How do SLAs factor into cloud risk management?
While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management.Continue Reading
How did Netflix phishing attacks use legitimate TLS certificates?
Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix phishing attacks work.Continue Reading
SIEM tools, future tech and how to prepare for what's ahead
The latest SIEM tools are upping the ante with AI and machine learning capabilities. But, while SIEM security is changing fast you're still going to need the human touch.Continue Reading