Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Guide to identifying and preventing OSI model security risks: Layers 4 to 7
Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
How security, compliance standards prevent OSI layer vulnerabilities
Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
How do SLAs factor into cloud risk management?
While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management. Continue Reading
-
How did Netflix phishing attacks use legitimate TLS certificates?
Hackers can imitate the design and domain name of popular sites like Netflix to steal credentials. Expert Michael Cobb explains how these Netflix phishing attacks work. Continue Reading
SIEM tools, future tech and how to prepare for what's ahead
The latest SIEM tools are upping the ante with AI and machine learning capabilities. But, while SIEM security is changing fast you're still going to need the human touch. Continue Reading
Give your SIEM system a power boost with machine learning
The enterprise SIEM is still essential to IT defenses, but the addition of AI, in the form of machine learning capabilities, gives it even more potential power.Continue Reading
How does TLBleed abuse the Hyper-Threading feature in Intel chips?
TLBleed exploits Intel's HTT feature to leak data via side-channel attacks. Learn about how TLBleed obtains sensitive memory information from expert Michael Cobb.Continue Reading
Seven criteria for evaluating today's leading SIEM tools
Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization.Continue Reading
SaaS platform security: The challenges of cloud network security
Organizations have the necessary tools to protect data stored and processed in IaaS platforms. Learn why SaaS platform security remains a challenge from expert Rob Shapland.Continue Reading
Diversity at cybersecurity conferences is too important to ignore
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage.Continue Reading
-
Innovation Women founder strives to close gender gap at conferences
Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers.Continue Reading
How to find the best privileged identity management tool
To ensure IT security means first realizing that elevated privileges can also be an open door for hackers. Locking things down requires teamwork, good tools and more.Continue Reading
Weighing privileged identity management tools' pros and cons
Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company.Continue Reading
Network reconnaissance: How to use SI6 Networks' IPv6 toolkit
SI6 Networks' IPv6 toolkit can do network reconnaissance using search engines and the Certificate Transparency framework. Learn how to use IPv6 toolkits from expert Fernando Gont.Continue Reading
SIEM evaluation criteria: Choosing the right SIEM products
Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask.Continue Reading
Google's 'My Activity' data: Avoiding privacy and compliance risk
Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats.Continue Reading
Facebook user data: How do malicious apps steal user data?
Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data.Continue Reading
UPnP vulnerability: How is the UPnP protocol being misused?
The UPnP protocol is being misused to distribute malware through home routers. Expert Michael Cobb explains the UPnP vulnerability and how to defend against it.Continue Reading
SIEM benefits include efficient incident response, compliance
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.Continue Reading
What does the expansion of MANRS mean for BGP security?
The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security.Continue Reading
Three steps to improve data fidelity in enterprises
Ensuring data fidelity has become crucial for enterprises. Expert Char Sample explains how to use dependency modeling to create boundaries and gather contextual data.Continue Reading
A comprehensive guide to SIEM products
Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security.Continue Reading
Anonymity tools: Why the cloud might be the best option
The cloud might be the best of the available anonymity tools. Expert Frank Siemons explains the other options for anonymity for security and why the cloud is the best for privacy.Continue Reading
Domain fronting: Why cloud providers are concerned about it
Domain fronting is a popular way to bypass censorship controls, but cloud providers like AWS and Google have outlawed its use. Expert Michael Cobb explains why.Continue Reading
Incident response playbook in flux as services, tools arrive
IR is shifting, with new technology, automation, machine learning and third-party services changing how IR is performed. But in-house security will remain central.Continue Reading
How to integrate an incident response service provider
Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits.Continue Reading
Machine learning security, a real advance in tech protection
Some pioneers of AI in cybersecurity find progress thus far limited, but machine learning still offers an advancement in protecting enterprise networks and data.Continue Reading
How bad is the iBoot source code leak for Apple security?
The iBoot source code on Apple devices was leaked to the public on GitHub. Expert Michael Cobb explains how it happened and what the implications are for iOS security.Continue Reading
Cloud endpoint security: Balance the risks with the rewards
While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains.Continue Reading
Are Meltdown and Spectre real vulnerabilities or mere flaws?
There's been some debate over whether Meltdown and Spectre are true vulnerabilities. Expert Michael Cobb discusses what qualifies as a vulnerability and if these two make the cut.Continue Reading
A security operations center for hire? Something to consider
There are some good reasons your company should consider hiring a third party to provide SOC services, but certain aspects of security operations should be kept in-house.Continue Reading
SOC services: How to find the right provider for your company
SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best.Continue Reading
Will biometric authentication systems replace passwords?
Biometric authentication systems have gained traction on mobile devices, but when will they become dominant within the enterprise? Expert Bianca Lopes weighs in on the topic.Continue Reading
How TLS mutual authentication for cloud APIs bolsters security
Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle.Continue Reading
CPE for CISSP: Top 10 ways to master continuing education
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.Continue Reading
What the Azure AD Connect vulnerability can teach enterprises
Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw.Continue Reading
The time is ripe to implement cybersecurity automation
Automation is essential to keep up with the speed and potential lethality of threats now. Does automatic feel problematic? Then try to focus on security fundamentals.Continue Reading
What can be done to prevent a swatting attack?
A swatting attack resulted in the death of a Kansas man. Expert Judith Myerson looks at the technology these attacks use and what can be done to make sure they don't happen again.Continue Reading
How does the Devil's Ivy bug compromise security cameras?
The Devil's Ivy bug affects millions of internet-connected security cameras. Expert Judith Myerson explains how the exploit works and what can be done to prevent it.Continue Reading
What enterprises need to know about ransomware attacks
Ransomware attacks on enterprises are often the result of a company's poor IT hygiene. Expert Joe Granneman looks at attacks like those by WannaCry and SamSam ransomware.Continue Reading
Information security certification guide: Specialized certifications
This information security certification guide looks at vendor-neutral certifications in specialized areas such as risk management, security auditing and secure programming.Continue Reading
Bypassing facial recognition: The means, motive and opportunity
Researchers bypassed Apple's facial recognition authentication program, Face ID, in under a week. Expert Michael Cobb explains why it's not a major cause for concern for users.Continue Reading
Cybersecurity professionals: Lack of training leaves skills behind
Cybersecurity professionals' increased workloads leave little time for training, leaving their skill sets -- and their companies' data security -- vulnerable to outside threats.Continue Reading
Information security certification guide: Forensics
This information security certificate guide looks at vendor-neutral computer forensics certifications for IT professionals interested in cyber attribution and investigations.Continue Reading
Information security certification guide: Advanced level
Part three of this information security certification guide looks at vendor-neutral advanced security certifications for more experienced IT professionals.Continue Reading
Public key pinning: Why is Google switching to a new approach?
After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch.Continue Reading
Advanced Protection Program: How has Google improved security?
Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors.Continue Reading
Behavioral analytics, security go hand in hand
This Security School explores behavioral analytics as a tool for enhancing the security of enterprise systems and data.Continue Reading
The endpoint security controls you should consider now
With the perimeter wall gone, securing enterprise endpoints is even more essential. Learn how automation and other developments can up endpoint protection now.Continue Reading
Business threat analytics: How does real-time data impact results?
Explore the top things you should know about real-time analytics with Johna Till Johnson and learn how it reduces false positives detected in your system on a daily basis.Continue Reading
How should enterprise firewall settings be reviewed?
Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses how to review firewall policies.Continue Reading
Security behavioral analytics: The impact of real-time BTA
Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture.Continue Reading
The 12 biggest cloud security threats, according to the CSA
The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks.Continue Reading
The top six EMM vendors offering MDM capabilities
With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities.Continue Reading
Comparing the leading mobile device management products
Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization.Continue Reading
Six questions to ask before buying enterprise MDM products
Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products.Continue Reading
Understand the basics of mobile device management products
Implementing MDM products has traditionally been the go-to answer for securing mobile devices, but with the role of mobile devices in the enterprise growing, admins need a more comprehensive security option.Continue Reading
Three enterprise scenarios for MDM products
Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data.Continue Reading
Information security certification guide: Intermediate level
Part two of this information security certificate guide looks at vendor-neutral intermediate certifications for IT professionals interested in midlevel positions.Continue Reading
Botnet attacks are evolving; your defenses must too
Botnets are evolving and will continue to plague organizations. There is no one tool that will be sufficient, so it’s time to layer your anti-botnet defenses.Continue Reading
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.Continue Reading
Three reasons to implement an NAC system
The growth in devices on the network has heightened the need for network access control products. This article presents scenarios where an enterprise might need an NAC system.Continue Reading
Which 4G vulnerabilities should BYOD users be aware of?
Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them.Continue Reading
Information security certifications: Introductory level
This series looks at the top information security certifications for IT professionals. Part one reviews basic, vendor-neutral certifications for entry-level positions.Continue Reading
How machine learning-powered password guessing impacts security
A new password guessing technique takes advantage of machine learning technologies. Expert Michael Cobb discusses how much of a threat this is to enterprise security.Continue Reading
Active Cyber Defense Certainty Act: Should we 'hack back'?
With the proposal of the Active Cyber Defense Certainty Act, individuals would be able to 'hack back' when information is stolen. Matt Pascucci makes the case against the bill.Continue Reading
How do source code reviews of security products work?
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews.Continue Reading
Tools for those seeking security for apps in the enterprise
Need better security for apps? The right tools are key, but the right approach just as important. That's why you should consider the quality management system model.Continue Reading
HTTP Strict Transport Security: What are the security benefits?
Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure.Continue Reading
VMware AppDefense: How will it address endpoint security?
VMware announced AppDefense, its latest effort to help improve endpoint security. Matt Pascucci explains how AppDefense addresses applications in vSphere environments.Continue Reading
How does Google Play Protect aim to improve Android security?
Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works.Continue Reading
Securing endpoints with supplementary tools protects data
Learn how network access control (NAC), data loss prevention (DLP) and robust data destruction tools secure the data in your corporate endpoints against data loss.Continue Reading
How can peer group analysis address malicious apps?
Google is using machine learning and peer group analysis to protect against malicious Android apps in the Google Play Store. Matt Pascucci explains how this works.Continue Reading
Can the STIX security framework improve threat intelligence sharing?
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.Continue Reading
How to make a SIEM system comparison before you buy
The current trend in SIEM systems involves machine learning capabilties. Even so, direct human management is still essential for SIEM to be effective.Continue Reading
What SIEM features are essential for your company?
On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products.Continue Reading
Machine learning in cybersecurity: How to evaluate offerings
Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech?Continue Reading
Are long URLs better for security than short URLs?
Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience.Continue Reading
Symantec Data Loss Prevention: Product overview
Expert Bill Hayes checks out the Symantec Data Loss Prevention suite, featuring an architecture consisting of content-aware detection servers, endpoint agents and unified management.Continue Reading
Top cybersecurity conferences for when Black Hat and RSA aren't right
The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle.Continue Reading
Electronic voting systems in the U.S. need post-election audits
Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems?Continue Reading
Learn what network access control systems can do for you
Network access control systems keep rogue or compromised devices off of corporate networks. See how they work and the other security technologies with which they work.Continue Reading
A closer look at Kaspersky antimalware protection services
Expert Ed Tittel looks at Kaspersky antimalware product Endpoint Security, which provides multilayered protection against malware, phishing attacks and other exploits.Continue Reading
How can OSS-Fuzz and other vulnerability scanners help developers?
Google's OSS-Fuzz is an open source vulnerability scanner. Expert Matthew Pascucci looks at how developers can take advantage of this tool and others like it.Continue Reading
Details of Trend Micro Worry-Free Business Security Services
Expert Ed Tittel takes a closer look at Trend Micro Worry-Free Business Security Services, an antivirus and antimalware product for small organizations.Continue Reading
Trend Micro OfficeScan endpoint protection software and its offerings
Expert contributor Ed Tittel takes a look at Trend Micro OfficeScan, an endpoint protection product with antivirus and antimalware functionality for physical and virtualized endpoints.Continue Reading
The various offers of Microsoft System Center Endpoint Protection
Expert Ed Tittel examines System Center Endpoint Protection, Microsoft's native Windows antivirus and antimalware security product.Continue Reading
Did DDoS attacks cause the FCC net neutrality site to go down?
The FCC net neutrality comment site crashed, and it was blamed on DDoS attacks. Expert Matthew Pascucci looks at the technical side of this incident and what was behind it.Continue Reading
An in-depth look into McAfee Endpoint Threat Protection
McAfee Endpoint Threat Protection is an antimalware protection product that is designed to secure Windows systems against malware, data loss and other threats in standalone or networked environments.Continue Reading
Sophos Endpoint Protection and an overview of its features
Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more.Continue Reading
The GDPR right to be forgotten: Don't forget it
Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it.Continue Reading
What tools were used to hide fileless malware in server memory?
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend.Continue Reading
Federal Cloud Computing
In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government.Continue Reading
IPv6 addresses: Security recommendations for usage
IPv6 addresses can be used in a number of ways that can strengthen information security. Expert Fernando Gont explains the basics of IPv6 address usage for enterprises.Continue Reading
Applying cybersecurity readiness to today's enterprises
How prepared is your organization for a cyberattack? Expert Peter Sullivan outlines the seven steps enterprises need to take in order to achieve cybersecurity readiness.Continue Reading
Tools to transfer large files: How to find and buy the best
Need to transfer files within headquarters or between branches? Managed file transfer tools now offer some interesting new features.Continue Reading
Why security incident management is paramount for enterprises
Enterprises aren't truly prepared for cyber threats unless they have proper security incident management in place. Expert Peter Sullivan explains what enterprises need to know.Continue Reading
Evaluating endpoint security products for antimalware protection
Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.Continue Reading
Advanced endpoint protection takes on the latest exploits
Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints.Continue Reading
How does the Microsoft Authenticator application affect password use?
The Microsoft Authenticator application enables smartphone-based, two-factor authentication and attempts to reduce the use of passwords. Expert Matthew Pascucci explains how.Continue Reading