Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
What's the difference between two-step verification and 2FA?
The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains. Continue Reading
What are the latest SEC Risk Alert findings?
The latest SEC Risk Alert from the OCIE has important updates for financial services firms. Expert Mike Chapple reviews the report. Continue Reading
What enterprises need to know about Internet traffic blocking
Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic. Continue Reading
-
Comparing the best network access control products
Expert Rob Shapland takes a look at the best network access control products on the market today and examines the features and capabilities that distinguish the top vendors in this space. Continue Reading
Comparing the top big data security analytics tools
Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization. Continue Reading
What privacy regulations should enterprises follow?
The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.Continue Reading
Comparing the top vulnerability management tools
Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization.Continue Reading
Windows 10 Wi-Fi Sense for hotspot sharing: Is it safe?
Microsoft's Windows 10 Wi-Fi Sense was designed to make hotspot sharing easy, but experts debate if the security risks are real and whether the new feature offers substantial benefits and relative safety.Continue Reading
How does the new voicemail phishing scam work?
A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it.Continue Reading
Is the FedRAMP certification making a difference?
There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP.Continue Reading
-
Fortinet FortiGate UTM: Product overview
Expert Ed Tittel looks at Fortinet FortiGate UTM appliances, which combine different network infrastructure protection features into a single device.Continue Reading
Cisco Meraki MX appliances: UTM product overview
Expert Ed Tittel examines Cisco's Meraki MX UTM Appliances, a series of UTM products that combines various network security and protection features into a single device.Continue Reading
Check Point UTM Threat Prevention Appliances: Product review
Check Point UTM Threat Prevention Appliances are recognized by our reviewer as consistent software architectures that are easy to configure.Continue Reading
Seven criteria for buying vulnerability management tools
Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises.Continue Reading
The business case for vulnerability management tools
Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products.Continue Reading
Introduction to vulnerability management tools
Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers.Continue Reading
Microsoft Device Guard tackles Windows 10 malware
A new Microsoft security feature takes aim at Windows 10 malware. Expert Michael Cobb explains what enterprises should know about Device Guard.Continue Reading
Should the RC4 cipher still be used in enterprises?
A newly discovered attack can break the RC4 cipher and decrypt user cookies. Expert Michael Cobb explains the attack and the relevance of RC4 in enterprises today.Continue Reading
Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview
Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats.Continue Reading
Proofpoint Enterprise Protection: Product overview
Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats.Continue Reading
How can software transplants fix bad code?
Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology.Continue Reading
McAfee Email Protection, Security for Email Servers: Product overview
Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages.Continue Reading
Clearswift SECURE Email Gateway: Product overview
Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails.Continue Reading
Fortinet FortiMail: Product overview
Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization.Continue Reading
Cisco Email Security Appliance: Product overview
Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.Continue Reading
WMI tools make the perfect crime 'malware-free'
Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it?Continue Reading
'Going dark': Weighing the public safety costs of end-to-end encryption
'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.Continue Reading
What data breach notification policy should enterprises follow?
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.Continue Reading
Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview
Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.Continue Reading
EMC RSA Security Analytics: SIEM product overview
Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.Continue Reading
AlienVault OSSIM: SIEM Product overview
Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.Continue Reading
Splunk Enterprise: SIEM product overview
Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.Continue Reading
SolarWinds Log and Event Manager: SIEM product overview
Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.Continue Reading
IBM Security QRadar: SIEM product overview
Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.Continue Reading
LogRhythm's Security Intelligence Platform: SIEM product overview
Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.Continue Reading
Can Google's Chrome extension policy improve Web security?
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.Continue Reading
Comparing the best intrusion prevention systems
Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.Continue Reading
Comparing the top Web fraud detection systems
Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.Continue Reading
Readers’ top picks for enterprise firewalls
The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.Continue Reading
Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool
Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.Continue Reading
Three criteria for selecting the right IPS products
Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.Continue Reading
Vormetric Transparent Encryption: Product overview
Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.Continue Reading
HP Security Voltage's SecureData Enterprise: Product overview
Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.Continue Reading
Protegrity Database Protector: Database security tool overview
Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.Continue Reading
Oracle Advanced Security: Database security tool overview
Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.Continue Reading
McAfee Database Activity Monitoring: Database security tool overview
Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.Continue Reading
Imperva SecureSphere: Database security tool overview
Expert Ed Tittel examines Imperva SecureSphere Database Activity Monitoring and Database Assessment, products that are deployed as an inline bridge or as a lightweight agent to assess and monitor local database access.Continue Reading
IBM Guardium: Database security tool overview
Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities.Continue Reading
Enterprise benefits of network intrusion prevention systems
Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies.Continue Reading
Why did Anthem resist government vulnerability assessments?
Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.Continue Reading
Is a security cloud service your best endpoint defense?
Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise?Continue Reading
Can white-box cryptography save your apps?
With the Internet of Things, software-based secure elements could hold the key.Continue Reading
Choose the best vulnerability assessment tools
This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings.Continue Reading
Should security funds be dedicated to hiring or tools?
Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools?Continue Reading
The best SSL VPN products in the market
SSL VPNs are essential for securing network connections and communications. Here's a look at the best SSL VPN products in the industry.Continue Reading
Comparing the best Web application firewalls in the industry
Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading
Should the Netdump flaw deter enterprise ODL SDN use?
The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may not want to pass on OpenDayligh just yet.Continue Reading
Managed security service providers: Weighing the pros and cons
Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading
Can a new encryption trick prevent reverse engineering?
Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or HARES.Continue Reading
Comparing the top database security tools
Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision.Continue Reading
Comparing the top wireless intrusion prevention systems
Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading
Is third-party access the next IAM frontier?
Identity and access management of employees is so complex that many companies have faltered when it comes to securing programs for trusted partners.Continue Reading
Comparing the best UTM products in the industry
Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading
PCI DSS 3.1 marks the end of SSL/early TLS encryption for retailers
The early arrival of PCI DSS 3.1 could leave organizations scrambling. The biggest change to the standard -- and the top priority for organizations -- is the end of SSL and early TLS.Continue Reading
Certificate authorities are limited but new TLS versions can help
SSL/TLS, long the cornerstone of Web security, has become a security vulnerability due to problems with certificate authorities. Learn what solutions the industry is pursuing.Continue Reading
Endpoint security tools: A buyer's guide
Learn how to evaluate and buy the right endpoint security products for your organization with this antimalware buyer's guide.Continue Reading
How UTM products can benefit your enterprise network environment
Expert Ed Tittel explains why unified threat management is the right holistic IT security approach for SMBs and how it can fit into the enterprise, as well.Continue Reading
Tips for creating a data classification policy
Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading
A new trend in cybersecurity regulations could mean tougher compliance
State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading
Can simple photography beat biometric systems?
Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.Continue Reading
Network anomaly detection: The essential antimalware tool
Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware.Continue Reading
Multifactor authentication: A buyer's guide to MFA products
In this SearchSecurity buyer's guide, learn how to evaluate and procure the right multifactor authentication product for your organization.Continue Reading
Introduction to unified threat management appliances
Expert Ed Tittel describes unified threat management (UTM) appliances and features, and explains its advantages to organizations of all sizes.Continue Reading
Comparing the top SSL VPN products
Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.Continue Reading
The three enterprise benefits of SSL VPN products
Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations.Continue Reading
Symantec Endpoint Encryption: Full disk encryption product overview
Expert Karen Scarfone examines the features of Symantec Endpoint Encryption, a full disk encryption product for Windows laptops, desktops and servers.Continue Reading
Sophos SafeGuard: Full disk encryption product overview
Expert Karen Scarfone examines the features of Sophos SafeGuard, a full disk encryption product for laptops, desktops and servers.Continue Reading
Microsoft BitLocker: Full disk encryption software overview
Expert Karen Scarfone examines the features of BitLocker, Microsoft's native full disk encryption software for Windows laptops, desktops and servers.Continue Reading
McAfee Complete Data Protection: Full disk encryption product overview
Expert Karen Scarfone examines the features of McAfee Complete Data Protection, a full disk encryption product for securing client-side computers and servers.Continue Reading
Dell Data Protection | Encryption: Full disk encryption product overview
Expert Karen Scarfone examines the features of Dell Data Protection | Encryption, a full disk encryption product for securing client-side devices.Continue Reading
Check Point Full Disk Encryption product overview
Expert Karen Scarfone examines the features of Check Point Full Disk Encryption, an FDE product for securing client devices such as laptops and desktops.Continue Reading
Apple FileVault 2: Full disk encryption software overview
Expert Karen Scarfone examines the features of Apple's bundled full disk encryption software for Mac OS X, FileVault 2.Continue Reading
The top full disk encryption products on the market today
Full disk encryption can be a key component of an enterprise's desktop and laptop security strategy. Here's a look at some of the top FDE products in the industry.Continue Reading
AWS security groups vs. traditional firewalls: What's the difference?
AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.Continue Reading
The secrets of proper firewall maintenance and security testing techniques
The Verizon 2015 PCI Compliance Report cited a lack of firewall maintenance and security testing as major causes for compliances breaches. Expert Kevin Beaver offers tips to successfully manage these tasks.Continue Reading
New cyberthreats: Defending against the digital invasion
The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers.Continue Reading
Do HIPAA compliance requirements change during health crises?
Outbreaks of Ebola caused widespread fear, but should enterprises be worried about the effect on HIPAA compliance requirements? Compliance expert Mike Chapple explains.Continue Reading
What are the secrets to SIEM deployment success?
Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation.Continue Reading
Introduction to security analytics tools in the enterprise
Expert Dan Sullivan explains how security analysis and analytics tools work, and how they provide enterprises with valuable information about impending attacks or threats.Continue Reading
Is the CISO job description getting out of hand?
CISO roles and responsibilities are built on impossible standards and unrealistic expecations. Expert Joseph Granneman explains this trend and why enterprises need to reverse it.Continue Reading
Four questions to ask before buying a Web application firewall
Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.Continue Reading
What Apple Pay tokenization means for PCI DSS compliance
Tokenization is a key technology underlying Apple Pay, promising to boost payment data security. Mike Chapple examines how Apple Pay's tokenization system works, and whether it will provide any PCI DSS compliance relief.Continue Reading
Introduction to wireless intrusion prevention systems in the enterprise
Expert contributor George V. Hulme explains how wireless intrusion prevention systems (WIPS) protect enterprise networks from attacks and prying eyes.Continue Reading
Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso
There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.Continue Reading
What to look for in threat intelligence services
Acquiring access to threat intelligence services is a relatively easy way to improve the quality of attack detection throughout the network security infrastructure of your enterprise. A threat intelligence service identifies the IP addresses, ...Continue Reading
Final five considerations when evaluating intrusion detection tools
Before making an investment in an intrusion detection and prevention system, be sure to read this list of five final considerations to keep in mind during intrusion detection system evaluation.Continue Reading
Introduction to intrusion detection and prevention technologies
Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important.Continue Reading
Evaluating enterprise intrusion detection system vendors
Selecting an intrusion detection and prevention system vendor can be a time-consuming task. Get help evaluating vendors and products with this list of must-ask questions. Plus, a comprehensive vendor list.Continue Reading
Business-use scenarios for a Web application firewall deployment
Web application firewalls can be a critical security layer for many companies. Expert Brad Causey explains when and how to deploy a WAF in the enterprise.Continue Reading
What the Community Health Systems breach can teach your organization
The Community Health Systems breach in 2014 provided a learning opportunity for organizations handling PHI. Expert Mike Chapple reviews the key takeaways from the breach.Continue Reading