Manage

Manage

Learn to apply best practices and optimize your operations.

• Tips and tricks to integrate IT and OT teams securely

  IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined. Continue Reading

• What's the role of people in IT/OT security?

  To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures. Continue Reading

• RPA security best practices include access control, system integration

  Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good. Continue Reading

• VMware's internal Service-defined Firewall reimagines firewalling

  VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments. Continue Reading

• Securing IoT involves developers, manufacturers and end users alike

  Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures? Continue Reading

• CISO challenges include building credibility within the business

  No matter what comes at them in terms of cybersecurity issues, the main CISO challenge comes down to building credibility as a trustworthy person.Continue Reading

• How to conduct proper AWS vulnerability scanning in 3 steps

  Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility model.Continue Reading

• Fitting cybersecurity frameworks into your security strategy

  Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication.Continue Reading

• IoT cybersecurity: Do third parties leave you exposed?

  IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues.Continue Reading

• Is your identity management up to the task?

  IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle.Continue Reading

• Managing identity and access well unlocks strong security

  Continue Reading

• Tackling IT security awareness training with a county CISO

  A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved.Continue Reading

• How to pass the CISSP exam on your first try: Tips to get a good score

  Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.Continue Reading

• 3 ways to shore up third-party risk management programs

  A new Nemertes research study shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams.Continue Reading

• What's the best way to approach multi-cloud security?

  Multi-cloud security can be challenging, but new tools promise to ease some of the problems associated with managing resources across multiple CSPs.Continue Reading

• IoT Cybersecurity Improvement Act calls for deployment standards

  The IoT Cybersecurity Improvement Act would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit.Continue Reading

• Office 365 security challenges and how to solve them

  To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription.Continue Reading

• Boost application security in DevOps with DevSecOps

  Without DevSecOps, application security can end up on the back burner during application development. Learn how DevSecOps can bake security back into the process.Continue Reading

• What's the best way to maintain top cybersecurity frameworks?

  Keeping top cybersecurity frameworks up to date means understanding how a business evolves and changes. What steps should you take to maintain your security strategy?Continue Reading

• How to retool incident response best practices for the digital age

  As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible.Continue Reading

• Everything you need to know about multi-cloud security

  Make multi-cloud security a reality in your organization with these tips and strategies from industry experts as you implement more cloud platforms.Continue Reading

• Build a proactive cybersecurity approach that delivers

  Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive.Continue Reading

• 4 steps to critical infrastructure protection readiness

  Government and private industry share responsibility for critical infrastructure and key resources protection. Follow four steps to understand and know who you're gonna call to protect CIKR.Continue Reading

• The case for continuous security monitoring

  When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program.Continue Reading

• Security awareness training for executives keeps whaling at bay

  Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait.Continue Reading

• How best to secure cloud computing in this critical era

  Achieving cloud security today demands you continually update your strategy, policy, tactics and tools. This collection of expert advice helps keep your cloud defenses well-tuned.Continue Reading

• The future of SIEM: What needs to change for it to stay relevant?

  Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up.Continue Reading

• Using virtual appliances for offload is a key encryption strategy

  Using a virtual appliance to process traffic is a key encryption strategy enterprises can use to improve throughput. The results are strikingContinue Reading

• 10 ways to prevent computer security threats from insiders

  Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders.Continue Reading

• Why EDR technologies are essential for endpoint protection

  In this post-perimeter era, endpoint detection and response tools can provide essential protection to thwart advanced persistent threats. Learn what EDR offers.Continue Reading

• 3 best practices for cloud security monitoring

  Cloud security monitoring can be laborious to set up, but organizations can make it easier. Learn about three best practices for cloud security monitoring and the available tools.Continue Reading

• DDoS attacks among top 5G security concerns

  DDoS attacks top the list of primary security concerns for mobile operators now that 5G wireless is advancing as the number of connected devices grows.Continue Reading

• The risks of multi-cloud security compared to single cloud

  Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise.Continue Reading

• Putting cybersecurity for healthcare on solid footing

  CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center.Continue Reading

• Are users your biggest risk? Raise IT security awareness

  Users are either your best line of defense or greatest vulnerability. Learn how attackers exploit human behavior and fight back by improving user security awareness.Continue Reading

• Top cloud security risks that keep experts up at night

  Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error.Continue Reading

• Conquering cloud security threats with awareness and tools

  Continue Reading

• How to manage email security risks and threats

  When faced with email security risks -- and who isn't? -- do you have the right tools, features, training and best practices in place to face down phishing attacks and manage other threats proactively? Start with this guide.Continue Reading

• How infrastructure as code tools improve visibility

  Visibility into cloud infrastructures and applications is important for data security. Learn how to maintain that visibility while using infrastructure as code tools.Continue Reading

• Identity and access management trends show new access roles

  Identity and access management trends reflect a changing cybersecurity landscape. Learn how IAM is changing and what you should do before buying an IAM tool.Continue Reading

• How to put AI security to work in your organization

  Countering cyberthreats through human effort alone is impossible; you need to add AI and machine learning products to your security program. Here's how to get started.Continue Reading

• AI, machine learning in cybersecurity focused on behavior

  Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now.Continue Reading

• Simplify incident response for zero-day vulnerability protection and beyond

  Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets.Continue Reading

• 4 steps to ensure virtual machine security in cloud computing

  Enterprises are now operating in a cloud-virtual world. Understanding four steps to ensure virtual machine security in cloud computing environments is crucial.Continue Reading

• Four container security vulnerabilities and how to avoid them

  Find out how container security best practices can address the four most common types of container and orchestrator vulnerabilities. Then mitigate threats with the right processes and tools.Continue Reading

• As compliance evolves, it's time to re-address data classification

  Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data.Continue Reading

• Can PDF digital signatures be trusted?

  Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures.Continue Reading

• Automating incident response with security orchestration

  Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks.Continue Reading

• How does BGP hijacking work and what are the risks?

  The lack of security protections in BGP means that route hijacking can be easy, especially for organized crime or state-backed threat actors. Here are ways to deal with it.Continue Reading

• To improve incident response capability, start with the right CSIRT

  Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability.Continue Reading

• Understanding the new breed of command-and-control servers

  Command-and-control servers are now using public cloud services, social media and other resources to evade detection. What should enterprises do to combat these threats?Continue Reading

• Top 5 email security issues to address in 2019

  The top five email security issues come from a variety of places, from email phishing to account takeovers. Our security expert recommends being vigilant and poised to take action.Continue Reading

• Weighing the cost of mitigating Spectre variant 2

  Fixes for the Spectre variant 2 vulnerability affect system performance, so some in the tech sector wonder whether they're worth it. Expert Michael Cobb examines that question.Continue Reading

• Is a Mirai botnet variant targeting unpatched enterprises?

  New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their sources and what new risks they pose.Continue Reading

• Key steps to put your zero-trust security plan into action

  There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company.Continue Reading

• Why is the N-gram content search key for threat detection?

  Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be used with Nick Lewis.Continue Reading

• How did Signal Desktop expose plaintext passwords?

  The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords were put at risk.Continue Reading

• How to deploy deep packet inspection in the cloud

  Despite privacy concerns about deep packet inspection, it can help improve cloud network security for enterprises. Expert Frank Siemons explains how to avoid potential pitfalls.Continue Reading

• How do trusted app stores release and disclose patches?

  A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis.Continue Reading

• How can credential stuffing attacks be detected?

  Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat.Continue Reading

• Why did a Cisco patch for Webex have to be reissued?

  Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch with Judith Myerson.Continue Reading

• How did Browser Reaper cause browsers to crash?

  A Mozilla vulnerability duplicated in the Browser Reaper set of DoS proofs of concept caused Chrome, Firefox and Safari to crash. Learn why and how this occurred.Continue Reading

• Should large enterprises add dark web monitoring to their security policies?

  Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find.Continue Reading

• 5-step checklist for web application security testing

  This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws.Continue Reading

• USB attacks: Big threats to ICS from small devices

  USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations.Continue Reading

• How to create a more effective application security program

  To mitigate software-related security risks, fine-tune your application security program to get the right people involved, document your standards and manage your weak points.Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.Continue Reading

• What a proactive cybersecurity stance means in 2019

  Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital.Continue Reading

• CISOs build cybersecurity business case amid attack onslaught

  Continue Reading

• Will DNS Flag Day affect you? Infoblox's Cricket Liu explains

  What is DNS Flag Day? That's when old and broken DNS servers will stop working, improving DNS performance and safety for all. Infoblox's chief DNS architect Cricket Liu explains.Continue Reading

• Cybersecurity maturity model lays out four readiness levels

  To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches.Continue Reading

• What are the best ways to prevent a SIM swapping attack?

  SIM swapping is on the rise as the use of mobile devices increases. Discover what SIM swaps are, how they work and how they can be mitigated.Continue Reading

• How can synthetic clicks aid a privilege escalation attack?

  An Apple security expert introduced the concept of synthetic clicks, which can bypass privilege escalation defenses. Find out how this new attack technique works with Nick Lewis.Continue Reading

• How can attacks bypass Windows Driver Signature Enforcement?

  Security researchers demonstrated how a new fileless attack technique can bypass a Windows kernel protection feature at Black Hat 2018. Find out how the technique works.Continue Reading

• Man-in-the-disk attack: How are Android products affected?

  Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices should be protected with Nick Lewis.Continue Reading

• Java deserialization attacks: What are they and how do they work?

  The TP-Link EAP Controller for Linux was recently found to be vulnerable to attacks. Learn from Judith Myerson what this means for users and how it can be prevented.Continue Reading

• Network shaping: How does it enable BGP attacks to divert data?

  The use of BGPsec protocols was found after looking into threat actors in China that controlled U.S. internet traffic. Discover how this technique works and how it can be mitigated.Continue Reading

• How was a credit card skimmer used to steal data from Newegg?

  Researchers believe that malicious JavaScript code was used to steal credit card data from online retailer Newegg. Learn more about this attack with Judith Myerson.Continue Reading

• Updating TLS? Use cryptographic entropy for more secure keys

  Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson.Continue Reading

• How can an authentication bypass vulnerability be exploited?

  A vulnerability was found in Western Digital's My Cloud NAS device that can be easily exploited by hackers. Discover what this vulnerability is and how users can be protected.Continue Reading

• How to block public access for AWS S3 bucket security

  AWS S3 buckets leaked millions of files, including sensitive data, by enabling public access. Learn how to block public access with expert David Shackleford.Continue Reading

• How paradigms shifting can alter the goals of attackers and defenders

  The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci.Continue Reading

• Ticketmaster breach: How did this card skimming attack work?

  The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack worked from Nick Lewis.Continue Reading

• GandCrab ransomware: How does it differ from previous versions?

  A new version of GandCrab was discovered by researchers in July 2018 and involves the use of legacy systems. Learn how this version differs and who is at risk with Nick Lewis.Continue Reading

• The benefits of using a cloud honeypot for threat intelligence

  A cloud honeypot can help enterprises gather threat intelligence. Expert Frank Siemons explains why a cloud-based honeypot deployment is preferable to a traditional one.Continue Reading

• How Big Star Labs was able to use data collecting apps

  The ad-blocking vendor AdGuard found browser extensions and apps from Big Star Labs collecting browser history data. Discover how this was accomplished with Nick Lewis.Continue Reading

• Kronos banking Trojan: How does the new variant compare?

  Proofpoint researchers found a Kronos variant after it targeted victims in Germany, Japan and Poland. Learn how this variant compares to the original banking Trojan with Nick Lewis.Continue Reading

• Why is preloading HTTP Strict Transport Security risky?

  Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS with Judith Myerson.Continue Reading

• How a flaw in Apple DEP misuses an MDM server

  Hackers are able to enroll their devices in an organization's MDM server via a flaw in Apple DEP. Expert Michael Cobb explains how hackers conduct these attacks.Continue Reading

• Faxploit: How can sending a fax compromise a network?

  Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can avoid falling victim.Continue Reading

• FragmentSmack: How is this denial-of-service exploited?

  FragmentSmack, a DDoS vulnerability first discovered in Linux, affects Windows as well as nearly 90 Cisco products. Discover how it can be exploited with Judith Myerson.Continue Reading

• How the SHA-3 competition declared a winning hash function

  NIST tested competing hash functions over a period of five years for the SHA-3 algorithm competition. Learn the details of what they discovered from Judith Myerson.Continue Reading

• L1TF: How do new vulnerabilities affect Intel processors?

  New speculative execution vulnerabilities have been found affecting Intel processors. Learn how these flaws can lead to side-channel attacks with Judith Myerson.Continue Reading

• How did WhatsApp vulnerabilities get around encryption?

  WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work and how to prevent them.Continue Reading

• How can users remove Google location tracking completely?

  Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking entirely with expert Michael Cobb.Continue Reading

• Testing applications in production vs. non-production benefits

  To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons.Continue Reading

• Marcus Ranum: Systems administration is in the 'crosshairs'

  After years of spirited debates and top-notch interviews, columnist Marcus Ranum is signing (sounding?) off with some final thoughts on the future of security.Continue Reading

• Ron Green: Keeping the payment ecosystem safe for Mastercard

  "We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014.Continue Reading

• IAM system strategy identifies metrics that work for business

  Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service.Continue Reading

• Still no answers to endpoint security protection, survey finds

  The frequency of endpoint attacks is on the rise, with 76% of IT security professionals reporting that their organization was compromised by new or zero-day (unknown) exploits.Continue Reading