Tips
Tips
-
Top 6 password hygiene tips and best practices
Passwords enable users to access important accounts and data, making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
-
Physical pen testing methods and tools
While companies regularly conduct network penetration tests, they may overlook physical office security. Here's how attackers -- with a baseball cap and smartphone -- get in. Continue Reading
-
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
Using the FAIR model to quantify cyber-risk
The Factor Analysis of Information Risk methodology helps organizations frame their cyber-risk exposure as a business issue and quantify it in financial terms. Learn how FAIR works. Continue Reading
-
How to land a corporate board seat as a CISO
Any CISO who aspires to a corporate board seat needs a strategic approach. Learn how security executives can position themselves to become top-level decision-makers. Continue Reading
-
How to use Wireshark to sniff and scan network traffic
Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
-
5 common browser attacks and how to prevent them
Browsers are critical components of any organization, especially with the rise of web apps. Security teams and users must, therefore, know how to avoid common browser attacks. Continue Reading
-
How to develop a cybersecurity strategy: Step-by-step guide
A cybersecurity strategy isn't meant to be perfect, but it must be proactive, effective, actively supported and evolving. Here are the four steps required to get there. Continue Reading
-
3 phases of the third-party risk management lifecycle
Contractors and other third parties can make systems more vulnerable to cyber attacks. The third-party risk management lifecycle helps ensure outside vendors protect your data. Continue Reading
-
How to train employees to avoid ransomware
Do your employees know what to do if ransomware strikes? As your organization's first line of defense, they should receive regular trainings on ransomware prevention and detection. Continue Reading
-
How to remove ransomware, step by step
Prevention is key when it comes to ransomware infections. But there are ways to recover data if a device is compromised. Uncover four key steps to ransomware removal. Continue Reading
-
The 10 biggest ransomware attacks in history
From private organizations and manufacturers to healthcare organizations and entire countries, read up on 10 of the most famous ransomware attacks of all time. Continue Reading
-
6 stages of the ransomware lifecycle
Know thy enemy. By understanding the nuances of the ransomware lifecycle, enterprise security teams can best protect their organizations from attacks. Continue Reading
-
10 antimalware tools for ransomware protection and removal
Businesses face billions of malware and ransomware threats each year. Antimalware tools can help enterprises protect their networks and limit any damages that may occur. Continue Reading
-
How to prevent ransomware in 6 steps
Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices, from defense in depth to patch management, to keep attackers out. Continue Reading
-
Cut through cybersecurity vendor hype with these 6 tips
Cybersecurity vendor hype can make purchasing decisions difficult. When considering a new product or service, think critically about whether it would truly add business value. Continue Reading
-
How to recover from a ransomware attack
With a ransomware recovery plan, organizations can act quickly to prevent data loss without descending into chaos. Learn the six steps to incorporate into your plan. Continue Reading
-
Enterprise dark web monitoring: Why it's worth the investment
Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets. Continue Reading
-
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
-
5 digital forensics tools experts use in 2023
A data breach prompts law enforcement and affected organizations to investigate. These five digital forensics tools help with evidence collection and incident response. Continue Reading
-
Top 3 ransomware attack vectors and how to avoid them
Protecting your organization against these three common ransomware attack entryways could mean the difference between staying safe or falling victim to a devastating breach. Continue Reading
-
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
-
8 vulnerability management tools to consider in 2023
Vulnerability management tools help organizations identify and remediate system and application weaknesses and more. Choose your tool -- or tools -- carefully. Continue Reading
-
How honey tokens support cyber deception strategies
Learn how to flip the script on malicious hackers with honey tokens, which act like tripwires to reveal an attacker's presence. Continue Reading
-
Improve IAM with identity threat detection and response
Attackers increasingly target user accounts to gain access. Identity threat detection and response offers organizations a way to improve security for identity-based systems. Continue Reading
-
How to avoid LinkedIn phishing attacks in the enterprise
Organizations and users need to be vigilant about spotting LinkedIn phishing attacks by bad actors on the large business social media platform. Learn how to foil the attempts. Continue Reading
-
5 steps to approach BYOD compliance policies
It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
-
API keys: Weaknesses and security best practices
API keys are not a replacement for API security. They only offer a first step in authentication -- and they require additional security measures to keep them protected. Continue Reading
-
Supercloud security concerns foreshadow concept's adoption
Supercloud lets applications work together across multiple cloud environments, but organizations must pay particular attention to how they protect their assets. Continue Reading
-
Rein in cybersecurity tool sprawl with a portfolio approach
Market consolidation can counterintuitively exacerbate cybersecurity tool sprawl, with many products offering overlapping features. A portfolio approach brings clarity to chaos. Continue Reading
-
The history, evolution and current state of SIEM
SIEM met the need for a security tool that could pinpoint threats in real time. But new threats mean that the next evolution of SIEM will offer even more firepower. Continue Reading
-
IaC security scanning tools, features and use cases
Infrastructure-as-code templates help organizations track cloud assets and other important items. Proper IaC scanning can help companies avoid potential security pitfalls. Continue Reading
-
Enterprise risk management should inform cyber-risk strategies
Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business. Continue Reading
-
How API gateways improve API security
API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices. Continue Reading
-
Top 10 threat modeling tools, plus features to look for
Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process. Continue Reading
-
Plan ahead to reduce cloud forensics challenges
Laying out a detailed framework that governs how -- and how quickly -- information is shared by CSPs can help ease the problems associated with collecting forensics data. Continue Reading
-
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
-
Cyber-risk quantification benefits and best practices
It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss. Continue Reading
-
Use IoT hardening to secure vulnerable connected devices
IoT and industrial IoT innovation continue to thrive, but IoT device security continues to be an afterthought. Companies should harden connected devices to remain protected. Continue Reading
-
Risk assessment vs. threat modeling: What's the difference?
Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data. Continue Reading
-
How to calculate cybersecurity ROI with concrete metrics
Calculating and communicating cybersecurity ROI can help persuade top management to invest. Here's how to use meaningful, concrete metrics. Continue Reading
-
Benefits of risk-based vulnerability management over legacy VM
Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization. Continue Reading
-
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
-
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain. Continue Reading
-
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
-
Low-code/no-code use cases for security
Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to benefit the security industry, too. Continue Reading
-
Smart contract benefits and best practices for security
While smart contracts promise enormous benefits in the enterprise, they also present opportunities for cybercriminals. Explore best practices to keep them secure. Continue Reading
-
9 smart contract vulnerabilities and how to mitigate them
Smart contracts execute tasks automatically when specific events occur, and often handle large data and resource flows. This makes them particularly attractive to attackers. Continue Reading
-
How to conduct a smart contract audit and why it's needed
Smart contracts ensure the integrity of transactions, such as those that initiate key services. A smart contract audit is one way to ensure the programs work as designed. Continue Reading
-
Top breach and attack simulation use cases
While pen tests offer a point-in-time report on the security of an organization's security defenses, breach and attack simulations offer regular or even constant status checks. Continue Reading
-
How to build a better vulnerability management program
With a vulnerability management program in place, your organization is better equipped to identify and mitigate security vulnerabilities in people, processes and technologies. Continue Reading
-
5 SBOM tools to start securing the software supply chain
Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications. Continue Reading
-
How to reduce risk with cloud attack surface management
Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
-
How to create an SBOM, with example and template
SBOMs help organizations inventory every component in their software. This free template, which includes an SBOM example, can help you secure your own software supply chain. Continue Reading
-
How to prepare for a cybersecurity audit
Organizations should conduct regular cybersecurity audits to determine if their networks and other assets are properly protected, as well as if they meet compliance mandates. Continue Reading
-
Generative AI in SecOps and how to prepare
Generative AI assistants could be game changers in the SOC -- but not if SecOps teams haven't prepared for them. Here's how to get ready. Continue Reading
-
How to build a cybersecurity deception program
In 'The Art of War,' Sun Tzu declared, 'All warfare is based on deception.' Learn how to apply this principle in the enterprise by building a cybersecurity deception program. Continue Reading
-
How to use a CASB to manage shadow IT
Shadow IT can cost organizations time, money and security. One way to combat unauthorized use of applications is to deploy a CASB. Continue Reading
-
How to fix the top 5 API vulnerabilities
APIs are more ubiquitous than ever, but many are still subject to well-known and often easily preventable vulnerabilities. Continue Reading
-
Centralized vs. decentralized identity management explained
With decentralized identity, organizations can worry less about data security and privacy, while users get more control over their information. But it's not without challenges. Continue Reading
-
5 ChatGPT security risks in the enterprise
Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
-
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
-
How to mitigate low-code/no-code security challenges
Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks. Continue Reading
-
Compare breach and attack simulation vs. penetration testing
A deep dive into breach and attack simulation vs. penetration testing shows both tools prevent perimeter and data breaches. Find out how they complement each other. Continue Reading
-
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
-
4 cloud API security best practices
APIs make up the majority of web traffic now, but they aren't always kept as secure as needed. Consider implementing these four cloud API security best practices. Continue Reading
-
Is cybersecurity recession-proof?
No field is totally immune to economic downturns, but flexible, practical and prepared cybersecurity professionals should be able to weather any upcoming storms. Continue Reading
-
Web 3.0 security risks: What you need to know
Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0. Continue Reading
-
What reverse shell attacks are and how to prevent them
Attackers use reverse shells to covertly attack an organization's environment. Discover what a reverse shell is and how to mitigate such attacks. Continue Reading
-
What cybersecurity consolidation means for enterprises
Experts predict cybersecurity consolidation will increase in the months and years ahead. Security leaders should consider what that means for their purchasing strategies. Continue Reading
-
5 ethical hacker certifications to consider
From Offensive Security Certified Professional to GIAC Web Application Penetration Tester, learn about the certifications worth earning to begin your ethical hacker career. Continue Reading
-
How cyber deception technology strengthens enterprise security
They say the best defense is a good offense. Cyber deception puts that philosophy into practice in the enterprise, using a combination of technology and social engineering. Continue Reading
-
8 cybersecurity roles to consider
Cybersecurity is an exciting and increasingly important field with a wealth of career opportunities. Explore eight cybersecurity roles and the skills, talent and experience required. Continue Reading
-
How to select a security analytics platform, plus vendor options
Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
-
Top 10 ICS cybersecurity threats and challenges
Industrial control systems are subject to both unique and common cybersecurity threats and challenges. Learn about the top ones here and how to mitigate them. Continue Reading
-
How to prevent and detect lateral movement attacks
Reduce the success of lateral movement attacks by performing these eight key cybersecurity activities at strategic, operational and proactive levels. Continue Reading
-
What is Triple DES and why is it being disallowed?
Triple DES no longer provides the encryption strength it once did. Prepare now to transition away from its use to a more security alternative. Continue Reading
-
How to prevent and mitigate process injection
Process injection is a defense evasion technique that helps attackers hide from enterprise security systems. Learn how it works and how to mitigate it. Continue Reading
-
What enumeration attacks are and how to prevent them
Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
-
Low-code/no-code security risks climb as tools gain traction
Organizations are looking for ways to reduce their application development costs, but automated coding can usher in some unpleasant surprises if you're unprepared. Continue Reading
-
What are the differences between su and sudo commands?
Linux administrators have choices when deciding how to delegate privileges. Learn about the options they can take while ensuring their operations remain secure. Continue Reading
-
As a new CISO, the first 100 days on the job are critical
As a chief information security officer, you won't get a second chance to make a first impression. Learn how a CISO's first 100 days lay the foundation for a successful tenure. Continue Reading
-
How to implement least privilege access in the cloud
More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud. Continue Reading
-
Top 5 key ethical hacker skills
Ethical hacking can be a rewarding career, but it requires tenacity, curiosity and creativity, among other traits. Oh, and you better be a good writer, too. Continue Reading
-
Top 5 vulnerability scanning tools for security teams
Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more. Continue Reading
-
Industrial control system security needs ICS threat intelligence
Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
-
Top Kali Linux tools and how to use them
Learning to use Kali Linux is a journey, the first step of which is discovering which of the hundreds of cybersecurity tools included are most relevant to the task at hand. Continue Reading
-
Reality check: CISO compensation packages run the gamut
A capable security executive is invaluable -- a fact organizations increasingly recognize. CISOs' salaries are generally trending up, but the range in compensation is wide. Continue Reading
-
How Wireshark OUI lookup boosts network security
Learn why using Wireshark OUI lookup for tracking devices by their network interface's organizationally unique identifier is such an important tool for security pros. Continue Reading
-
Common lateral movement techniques and how to prevent them
Lateral movement techniques enable attackers to dig deeper into compromised environments. Discover what lateral movement attacks are and four attack techniques. Continue Reading
-
Types of vulnerability scanning and when to use each
Vulnerability scanning gives companies a key weapon when looking for security weaknesses. Discovery, assessment and threat prioritization are just a few of its benefits. Continue Reading
-
Ideal CISO reporting structure is to high-level business leaders
CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
-
Types of cloud malware and how to defend against them
Cloud malware isn't going away anytime soon, but organizations have a growing number of tools at their disposal to combat the threat. Continue Reading
-
Why it's time to expire mandatory password expiration policies
Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security. Continue Reading
-
Top security-by-design frameworks
Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
-
6 ways to prevent privilege escalation attacks
Privileges dictate the access a user or device gets on a network. Hackers who access these privileges can create tremendous damage. But there are ways to keep your networks safe. Continue Reading
-
The top 5 ethical hacker tools to learn
Ethical hackers have a wealth of tools at their disposal that search for vulnerabilities in systems. Learn about five such tools that should be part of any hacker's tool set. Continue Reading
-
How to manage and reduce secret sprawl
Secret sprawl plagues companies, making them vulnerable to data breaches. Discover what causes secret sprawl and how to better protect secrets. Continue Reading
-
Compare vulnerability assessment vs. vulnerability management
Vulnerability assessments and vulnerability management are different but similar-sounding security terms. Discover their similarities and differences. Continue Reading
-
An overview of the CISA Zero Trust Maturity Model
A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading