Symantec Corp

Security development News

  • April 12, 2017 12 Apr'17

    Security Update Guide brings growing pains to Patch Tuesday

    Microsoft fundamentally changes how IT pros will consume Patch Tuesday releases with the Security Update Guide and brings fixes for an actively exploited Word zero-day.

  • March 30, 2017 30 Mar'17

    IT ops pros adopt iterative approach to security in DevOps

    You're an ops pro, and your hair is on fire for eight different reasons. Now, your IT leadership says you must think about security in DevOps. What do you do?

  • March 14, 2017 14 Mar'17

    Nine critical Windows security bulletins in Patch Tuesday

    After its cancelled February Patch Tuesday, Microsoft's March 2017 Patch Tuesday includes nine critical Windows security bulletins targeting remote code execution flaws.

  • February 01, 2017 01 Feb'17

    In 2017, cybersecurity attacks will follow your data

    Thanks to a polarizing election, the potential ramifications of cybersecurity attacks are front and center. Your friends and relatives probably have some concept of what it is that you actually do and its importance. But the daily challenges of protecting most enterprise environments is less like The Americans than they might think. Still, it's exciting. In this issue of Information Security magazine, we look at the incoming threats in 2017 and some countermeasures that can help your organization bolster its defenses.

    Last year, we saw the internet of things used as a beachhead in larger cybersecurity attacks. Many devices now use cloud-based systems to communicate. They regularly send status updates to the cloud server and retrieve new commands to execute. Weak and incorrectly implemented authentication between device and cloud is often the point of failure that can be exploited to either attack the cloud infrastructure or the device. So far, destructive attacks are not common and are mostly limited to distributed denial-of-service attacks, which do not cause permanent damage. But future attacks, if they are combined with ransom demands, may destroy devices intentionally.

    Breaches of cloud storage that modify data instead of just "stealing" it and vulnerabilities in microservices environments are other areas in which attackers may get more leverage. With the emergence of cloud-based microservices, this problem will only become worse. Instead of including a library in software shipped to clients, the software now relies on cloud-based web services to perform certain functions. We look at what is coming next and ways to mitigate these cybersecurity attacks.

View All News

Security development Get Started

Bring yourself up to speed with our introductory content

View All Get Started

Evaluate Security development Vendors & Products

Weigh the pros and cons of technologies, products and projects you are considering.

View All Evaluate

Manage Security development

Learn to apply best practices and optimize your operations.

  • Developing consistent information security policy management

    Never-ending network challenges mean IT and business leaders need to adopt a unified information security policy management platform. Continue Reading

  • Leaky enterprise? Data loss tops mobile security threats

    Many CISOs are now in the hot seat, seeking better ways to embrace mobility while combating high-priority mobile security threats. As mobile devices become productivity tools, security professionals need to pay attention to data classification and mobile risk assessment. Failed attempts to safeguard enterprise data by banning mobile data access or locking down smartphones and tablets demonstrate a pressing need for more effective strategies against mobile security threats. We explore pitfalls to avoid and best practices that have proven effective. Learn about emerging technologies -- from containerized apps to context-aware policies -- that can help your enterprise stop costly mobile data leaks.

    Integration and better performance is the name of the game as enterprise firewalls offer greater visibility, next-generation IPS and advanced threat functionality without slowing down the network. We asked readers who plan to invest in security technology in the next the 12 months which enterprise firewalls and advanced threat detection tools made it onto their short lists. We unveil Readers’ Top Picks for enterprise firewalls from perimeter to next generation systems. We also ask them about the layers of defense, namely advanced threat detection, that they seek for these security appliances. Finally, keeping up with technology advances can become a full-time job. We ask CISOs what strategies they adopt to follow the latest tech and how they find benchmarks to determine its enterprise effectiveness. Continue Reading

  • Does your system design eliminate the top 10 software security flaws?

    Marcus Ranum chats with Gary McGraw about secure system design and the IEEE Computer Center for Secure Design’s top 10 list of what to avoid. Continue Reading

View All Manage

Problem Solve Security development Issues

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

View All Problem Solve