Features
Features
-
RSA Conference 2021: 3 hot cybersecurity trends explained
In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE. Continue Reading
-
How to secure remote access for the hybrid work model
With the post-COVID-19 hybrid work model taking shape, discover the technologies and trends analysts and IT leaders view as the anchors to ensure secure remote access. Continue Reading
-
4 ways to handle the cybersecurity skills shortage in 2021
More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how. Continue Reading
-
12 essential features of advanced endpoint security tools
In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies. Continue Reading
-
Cyber Defense Matrix makes sense of chaotic security market
The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals. Continue Reading
-
Endpoint security strategy: Focus on endpoints, apps or both?
Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both. Continue Reading
-
From EDR to XDR: Inside extended detection and response
As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms. Continue Reading
-
Despite confusion, zero-trust journey underway for many
Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading
-
6 ways to spur cybersecurity board engagement
New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow. Continue Reading
-
Buyers must navigate cybersecurity market confusion
Customer confusion in the security market stems from the number of new products designed to deal with a growing number of cyberthreats. Experts look at how to navigate it all. Continue Reading
-
SolarWinds puts national cybersecurity strategy on display
Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy. Continue Reading
-
Learn how to mitigate container security issues
The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods. Continue Reading
-
Adopting containers and preventing container security risks
When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching. Continue Reading
-
Applying web application reconnaissance to offensive hacking
Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
-
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
Nation-state hacker indictments: Do they help or hinder?
While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks. Continue Reading
-
CCISO exam guide authors discuss the changing CISO role
Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape. Continue Reading
-
Advice on how to prepare for the CompTIA Security+ exam
The CompTIA Security+ certification is a smart starting point for cybersecurity career hopefuls. Learn how to prepare for the exam, what to expect post-certification and more. Continue Reading
-
Can a new DHS cybersecurity strategy help the private sector?
The U.S. Department of Homeland Security outlines federal plans to improve public and private cybersecurity, but analysts advise caution over strategies that can't be mandated. Continue Reading
-
Feds debate while states act on data privacy laws
As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government. Continue Reading
-
Ransomware negotiations: An inside look at the process
Ransomware negotiators are brought in to communicate with cybercriminals and hopefully arrange less expensive payments. How often do they succeed? Continue Reading
-
How to set up Palo Alto security profiles
Learning how to build and implement security profiles and policies can help novice admins make sure they use Palo Alto Networks firewalls effectively to protect their network. Continue Reading
-
Author's advice on Palo Alto firewall, getting started
Interfaces, licenses, policies -- getting started with a Palo Alto Networks firewall can be confusing. Here, the author of 'Mastering Palo Alto Networks' offers his advice. Continue Reading
-
Top incident response tools to boost network protection
Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading
-
After Oldsmar: How vulnerable is US critical infrastructure?
Following the highly publicized breach of a water treatment plant in Oldsmar, Fla., industrial security experts discuss the state of critical infrastructure risk in 2021. Continue Reading
-
Explore 5 business email compromise examples to learn from
Gift cards are for gifts, never for payment. Explore real-world examples of business email compromise to learn common attack patterns and red flags. Continue Reading
-
How to become a threat hunter
Top threat hunters are creative and slightly contrarian, enabling them to think outside the box -- much like the best cybercriminals, according to one expert. Continue Reading
-
3 ransomware distribution methods popular with attackers
To prevent cyber attacks, understanding how they work is half the battle. Explore the most common ransomware distribution methods in this excerpt of 'Preventing Ransomware.' Continue Reading
-
Malware researcher speculates on the future of ransomware
Abhijit Mohanta, author of 'Preventing Ransomware,' opines on the future of ransomware and discusses why this attack is favored among cybercriminals. Continue Reading
-
Guide to cloud security management and best practices
This cloud security guide explains the challenges facing enterprises today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools. Continue Reading
-
Why developers should consider automated threat modeling
Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
-
Introducing development teams to threat modeling in SDLC
Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
-
SolarWinds fallout has enterprise CISOs on edge
As investigators uncover more about the massive SolarWinds hack, enterprise CISOs' concerns about digital supply chain security grow. Continue Reading
-
Threat detection and response tools evolve and mature
A variety of threat detection and response tools, such as XDR, are evolving into platforms to help enterprises share information and stay ahead of cybersecurity threats. Continue Reading
-
4 tips for aligning security with business objectives
Today's most effective CISOs develop cybersecurity strategies that fit their organizations' risk appetites and support business growth. Learn how they do it. Continue Reading
-
Enterprise ransomware prevention measures to enact in 2021
Enterprises must shore up their ransomware prevention efforts by strengthening security awareness, adding email controls, and developing and testing incident response plans. Continue Reading
-
5 cybersecurity lessons from the SolarWinds breach
Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading
-
Cloud security policy configuration in AWS, Azure and GCP
Explore cloud security policy configurations in AWS, Azure and GCP using native security tools in this excerpt of 'Multi-Cloud Architecture and Governance' by Jeroen Mulder. Continue Reading
-
Secure multi-cloud with architecture and governance focus
Certified enterprise and security architect Jeroen Mulder explains why multi-cloud security architecture planning should be informed by the business and customer perspectives. Continue Reading
-
The dark web in 2021: Should enterprises be worried?
SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services. Continue Reading
-
The case for applying psychology in cybersecurity training
Chartered psychologist Rebecca McKeown describes how psychology in cybersecurity can improve incident response and makes the case for a research-based approach to training. Continue Reading
-
The 5 different types of firewalls explained
Read up on the five different firewalls' similarities and differences, the three firewall deployment models and tips for choosing the firewall that best meets your company's needs. Continue Reading
-
Biometric security technology could see growth in 2021
Enterprise use of biometrics for security may see an uptick by organizations looking to defend themselves from attacks, but they must weigh the concerns against the benefits. Continue Reading
-
2021 IT priorities require security considerations
AI, IoT and 5G are among the top IT priorities for CIOs and CTOs in 2021. Is your team prepared to address each tech's security needs? Continue Reading
-
Juggle a multi-cloud security strategy with these 3 steps
Enterprise security best practices must account for changes in cloud landscapes. Learn how to overcome such challenges and bolster multi-cloud security with technology and policy. Continue Reading
-
Ransomware 'businesses': Does acting legitimate pay off?
Ransomware gangs such as Maze have portrayed themselves almost like penetration testing firms and referred to victims as 'clients.' What's behind this approach? Continue Reading
-
Preparing for GIAC Certified Incident Handler certification
The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding. Continue Reading
-
Insider risk indicators thwart potential threats
By paying attention to risk indicators, enterprises can tell the difference between insider threat and insider risk to prevent falling victim at the hands of one of their own. Continue Reading
-
Insider threat vs. insider risk: What's the difference?
Identifying, managing and mitigating insider threats is far different than protecting against insider risks. Read up on the difference and types of internal risks here. Continue Reading
-
Editor's picks: Top cybersecurity articles of 2020
As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
-
Enterprise cybersecurity threats spiked in 2020, more to come in 2021
After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021. Continue Reading
-
Technology a double-edged sword for U.S. election security
Technologies were weaponized to undermine the 2020 U.S. presidential election, but IT systems have also helped to identify fraud and verify results in a hotly contested election. Continue Reading
-
Zero-trust initiatives rely on incremental security improvements
Despite implementation challenges, enterprise security leaders see zero trust as the security model of the future and are moving forward with adoption plans. Continue Reading
-
Ethical hacker career path advice: Getting started
Matt Walker, author of a Certified Ethical Hacker exam guide and practice exam book, offers advice to career hopefuls on the profession, CEH certification and more. Continue Reading
-
7 SecOps roles and responsibilities for the modern enterprise
Now hiring: As organizations increasingly favor proactive cyber threat hunting and detection over bare-bones prevention, SecOps roles and responsibilities are shifting, too. Continue Reading
-
Security operations center use cases, strategies vary
More CISOs are turning to security operations centers to centralize infosec processes, but experience shows SOC use cases will depend on the organization's infosec objectives. Continue Reading
-
How to pass the AWS Certified Security - Specialty exam
Author of 'AWS Certified Security - Specialty Exam Guide' Stuart Scott shares insights on how to prepare for the exam and reap the professional benefits of certification. Continue Reading
-
Practice AWS Certified Security - Specialty exam questions
Explore the security and compliance capabilities of the AWS Config service to prepare for the wide-ranging AWS Certified Security - Specialty certification exam. Continue Reading
-
Compare 5 SecOps certifications and training courses
Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response. Continue Reading
-
Cybersecurity communication key to addressing risk
As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged. Continue Reading
-
Weighing the future of firewalls in a zero-trust world
Cybersecurity pros have been predicting the firewall's demise for years, yet the device is still with us. But does it have a place in zero-trust networks? One analyst says yes. Continue Reading
-
5 steps to get IoT cybersecurity and third parties in sync
Third parties often prove to be the weak links when it comes to IoT cybersecurity. Learn what you can do to minimize the risk while reaping the benefits that outside vendors bring. Continue Reading
-
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits. Continue Reading
-
Zero-trust network policies should reflect varied threats
Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading
-
Zero-trust methodology's popularity a double-edged sword
The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness. Continue Reading
-
For cybersecurity training, positive reinforcement is best
Traditional cybersecurity training methods often focus on negative reinforcement techniques, but experts say positive reinforcement is the best way to get results. Continue Reading
-
The Ghidra Book interview with co-author Kara Nance
Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
-
Blockchain or bust? Experts debate applications for elections
Blockchain has been proposed as a solution for security issues around e-voting. But some infosec experts are skeptical that the technology is the right fit for U.S. elections. Continue Reading
-
Cybersecurity budget relies on planning and negotiation
Experts from Gartner and Forrester discuss how successful cybersecurity budgeting during these uncertain times requires planning, research and negotiation. Continue Reading
-
CASB, CSPM, CWPP emerge as future of cloud security
Complexity has introduced new needs and challenges when securing cloud environments. Find out how CASB, CSPM and CWPP tools have evolved to meet the changing cloud landscape. Continue Reading
-
Explore self-sovereign identity use cases and benefits
The future of digital identity may look a lot like how we identify ourselves in real life. Learn more about self-sovereign identity use cases and features in this excerpt. Continue Reading
-
How self-sovereign identity principles suit the modern world
There are several core self-sovereign identity principles to consider before the concept can benefit the enterprise. Learn about the implications of SSI advancements in this Q&A. Continue Reading
-
Oversee apps with these 3 application security testing tools
Unsecured applications can have dire consequences for enterprises. Discover how top app security testing tools on the market today protect apps and enhance developer productivity. Continue Reading
-
Inclusive job descriptions key for infosec hiring
When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start. Continue Reading
-
Security for SaaS applications starts with collaboration
Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use. Continue Reading
-
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
-
Inclusivity a crucial step beyond diversity in cybersecurity
Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well. Continue Reading
-
Cybersecurity new normal needs change in process, CISOs say
As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal. Continue Reading
-
'Secure by Design' principles include failures, exceptions
Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines. Continue Reading
-
Exception handling best practices call for secure code design
Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples. Continue Reading
-
Hands-on guide to S3 bucket penetration testing
Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
-
How to handle Amazon S3 bucket pen testing complexity
Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading
-
Security team analyzes data breach costs for better metrics
Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations. Continue Reading
-
Security pros explain how to prevent cyber attacks
Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks. Continue Reading
-
Which type of CISO are you? Company fit matters
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you. Continue Reading
-
10 tips for cybersecurity awareness programs in uncertain times
Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you. Continue Reading
-
Security issues with working remotely (and how to fix them)
With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely. Continue Reading
-
How CISOs can deal with cybersecurity stress and burnout
Being a paramedic and working in cybersecurity taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles. Continue Reading
-
The importance of security, data encryption for cloud
As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading
-
Zero-trust framework ripe for modern security challenges
What is zero-trust security, and why deploy it now? Analysts explain its importance in the current IT era and how to get started with evaluation and implementation. Continue Reading
-
Minorities in cybersecurity face unique and lasting barriers
IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them. Continue Reading
-
Complexity exacerbates cloud cybersecurity threats
As cloud becomes intrinsic to IT, shifting roles have led to some risks being overlooked. But companies are getting smarter about alleviating cloud cybersecurity threats. Continue Reading
-
How to address and close the cloud security readiness gap
Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap. Continue Reading
-
How cyber warfare laws limit risk on a digital battleground
Retired Navy cryptologist implores enterprises to build key cyber warfare laws into their infosec strategy to improve survivability on the digital battleground in his new book. Continue Reading
-
The future of cyber warfare requires infosec's attention
The future of cyber warfare places enterprise security and survivability in the crosshairs. Learn more about cyber warfare threats and capabilities and how infosec can prepare. Continue Reading
-
Why COVID-19 won't stop cybersecurity jobs and recruitment
The economy is struggling, and many careers are taking hits, but cybersecurity jobs and careers will likely stay in demand as companies need to keep data and customers safe. Continue Reading
-
5 PCI DSS best practices to improve compliance
Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here. Continue Reading
-
Interconnected critical infrastructure increases cybersecurity risk
Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks. Continue Reading
-
Invest in new security talent with cybersecurity mentorships
Cybersecurity mentorships provide a great opportunity for those just entering the industry who want a successful start. Having the right guidance is a must. Continue Reading
-
VPC security best practices and how to implement them in AWS
To best secure network access, AWS administrators need to create rules for network resources. Learn how to implement Amazon VPC security best practices in this book excerpt. Continue Reading