Features

Features

• Next-generation firewalls vs. traditional and UTMs

  Learn the advantages of next-generation firewalls that protect enterprise networks from attacks and intrusion, as well as the differences between NGFWs and traditional firewalls.  Continue Reading

• The risks of multi-cloud security compared to single cloud

  Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise.  Continue Reading

• 5 common authentication factors to know

  Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA.  Continue Reading

• Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.  Continue Reading

• Top cloud security risks that keep experts up at night

  Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error.  Continue Reading

• How information sharing can reduce cybersecurity vulnerabilities

  Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence.  Continue Reading

• Inside 'Master134': More ad networks tied to malvertising campaign

  Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved.  Continue Reading

• Inside 'Master134': Propeller Ads connected to malvertising campaign

  A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign.  Continue Reading

• Inside 'Master134': Adsterra's history shows red flags, abuses

  Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign.  Continue Reading

• Inside 'Master134': Ad networks' 'blind eye' threatens enterprises

  Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated.  Continue Reading

• 'Master134' malvertising campaign raises questions for online ad firms

  Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop.  Continue Reading

• Inside 'Master134': ExoClick tied to previous malvertising campaigns

  Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats.  Continue Reading

• Words to go: Multi-cloud security strategy

  For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment.  Continue Reading

• 10 endpoint security products to protect your business

  Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting.  Continue Reading

• Challenges and benefits of using the Mitre ATT&CK framework

  Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started.  Continue Reading

• DHS-led agency works to visualize, share cyber-risk information

  A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain.  Continue Reading

• HPE takes aim at STEM and cybersecurity education, awareness

  HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry.  Continue Reading

• New game provides cybersecurity education for Girl Scouts

  A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game.  Continue Reading

• Symantec Web Security Service vs. Zscaler Internet Access

  Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support.  Continue Reading

• 6 questions to ask before evaluating secure web gateways

  Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway.  Continue Reading

• As compliance evolves, it's time to re-address data classification

  Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data.  Continue Reading

• Zero-trust security model primer: What, why and how

  What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders.  Continue Reading

• Find the right tool using this antimalware software comparison

  Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings.  Continue Reading

• Explore multifactor authentication products in-depth

  Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision.  Continue Reading

• USB attacks: Big threats to ICS from small devices

  USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations.  Continue Reading

• Compare the top multifactor authentication vendors

  What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products.  Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.  Continue Reading

• Top 10 CISO concerns for 2019 span a wide range of issues

  From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019.  Continue Reading

• Battling nation-state cyberattacks in a federal leadership vacuum

  Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers.  Continue Reading

• Cyber NYC initiative strives to make New York a cybersecurity hub

  New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation.  Continue Reading

• RSAC's diversity and inclusion initiative stresses equality on keynote stage

  RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference.  Continue Reading

• Infoblox's Cricket Liu explains DNS over HTTPS security issues

  Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises.  Continue Reading

• Three examples of multifactor authentication use cases

  When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation.  Continue Reading

• Purchasing multifactor authentication tools: What to consider

  Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits.  Continue Reading

• Exploring multifactor authentication benefits and technology

  Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud.  Continue Reading

• CCPA compliance begins with data inventory assessment

  In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date.  Continue Reading

• Security, compliance standards help mitigate BIOS security vulnerabilities

  Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.  Continue Reading

• Product roundup: Features of top SIEM software on the market

  Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier.  Continue Reading

• Testing email security products: Results and analysis

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies.  Continue Reading

• IAM system strategy identifies metrics that work for business

  Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service.  Continue Reading

• Threat hunting techniques move beyond the SOC

  Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated.  Continue Reading

• Testing email security products: Challenges and methodologies

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies.  Continue Reading

• Mobile security trends: app containers, app wrapping for BYOD

  Threats evolve, and so should mobile security strategies. Mike Chapple explains how an app containers and app wrapping can protect enterprise devices and corporate assets.  Continue Reading

• Cloud-first? User and entity behavior analytics takes flight

  The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.  Continue Reading

• Seven criteria for evaluating today's leading SIEM tools

  Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization.  Continue Reading

• CISOs face third-party risk management challenges

  Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.  Continue Reading

• Teramind CTO talks insider threat prevention, employee monitoring

  A fear of insider threats on Wall Street led one software engineer to start his own security company.  Continue Reading

• Diversity at cybersecurity conferences is too important to ignore

  Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage.  Continue Reading

• Innovation Women founder strives to close gender gap at conferences

  Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers.  Continue Reading

• Weighing privileged identity management tools' pros and cons

  Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company.  Continue Reading

• SIEM evaluation criteria: Choosing the right SIEM products

  Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask.  Continue Reading

• OneLogin security chief delivers new security model

  How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.  Continue Reading

• 10 unified access management questions for OneLogin CSO Justin Calmus

  Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?  Continue Reading

• SIEM benefits include efficient incident response, compliance

  SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.  Continue Reading

• Bugcrowd CTO explains crowdsourced security benefits and challenges

  In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges.  Continue Reading

• Overwhelmed by security data? Science to the rescue

  Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.  Continue Reading

• Women in cybersecurity: How to make conferences more diverse

  The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap.  Continue Reading

• Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'

  Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy.  Continue Reading

• Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

  New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.  Continue Reading

• A comprehensive guide to SIEM products

  Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security.  Continue Reading

• Cisco's chief privacy officer on the future of data after GDPR

  Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation.  Continue Reading

• Security in Network Functions Virtualization

  In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV.  Continue Reading

• Endgame's Devon Kerr on what it takes to be a threat hunter

  Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting.  Continue Reading

• Port Cybersecurity

  In this excerpt from chapter 3 of Port Cybersecurity, author Nineta Polemi discusses Security of Ports' Critical Information Infrastructures.  Continue Reading

• Accenture's Justin Harvey explains why cyber attribution isn't important

  Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution.  Continue Reading

• Seeking the Truth from Mobile Evidence

  In this excerpt from chapter 19 of Seeking the Truth from Mobile Evidence, author John Bair discusses Android user enabled security in terms of passwords and gestures.  Continue Reading

• Identify gaps in cybersecurity processes to reduce organizational risk

  Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.  Continue Reading

• Accenture's Tammy Moskites on the cybersecurity gender gap

  Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it.  Continue Reading

• Accenture's Tammy Moskites explains how the CISO position is changing

  Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing.  Continue Reading

• Business email compromise moves closer to advanced threats

  The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks.  Continue Reading

• Stranger things: IoT security concerns extend CISOs' reach

  The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities.  Continue Reading

• McAfee CISO explains why diversity in cybersecurity matters

  Improving diversity in cybersecurity teams can help improve their ability to address cybersecurity challenges through diversity of thought, suggests McAfee CISO Grant Bourzikas.  Continue Reading

• Illumio: Subtle data manipulation attacks pose serious threats

  Illumio CTO P.J. Kirner discusses the threat of data manipulation and explains why subtle, hard to detect attacks could have devastating effects on enterprises.  Continue Reading

• SOC services: How to find the right provider for your company

  SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best.  Continue Reading

• Cybersecurity defense in depth means more than ticking boxes

  F-Secure's Tom Van de Wiele explains the realities of cybersecurity defense in depth, and why companies need to have the right attitude to defend against cyberattacks.  Continue Reading

• AWS S3 bucket security falls short at high-profile companies

  Everyone is putting their data in the cloud, from IT staff to department heads. With functionality galore, basic security measures too often go unchecked.  Continue Reading

• New cloud threats as attackers embrace the power of cloud

  Safeguarding your critical data is getting harder as threat actors embrace the advantages -- and missteps -- of cloud. Here's what to watch out for in 2018.  Continue Reading

• CPE for CISSP: Top 10 ways to master continuing education

  Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.  Continue Reading

• SAP CSO Justin Somaini on using blockchain for security

  Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software.  Continue Reading

• How machine learning anomaly detection works inside SAP

  SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms.  Continue Reading

• GDPR breach notification: Time to focus on the requirements

  Some large U.S. companies have been working behind the scenes on GDPR requirements for more than a year, but there's strong evidence that many have not been as diligent.  Continue Reading

• David Neuman: The CISO position and keeping the cloud safe

  The Rackspace CISO joined the enlisted ranks in the Air Force, eventually becoming an officer with global responsibilities before moving to the private sector.  Continue Reading

• CISOs map out their cybersecurity plan for 2018

  What's on the short list for enterprise cybersecurity programs in the coming year? As attack vectors increase -- think IoT -- we ask information security leaders to discuss their plans.  Continue Reading

• Cybersecurity professionals: Lack of training leaves skills behind

  Cybersecurity professionals' increased workloads leave little time for training, leaving their skill sets -- and their companies' data security -- vulnerable to outside threats.  Continue Reading

• The top six EMM vendors offering MDM capabilities

  With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities.  Continue Reading

• Comparing the leading mobile device management products

  Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization.  Continue Reading

• Six questions to ask before buying enterprise MDM products

  Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products.  Continue Reading

• Understand the basics of mobile device management products

  Implementing MDM products has traditionally been the go-to answer for securing mobile devices, but with the role of mobile devices in the enterprise growing, admins need a more comprehensive security option.  Continue Reading

• Three enterprise scenarios for MDM products

  Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data.  Continue Reading

• Get the best botnet protection with the right array of tools

  Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.  Continue Reading

• Three reasons to implement an NAC system

  The growth in devices on the network has heightened the need for network access control products. This article presents scenarios where an enterprise might need an NAC system.  Continue Reading

• John Germain lands the new CISO position at Duck Creek

  Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats.  Continue Reading

• CISOs take notice as GPS vulnerabilities raise alarms

  GPS has been extraordinarily reliable, but there's a growing chorus of experts who say it's time to assess GPS security and consider protective strategies.  Continue Reading

• Thor's OS Xodus

  In this excerpt from chapter one of Thor's OS Xodus, author Timothy "Thor" Mullen discusses OS X, privacy, and online safety.  Continue Reading

• Security Controls Evaluation, Testing, and Assessment Handbook

  In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control.  Continue Reading

• Security for applications: What tools and principles work?

  Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job.  Continue Reading

• Transitioning to the role of CISO: Dr. Alissa Johnson

  Serving as White House deputy CIO prepared Johnson for her CISO role: "When we let the culture in a company or agency drive security governance or innovation, that's a problem."  Continue Reading

• The vulnerability management process after Equifax

  Cataclysmic security incidents highlight the importance of a vulnerability management program versus a patch management system. Here's how to implement a risk-based approach.  Continue Reading

• Are security operations centers doing enough?

  SOCs are maturing, but organizations facing the increased threat landscape understand that improving their effectiveness must be a priority in the year ahead.  Continue Reading

• The Basics of Cyber Safety

  In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.  Continue Reading