Features

Features

• Digital transformation redefines cybersecurity skills, careers

  The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think.  Continue Reading

• How to pass the CISSP exam on your first try: Tips to get a good score

  Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more.  Continue Reading

• Quantum computers mean cryptography needs to change, and soon

  As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront.  Continue Reading

• IoT Cybersecurity Improvement Act calls for deployment standards

  The IoT Cybersecurity Improvement Act would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit.  Continue Reading

• Portrait of a CISO: Roles and responsibilities

  Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate.  Continue Reading

• Understand the basics of email security gateways

  Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these products get the job done.  Continue Reading

• 5 best practices to choose the right email security software

  Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise.  Continue Reading

• Cisco engineer: Why we need more women in cybersecurity

  Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap.  Continue Reading

• Cybersecurity skills shortage prompts new hiring approach

  Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting.  Continue Reading

• How does an island hopping attack work?

  Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them.  Continue Reading

• Building a threat intelligence framework: Here's how

  A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know.  Continue Reading

• Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

  Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents.  Continue Reading

• Words to go: Identity and access management security

  IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms.  Continue Reading

• Build a proactive cybersecurity approach that delivers

  Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive.  Continue Reading

• Biometric authentication terms to know

  Consumers are on board with biometric authentication, but enterprises aren't so sure. Here's a breakdown of the must-know terms for companies considering biometric authentication.  Continue Reading

• As cloud complexities increase, cybersecurity skills gap worsens

  Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments.  Continue Reading

• SANS security awareness credential paves new career path

  The SANS Security Awareness Professional credential gives enterprises a new method to recognize and promote cybersecurity awareness in the organization.  Continue Reading

• Red alerts: Inside Cisco's incident response best practices

  Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises.  Continue Reading

• Security awareness training for executives keeps whaling at bay

  Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait.  Continue Reading

• Explore this NGFW comparison of leading vendors on the market

  Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision  Continue Reading

• Dark data raises challenges, opportunities for cybersecurity

  Dark data is the data enterprises didn't know they had. Splunk CTO Tim Tully explains where this data is hiding, why it's important and how to use and secure it.  Continue Reading

• 10 ways to prevent computer security threats from insiders

  Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders.  Continue Reading

• IT pros stress importance of security awareness training

  End-user naiveté can lead to costly data breaches, underscoring the critical importance of security awareness training. Learn how phishing simulation tools can help.  Continue Reading

• What makes BSA's secure software development framework unique?

  BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all.  Continue Reading

• Words to go: GPS tracking security

  GPS and location-based services may be some of the most significant recent technological advancements, but they can also put personal privacy in jeopardy.  Continue Reading

• Women in cybersecurity work to grow voice in US lawmaking

  To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress.  Continue Reading

• 6 firewall selection criteria to purchase NGFWs

  These six key factors will help your company determine the best NGFW product for your organization's needs.  Continue Reading

• DDoS attacks among top 5G security concerns

  DDoS attacks top the list of primary security concerns for mobile operators now that 5G wireless is advancing as the number of connected devices grows.  Continue Reading

• Next-generation firewall comparison based on company needs

  Compare leading next-generation firewalls to help find the option that best fits your IT environment and security needs.  Continue Reading

• Next-generation firewalls vs. traditional and UTMs

  Learn the advantages of next-generation firewalls that protect enterprise networks from attacks and intrusion, as well as the differences between NGFWs and traditional firewalls.  Continue Reading

• The risks of multi-cloud security compared to single cloud

  Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise.  Continue Reading

• 5 common authentication factors to know

  Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA.  Continue Reading

• Huawei ban highlights 5G security issues CISOs must tackle

  Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network.  Continue Reading

• Top cloud security risks that keep experts up at night

  Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error.  Continue Reading

• How information sharing can reduce cybersecurity vulnerabilities

  Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence.  Continue Reading

• Inside 'Master134': Propeller Ads connected to malvertising campaign

  A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign.  Continue Reading

• Inside 'Master134': Ad networks' 'blind eye' threatens enterprises

  Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated.  Continue Reading

• 'Master134' malvertising campaign raises questions for online ad firms

  Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop.  Continue Reading

• Inside 'Master134': ExoClick tied to previous malvertising campaigns

  Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats.  Continue Reading

• Inside 'Master134': More ad networks tied to malvertising campaign

  Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved.  Continue Reading

• Inside 'Master134': Adsterra's history shows red flags, abuses

  Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign.  Continue Reading

• Words to go: Multi-cloud security strategy

  For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment.  Continue Reading

• 10 endpoint security products to protect your business

  Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting.  Continue Reading

• Challenges and benefits of using the Mitre ATT&CK framework

  Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started.  Continue Reading

• DHS-led agency works to visualize, share cyber-risk information

  A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain.  Continue Reading

• HPE takes aim at STEM and cybersecurity education, awareness

  HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry.  Continue Reading

• New game provides cybersecurity education for Girl Scouts

  A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game.  Continue Reading

• Symantec Web Security Service vs. Zscaler Internet Access

  Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support.  Continue Reading

• 6 questions to ask before evaluating secure web gateways

  Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway.  Continue Reading

• As compliance evolves, it's time to re-address data classification

  Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data.  Continue Reading

• Zero-trust security model primer: What, why and how

  What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders.  Continue Reading

• Find the right tool using this antimalware software comparison

  Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings.  Continue Reading

• Explore multifactor authentication products in-depth

  Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision.  Continue Reading

• USB attacks: Big threats to ICS from small devices

  USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations.  Continue Reading

• Compare the top multifactor authentication vendors

  What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products.  Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations.  Continue Reading

• Top 10 CISO concerns for 2019 span a wide range of issues

  From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019.  Continue Reading

• Battling nation-state cyberattacks in a federal leadership vacuum

  Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers.  Continue Reading

• Cyber NYC initiative strives to make New York a cybersecurity hub

  New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation.  Continue Reading

• RSAC's diversity and inclusion initiative stresses equality on keynote stage

  RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference.  Continue Reading

• Infoblox's Cricket Liu explains DNS over HTTPS security issues

  Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises.  Continue Reading

• Three examples of multifactor authentication use cases

  When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation.  Continue Reading

• Purchasing multifactor authentication tools: What to consider

  Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits.  Continue Reading

• Exploring multifactor authentication benefits and technology

  Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud.  Continue Reading

• CCPA compliance begins with data inventory assessment

  In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date.  Continue Reading

• Security, compliance standards help mitigate BIOS security vulnerabilities

  Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.  Continue Reading

• Product roundup: Features of top SIEM software on the market

  Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier.  Continue Reading

• Testing email security products: Results and analysis

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies.  Continue Reading

• IAM system strategy identifies metrics that work for business

  Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service.  Continue Reading

• Threat hunting techniques move beyond the SOC

  Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated.  Continue Reading

• Testing email security products: Challenges and methodologies

  Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies.  Continue Reading

• Mobile security trends: app containers, app wrapping for BYOD

  Threats evolve, and so should mobile security strategies. Mike Chapple explains how an app containers and app wrapping can protect enterprise devices and corporate assets.  Continue Reading

• Cloud-first? User and entity behavior analytics takes flight

  The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.  Continue Reading

• Seven criteria for evaluating today's leading SIEM tools

  Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization.  Continue Reading

• CISOs face third-party risk management challenges

  Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.  Continue Reading

• Teramind CTO talks insider threat prevention, employee monitoring

  A fear of insider threats on Wall Street led one software engineer to start his own security company.  Continue Reading

• Diversity at cybersecurity conferences is too important to ignore

  Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage.  Continue Reading

• Innovation Women founder strives to close gender gap at conferences

  Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers.  Continue Reading

• Weighing privileged identity management tools' pros and cons

  Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company.  Continue Reading

• SIEM evaluation criteria: Choosing the right SIEM products

  Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask.  Continue Reading

• OneLogin security chief delivers new security model

  How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.  Continue Reading

• 10 unified access management questions for OneLogin CSO Justin Calmus

  Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?  Continue Reading

• SIEM benefits include efficient incident response, compliance

  SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting.  Continue Reading

• Bugcrowd CTO explains crowdsourced security benefits and challenges

  In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges.  Continue Reading

• Overwhelmed by security data? Science to the rescue

  Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.  Continue Reading

• Women in cybersecurity: How to make conferences more diverse

  The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap.  Continue Reading

• Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'

  Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy.  Continue Reading

• Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

  New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.  Continue Reading

• A comprehensive guide to SIEM products

  Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security.  Continue Reading

• Cisco's chief privacy officer on the future of data after GDPR

  Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation.  Continue Reading

• Security in Network Functions Virtualization

  In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV.  Continue Reading

• Endgame's Devon Kerr on what it takes to be a threat hunter

  Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting.  Continue Reading

• Port Cybersecurity

  In this excerpt from chapter 3 of Port Cybersecurity, author Nineta Polemi discusses Security of Ports' Critical Information Infrastructures.  Continue Reading

• Accenture's Justin Harvey explains why cyber attribution isn't important

  Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution.  Continue Reading

• Seeking the Truth from Mobile Evidence

  In this excerpt from chapter 19 of Seeking the Truth from Mobile Evidence, author John Bair discusses Android user enabled security in terms of passwords and gestures.  Continue Reading

• Identify gaps in cybersecurity processes to reduce organizational risk

  Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.  Continue Reading

• Accenture's Tammy Moskites on the cybersecurity gender gap

  Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it.  Continue Reading

• Accenture's Tammy Moskites explains how the CISO position is changing

  Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing.  Continue Reading

• Business email compromise moves closer to advanced threats

  The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks.  Continue Reading

• Stranger things: IoT security concerns extend CISOs' reach

  The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities.  Continue Reading