Features
Features
-
Digital transformation redefines cybersecurity skills, careers
The move toward digital business processes has forced companies to reconsider how they find cybersecurity talent, but finding the right skills may be easier than CISOs think. Continue Reading
-
How to pass the CISSP exam on your first try: Tips to get a good score
Want to become a CISSP? Here's everything you need to know, such as how difficult the exam is, tips for studying, what's needed to obtain a passing score and more. Continue Reading
-
Quantum computers mean cryptography needs to change, and soon
As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront. Continue Reading
-
IoT Cybersecurity Improvement Act calls for deployment standards
The IoT Cybersecurity Improvement Act would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit. Continue Reading
-
Portrait of a CISO: Roles and responsibilities
Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Continue Reading
-
Understand the basics of email security gateways
Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these products get the job done. Continue Reading
-
5 best practices to choose the right email security software
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise. Continue Reading
-
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
-
Cybersecurity skills shortage prompts new hiring approach
Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and recreation background can be an asset in threat hunting. Continue Reading
-
How does an island hopping attack work?
Hackers know better than to directly attack a well-defended target; learn how they use island hopping attack strategies to elude defenders -- and how best to repel them. Continue Reading
-
Building a threat intelligence framework: Here's how
A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading
-
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
-
Words to go: Identity and access management security
IT pros must keep up to date with rapidly changing identity technology and access threats. Help protect IAM security by getting familiar with this list of foundation terms. Continue Reading
-
Build a proactive cybersecurity approach that delivers
Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading
-
Biometric authentication terms to know
Consumers are on board with biometric authentication, but enterprises aren't so sure. Here's a breakdown of the must-know terms for companies considering biometric authentication. Continue Reading
-
As cloud complexities increase, cybersecurity skills gap worsens
Concerns about the lack of security expertise persist, according to respondents in a new CSA survey of IT and security professionals on complexities within native cloud, hybrid and multi-cloud environments. Continue Reading
-
SANS security awareness credential paves new career path
The SANS Security Awareness Professional credential gives enterprises a new method to recognize and promote cybersecurity awareness in the organization. Continue Reading
-
Red alerts: Inside Cisco's incident response best practices
Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises. Continue Reading
-
Security awareness training for executives keeps whaling at bay
Security awareness training for executives teaches an enterprise's biggest fish to recognize potential whaling attacks -- before they take the bait. Continue Reading
-
Explore this NGFW comparison of leading vendors on the market
Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision Continue Reading
-
Dark data raises challenges, opportunities for cybersecurity
Dark data is the data enterprises didn't know they had. Splunk CTO Tim Tully explains where this data is hiding, why it's important and how to use and secure it. Continue Reading
-
10 ways to prevent computer security threats from insiders
Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders. Continue Reading
-
IT pros stress importance of security awareness training
End-user naiveté can lead to costly data breaches, underscoring the critical importance of security awareness training. Learn how phishing simulation tools can help. Continue Reading
-
What makes BSA's secure software development framework unique?
BSA rolled out a new secure software development framework in an effort to promote best practices for secure software development and improve security for all. Continue Reading
-
Words to go: GPS tracking security
GPS and location-based services may be some of the most significant recent technological advancements, but they can also put personal privacy in jeopardy. Continue Reading
-
Women in cybersecurity work to grow voice in US lawmaking
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress. Continue Reading
-
6 firewall selection criteria to purchase NGFWs
These six key factors will help your company determine the best NGFW product for your organization's needs. Continue Reading
-
DDoS attacks among top 5G security concerns
DDoS attacks top the list of primary security concerns for mobile operators now that 5G wireless is advancing as the number of connected devices grows. Continue Reading
-
Next-generation firewall comparison based on company needs
Compare leading next-generation firewalls to help find the option that best fits your IT environment and security needs. Continue Reading
-
Next-generation firewalls vs. traditional and UTMs
Learn the advantages of next-generation firewalls that protect enterprise networks from attacks and intrusion, as well as the differences between NGFWs and traditional firewalls. Continue Reading
-
The risks of multi-cloud security compared to single cloud
Single-cloud architecture poses some challenges, which has led to a new trend in adopting multi-cloud designs. Discover whether multi-cloud is right for your enterprise. Continue Reading
-
5 common authentication factors to know
Multifactor authentication is a security system that requires two or more authentication steps to verify the user's identity. Discover the most important terms related to MFA. Continue Reading
-
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
-
Top cloud security risks that keep experts up at night
Hackers are after your assets in the cloud. Here's how they get in and what you can do to plug security holes, starting with minimizing the risks created through human error. Continue Reading
-
How information sharing can reduce cybersecurity vulnerabilities
Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence. Continue Reading
-
Inside 'Master134': Propeller Ads connected to malvertising campaign
A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign. Continue Reading
-
Inside 'Master134': Ad networks' 'blind eye' threatens enterprises
Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated. Continue Reading
-
'Master134' malvertising campaign raises questions for online ad firms
Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop. Continue Reading
-
Inside 'Master134': ExoClick tied to previous malvertising campaigns
Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats. Continue Reading
-
Inside 'Master134': More ad networks tied to malvertising campaign
Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved. Continue Reading
-
Inside 'Master134': Adsterra's history shows red flags, abuses
Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign. Continue Reading
-
Words to go: Multi-cloud security strategy
For many enterprises, implementing multi-cloud security is complicated. Here's a breakdown of the must-know multi-cloud terms for organizations setting up this type of deployment. Continue Reading
-
10 endpoint security products to protect your business
Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting. Continue Reading
-
Challenges and benefits of using the Mitre ATT&CK framework
Taking the first step might be the biggest hurdle to using the Mitre ATT&CK cybersecurity framework. Find out more about the benefits, challenges and how to get started. Continue Reading
-
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
HPE takes aim at STEM and cybersecurity education, awareness
HPE CISO Liz Joyce worked with the Girl Scouts on an educational cybersecurity game for girls and ensures HPE's Women in Cybersecurity encourages more women to join the industry. Continue Reading
-
New game provides cybersecurity education for Girl Scouts
A new game provides cybersecurity education for Girl Scouts, who can earn virtual and real badges by playing. HPE's Liz Joyce talks about the partnership that led to the game. Continue Reading
-
Symantec Web Security Service vs. Zscaler Internet Access
Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support. Continue Reading
-
6 questions to ask before evaluating secure web gateways
Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway. Continue Reading
-
As compliance evolves, it's time to re-address data classification
Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data. Continue Reading
-
Zero-trust security model primer: What, why and how
What exactly is a zero-trust security model? This primer explains the basics about the philosophy behind how designing a security architecture strictly limits access to all, not just outsiders. Continue Reading
-
Find the right tool using this antimalware software comparison
Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings. Continue Reading
-
Explore multifactor authentication products in-depth
Discover some of the best multifactor authentication products currently on the market based on target industry and main features to help you make a final buying decision. Continue Reading
-
USB attacks: Big threats to ICS from small devices
USB devices can carry malware that can wreak havoc on industrial control systems. Expert Ernie Hayden explores the history of USB attacks and possible mitigations. Continue Reading
-
Compare the top multifactor authentication vendors
What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products. Continue Reading
-
CISO tackles banking cybersecurity and changing roles
Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading
-
Top 10 CISO concerns for 2019 span a wide range of issues
From dealing with data and staffing shortages to adapting to an ever-expanding set of job responsibilities, CISOs face an array of serious issues in 2019. Continue Reading
-
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
-
Cyber NYC initiative strives to make New York a cybersecurity hub
New York City officials have launched Cyber NYC, a multifaceted initiative to grow the city's cybersecurity workforce while helping companies drive cybersecurity innovation. Continue Reading
-
RSAC's diversity and inclusion initiative stresses equality on keynote stage
RSA Conference curator Sandra Toms hopes a new diversity and inclusion initiative will facilitate change in the cybersecurity industry, starting with the upcoming 2019 conference. Continue Reading
-
Infoblox's Cricket Liu explains DNS over HTTPS security issues
Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises. Continue Reading
-
Three examples of multifactor authentication use cases
When evaluating the business case for multifactor authentication, an organization must first identify how these three operational scenarios apply to a potential implementation. Continue Reading
-
Purchasing multifactor authentication tools: What to consider
Find out what you need to know before investing in a multifactor authentication tool, including the drawbacks and the benefits. Continue Reading
-
Exploring multifactor authentication benefits and technology
Take a look at multifactor authentication benefits and methods, as well as how the technologies have evolved from key fobs to smartphones, mobile devices and the cloud. Continue Reading
-
CCPA compliance begins with data inventory assessment
In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date. Continue Reading
-
Security, compliance standards help mitigate BIOS security vulnerabilities
Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
-
Product roundup: Features of top SIEM software on the market
Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier. Continue Reading
-
Testing email security products: Results and analysis
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies. Continue Reading
-
IAM system strategy identifies metrics that work for business
Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
-
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
-
Testing email security products: Challenges and methodologies
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies. Continue Reading
-
Mobile security trends: app containers, app wrapping for BYOD
Threats evolve, and so should mobile security strategies. Mike Chapple explains how an app containers and app wrapping can protect enterprise devices and corporate assets. Continue Reading
-
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading
-
Seven criteria for evaluating today's leading SIEM tools
Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization. Continue Reading
-
CISOs face third-party risk management challenges
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties. Continue Reading
-
Teramind CTO talks insider threat prevention, employee monitoring
A fear of insider threats on Wall Street led one software engineer to start his own security company. Continue Reading
-
Diversity at cybersecurity conferences is too important to ignore
Diversity at cybersecurity conferences became a hot topic in early 2018. Innovation Women founder Bobbie Carlton discusses why it takes more work to get women in security on stage. Continue Reading
-
Innovation Women founder strives to close gender gap at conferences
Innovation Women founder Bobbie Carlton discusses the all-male, all-pale panels that overwhelm tech conferences and that moved her to change the number of female speakers. Continue Reading
-
Weighing privileged identity management tools' pros and cons
Products that help security pros manage access privileges are essential to IT security. Learn how to evaluate market offerings and acquire the best for your company. Continue Reading
-
SIEM evaluation criteria: Choosing the right SIEM products
Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask. Continue Reading
-
OneLogin security chief delivers new security model
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus. Continue Reading
-
10 unified access management questions for OneLogin CSO Justin Calmus
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job? Continue Reading
-
SIEM benefits include efficient incident response, compliance
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading
-
Bugcrowd CTO explains crowdsourced security benefits and challenges
In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges. Continue Reading
-
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives. Continue Reading
-
Women in cybersecurity: How to make conferences more diverse
The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap. Continue Reading
-
Bugcrowd CTO on the need for responsible disclosure policy, 'good faith'
Bugcrowd founder and CTO Casey Ellis talks about his concerns that the era of 'good faith' between security researchers and enterprises is in jeopardy. Continue Reading
-
Citrix's Peter Lefkowitz on impact of GDPR privacy requirements
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general. Continue Reading
-
A comprehensive guide to SIEM products
Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security. Continue Reading
-
Cisco's chief privacy officer on the future of data after GDPR
Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation. Continue Reading
-
Security in Network Functions Virtualization
In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV. Continue Reading
-
Endgame's Devon Kerr on what it takes to be a threat hunter
Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading
-
Port Cybersecurity
In this excerpt from chapter 3 of Port Cybersecurity, author Nineta Polemi discusses Security of Ports' Critical Information Infrastructures. Continue Reading
-
Accenture's Justin Harvey explains why cyber attribution isn't important
Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution. Continue Reading
-
Seeking the Truth from Mobile Evidence
In this excerpt from chapter 19 of Seeking the Truth from Mobile Evidence, author John Bair discusses Android user enabled security in terms of passwords and gestures. Continue Reading
-
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
-
Accenture's Tammy Moskites on the cybersecurity gender gap
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the gender gap in the infosec industry and what can be done to close it. Continue Reading
-
Accenture's Tammy Moskites explains how the CISO position is changing
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
-
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
-
Stranger things: IoT security concerns extend CISOs' reach
The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities. Continue Reading