Weigh the pros and cons of technologies, products and projects you are considering.
Hacker Tools and Techniques Underground Sites and Hacking Groups
Security behavioral analytics: The impact of real-time BTA
Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture. Continue Reading
The 12 biggest cloud security threats, according to the CSA
The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks. Continue Reading
The top six EMM vendors offering MDM capabilities
With vendors expanding their horizons from just MDM to more comprehensive EMM products, it is crucial to look at these EMM vendors who offer MDM capabilities. Continue Reading
Comparing the leading mobile device management products
Expert Matt Pascucci examines the top mobile device management offerings to help you determine which MDM products are the best fit for your organization. Continue Reading
Six questions to ask before buying enterprise MDM products
Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products. Continue Reading
Understand the basics of mobile device management products
Implementing MDM products has traditionally been the go-to answer for securing mobile devices, but with the role of mobile devices in the enterprise growing, admins need a more comprehensive security option.Continue Reading
Three enterprise scenarios for MDM products
Expert Matt Pascucci outlines three enterprise uses cases for mobile device management products to see how they can protect users, devices and corporate data.Continue Reading
Information security certification guide: Intermediate level
Part two of this information security certificate guide looks at vendor-neutral intermediate certifications for IT professionals interested in midlevel positions.Continue Reading
Botnet attacks are evolving; your defenses must too
Botnets are evolving and will continue to plague organizations. There is no one tool that will be sufficient, so it’s time to layer your anti-botnet defenses.Continue Reading
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.Continue Reading
Three reasons to implement an NAC system
The growth in devices on the network has heightened the need for network access control products. This article presents scenarios where an enterprise might need an NAC system.Continue Reading
Which 4G vulnerabilities should BYOD users be aware of?
Enterprises should consider pressing 4G vulnerabilities when developing a BYOD strategy for their employees. Expert Judith Myerson explains the flaws and what to do about them.Continue Reading
Information security certifications: Introductory level
This series looks at the top information security certifications for IT professionals. Part one reviews basic, vendor-neutral certifications for entry-level positions.Continue Reading
How machine learning-powered password guessing impacts security
A new password guessing technique takes advantage of machine learning technologies. Expert Michael Cobb discusses how much of a threat this is to enterprise security.Continue Reading
Active Cyber Defense Certainty Act: Should we 'hack back'?
With the proposal of the Active Cyber Defense Certainty Act, individuals would be able to 'hack back' when information is stolen. Matt Pascucci makes the case against the bill.Continue Reading
How do source code reviews of security products work?
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains what to know about these reviews.Continue Reading
Tools for those seeking security for apps in the enterprise
Need better security for apps? The right tools are key, but the right approach just as important. That's why you should consider the quality management system model.Continue Reading
Security for applications: What tools and principles work?
Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job.Continue Reading
HTTP Strict Transport Security: What are the security benefits?
Google's use of HTTP Strict Transport Security aims to improve web browsing security. Expert Judith Myerson explains how HSTS can make the internet more secure.Continue Reading
VMware AppDefense: How will it address endpoint security?
VMware announced AppDefense, its latest effort to help improve endpoint security. Matt Pascucci explains how AppDefense addresses applications in vSphere environments.Continue Reading
How does Google Play Protect aim to improve Android security?
Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works.Continue Reading
Securing endpoints with supplementary tools protects data
Learn how network access control (NAC), data loss prevention (DLP) and robust data destruction tools secure the data in your corporate endpoints against data loss.Continue Reading
How can peer group analysis address malicious apps?
Google is using machine learning and peer group analysis to protect against malicious Android apps in the Google Play Store. Matt Pascucci explains how this works.Continue Reading
Can the STIX security framework improve threat intelligence sharing?
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.Continue Reading
How to make a SIEM system comparison before you buy
The current trend in SIEM systems involves machine learning capabilties. Even so, direct human management is still essential for SIEM to be effective.Continue Reading
What SIEM features are essential for your company?
On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products.Continue Reading
Machine learning in cybersecurity: How to evaluate offerings
Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech?Continue Reading
Are long URLs better for security than short URLs?
Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience.Continue Reading
Symantec Data Loss Prevention: Product overview
Expert Bill Hayes checks out the Symantec Data Loss Prevention suite, featuring an architecture consisting of content-aware detection servers, endpoint agents and unified management.Continue Reading
Top cybersecurity conferences for when Black Hat and RSA aren't right
The big cybersecurity conferences can make attendees weary, but there are many alternatives to the big name shows that may be easier to get to and easier to handle.Continue Reading
Electronic voting systems in the U.S. need post-election audits
Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems?Continue Reading
Learn what network access control systems can do for you
Network access control systems keep rogue or compromised devices off of corporate networks. See how they work and the other security technologies with which they work.Continue Reading
Symantec Endpoint Protection and the details for buyers to know
Expert Ed Tittel examines Symantec Endpoint Protection, an intrusion prevention, firewall and antimalware product for physical and virtual endpoints.Continue Reading
A closer look at Kaspersky antimalware protection services
Expert Ed Tittel looks at Kaspersky antimalware product Endpoint Security, which provides multilayered protection against malware, phishing attacks and other exploits.Continue Reading
How can OSS-Fuzz and other vulnerability scanners help developers?
Google's OSS-Fuzz is an open source vulnerability scanner. Expert Matthew Pascucci looks at how developers can take advantage of this tool and others like it.Continue Reading
Details of Trend Micro Worry-Free Business Security Services
Expert Ed Tittel takes a closer look at Trend Micro Worry-Free Business Security Services, an antivirus and antimalware product for small organizations.Continue Reading
Trend Micro OfficeScan endpoint protection software and its offerings
Expert contributor Ed Tittel takes a look at Trend Micro OfficeScan, an endpoint protection product with antivirus and antimalware functionality for physical and virtualized endpoints.Continue Reading
The various offers of Microsoft System Center Endpoint Protection
Expert Ed Tittel examines System Center Endpoint Protection, Microsoft's native Windows antivirus and antimalware security product.Continue Reading
Did DDoS attacks cause the FCC net neutrality site to go down?
The FCC net neutrality comment site crashed, and it was blamed on DDoS attacks. Expert Matthew Pascucci looks at the technical side of this incident and what was behind it.Continue Reading
An in-depth look into McAfee Endpoint Threat Protection
McAfee Endpoint Threat Protection is an antimalware protection product that is designed to secure Windows systems against malware, data loss and other threats in standalone or networked environments.Continue Reading
Poison Ivy RAT: What new delivery techniques are attackers using?
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for.Continue Reading
Sophos Endpoint Protection and an overview of its features
Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more.Continue Reading
The GDPR right to be forgotten: Don't forget it
Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it.Continue Reading
What tools were used to hide fileless malware in server memory?
Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend.Continue Reading
Federal Cloud Computing
In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government.Continue Reading
IPv6 addresses: Security recommendations for usage
IPv6 addresses can be used in a number of ways that can strengthen information security. Expert Fernando Gont explains the basics of IPv6 address usage for enterprises.Continue Reading
Applying cybersecurity readiness to today's enterprises
How prepared is your organization for a cyberattack? Expert Peter Sullivan outlines the seven steps enterprises need to take in order to achieve cybersecurity readiness.Continue Reading
Tools to transfer large files: How to find and buy the best
Need to transfer files within headquarters or between branches? Managed file transfer tools now offer some interesting new features.Continue Reading
Why security incident management is paramount for enterprises
Enterprises aren't truly prepared for cyber threats unless they have proper security incident management in place. Expert Peter Sullivan explains what enterprises need to know.Continue Reading
Evaluating endpoint security products for antimalware protection
Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.Continue Reading
Advanced endpoint protection takes on the latest exploits
Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints.Continue Reading
How does the Microsoft Authenticator application affect password use?
The Microsoft Authenticator application enables smartphone-based, two-factor authentication and attempts to reduce the use of passwords. Expert Matthew Pascucci explains how.Continue Reading
The digital certificate: How it works, which to buy
This expert guide on the digital certificate provides essential information to what can be a complex purchase. Learn about the options and how to find the best for one for your network.Continue Reading
Select the best patch management software for your company
Patch management software enables businesses to prioritize and automatically update systems so that their assets remain secure. See which best fits your infosec strategy.Continue Reading
Patch management tool comparison: What are the best products?
With so many different vendors in the market, it isn't easy to pick the right patch management tool. Read this product comparison to see which is best for your company.Continue Reading
What breach detection systems are best for corporate defenses?
A system breach is inevitable, and BDS products provide a valuable means of detection. But a strategy that blends both defense and offense is the best approach to security.Continue Reading
Use a web app firewall to halt app attacks
As the demands on web application firewalls grow, the available WAF features are also expanding. What do you need to know to evaluate the tools vendors offer?Continue Reading
To secure Office 365, take advantage of controls Microsoft offers
Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers.Continue Reading
Office 365 security features: As good as it gets?
Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite.Continue Reading
Address Office 365 security concerns while enjoying its benefits
Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront.Continue Reading
Know why patch management tools are required in the IT infrastructure
Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses.Continue Reading
How does Facebook's Delegated Recovery enable account verification?
Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works.Continue Reading
How mobile application assessments can boost enterprise security
Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments.Continue Reading
Cloud access security brokers: Hard to tell what's real
Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do ...Continue Reading
Wendy Nather: 'We're on a trajectory for profound change'
This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.Continue Reading
Report: Threat hunting is more SOC than intel
Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements.Continue Reading
Experian's Tom King tackles role of CISO from the ground up
An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.Continue Reading
How does a privacy impact assessment affect enterprise security?
A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments.Continue Reading
Using threat intelligence tools to prevent attacks on your enterprise
Using threat intelligence tools can help your enterprise stay one step ahead of attackers and possible threats. Learn how threat intelligence can be used in your company.Continue Reading
Trustwave Data Loss Prevention: Product overview
Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises.Continue Reading
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.Continue Reading
Okta Adaptive MFA gives companies flexible authentication
Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access.Continue Reading
RSA Authentication Manager offers a variety of authentication methods
With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication.Continue Reading
Summing up Symantec VIP Service, a multifactor authentication tool
Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.Continue Reading
An in-depth look at Gemalto's SafeNet Authentication Service
Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security.Continue Reading
SecureAuth IdP: An overview of its multifactor authentication ability
Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product.Continue Reading
Timeline: Symantec certificate authority improprieties
Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.Continue Reading
Applying the new FDA medical device guidance to infosec programs
New FDA medical device guidance demonstrates the need for better cybersecurity during manufacturing and use. Expert Nick Lewis explains how enterprises can use the recommendations.Continue Reading
VASCO IDENTIKEY Authentication Server and a look at its key features
Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market.Continue Reading
Should the Vulnerabilities Equities Process be codified into law?
The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.Continue Reading
How effective is geofencing technology as a security method?
Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.Continue Reading
Quest Defender protects businesses with two-factor authentication
Through the Defender Management Portal, Quest Defender lets users request hard and soft tokens to provide valuable two-factor authentication and monitor all token activity.Continue Reading
ISAOs: The benefits of sharing security information
ISAOs are a good way for organizations to share information about security threats. Expert Steven Weil explains what these organizations are and their attributes.Continue Reading
Mobile endpoint security: What enterprise infosec pros must know now
Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats.Continue Reading
Same-origin policy: How did Adobe Flash Player's implementation fail?
The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.Continue Reading
Cybersecurity careers soar with security leadership skills
Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading
How does an active defense system benefit enterprise security?
Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.Continue Reading
Reviewing the threat intelligence features of VeriSign iDefense
Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading
Threat Intelligence service overview of Infoblox ActiveTrust
Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.Continue Reading
Detailing the features of LookingGlass Cyber Threat Center
Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading
RSA NetWitness Suite and its threat intelligence capabilities
Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading
Incorporating user behavior analytics into enterprise security programs
User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities.Continue Reading
Five criteria for purchasing from threat intelligence providers
Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading
User behavior analytics: Building a business case for enterprises
User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology.Continue Reading
MSSPs add advanced threats as managed security services gain hold
Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?Continue Reading
Google Cloud KMS: What are the security benefits?
Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.Continue Reading
DLP systems: Spotting weaknesses and improving management
DLP systems are becoming a necessity, but their weaknesses need to be tightened to ensure enterprise asset security. Expert Kevin Beaver explains what areas to focus on.Continue Reading
Single sign-on service requires a cloud-era update
The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading
How do identity governance and access management systems differ?
Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.Continue Reading
The best SSO for enterprises must be cloud and mobile capable
The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading