Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• The enduring importance of digital trust

  Digital trust is an increasingly important issue, yet confusion remains about what exactly it is, how to achieve it and how to get started. Continue Reading

• Identiverse 2024: Key takeaways in identity security

  The 2024 Identiverse conference addressed identity access management challenges, AI's ability to streamline IAM workflows and nonhuman identity management for identity pros. Continue Reading

• Why it's SASE and zero trust, not SASE vs. zero trust

  When it comes to adopting SASE or zero trust, it's not a question of either/or, but using SASE to establish and enable zero-trust network access. Continue Reading

• What is cloud security management? A strategic guide

  This cloud security guide explains challenges enterprises face today; best practices for securing and managing SaaS, IaaS and PaaS; and comparisons of cloud-native security tools. Continue Reading

• Using ChatGPT as a SAST tool to find coding errors

  ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security. Continue Reading

• Dell Technologies World was all about AI; what about security?

  At Dell Technologies World 2024, Dell made it crystal clear that it is all-in on AI, but the company must also emphasize the importance of cybersecurity.Continue Reading

• RSA Conference wrap-up: The state of cybersecurity disconnect

  The cybersecurity industry isn't prepared for massive changes in play. It needs to focus more on the mission rather than cybersecurity technology widgets.Continue Reading

• Top 6 benefits of zero-trust security for businesses

  The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here.Continue Reading

• How to converge networking and security teams: Key steps

  Companies can reap a lot of benefits by merging their networking and security teams. But it takes careful planning to make it work.Continue Reading

• 10 risk-related security updates you might have missed at RSAC

  AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture.Continue Reading

• 5 Mitre ATT&CK framework use cases

  The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity.Continue Reading

• CISSP or CISM: Which should you pursue?

  For hopeful practitioners, the question of whether to pursue CISSP or CISM depends on their career goals and interests. For some, the question should be, 'Why not both?'Continue Reading

• How AI-driven patching could transform cybersecurity

  At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities.Continue Reading

• 3 reasons Synopsys is selling its app security business

  Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry.Continue Reading

• Lessons learned from high-profile data breaches

  Equifax. Colonial Pipeline. Sony. Target. All are high-profile data breaches, and all offer key lessons to learn that prevent your organization from falling victim to an attack.Continue Reading

• 5 key takeaways from RSA Conference 2024

  At RSA Conference 2024, the infosec industry showed their efforts to push forward in AI and to fill gaps that should help security practitioners do their jobs more effectively.Continue Reading

• RSAC panel debates confidence in post-quantum cryptography

  The Cryptographers' Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability.Continue Reading

• SSPM vs. CSPM: What's the difference?

  Posture management in the cloud is key, but evaluating different tools, such as SaaS security posture management and cloud security posture management platforms, can be confusing.Continue Reading

• AWS to protect its cloud using CrowdStrike security products

  AWS is replacing a variety of security products with the CrowdStrike Falcon Platform to further secure applications and data on its cloud.Continue Reading

• Security updates from Google Cloud Next '24 center on GenAI

  Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time.Continue Reading

• RSAC 2024: Real-world cybersecurity uses for GenAI

  Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity.Continue Reading

• 3 ways AI is transforming cloud security, according to experts

  Generative AI only recently burst into the collective consciousness, but experts say it is already changing cloud security -- on both the defensive and offensive sides.Continue Reading

• Traditional MFA isn't enough, phishing-resistant MFA is key

  Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails.Continue Reading

• 4 steps CISOs can take to raise trust in their business

  When CISOs align their investments with CIOs' tech investments, both can fuel business success and enable greater trust with customers, employees and partners.Continue Reading

• 3 Keycloak authorization strategies to secure app access

  Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access.Continue Reading

• Optimize encryption and key management in 2024

  Enterprise Strategy Group research highlighted the encryption challenges enterprises face, including lack of encryption, cryptographic infrastructure inadequacies and more.Continue Reading

• 4 types of cloud security tools organizations need in 2024

  From CIEM to SSE, these four types of cloud security tools help boost security efforts as organizations continue to expand their cloud environments.Continue Reading

• Pros and cons of 7 breach and attack simulation tools

  Breach and attack simulation software can significantly beef up an organization's network defense strategy. But not all tools are made equally.Continue Reading

• 5 trends in the cyber insurance evolution

  As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market.Continue Reading

• Benefits and challenges of NetOps-SecOps collaboration

  Organizations need to tread carefully when planning how to converge their networking and security teams to achieve potential benefits and mitigate the challenges.Continue Reading

• Identity, data security expectations for RSA Conference 2024

  Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM.Continue Reading

• 5 areas to help secure your cyber-risk management program

  To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets.Continue Reading

• Private vs. public cloud security: Benefits and drawbacks

  Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security and multi-cloud security -- before deciding on an enterprise deployment modelContinue Reading

• Top 6 data security posture management use cases

  Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities.Continue Reading

• Agent vs. agentless security: Learn the differences

  Enterprises can either use an agent or agentless approach to monitor and secure their networks. Each approach has benefits and drawbacks.Continue Reading

• Surprising ways Microsoft Copilot for Security helps infosec

  Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures.Continue Reading

• Cloud detection and response is, and will stay, a team sport

  CISOs should push for federated technologies, common processes and formal communications between teams to ensure cloud detection and response is effective and efficient.Continue Reading

• Cybersecurity market researchers forecast significant growth

  The cybersecurity market is growing and changing at a rapid pace, leading to major opportunities for vendors, heightened confusion for buyers and new challenges for CISOs.Continue Reading

• Threat intelligence programs need updating -- and CISOs know it

  Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services.Continue Reading

• Why companies need attack surface management in 2024

  The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed.Continue Reading

• Ransomware preparedness kicks off 2024 summit series

  BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here.Continue Reading

• Benefits and challenges of managed cloud security services

  The rapid drive to hybrid and multi-cloud environments has organizations scrambling to get proper protections into place. For many, external security support is critical.Continue Reading

• Shadow AI poses new generation of threats to enterprise IT

  AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it.Continue Reading

• GenAI development should follow secure-by-design principles

  Every company wants a piece of the GenAI pie, but rushing to develop a product without incorporating secure-by-design principles could harm their business and customers.Continue Reading

• Why organizations need risk-based vulnerability management

  As organizations become increasingly dispersed, they need a risk-based vulnerability management approach to achieve the best protection against cybersecurity threats.Continue Reading

• Top benefits and challenges of SOAR tools

  To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success.Continue Reading

• Top incident response service providers, vendors and software

  Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options.Continue Reading

• How to perform a cybersecurity risk assessment in 5 steps

  This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues.Continue Reading

• Top 6 SOAR use cases to implement in enterprise SOCs

  Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts.Continue Reading

• How to fix the top 5 cybersecurity vulnerabilities

  Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues.Continue Reading

• Top incident response tools: How to choose and use them

  The OODA loop helps organizations throughout the incident response process, giving insight into the incident response tools needed to detect and respond to security events.Continue Reading

• How to become an incident responder: Requirements and more

  Incident response is a growth area that provides career advancement options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications.Continue Reading

• Why effective cybersecurity is important for businesses

  Cyber attacks can have serious financial and business consequences for companies, which makes implementing strong cybersecurity protections a critical step.Continue Reading

• Cloud threat detection and response priorities for 2024

  To improve cloud detection and response, security pros need to get closer to cloud applications and software development processes. Here's how that can be accomplished.Continue Reading

• Application security consolidation remains nuanced

  As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain.Continue Reading

• Kali vs. ParrotOS: 2 versatile Linux distros for security pros

  Network security doesn't always require expensive software. Two Linux distributions -- Kali Linux and ParrotOS -- can help enterprises fill in their security gaps.Continue Reading

• Key cybersecurity takeaways from AWS re:Invent

  Security was strongly emphasized throughout the AWS re:Invent user conference, with product updates to help companies secure data as they build apps and scale in the cloud.Continue Reading

• Assess security posture with the Cloud Security Maturity Model

  The Cloud Security Maturity Model enables organizations to assess their cloud security posture and optimize it as they continue their cloud journey.Continue Reading

• How organizations can learn from cloud security breaches

  Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management.Continue Reading

• Amazon IAM announcements at re:Invent 2023

  At AWS re:Invent 2023, Amazon announced several new features around machine and human identities designed to improve identity and access management.Continue Reading

• 5 network security predictions for 2024

  Check out network security trends for 2024 from Enterprise Strategy Group, from SaaS security and rising DDoS attacks to network and endpoint convergence.Continue Reading

• How passwordless authentication aids identity security

  Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods.Continue Reading

• Cybersecurity budgets lose momentum in uncertain economy

  Organizations' increasing prioritization of cybersecurity has protected most programs from major budget cuts. Even so, many CISOs are feeling the pinch.Continue Reading

• Security continues to lag behind cloud app dev cycles

  Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible.Continue Reading

• SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags

  Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best.Continue Reading

• Security highlights from KubeCon + CloudNativeCon 2023

  KubeCon + CloudNativeCon provided valuable insights for security teams supporting cloud-native development, including securing GenAI, platform engineering and supply chains.Continue Reading

• What is cyber hygiene and why is it important?

  Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.Continue Reading

• How to protect your organization from IoT malware

  IoT devices are attractive targets to attackers, but keeping them secure isn't easy. Still, there are steps to take to minimize risk and protect networks from attacks.Continue Reading

• SD-WAN deployments feed SASE network and security convergence

  Enterprise Strategy Group's Bob Laliberte discusses the latest findings in his newly released report and why SD-WAN's direct cloud connectivity feeds SASE business initiatives.Continue Reading

• Research points to 5 ways to improve cybersecurity culture

  Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture.Continue Reading

• How to overcome the beginner cybersecurity career Catch-22

  The workforce gap constantly makes headlines, but that doesn't mean breaking into the field is easy. Get advice on how to start on an entry-level cybersecurity career path.Continue Reading

• Collaborate with third parties to ensure enterprise security

  Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly.Continue Reading

• Cloud-native app security? Ignore acronyms, solve problems

  When building a cloud-native application security strategy, avoid new acronym and product category confusion. Look for products that effectively address top challenges instead.Continue Reading

• Cloud-native firewalls are the next step in network security

  The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls.Continue Reading

• Takeaways from Oktane23: Okta AI, universal logout and more

  New game-changing security features from Okta speed threat detection and response times, enabling IT pros to log all users out of applications during a cyber attack.Continue Reading

• Security posture management a huge challenge for IT pros

  Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation.Continue Reading

• Transitioning to single-vendor SASE will take time

  New Enterprise Strategy Group research reveals enterprises are interested in single-vendor SASE -- but with multiple tools on hand, the transition will take planning and time.Continue Reading

• Secure service edge strengths drive SASE deployments

  Enterprise Strategy Group's John Grady discusses the latest findings in his newly released report and why businesses won’t start a SASE initiative without first implementing SSE.Continue Reading

• Google and Mandiant flex cybersecurity muscle at mWISE

  End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution.Continue Reading

• How SOAR helps improve MTTD and MTTR metrics

  By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts.Continue Reading

• Strong identity security could've saved MGM, Caesars, Retool

  Three cyber attacks that featured vishing led to compromised identities, data loss and the interruption of operations. Passwordless authentication could have prevented all three.Continue Reading

• Google Cloud Next focuses on generative AI for security

  Google discussed its vision for applying generative AI to cybersecurity at its Google Cloud Next conference in August, with announcements about new features and capabilities.Continue Reading

• Time for an identity security revolution

  Identity needs to be the foundational component of the cybersecurity stack, because attackers are primarily after an organization's data.Continue Reading

• 10 antimalware tools for ransomware protection and removal

  Businesses face billions of malware and ransomware threats each year. Antimalware tools can help enterprises protect their networks and limit any damages that may occur.Continue Reading

• Identity needs a seat at the cybersecurity table

  The shift to the cloud and remote work, combined with the rise of phishing and other identity-related attacks, puts identity security at the forefront of cybersecurity concerns.Continue Reading

• Cut through cybersecurity vendor hype with these 6 tips

  Cybersecurity vendor hype can make purchasing decisions difficult. When considering a new product or service, think critically about whether it would truly add business value.Continue Reading

• SEC cyber attack regulations prompt 10 questions for CISOs

  New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk.Continue Reading

• Enterprise dark web monitoring: Why it's worth the investment

  Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets.Continue Reading

• Adopt embedded penetration testing to keep IoT devices secure

  Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains.Continue Reading

• 5 digital forensics tools experts use in 2023

  A data breach prompts law enforcement and affected organizations to investigate. These five digital forensics tools help with evidence collection and incident response.Continue Reading

• Why using ransomware negotiation services is worth a try

  If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout.Continue Reading

• 8 vulnerability management tools to consider in 2023

  Vulnerability management tools help organizations identify and remediate system and application weaknesses and more. Choose your tool -- or tools -- carefully.Continue Reading

• Intersection of generative AI, cybersecurity and digital trust

  The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges.Continue Reading

• Enterprise communication security a growing risk, priority

  Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools.Continue Reading

• Ransomware case study: Recovery can be painful

  In ransomware attacks, backups can save the day and the data. Even so, recovery can still be expensive and painful, depending on the approach. Learn more in this case study.Continue Reading

• Supercloud security concerns foreshadow concept's adoption

  Supercloud lets applications work together across multiple cloud environments, but organizations must pay particular attention to how they protect their assets.Continue Reading

• Enterprise risk management should inform cyber-risk strategies

  Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business.Continue Reading

• AI helps humans speed app modernization, improve security

  Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity.Continue Reading

• How API gateways improve API security

  API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices.Continue Reading

• Top 10 threat modeling tools, plus features to look for

  Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process.Continue Reading