Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Cyber-war game case study: Preparing for a ransomware attack

  In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading

• Clearing up cybersecurity architecture confusion, challenges

  There's no lack of cybersecurity frameworks, but there is a lack of resources to help small and midsize organizations build a cybersecurity architecture -- until now. Continue Reading

• 4 criteria to measure cybersecurity goal success

  Measuring the success of cybersecurity goals is challenging because they are components of larger goals and often probabilistic rather than deterministic. Continue Reading

• How to write a cybersecurity job posting

  Is your organization struggling to find cybersecurity talent? Your job descriptions could be the problem. Learn how to write a good cybersecurity job posting. Continue Reading

• A 'CISO evolution' means connecting business value to security

  As cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite. Continue Reading

• How to find your niche in cybersecurity

  It's difficult to navigate a career in cybersecurity, especially with all the varying roles. A veteran CISO offers advice on how to find your niche in the security industry.Continue Reading

• Why the next-gen telecom ecosystem needs better regulations

  The telecom industry keeps the world connected but also poses national and cybersecurity risks. Learn why the sector needs better -- and uniform -- regulations.Continue Reading

• An enterprise bug bounty program vs. VDP: Which is better?

  Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground.Continue Reading

• What's driving converged endpoint management and security?

  Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG.Continue Reading

• Top cloud security takeaways from RSA 2022

  Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG.Continue Reading

• How hackers use AI and machine learning to target enterprises

  AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks.Continue Reading

• How to evaluate security service edge products

  As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction.Continue Reading

• 8 benefits of DevSecOps automation

  DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks.Continue Reading

• Using SSH tunneling for good and evil

  Secure Shell tunneling takes the secure application protocol to the next level for bypassing firewalls and creating secure connections everywhere.Continue Reading

• How ransomware kill chains help detect attacks

  Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack.Continue Reading

• Top 4 source code security best practices

  Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code.Continue Reading

• ESG analysts discuss how to manage compliance, data privacy

  ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture.Continue Reading

• Apple, Microsoft, Google expand FIDO2 passwordless support

  Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS.Continue Reading

• How cryptocurrencies enable attackers and defenders

  Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike.Continue Reading

• How micropatching could help close the security update gap

  Countless known but unpatched vulnerabilities pose significant, ongoing risk to the typical enterprise. Learn how micropatching could help close the security update gap.Continue Reading

• Case study: Scaling DevSecOps at Comcast

  Comcast's DevSecOps transformation started small but quickly gained steam, resulting in 85% fewer security incidents in production. Learn more in this case study.Continue Reading

• The top secure software development frameworks

  Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks.Continue Reading

• Do phishing simulations work? Sometimes

  Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question.Continue Reading

• Data security requires DLP platform convergence

  Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features.Continue Reading

• What are the benefits and challenges of microsegmentation?

  Administrators are assessing microsegmentation to beef up access control and security. But deploying microsegmentation can be complex.Continue Reading

• Unethical vulnerability disclosures 'a disgrace to our field'

  The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says.Continue Reading

• Comparing network segmentation vs. microsegmentation

  Network segmentation and microsegmentation both control access but vary in how they do it, as well as how granular their approach is. Learn the differences here.Continue Reading

• Traditional IT vs. critical infrastructure cyber-risk assessments

  When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging.Continue Reading

• Study attests: Cloud apps, remote users add to data loss

  A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic.Continue Reading

• Making sense of conflicting third-party security assessments

  Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective.Continue Reading

• The benefits and challenges of managed PKIs

  Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization.Continue Reading

• Should companies ask for a SaaS software bill of materials?

  Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why.Continue Reading

• How secure are one-time passwords from attacks?

  Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs.Continue Reading

• How effective is security awareness training? Not enough

  Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program.Continue Reading

• The importance of HR's role in cybersecurity

  HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so.Continue Reading

• Why CISOs need to understand the business

  While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company.Continue Reading

• The benefits and challenges of SBOMs

  While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security.Continue Reading

• Review Microsoft Defender for endpoint security pros and cons

  Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls.Continue Reading

• 2 zero-trust cloud security models emerge as demands shift

  Security teams are beefing up enterprise defenses as cloud services become more essential. Zero trust -- tailored to assets, as well as users -- is an integral part of the equation.Continue Reading

• 3 benefits of sustainable cybersecurity in the enterprise

  Sustainable cybersecurity means taking the long view on cyber-risk mitigation. Explore the technical, financial, societal and reputational wins it can net for the enterprise.Continue Reading

• Top DevSecOps certifications and trainings

  Check out some of the top DevSecOps certifications and trainings that can help professionals learn how to shift security left in the software development lifecycle.Continue Reading

• Use digital identity proofing to verify account creation

  Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address.Continue Reading

• Implement API rate limiting to reduce attack surfaces

  Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here.Continue Reading

• API security methods developers should use

  Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated.Continue Reading

• Top 6 critical infrastructure cyber-risks

  Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here.Continue Reading

• Pros and cons of manual vs. automated penetration testing

  Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization.Continue Reading

• The importance of a policy-driven threat modeling approach

  An expanding threat landscape, combined with increasing cloud use and a cybersecurity skill shortage, is driving the need for a policy-driven threat modeling approach.Continue Reading

• IaC security options help reduce software development risk

  The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk.Continue Reading

• 4 data privacy predictions for 2022 and beyond

  Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond?Continue Reading

• 5 infosec predictions for 2022

  If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months.Continue Reading

• Is ransomware as a service going out of style?

  Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach.Continue Reading

• Cloud application developers need built-in security

  Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs.Continue Reading

• GDPR as we enter 2022: Challenges, enforcement and fines

  Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more.Continue Reading

• Is a passwordless future getting closer to reality?

  Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links.Continue Reading

• Passwordless authentication issues to address before adoption

  The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more.Continue Reading

• Elastic Security app enables affordable threat hunting

  New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers.Continue Reading

• The components and objectives of privacy engineering

  Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives.Continue Reading

• The intersection of privacy by design and privacy engineering

  Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how.Continue Reading

• Ultimate guide to secure remote access

  This comprehensive secure remote access guide outlines the strategies, tools and best practices to provide anywhere access while protecting data, systems and users.Continue Reading

• How to evaluate and deploy an XDR platform

  Not all extended detection and response platforms are created equal. Don't take the XDR plunge before knowing exactly what to look for in an XDR platform.Continue Reading

• 10 CCPA enforcement cases from the law's first year

  It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance.Continue Reading

• Experts debate XDR market maturity and outlook

  Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go.Continue Reading

• The benefits of an IT management response

  Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too?Continue Reading

• 3 components to consider when selecting an MDR service

  In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision.Continue Reading

• CompTIA SYO-601 exam pivots to secure bigger attack surface

  The latest CompTIA Security+ exam, SYO-601, tests skills and knowledge for dealing with an expanded attack surface and the latest forms of assault on cybersecurity defenses.Continue Reading

• Why companies should use AI for fraud management, detection

  AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge.Continue Reading

• Blockchain for identity management: Implications to consider

  Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization.Continue Reading

• Why zero-trust models should replace legacy VPNs

  Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option.Continue Reading

• How privacy engineers promote innovation and trust

  Forward-thinking companies are hiring privacy engineers. Could your organization benefit? Uncover how these experts promote innovation and fortify customer trust.Continue Reading

• Cloud-native security benefits and use cases

  'Cloud native' has described applications and services for years, but its place in security is less clear. Get insight into cloud-native security from expert Dave Shackleford.Continue Reading

• 10 ways blockchain can improve IAM

  DLT has the potential to revolutionize the identity management space. From boosting privacy to improving visibility, here are 10 use cases of blockchain in IAM.Continue Reading

• Federate and secure identities with enterprise BYOI

  Consumers have been using the federated identity concept 'bring your own identity' through social sign-on for years. It is time for the enterprise to embrace the trend.Continue Reading

• Network security in the return-to-work era

  IT teams are dealing with the challenge of reconnecting devices to office networks as employees return to work. Here's how your organization can overcome that challenge.Continue Reading

• Balancing the benefits with the risks of emerging technology

  Emerging technologies enable companies to maintain a competitive edge through their various benefits but can come with high risks. A balancing act is required.Continue Reading

• 5 IAM trends shaping the future of security

  The importance of identity and access management cannot be denied. However, the same old tools can't properly secure today's complex environments. These IAM trends are here to help.Continue Reading

• Top 5 benefits of a new cybersecurity market model

  Companies are struggling to identify the cybersecurity technology that would actually be useful for their use cases. It's time for a new market model around efficacy instead.Continue Reading

• How cloud adoption is shaping digital identity trends in 2021

  Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust.Continue Reading

• Corral superuser access via SDP, privileged access management

  Keeping control of superusers is an ongoing challenge. Employing SDP and privileged access management can make the job easier. But can SDP replace PAM?Continue Reading

• Security observability vs. visibility and monitoring

  Security observability, monitoring and visibility play different roles but together provide the tools to establish an all-encompassing enterprise security architecture.Continue Reading

• Security observability tools step up threat detection, response

  A step beyond security monitoring are security observability tools, which provide greater context into the events of an incident to perform a more effective responseContinue Reading

• What is secure remote access in today's enterprise?

  Out with the old, in with the new. The meaning of secure remote access, and how organizations achieve it, is changing. Here's what you need to know.Continue Reading

• Inept cybersecurity education and training feed into skills gap

  Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap.Continue Reading

• Network reconnaissance techniques for beginners

  In this excerpt of 'How Cybersecurity Really Works,' author Sam Grubb breaks down common network reconnaissance techniques used by adversaries to attack wired networks.Continue Reading

• Why cloud changes everything around network security

  Vishal Jain examines why the data center mindset doesn't work for network security when it comes to using the public cloud and how companies should think instead.Continue Reading

• RSA Conference 2021: 3 hot cybersecurity trends explained

  In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE.Continue Reading

• How to build a cloud security observability strategy

  Security observability in the cloud involves more than workload monitoring. Read up on the essential observability components and tools needed to reap the security benefits.Continue Reading

• 12 essential features of advanced endpoint security tools

  In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies.Continue Reading

• Cyber Defense Matrix makes sense of chaotic security market

  The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals.Continue Reading

• Endpoint security strategy: Focus on endpoints, apps or both?

  Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both.Continue Reading

• Enterprises mull 5G vs. Wi-Fi security with private networks

  While Wi-Fi security can be implemented just as securely as 5G, mechanisms built into 5G offer some compelling benefits to enterprises considering private 5G networks.Continue Reading

• Container vs. VM security: Which is better?

  Security professionals often compare containers vs. VMs when determining whether virtualization or containerization is better for their company's security strategy.Continue Reading

• Despite confusion, zero-trust journey underway for many

  Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today.Continue Reading

• How to use CIS benchmarks to improve public cloud security

  Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level.Continue Reading

• 6 ways to spur cybersecurity board engagement

  New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow.Continue Reading

• Applying web application reconnaissance to offensive hacking

  Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman.Continue Reading

• Collaboration is key to a secure web application architecture

  Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers.Continue Reading

• How cloud monitoring dashboards improve security operations

  Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options.Continue Reading

• CCISO exam guide authors discuss the changing CISO role

  Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape.Continue Reading

• Threat intelligence frameworks to bolster security

  Organizations have many threat intelligence frameworks to work with, each with its own advantages. From for-profit to nonprofit, here's help to figure out which ones you need.Continue Reading

• Exploring GRC automation benefits and challenges

  Governance, risk and compliance is a crucial enterprise task but can be costly and time-consuming. This is where GRC automation fits in. Learn about its benefits and challenges.Continue Reading