Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Enterprise SSO: The promise and the challenges ahead

  It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well. Continue Reading

• Pulse Connect Secure offers a variety of authentication options

  Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels. Continue Reading

• SonicWALL SSL VPN provides security for organizations of any size

  The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features. Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture. Continue Reading

• RSA Data Loss Prevention Suite: Product overview

  Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services. Continue Reading

• Cisco IOS SSL VPN offers security through internet routers

  Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading

• How a single ICMPv6 packet can cause a denial-of-service attack

  Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• Risk & Repeat: Does the Amazon S3 outage raise security flags?

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading

• Ransomware costs not limited to ransoms, research shows

  The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading

• What global threat intelligence can and can't do for security programs

  Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading

• Risk & Repeat: Pentagon cybersecurity under fire

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading

• Big data frameworks: Making their use in enterprises more secure

  Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading

• FIDO authentication standard could signal the passing of passwords

  The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading

• How to buy digital certificates for your enterprise

  In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.Continue Reading

• Digital Guardian for Data Loss Prevention: Product overview

  Expert Bill Hayes examines Digital Guardian for Data Loss Prevention and more of the vendor's DLP product lineup, which cover data in use, data in transit and data in the cloud.Continue Reading

• CA Technologies Data Protection: DLP product overview

  Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.Continue Reading

• How can users protect mobile devices from SandJacking attacks?

  Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.Continue Reading

• Tripwire IP360: Vulnerability management product overview

  Expert Ed Tittel examines vulnerability management products from Tripwire, including the rack-mounted IP360 appliance and the cloud- based PureCloud Enterprise service.Continue Reading

• Tenable Nessus Vulnerability Scanner: Product overview

  Expert Ed Tittel examines the Nessus vulnerability scanner series from Tenable Network Security, which includes client, cloud and on-premises vulnerability management products.Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading

• Rapid7 Nexpose: Vulnerability management product overview

  Ed Tittel examines Rapid7 Nexpose, a vulnerability management product for physical, virtual, cloud and mobile environments that discovers assets and scans for vulnerabilities.Continue Reading

• Qualys Vulnerability Management: Product overview

  Expert Ed Tittel examines Qualys Vulnerability Management, a product for organizations of all sizes that is designed to help admins identify, monitor and mitigate vulnerabilities.Continue Reading

• Can an HTML5 document with a digital signature be authenticated?

  A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.Continue Reading

• Splunk Enterprise Security: Product overview

  Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events.Continue Reading

• How would a cyberattack information database affect companies?

  A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies.Continue Reading

• Choosing the best web fraud detection system for your company

  This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company.Continue Reading

• How can security automation tools keep organizations protected?

  Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.Continue Reading

• Wireless intrusion prevention systems: A buyer's guide

  In this SearchSecurity buyer's guide, learn why it's important to have a wireless intrusion prevention system to protect your Wi-Fi networks and how to pick the right WIPS product.Continue Reading

• Are new cybersecurity products the best investment for enterprises?

  Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.Continue Reading

• RSA NetWitness Logs and Packets: Security analytics product overview

  Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats.Continue Reading

• The security ratings game grades third-party vendors

  Can security ratings services patterned on consumer credit scores offer insight into the security postures of third parties and other business partners?Continue Reading

• Blue Coat DLP: Data loss prevention product overview

  Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products.Continue Reading

• Blue Coat Security Analytics Platform: Product overview

  Expert Dan Sullivan takes a look at the Blue Coat Security Analytics Platform, which is designed to capture comprehensive network information and apply targeted security analytics.Continue Reading

• WinMagic SecureDoc: Full-disk encryption product overview

  Expert Karen Scarfone examines the features of WinMagic's SecureDoc, a full-disk encryption product for laptops, desktops, mobile devices and servers.Continue Reading

• Mojo AirTight WIPS overview

  Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks.Continue Reading

• Cybersecurity blind spots: Mitigating risks and vulnerabilities

  Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge.Continue Reading

• Aruba RFProtect WIPS: Product overview

  Expert Karen Scarfone examines the features of Aruba RFProtect, a wireless intrusion prevention system to detect and block WLAN attacks against enterprise networks.Continue Reading

• How CMMI models compare and map to the COBIT framework

  Following ISACA's recent acquisition of the CMMI Institute, expert Judith Myerson takes a closer look at COBIT and CMMI models and how they compare to one another.Continue Reading

• Cisco ASA with FirePOWER: NGFW product overview

  Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.Continue Reading

• Ransomware worm raises concerns for enterprise security

  In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.Continue Reading

• How can Kerberos protocol vulnerabilities be mitigated?

  Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.Continue Reading

• How does the banking Trojan Dyreza exploit Windows 10?

  A variant of banking Trojan Dyreza has begun to target Windows 10. Expert Nick Lewis explains the new attack functionalities, and Windows 10 and user vulnerabilities.Continue Reading

• Breaking down the DROWN attack and SSLv2 vulnerability

  A DROWN attack can occur through more than a third of all HTTPS connections. Expert Michael Cobb explains how DROWN enables man-in-the-middle attacks and mitigation steps to take.Continue Reading

• How does the M-Pesa service work and what are the risks?

  How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures.Continue Reading

• Symantec Desktop Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.Continue Reading

• What are the differences between active boards and passive boards?

  Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have.Continue Reading

• What's the difference between two-step verification and 2FA?

  The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains.Continue Reading

• What are the latest SEC Risk Alert findings?

  The latest SEC Risk Alert from the OCIE has important updates for financial services firms. Expert Mike Chapple reviews the report.Continue Reading

• What enterprises need to know about Internet traffic blocking

  Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic.Continue Reading

• Comparing the best network access control products

  Expert Rob Shapland takes a look at the best network access control products on the market today and examines the features and capabilities that distinguish the top vendors in this space.Continue Reading

• Comparing the top big data security analytics tools

  Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization.Continue Reading

• What privacy regulations should enterprises follow?

  The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.Continue Reading

• Comparing the top vulnerability management tools

  Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization.Continue Reading

• Windows 10 Wi-Fi Sense for hotspot sharing: Is it safe?

  Microsoft's Windows 10 Wi-Fi Sense was designed to make hotspot sharing easy, but experts debate if the security risks are real and whether the new feature offers substantial benefits and relative safety.Continue Reading

• How does the new voicemail phishing scam work?

  A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it.Continue Reading

• Is the FedRAMP certification making a difference?

  There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP.Continue Reading

• Fortinet FortiGate UTM: Product overview

  Expert Ed Tittel looks at Fortinet FortiGate UTM appliances, which combine different network infrastructure protection features into a single device.Continue Reading

• Cisco Meraki MX appliances: UTM product overview

  Expert Ed Tittel examines Cisco's Meraki MX UTM Appliances, a series of UTM products that combines various network security and protection features into a single device.Continue Reading

• Check Point UTM Threat Prevention Appliances: Product review

  Check Point UTM Threat Prevention Appliances are recognized by our reviewer as consistent software architectures that are easy to configure.Continue Reading

• Seven criteria for buying vulnerability management tools

  Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises.Continue Reading

• The business case for vulnerability management tools

  Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products.Continue Reading

• Introduction to vulnerability management tools

  Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers.Continue Reading

• Microsoft Device Guard tackles Windows 10 malware

  A new Microsoft security feature takes aim at Windows 10 malware. Expert Michael Cobb explains what enterprises should know about Device Guard.Continue Reading

• Should the RC4 cipher still be used in enterprises?

  A newly discovered attack can break the RC4 cipher and decrypt user cookies. Expert Michael Cobb explains the attack and the relevance of RC4 in enterprises today.Continue Reading

• Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview

  Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats.Continue Reading

• Proofpoint Enterprise Protection: Product overview

  Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats.Continue Reading

• How can software transplants fix bad code?

  Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology.Continue Reading

• McAfee Email Protection, Security for Email Servers: Product overview

  Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages.Continue Reading

• Clearswift SECURE Email Gateway: Product overview

  Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails.Continue Reading

• Fortinet FortiMail: Product overview

  Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization.Continue Reading

• Cisco Email Security Appliance: Product overview

  Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.Continue Reading

• WMI tools make the perfect crime 'malware-free'

  Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it?Continue Reading

• 'Going dark': Weighing the public safety costs of end-to-end encryption

  'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.Continue Reading

• What data breach notification policy should enterprises follow?

  A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.Continue Reading

• Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview

  Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.Continue Reading

• EMC RSA Security Analytics: SIEM product overview

  Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.Continue Reading

• AlienVault OSSIM: SIEM Product overview

  Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.Continue Reading

• Splunk Enterprise: SIEM product overview

  Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.Continue Reading

• SolarWinds Log and Event Manager: SIEM product overview

  Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.Continue Reading

• IBM Security QRadar: SIEM product overview

  Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.Continue Reading

• LogRhythm's Security Intelligence Platform: SIEM product overview

  Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.Continue Reading

• Can Google's Chrome extension policy improve Web security?

  The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.Continue Reading

• Comparing the best intrusion prevention systems

  Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.Continue Reading

• Comparing the top Web fraud detection systems

  Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.Continue Reading

• Readers’ top picks for enterprise firewalls

  The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.Continue Reading

• Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool

  Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.Continue Reading

• Three criteria for selecting the right IPS products

  Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.Continue Reading

• Vormetric Transparent Encryption: Product overview

  Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.Continue Reading

• HP Security Voltage's SecureData Enterprise: Product overview

  Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.Continue Reading

• Protegrity Database Protector: Database security tool overview

  Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.Continue Reading

• Oracle Advanced Security: Database security tool overview

  Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.Continue Reading

• McAfee Database Activity Monitoring: Database security tool overview

  Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.Continue Reading