Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Enterprise SSO: The promise and the challenges ahead
It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well. Continue Reading
Pulse Connect Secure offers a variety of authentication options
Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels. Continue Reading
SonicWALL SSL VPN provides security for organizations of any size
The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features. Continue Reading
-
What effect does a federal CISO have on government cybersecurity?
The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture. Continue Reading
RSA Data Loss Prevention Suite: Product overview
Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services. Continue Reading
Cisco IOS SSL VPN offers security through internet routers
Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading
How a single ICMPv6 packet can cause a denial-of-service attack
Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading
Attack by TIFF images: What are the vulnerabilities in LibTIFF?
Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading
Risk & Repeat: Does the Amazon S3 outage raise security flags?
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading
How can the Dirty COW vulnerability be used to attack Android devices?
A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading
-
SHA-1 certificates: How will Mozilla's deprecation affect enterprises?
Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading
Ransomware costs not limited to ransoms, research shows
The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.Continue Reading
Ransomware prevention tools to win the fight
Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading
What are the pros and cons of hiring a virtual CISO?
A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading
What global threat intelligence can and can't do for security programs
Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading
Risk & Repeat: Pentagon cybersecurity under fire
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading
Big data frameworks: Making their use in enterprises more secure
Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading
FIDO authentication standard could signal the passing of passwords
The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading
How to buy digital certificates for your enterprise
In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.Continue Reading
What new NIST password recommendations should enterprises adopt?
NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.Continue Reading
What should happen after an employee clicks on a malicious link?
The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.Continue Reading
DNS Security: Defending the Domain Name System
In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.Continue Reading
Digital Guardian for Data Loss Prevention: Product overview
Expert Bill Hayes examines Digital Guardian for Data Loss Prevention and more of the vendor's DLP product lineup, which cover data in use, data in transit and data in the cloud.Continue Reading
CA Technologies Data Protection: DLP product overview
Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.Continue Reading
How can users protect mobile devices from SandJacking attacks?
Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.Continue Reading
Tripwire IP360: Vulnerability management product overview
Expert Ed Tittel examines vulnerability management products from Tripwire, including the rack-mounted IP360 appliance and the cloud- based PureCloud Enterprise service.Continue Reading
Tenable Nessus Vulnerability Scanner: Product overview
Expert Ed Tittel examines the Nessus vulnerability scanner series from Tenable Network Security, which includes client, cloud and on-premises vulnerability management products.Continue Reading
Cloud DDoS protection: What enterprises need to know
DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading
Rapid7 Nexpose: Vulnerability management product overview
Ed Tittel examines Rapid7 Nexpose, a vulnerability management product for physical, virtual, cloud and mobile environments that discovers assets and scans for vulnerabilities.Continue Reading
Qualys Vulnerability Management: Product overview
Expert Ed Tittel examines Qualys Vulnerability Management, a product for organizations of all sizes that is designed to help admins identify, monitor and mitigate vulnerabilities.Continue Reading
Can an HTML5 document with a digital signature be authenticated?
A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.Continue Reading
Splunk Enterprise Security: Product overview
Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events.Continue Reading
How would a cyberattack information database affect companies?
A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies.Continue Reading
Choosing the best web fraud detection system for your company
This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company.Continue Reading
How can security automation tools keep organizations protected?
Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.Continue Reading
Wireless intrusion prevention systems: A buyer's guide
In this SearchSecurity buyer's guide, learn why it's important to have a wireless intrusion prevention system to protect your Wi-Fi networks and how to pick the right WIPS product.Continue Reading
Are new cybersecurity products the best investment for enterprises?
Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.Continue Reading
RSA NetWitness Logs and Packets: Security analytics product overview
Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats.Continue Reading
The security ratings game grades third-party vendors
Can security ratings services patterned on consumer credit scores offer insight into the security postures of third parties and other business partners?Continue Reading
Blue Coat DLP: Data loss prevention product overview
Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products.Continue Reading
Blue Coat Security Analytics Platform: Product overview
Expert Dan Sullivan takes a look at the Blue Coat Security Analytics Platform, which is designed to capture comprehensive network information and apply targeted security analytics.Continue Reading
WinMagic SecureDoc: Full-disk encryption product overview
Expert Karen Scarfone examines the features of WinMagic's SecureDoc, a full-disk encryption product for laptops, desktops, mobile devices and servers.Continue Reading
Mojo AirTight WIPS overview
Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks.Continue Reading
Cybersecurity blind spots: Mitigating risks and vulnerabilities
Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge.Continue Reading
Aruba RFProtect WIPS: Product overview
Expert Karen Scarfone examines the features of Aruba RFProtect, a wireless intrusion prevention system to detect and block WLAN attacks against enterprise networks.Continue Reading
How CMMI models compare and map to the COBIT framework
Following ISACA's recent acquisition of the CMMI Institute, expert Judith Myerson takes a closer look at COBIT and CMMI models and how they compare to one another.Continue Reading
Cisco ASA with FirePOWER: NGFW product overview
Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.Continue Reading
Ransomware worm raises concerns for enterprise security
In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.Continue Reading
How can Kerberos protocol vulnerabilities be mitigated?
Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.Continue Reading
How does the banking Trojan Dyreza exploit Windows 10?
A variant of banking Trojan Dyreza has begun to target Windows 10. Expert Nick Lewis explains the new attack functionalities, and Windows 10 and user vulnerabilities.Continue Reading
Breaking down the DROWN attack and SSLv2 vulnerability
A DROWN attack can occur through more than a third of all HTTPS connections. Expert Michael Cobb explains how DROWN enables man-in-the-middle attacks and mitigation steps to take.Continue Reading
How does the M-Pesa service work and what are the risks?
How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures.Continue Reading
Symantec Desktop Email Encryption: Product overview
Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.Continue Reading
What are the differences between active boards and passive boards?
Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have.Continue Reading
What's the difference between two-step verification and 2FA?
The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains.Continue Reading
What are the latest SEC Risk Alert findings?
The latest SEC Risk Alert from the OCIE has important updates for financial services firms. Expert Mike Chapple reviews the report.Continue Reading
What enterprises need to know about Internet traffic blocking
Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic.Continue Reading
Comparing the best network access control products
Expert Rob Shapland takes a look at the best network access control products on the market today and examines the features and capabilities that distinguish the top vendors in this space.Continue Reading
Comparing the top big data security analytics tools
Expert Dan Sullivan compares how the top-rated big data security analytics tools measure up against each other to help you select the right one for your organization.Continue Reading
What privacy regulations should enterprises follow?
The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.Continue Reading
Comparing the top vulnerability management tools
Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization.Continue Reading
Windows 10 Wi-Fi Sense for hotspot sharing: Is it safe?
Microsoft's Windows 10 Wi-Fi Sense was designed to make hotspot sharing easy, but experts debate if the security risks are real and whether the new feature offers substantial benefits and relative safety.Continue Reading
How does the new voicemail phishing scam work?
A new phishing scam uses voicemail notification emails to spread malware. Expert Nick Lewis explains how this attack works and how enterprises can prevent it.Continue Reading
Is the FedRAMP certification making a difference?
There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP.Continue Reading
Fortinet FortiGate UTM: Product overview
Expert Ed Tittel looks at Fortinet FortiGate UTM appliances, which combine different network infrastructure protection features into a single device.Continue Reading
Cisco Meraki MX appliances: UTM product overview
Expert Ed Tittel examines Cisco's Meraki MX UTM Appliances, a series of UTM products that combines various network security and protection features into a single device.Continue Reading
Check Point UTM Threat Prevention Appliances: Product review
Check Point UTM Threat Prevention Appliances are recognized by our reviewer as consistent software architectures that are easy to configure.Continue Reading
Seven criteria for buying vulnerability management tools
Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises.Continue Reading
The business case for vulnerability management tools
Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products.Continue Reading
Introduction to vulnerability management tools
Expert Ed Tittel explores how vulnerability management tools can help organizations of all sizes uncover defense weaknesses and close security gaps before they are exploited by attackers.Continue Reading
Microsoft Device Guard tackles Windows 10 malware
A new Microsoft security feature takes aim at Windows 10 malware. Expert Michael Cobb explains what enterprises should know about Device Guard.Continue Reading
Should the RC4 cipher still be used in enterprises?
A newly discovered attack can break the RC4 cipher and decrypt user cookies. Expert Michael Cobb explains the attack and the relevance of RC4 in enterprises today.Continue Reading
Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview
Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats.Continue Reading
Proofpoint Enterprise Protection: Product overview
Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats.Continue Reading
How can software transplants fix bad code?
Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology.Continue Reading
McAfee Email Protection, Security for Email Servers: Product overview
Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages.Continue Reading
Clearswift SECURE Email Gateway: Product overview
Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails.Continue Reading
Fortinet FortiMail: Product overview
Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization.Continue Reading
Cisco Email Security Appliance: Product overview
Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats.Continue Reading
WMI tools make the perfect crime 'malware-free'
Security researchers claim that attackers are abusing a longstanding administrative tool in the Windows operating system. With no telltale signs of malware, how can you stop it?Continue Reading
'Going dark': Weighing the public safety costs of end-to-end encryption
'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data.Continue Reading
What data breach notification policy should enterprises follow?
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices.Continue Reading
Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview
Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data.Continue Reading
EMC RSA Security Analytics: SIEM product overview
Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise.Continue Reading
AlienVault OSSIM: SIEM Product overview
Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization.Continue Reading
Splunk Enterprise: SIEM product overview
Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity.Continue Reading
SolarWinds Log and Event Manager: SIEM product overview
Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity.Continue Reading
IBM Security QRadar: SIEM product overview
Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data.Continue Reading
LogRhythm's Security Intelligence Platform: SIEM product overview
Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data.Continue Reading
Can Google's Chrome extension policy improve Web security?
The updated Chrome extension policy allows users and developers to only install extensions from the Chrome Web Store. Learn how this affects security and enterprise apps.Continue Reading
Comparing the best intrusion prevention systems
Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization.Continue Reading
Comparing the top Web fraud detection systems
Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.Continue Reading
Readers’ top picks for enterprise firewalls
The companies and key functionality organizations seek out when they upgrade or add firewall technology to their enterprise environments.Continue Reading
Secure Hash Algorithm-3: How SHA-3 is a next-gen security tool
Expert Michael Cobb details the changes in SHA-3, including how it differs from its predecessors and the additional security it offers, and what steps enterprises should take.Continue Reading
Three criteria for selecting the right IPS products
Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization.Continue Reading
Vormetric Transparent Encryption: Product overview
Expert Ed Tittel takes a look at Vormetric Transparent Encryption, a component of Vormetric's Data Security Platform that encrypts data and does access control for that data.Continue Reading
HP Security Voltage's SecureData Enterprise: Product overview
Expert Ed Tittel examines SecureData Enterprise, which is a part of the HP Security Voltage platform, a scalable database security product that encrypts both structured and unstructured data, tokenizing data to prevent viewing and more.Continue Reading
Protegrity Database Protector: Database security tool overview
Expert Ed Tittel examines Protegrity Database Protector, a database security add-on product that provides column- and field-level protection of confidential and sensitive data stored in nearly any type of relational database.Continue Reading
Oracle Advanced Security: Database security tool overview
Expert Ed Tittel examines Oracle Advanced Security, a database security add-on product with transparent data encryption (TDE) and data redaction features.Continue Reading
McAfee Database Activity Monitoring: Database security tool overview
Expert Ed Tittel takes a look at McAfee Database Activity Monitoring and McAfee Vulnerability Manager for Databases to see how they protect enterprises' databases and corporate data.Continue Reading