Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• The digital certificate: How it works, which to buy

  This expert guide on the digital certificate provides essential information to what can be a complex purchase. Learn about the options and how to find the best for one for your network. Continue Reading

• Select the best patch management software for your company

  Patch management software enables businesses to prioritize and automatically update systems so that their assets remain secure. See which best fits your infosec strategy. Continue Reading

• Patch management tool comparison: What are the best products?

  With so many different vendors in the market, it isn't easy to pick the right patch management tool. Read this product comparison to see which is best for your company. Continue Reading

• What breach detection systems are best for corporate defenses?

  A system breach is inevitable, and BDS products provide a valuable means of detection. But a strategy that blends both defense and offense is the best approach to security. Continue Reading

• Use a web app firewall to halt app attacks

  As the demands on web application firewalls grow, the available WAF features are also expanding. What do you need to know to evaluate the tools vendors offer? Continue Reading

• To secure Office 365, take advantage of controls Microsoft offers

  Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers.Continue Reading

• Office 365 security features: As good as it gets?

  Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite.Continue Reading

• Address Office 365 security concerns while enjoying its benefits

  Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront.Continue Reading

• Know why patch management tools are required in the IT infrastructure

  Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses.Continue Reading

• How does Facebook's Delegated Recovery enable account verification?

  Facebook's Delegated Recovery aims to replace knowledge-based authentication with third-party account verification. Expert Michael Cobb explains how this protocol works.Continue Reading

• How mobile application assessments can boost enterprise security

  Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments.Continue Reading

• Cloud access security brokers: Hard to tell what's real

  Most cloud access security brokers offer CISOs a way to set policy and gain better understanding of multiple cloud services and data in use across the enterprise. As CASBs have gained momentum in recent years, use cases for them have expanded. Do ...Continue Reading

• Wendy Nather: 'We're on a trajectory for profound change'

  This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.Continue Reading

• Report: Threat hunting is more SOC than intel

  Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements.Continue Reading

• Experian's Tom King tackles role of CISO from the ground up

  An early career as a geologist helped the veteran financial services CISO thrive in the security field. The CISO role is now broader than technical functions, he says.Continue Reading

• How does a privacy impact assessment affect enterprise security?

  A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments.Continue Reading

• Using threat intelligence tools to prevent attacks on your enterprise

  Using threat intelligence tools can help your enterprise stay one step ahead of attackers and possible threats. Learn how threat intelligence can be used in your company.Continue Reading

• Trustwave Data Loss Prevention: Product overview

  Expert Bill Hayes examines Trustwave Data Loss Prevention and how the product addresses data at rest, endpoint data in use and network data in transit for enterprises.Continue Reading

• Learn what breach detection system is best for your network

  Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs.Continue Reading

• Okta Adaptive MFA gives companies flexible authentication

  Okta Adaptive MFA offers businesses a range of flexible authentication methods that use different contexts to determine which factors provide users with access.Continue Reading

• RSA Authentication Manager offers a variety of authentication methods

  With authentication methods ranging from risk-based to tokens, RSA Authentication Manager gives companies a number of ways to employ multifactor authentication.Continue Reading

• Summing up Symantec VIP Service, a multifactor authentication tool

  Expert David Strom looks at the Symantec VIP multifactor authentication product and how it can benefit enterprise security.Continue Reading

• An in-depth look at Gemalto's SafeNet Authentication Service

  Expert David Strom provides an in-depth look at Gemalto's SafeNet Authentication Service, a SaaS-based multifactor authentication product for boosting login security.Continue Reading

• SecureAuth IdP: An overview of its multifactor authentication ability

  Expert David Strom looks at how SecureAuth IdP uniquely combines multifactor authentication and single sign-on login capabilities in a single product.Continue Reading

• Timeline: Symantec certificate authority improprieties

  Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.Continue Reading

• Applying the new FDA medical device guidance to infosec programs

  New FDA medical device guidance demonstrates the need for better cybersecurity during manufacturing and use. Expert Nick Lewis explains how enterprises can use the recommendations.Continue Reading

• VASCO IDENTIKEY Authentication Server and a look at its key features

  Expert David Strom takes a closer look at VASCO's IDENTIKEY Authentication Server, one of the leading multifactor authentication products on the market.Continue Reading

• Should the Vulnerabilities Equities Process be codified into law?

  The Vulnerabilities Equities Process is a controversial subject. Expert Matthew Pascucci looks at the arguments for and against codifying it into law.Continue Reading

• How effective is geofencing technology as a security method?

  Geofencing technology is increasingly being used as a security tactic, such as to control access to servers with DNS settings. Expert Michael Cobb explains how it works.Continue Reading

• ISAOs: The benefits of sharing security information

  ISAOs are a good way for organizations to share information about security threats. Expert Steven Weil explains what these organizations are and their attributes.Continue Reading

• Mobile endpoint security: What enterprise infosec pros must know now

  Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats.Continue Reading

• Same-origin policy: How did Adobe Flash Player's implementation fail?

  The same-origin security feature in Adobe Flash Player was implemented incorrectly, allowing local attackers to spy on users. Expert Michael Cobb explains how this flaw occurred.Continue Reading

• Cybersecurity careers soar with security leadership skills

  Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading

• How does an active defense system benefit enterprise security?

  Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options.Continue Reading

• Reviewing the threat intelligence features of VeriSign iDefense

  Expert Ed Tittel looks at VeriSign iDefense threat intelligence service for providing actionable, contextual data about today's top IT threats to organizations.Continue Reading

• Threat Intelligence service overview of Infoblox ActiveTrust

  Expert Ed Tittel looks at the features and capabilities of the Infoblox ActiveTrust threat intelligence service for providing data on the top IT threats to organizations.Continue Reading

• Detailing the features of LookingGlass Cyber Threat Center

  Expert Ed Tittel looks at the LookingGlass Cyber Threat Center service for providing organizations with intelligence on today's top IT threats.Continue Reading

• RSA NetWitness Suite and its threat intelligence capabilities

  Expert Ed Tittel examines the RSA NetWitness Suite threat intelligence platform, which offers network forensic and analytics tools for investigating incidents and analyzing data.Continue Reading

• Incorporating user behavior analytics into enterprise security programs

  User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities.Continue Reading

• Five criteria for purchasing from threat intelligence providers

  Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs.Continue Reading

• User behavior analytics: Building a business case for enterprises

  User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology.Continue Reading

• MSSPs add advanced threats as managed security services gain hold

  Skill shortages and budget constraints have lead some companies to adopt a hybrid approach to managed security. Is it time for CISOs to start looking for 'expertise as a service'?Continue Reading

• Google Cloud KMS: What are the security benefits?

  Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.Continue Reading

• DLP systems: Spotting weaknesses and improving management

  DLP systems are becoming a necessity, but their weaknesses need to be tightened to ensure enterprise asset security. Expert Kevin Beaver explains what areas to focus on.Continue Reading

• Single sign-on service requires a cloud-era update

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other approaches, more effective.Continue Reading

• How do identity governance and access management systems differ?

  Identity governance and access management systems overlap naturally, but they are still distinct. Expert Matthew Pascucci explains the difference between these two aspects of IAM.Continue Reading

• The best SSO for enterprises must be cloud and mobile capable

  The best SSO today can handle the apps mobile workers use, identity as a service and more. Learn to make single sign-on, and other identity management approaches, more effective.Continue Reading

• Enterprise SSO: The promise and the challenges ahead

  It was inevitable that enterprise SSO would encounter the cloud. Learn how to adjust your company's approach to single sign-on so it keeps working well.Continue Reading

• Pulse Connect Secure offers a variety of authentication options

  Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels.Continue Reading

• SonicWALL SSL VPN provides security for organizations of any size

  The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features.Continue Reading

• What effect does a federal CISO have on government cybersecurity?

  The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture.Continue Reading

• RSA Data Loss Prevention Suite: Product overview

  Expert Bill Hayes examines the RSA Data Loss Prevention Suite, which covers data in use, in transit and at rest for corporate networks, mobile devices and cloud services.Continue Reading

• Cisco IOS SSL VPN offers security through internet routers

  Expert Karen Scarfone outlines the features of the Cisco IOS SSL VPN and explains how it secures enterprise communications.Continue Reading

• How a single ICMPv6 packet can cause a denial-of-service attack

  Expert Fernando Gont explains how Internet Control Message Protocol version 6 can be used by threat actors to stage a simple, yet effective, denial-of-service attack.Continue Reading

• Attack by TIFF images: What are the vulnerabilities in LibTIFF?

  Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• Risk & Repeat: Does the Amazon S3 outage raise security flags?

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the recent Amazon Simple Storage Service outage and why the incident may have security implications.Continue Reading

• How can the Dirty COW vulnerability be used to attack Android devices?

  A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack.Continue Reading

• SHA-1 certificates: How will Mozilla's deprecation affect enterprises?

  Mozilla browser users will encounter 'untrusted connection' errors if they use SHA-1 signed certificates. Expert Michael Cobb explains why, and what enterprises can do.Continue Reading

• Ransomware prevention tools to win the fight

  Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns.Continue Reading

• What are the pros and cons of hiring a virtual CISO?

  A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons.Continue Reading

• What global threat intelligence can and can't do for security programs

  Global threat intelligence is a valuable complement to a company's security program, but it can't replace security measures like training and internally collected data.Continue Reading

• Risk & Repeat: Pentagon cybersecurity under fire

  In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss Pentagon cybersecurity amid reports of misconfigured servers at the U.S. Department of Defense.Continue Reading

• Big data frameworks: Making their use in enterprises more secure

  Many enterprises apply big data techniques to their security systems. But are these methods secure? Expert John Burke explains some of the efforts to secure big data analysis.Continue Reading

• FIDO authentication standard could signal the passing of passwords

  The FIDO authentication standard could eventually bypass passwords, or at least augment them, as government and industry turns to more effective authentication technologies.Continue Reading

• How to buy digital certificates for your enterprise

  In the market to buy digital certificates? Learn exactly how digital certificates work, which features are key and how to evaluate the available options on the market.Continue Reading

• What new NIST password recommendations should enterprises adopt?

  NIST is coming up with new password recommendations for the U.S. government. Expert Michael Cobb covers the most important changes that enterprises should note.Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.Continue Reading

• Digital Guardian for Data Loss Prevention: Product overview

  Expert Bill Hayes examines Digital Guardian for Data Loss Prevention and more of the vendor's DLP product lineup, which cover data in use, data in transit and data in the cloud.Continue Reading

• CA Technologies Data Protection: DLP product overview

  Expert Bill Hayes examines CA Technologies Data Protection, a data loss prevention suite designed to protect data at rest, in transit and in use across enterprise devices, networks and cloud services.Continue Reading

• How can users protect mobile devices from SandJacking attacks?

  Attackers can use the SandJacking attack to access sandboxed data on iOS devices. Expert Nick Lewis explains how to protect your enterprise from this attack.Continue Reading

• Tripwire IP360: Vulnerability management product overview

  Expert Ed Tittel examines vulnerability management products from Tripwire, including the rack-mounted IP360 appliance and the cloud- based PureCloud Enterprise service.Continue Reading

• Tenable Nessus Vulnerability Scanner: Product overview

  Expert Ed Tittel examines the Nessus vulnerability scanner series from Tenable Network Security, which includes client, cloud and on-premises vulnerability management products.Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading

• Rapid7 Nexpose: Vulnerability management product overview

  Ed Tittel examines Rapid7 Nexpose, a vulnerability management product for physical, virtual, cloud and mobile environments that discovers assets and scans for vulnerabilities.Continue Reading

• Qualys Vulnerability Management: Product overview

  Expert Ed Tittel examines Qualys Vulnerability Management, a product for organizations of all sizes that is designed to help admins identify, monitor and mitigate vulnerabilities.Continue Reading

• Can an HTML5 document with a digital signature be authenticated?

  A digital signature on an HTML5 document cannot be authenticated the same way a PDF can. Expert Michael Cobb explains how enterprises should address this issue.Continue Reading

• Splunk Enterprise Security: Product overview

  Expert Dan Sullivan explores how Splunk Enterprise Security uses big data security analytics to incorporate multiple methods of data integration to identify malicious events.Continue Reading

• How would a cyberattack information database affect companies?

  A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies.Continue Reading

• Choosing the best web fraud detection system for your company

  This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company.Continue Reading

• How can security automation tools keep organizations protected?

  Sometimes security teams fall into 'set and forget' habits with security automation. Expert Mike O. Villegas explains how to take advantage of automation while staying secure.Continue Reading

• Wireless intrusion prevention systems: A buyer's guide

  In this SearchSecurity buyer's guide, learn why it's important to have a wireless intrusion prevention system to protect your Wi-Fi networks and how to pick the right WIPS product.Continue Reading

• Are new cybersecurity products the best investment for enterprises?

  Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new.Continue Reading

• RSA NetWitness Logs and Packets: Security analytics product overview

  Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats.Continue Reading

• The security ratings game grades third-party vendors

  Can security ratings services patterned on consumer credit scores offer insight into the security postures of third parties and other business partners?Continue Reading

• Blue Coat DLP: Data loss prevention product overview

  Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products.Continue Reading

• Blue Coat Security Analytics Platform: Product overview

  Expert Dan Sullivan takes a look at the Blue Coat Security Analytics Platform, which is designed to capture comprehensive network information and apply targeted security analytics.Continue Reading

• WinMagic SecureDoc: Full-disk encryption product overview

  Expert Karen Scarfone examines the features of WinMagic's SecureDoc, a full-disk encryption product for laptops, desktops, mobile devices and servers.Continue Reading

• Mojo AirTight WIPS overview

  Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks.Continue Reading

• Cybersecurity blind spots: Mitigating risks and vulnerabilities

  Cybersecurity blind spots based in risk and vulnerabilities can be difficult to spot and address. Sean Martin talks with security experts on how to overcome that challenge.Continue Reading

• Aruba RFProtect WIPS: Product overview

  Expert Karen Scarfone examines the features of Aruba RFProtect, a wireless intrusion prevention system to detect and block WLAN attacks against enterprise networks.Continue Reading

• How CMMI models compare and map to the COBIT framework

  Following ISACA's recent acquisition of the CMMI Institute, expert Judith Myerson takes a closer look at COBIT and CMMI models and how they compare to one another.Continue Reading

• Cisco ASA with FirePOWER: NGFW product overview

  Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.Continue Reading

• Ransomware worm raises concerns for enterprise security

  In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.Continue Reading

• How can Kerberos protocol vulnerabilities be mitigated?

  Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.Continue Reading

• How does the banking Trojan Dyreza exploit Windows 10?

  A variant of banking Trojan Dyreza has begun to target Windows 10. Expert Nick Lewis explains the new attack functionalities, and Windows 10 and user vulnerabilities.Continue Reading

• Breaking down the DROWN attack and SSLv2 vulnerability

  A DROWN attack can occur through more than a third of all HTTPS connections. Expert Michael Cobb explains how DROWN enables man-in-the-middle attacks and mitigation steps to take.Continue Reading

• How does the M-Pesa service work and what are the risks?

  How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures.Continue Reading

• Symantec Desktop Email Encryption: Product overview

  Expert contributor Karen Scarfone examines Symantec Desktop Email Encryption, a tool for encrypting email messages for individuals within the enterprise.Continue Reading

• What are the differences between active boards and passive boards?

  Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have.Continue Reading