Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Imperva SecureSphere: Database security tool overview

  Expert Ed Tittel examines Imperva SecureSphere Database Activity Monitoring and Database Assessment, products that are deployed as an inline bridge or as a lightweight agent to assess and monitor local database access. Continue Reading

• IBM Guardium: Database security tool overview

  Expert Ed Tittel examines IBM Guardium, a security product that offers continuous, real-time, policy-based monitoring of database activities. Continue Reading

• Enterprise benefits of network intrusion prevention systems

  Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies. Continue Reading

• Why did Anthem resist government vulnerability assessments?

  Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business. Continue Reading

• Is a security cloud service your best endpoint defense?

  Cloud technologies often have a bad reputation when it comes to security, but that may be unfair. Is the cloud the best answer for securing the endpoints in your enterprise? Continue Reading

• Comparing the best data loss prevention products

  Expert Bill Hayes examines the strengths and weaknesses of top-rated data loss prevention (DLP) products to help enterprises make the right purchasing decision.Continue Reading

• Can white-box cryptography save your apps?

  With the Internet of Things, software-based secure elements could hold the key.Continue Reading

• Choose the best vulnerability assessment tools

  This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings.Continue Reading

• Should security funds be dedicated to hiring or tools?

  Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools?Continue Reading

• How to deploy the right DLP products for the right jobs

  Expert Bill Hayes maps specific data loss prevention products to three deployment scenarios to better help readers make their own purchase decisions.Continue Reading

• The best SSL VPN products in the market

  SSL VPNs are essential for securing network connections and communications. Here's a look at the best SSL VPN products in the industry.Continue Reading

• Comparing the best Web application firewalls in the industry

  Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading

• Should the Netdump flaw deter enterprise ODL SDN use?

  The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may not want to pass on OpenDayligh just yet.Continue Reading

• Managed security service providers: Weighing the pros and cons

  Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing.Continue Reading

• Can a new encryption trick prevent reverse engineering?

  Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or HARES.Continue Reading

• Comparing the top database security tools

  Expert Ed Tittel examines the strengths and weaknesses of top-rated database security tools -- from database activity monitoring to transparent database encryption -- to help enterprises make the right purchasing decision.Continue Reading

• Comparing the top wireless intrusion prevention systems

  Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them.Continue Reading

• Is third-party access the next IAM frontier?

  Identity and access management of employees is so complex that many companies have faltered when it comes to securing programs for trusted partners.Continue Reading

• Comparing the best UTM products in the industry

  Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.Continue Reading

• PCI DSS 3.1 marks the end of SSL/early TLS encryption for retailers

  The early arrival of PCI DSS 3.1 could leave organizations scrambling. The biggest change to the standard -- and the top priority for organizations -- is the end of SSL and early TLS.Continue Reading

• Certificate authorities are limited but new TLS versions can help

  SSL/TLS, long the cornerstone of Web security, has become a security vulnerability due to problems with certificate authorities. Learn what solutions the industry is pursuing.Continue Reading

• Endpoint security tools: A buyer's guide

  Learn how to evaluate and buy the right endpoint security products for your organization with this antimalware buyer's guide.Continue Reading

• How UTM products can benefit your enterprise network environment

  Expert Ed Tittel explains why unified threat management is the right holistic IT security approach for SMBs and how it can fit into the enterprise, as well.Continue Reading

• Tips for creating a data classification policy

  Before deploying and implementing a data loss prevention product, enterprises should have an effective data classification policy in place. Expert Bill Hayes explains how that can be done.Continue Reading

• A new trend in cybersecurity regulations could mean tougher compliance

  State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for.Continue Reading

• Six criteria for buying data loss prevention products

  Expert Bill Hayes lays out six steps to take in order to buy the right data loss protection (DLP) products for your organization.Continue Reading

• Can simple photography beat biometric systems?

  Simple photography cracking biometric systems highlights the need for two-factor authentication in enterprises according to expert Randall Gamby.Continue Reading

• Network anomaly detection: The essential antimalware tool

  Traditional perimeter defenses are no longer enough; network anomaly detection tools are now essential in the battle against advanced malware.Continue Reading

• The business case for data loss prevention products

  Data loss prevention (DLP) can help any organization where the loss of sensitive information could seriously impact continued operation, explains Bill Hayes.Continue Reading

• Multifactor authentication: A buyer's guide to MFA products

  In this SearchSecurity buyer's guide, learn how to evaluate and procure the right multifactor authentication product for your organization.Continue Reading

• Introduction to unified threat management appliances

  Expert Ed Tittel describes unified threat management (UTM) appliances and features, and explains its advantages to organizations of all sizes.Continue Reading

• Comparing the top SSL VPN products

  Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.Continue Reading

• The three enterprise benefits of SSL VPN products

  Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations.Continue Reading

• Symantec Endpoint Encryption: Full disk encryption product overview

  Expert Karen Scarfone examines the features of Symantec Endpoint Encryption, a full disk encryption product for Windows laptops, desktops and servers.Continue Reading

• Sophos SafeGuard: Full disk encryption product overview

  Expert Karen Scarfone examines the features of Sophos SafeGuard, a full disk encryption product for laptops, desktops and servers.Continue Reading

• Microsoft BitLocker: Full disk encryption software overview

  Expert Karen Scarfone examines the features of BitLocker, Microsoft's native full disk encryption software for Windows laptops, desktops and servers.Continue Reading

• McAfee Complete Data Protection: Full disk encryption product overview

  Expert Karen Scarfone examines the features of McAfee Complete Data Protection, a full disk encryption product for securing client-side computers and servers.Continue Reading

• Dell Data Protection | Encryption: Full disk encryption product overview

  Expert Karen Scarfone examines the features of Dell Data Protection | Encryption, a full disk encryption product for securing client-side devices.Continue Reading

• Check Point Full Disk Encryption product overview

  Expert Karen Scarfone examines the features of Check Point Full Disk Encryption, an FDE product for securing client devices such as laptops and desktops.Continue Reading

• Apple FileVault 2: Full disk encryption software overview

  Expert Karen Scarfone examines the features of Apple's bundled full disk encryption software for Mac OS X, FileVault 2.Continue Reading

• The top full disk encryption products on the market today

  Full disk encryption can be a key component of an enterprise's desktop and laptop security strategy. Here's a look at some of the top FDE products in the industry.Continue Reading

• AWS security groups vs. traditional firewalls: What's the difference?

  AWS security groups provide network-based blocking mechanisms, much like traditional firewalls. Expert Dan Sullivan explains the differences between the two.Continue Reading

• The secrets of proper firewall maintenance and security testing techniques

  The Verizon 2015 PCI Compliance Report cited a lack of firewall maintenance and security testing as major causes for compliances breaches. Expert Kevin Beaver offers tips to successfully manage these tasks.Continue Reading

• New cyberthreats: Defending against the digital invasion

  The confluence of the Internet of Things and bring your own device may turn into a beachhead for attackers.Continue Reading

• Do HIPAA compliance requirements change during health crises?

  Outbreaks of Ebola caused widespread fear, but should enterprises be worried about the effect on HIPAA compliance requirements? Compliance expert Mike Chapple explains.Continue Reading

• What are the secrets to SIEM deployment success?

  Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation.Continue Reading

• Introduction to security analytics tools in the enterprise

  Expert Dan Sullivan explains how security analysis and analytics tools work, and how they provide enterprises with valuable information about impending attacks or threats.Continue Reading

• Is the CISO job description getting out of hand?

  CISO roles and responsibilities are built on impossible standards and unrealistic expecations. Expert Joseph Granneman explains this trend and why enterprises need to reverse it.Continue Reading

• Four questions to ask before buying a Web application firewall

  Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.Continue Reading

• What Apple Pay tokenization means for PCI DSS compliance

  Tokenization is a key technology underlying Apple Pay, promising to boost payment data security. Mike Chapple examines how Apple Pay's tokenization system works, and whether it will provide any PCI DSS compliance relief.Continue Reading

• Introduction to wireless intrusion prevention systems in the enterprise

  Expert contributor George V. Hulme explains how wireless intrusion prevention systems (WIPS) protect enterprise networks from attacks and prying eyes.Continue Reading

• Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso

  There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.Continue Reading

• What to look for in threat intelligence services

  Acquiring access to threat intelligence services is a relatively easy way to improve the quality of attack detection throughout the network security infrastructure of your enterprise. A threat intelligence service identifies the IP addresses, ...Continue Reading

• Final five considerations when evaluating intrusion detection tools

  Before making an investment in an intrusion detection and prevention system, be sure to read this list of five final considerations to keep in mind during intrusion detection system evaluation.Continue Reading

• Introduction to intrusion detection and prevention technologies

  Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important.Continue Reading

• Evaluating enterprise intrusion detection system vendors

  Selecting an intrusion detection and prevention system vendor can be a time-consuming task. Get help evaluating vendors and products with this list of must-ask questions. Plus, a comprehensive vendor list.Continue Reading

• Business-use scenarios for a Web application firewall deployment

  Web application firewalls can be a critical security layer for many companies. Expert Brad Causey explains when and how to deploy a WAF in the enterprise.Continue Reading

• What the Community Health Systems breach can teach your organization

  The Community Health Systems breach in 2014 provided a learning opportunity for organizations handling PHI. Expert Mike Chapple reviews the key takeaways from the breach.Continue Reading

• Introduction to Web application firewalls in the enterprise

  Expert Brad Causey takes a close look at Web application firewalls, explains how WAF technology can prevent Internet-based attacks from known and unknown applications threats, and offers advice on WAF management and deployment.Continue Reading

• Benefits of the Cisco OpenSOC security analytics framework

  Cisco's open source security analytics framework aims to help enterprises address visibility and incident management challenges. Expert Kevin Beaver discusses OpenSOC and what to consider when integrating it into an enterprise security strategy.Continue Reading

• How emerging threat intelligence tools affect network security

  Up and coming threat intelligence tools aim to improve data security and even standardize threat intelligence across the industry. Expert Kevin Beaver explains how.Continue Reading

• The top multifactor authentication products

  Multifactor authentication can be a critical component of an enterprise security strategy. Here's a look at the top MFA products in the industry.Continue Reading

• The importance of email encryption software in the enterprise

  Expert Karen Scarfone explains how email encryption software protects messages and attachments from malfeasance.Continue Reading

• The POODLE vulnerability and its effect on SSL/TLS security

  The POODLE vulnerability was patched in October, yet new vulnerabilities are causing concern. Expert Michael Cobb discusses how to maintain SSL/TLS security in the enterprise.Continue Reading

• Lessons learned: Network security implications of Shellshock

  Shellshock had a tremendous impact on network security, affecting many popular vendors and products. Expert Kevin Beaver discusses what Shellshock means to network security, and the lessons that can be learned from the vulnerability.Continue Reading

• What is endpoint security? What benefits does it offer?

  The increased number of smartphones, laptops and other endpoints in the enterprise is a major security concern. Learn what endpoint security is and how it can help combat your enterprise security woes.Continue Reading

• Detecting backdoors: The Apple backdoor that never was?

  The debate over the purported Apple backdoor leaves enterprises asking, "When is a backdoor not a backdoor?" Application security expert Michael Cobb explains the difference.Continue Reading

• The fundamentals of FDE: Comparing the top full disk encryption products

  Expert Karen Scarfone examines the top full disk encryption products to determine which one may be best for your organization.Continue Reading

• Can setting a cache-control header improve application data security?

  Application security expert Michael Cobb reviews the cache-control header codes that can help prevent a Web application from storing sensitive data.Continue Reading

• Are LibreSSL and BoringSSL safe OpenSSL alternatives?

  Since the revelation of the Heartbleed flaw, OpenSSL security has been put into question. Expert Michael Cobb discusses whether LibreSSL and BoringSSL could serve as OpenSSL alternatives.Continue Reading

• The fundamentals of FDE: Procuring full-disk encryption software

  Expert Karen Scarfone examines the most important criteria for evaluating full disk encryption options for deployment within an enterprise.Continue Reading

• The fundamentals of FDE: The business case for full disk encryption

  Expert Karen Scarfone outlines the benefits of FDE to help businesses decide if the storage encryption technology is right for their organization.Continue Reading

• How can vishing attacks be prevented?

  Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.Continue Reading

• How vulnerable is Silverlight security?

  Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it.Continue Reading

• Inside the four main elements of DLP tools

  Security expert Rich Mogull outlines the four elements of a DLP tool: the central management server, network monitoring, storage and endpoint DLP.Continue Reading

• CISSP quiz: System architecture, security models, system evaluation

  Test your knowledge of the CISSP exam's Security Architecture and Design domain by taking this practice quiz that covers topics including system architecture, security models and more.Continue Reading

• SHA-2 algorithm: The how and why of the transition

  Is it time to make the move to the SHA-2 algorithm? Application security expert Michael Cobb discusses and offers tips to ease the transition.Continue Reading

• Evaluating next-gen firewall vendors: Top 11 must-ask questions

  Evaluating potential firewall vendors and choosing the one that best aligns with your enterprise's needs can be a tricky task. This tip offers 11 questions any organization should ask vendors prior to making a firewall purchase.Continue Reading

• FAQ: Were executives held accountable after the Target data breach?

  Target Corp. has made major executive changes in the months following its massive 2013 data breach as the company strives to reassure customers and rework digital information security processes.Continue Reading

• The NoSQL challenge: What's in store for big data and security

  Big data offers horizontal scalability, but how do you get your database security to scale along with it?Continue Reading

• Product review: Juniper Networks SRX Series UTM appliances

  The market-leading Juniper Networks SRX Series of UTM boxes are feature-rich products that may cause implementation headaches.Continue Reading

• NIST cybersecurity framework: Assessing the strengths and weaknesses

  Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved.Continue Reading

• NSA TAO: What Tailored Access Operations unit means for enterprises

  The NSA's top-secret Tailored Access Operations offensive hacking unit offers enterprise defense strategy lessons. Expert Nick Lewis discusses.Continue Reading

• How Cisco's 'Application Centric Infrastructure' differs from SDN

  As Cisco rolls out a hardware-based alternative to software-defined networking approaches, what does it all mean for security?Continue Reading

• Authentication caching: How it reduces enterprise network congestion

  Michael Cobb explores the pros and cons of authentication caching and whether the practice can truly calm network strain.Continue Reading

• Amid Microsoft MD5 deprecation, experts warn against SHA-1 algorithm

  With Microsoft's MD5 deprecation set for next week, experts say companies must be careful to avoid other weak protocols, like SHA-1.Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.Continue Reading

• Return on security investment: The risky business of probability

  You are better off with real numbers when it comes to measuring probability and the elements of security risk, even if they are wrong.Continue Reading

• Use John the Ripper to test network devices against brute forcing

  Enterprise IT security organizations should test network devices using John the Ripper to ensure they are not susceptible to brute-force attacks.Continue Reading

• PCI DSS version 3.0: The five most important changes for merchants

  PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later.Continue Reading

• Third-party risk management: Horror stories? You are not alone

  The majority of breaches occur as the result of third parties. MacDonnell Ulsch advises companies to safeguard third-party management agreements.Continue Reading

• Managing big data privacy concerns: Tactics for proactive enterprises

  The growing use of big data analytics has created big data privacy concerns, yet viable tactics exist for proactive enterprises to help companies get smarter while keeping consumers happy.Continue Reading

• Antivirus evasion techniques show ease in avoiding antivirus detection

  In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.Continue Reading

• Outsourcing security services in the enterprise: Where to begin

  Outsourcing security services doesn’t have to mean moving to the cloud. Enterprises have many options for outsourcing security services, including managed and hosted services.Continue Reading

• The Huawei security risk: Factors to consider before buying Chinese IT

  Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.Continue Reading

• Thirteen principles to ensure enterprise system security

  Designing sound enterprise system security is possible by following Gary McGraw's 13 principles, many of which have held true for decades.Continue Reading

• Protecting Intellectual Property: Best Practices

  Organizations need to implement best practices to protect their trade secrets from both internal and external threats.Continue Reading

• Metasploit Review: Ten Years Later, Are We Any More Secure?

  Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers.Continue Reading

• UTM for the enterprise

  Unified threat management isn’t just for the SMB market anymore.Continue Reading

• Information Security Magazine: FEBRUARY 2012

  Learn about the latest malware threats targeting enterprises and what you can do to reduce the risk of infection.Continue Reading