Get started

Get started

Bring yourself up to speed with our introductory content.

• How does the Amazon GuardDuty threat detection service work?

  At the 2017 re:Invent conference, Amazon announced their latest threat detection product: Amazon GuardDuty. Learn how this service works and what sets it apart from other products. Continue Reading

• CISSP Domain 8: Software development security explained

  If you're studying for the CISSP exam, don't miss this special Security School on Domain 8. Review important concepts in software development security and sharpen your skills. Continue Reading

• Domain 8: Security in software development lifecycle quiz

  Understanding the ins and outs of the software development lifecycle is pivotal to passing Domain 8 of the CISSP exam. Are you ready? Find out with this practice quiz. Continue Reading

• CISSP Domain 7: Security operations

  Learn about important cybersecurity techniques and technologies that serve as the foundation of both day-to-day security operations and incident response. Continue Reading

• Get ready for CISSP Domain 7: Cyberattack prevention quiz

  Do you know what it takes to stop bad guys in their tracks? Find out with this practice quiz on cybersecurity methods and tools used to thwart or recover from an attack. Continue Reading

• Definitions to Get Started

  • application blacklisting (application blocklisting)
  • juice jacking
  • hypervisor security
  • claims-based identity

  • Certified Cloud Security Professional (CCSP)
  • password manager
  • Hash-based Message Authentication Code (HMAC)
  • Web application firewall (WAF)

  View All Definitions

• Mobile security trends point to unifying policy and tools

  Securing mobile devices in the enterprise to effectively deflect potential breaches now means enterprise mobile management must evolve into unified endpoint management.Continue Reading

• Mobile security issues require a unified approach

  Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps.Continue Reading

• Counter mobile device security threats with unified tools

  Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses.Continue Reading

• Cybersecurity roadmap: What's driving CISOs' agendas for 2018

  Omar F. Khawaja, CISO at Highmark Health, has five areas of focus on his cybersecurity roadmap, and technology is not at the top of the list. Instead, he is prioritizing organizational change management and building an effective decision-making ...Continue Reading

• Containing ransomware outbreaks now a top infosec priority

  Prepping for and dealing with an outbreak of ransomware is the IT version of the flu shot. Learn how company systems and data from these potentially deadline infections.Continue Reading

• How are middleboxes affecting the TLS 1.3 release date?

  Despite fixing important security problems, the official TLS 1.3 release date keeps getting pushed back, in part due to failures in middlebox implementations.Continue Reading

• Are you next-gen secure? Defense-in-depth security key to IT

  The notion of a defensible security perimeter is outmoded, but that doesn't mean the goal of IT security is unattainable. Laying on defenses is what's needed now.Continue Reading

• Six questions to ask before buying enterprise MDM products

  Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products.Continue Reading

• Understand the basics of mobile device management products

  Implementing MDM products has traditionally been the go-to answer for securing mobile devices, but with the role of mobile devices in the enterprise growing, admins need a more comprehensive security option.Continue Reading

• polymorphic virus

  A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or 'morph,' making it difficult to detect with antimalware programs.Continue Reading

• What is emotional data and what are the related privacy risks?

  SearchSecurity talks with UC Berkeley professor Steven Weber about the concept of emotional data, where it comes from and how it can potentially be used -- and abused.Continue Reading

• A look at the key GDPR requirements and how to meet them

  Meeting the most important GDPR requirements is a great first step to compliance with the new regulation. Expert Steve Weil outlines how to get started on GDPR compliance.Continue Reading

• Get great results from authenticated vulnerability scanning

  Here are five things you can do to successfully prepare and run authenticated vulnerability scanning and, in the end, achieve the most protection.Continue Reading

• CISSP Domain 6: The importance of security assessments and testing

  Security assessment and testing should be baked into your regular IT workflows so that you’re able to spot software vulnerabilities before they turn into full-blown attacks.Continue Reading

• Prevent attacks with these security testing techniques

  Software bugs are more than a nuisance. Errors can expose vulnerabilities. Here’s the good news: These security testing tools and techniques can help you avoid them.Continue Reading

• How to manage HTTP response headers for IIS, Nginx and Apache

  HTTP response header configuration files on servers need to be set up properly to secure sensitive data. Expert Judith Myerson outlines how to do this on different types of servers.Continue Reading

• CISSP Domain 5: Cloud identity management and access control

  From cloud identity and access management to physical access control, this study guide will help you review key concepts from Domain 5 of the CISSP exam.Continue Reading

• CISSP Domain 5 quiz: Types of access control systems

  Get ready for the CISSP exam with this 10-question practice quiz covering key concepts in Domain 5, including access control, identity, authentication and more.Continue Reading

• Will it last? The marriage between UBA tools and SIEM

  The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver ...Continue Reading

• Cyberthreats, cyber vulnerabilities, and how to fight back

  The key to countering cyberthreats today is to first understand your biggest vulnerabilities and then research the most effective countermeasures available to minimize them.Continue Reading

• Security Controls Evaluation, Testing, and Assessment Handbook

  In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control.Continue Reading

• How to add HTTP security headers to various types of servers

  Expert Judith Myerson outlines the different types of HTTP security headers and how to add them to different servers, including Apache, Ngnix and Microsoft IIS Manager.Continue Reading

• How to prevent password attacks and other exploits

  Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses.Continue Reading

• The best email security comes through strategy and tactics

  The best email security policy requires a holistic approach of the issue, understanding both the problem's scope and the most likely threats.Continue Reading

• Why threat models are crucial for secure software development

  Threat modeling is an important component of the secure software development process. Steve Lipner of SafeCode explains how threat models benefit software security.Continue Reading

• Learn how to identify and prevent access control attacks

  Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening.Continue Reading

• Are companies with a SOC team less likely to get breached?

  Information security operations centers are “growing up,” according to one study. But, with staffing shortages and manual collection of data, performance metrics are hard to get.Continue Reading

• The Basics of Cyber Safety

  In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.Continue Reading

• cyber attribution

  Cyber attribution is the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or other hacking exploit.Continue Reading

• What's the best career path to get CISSP certified?

  The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP certified.Continue Reading

• Considerations for developing a cyber threat intelligence team

  The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.Continue Reading

• Crafting a cybersecurity incident response plan, step by step

  'Swift' and 'automatic': key characteristics of effective incident response. But how to get from where your plan is to where it needs to be? This handbook has the answers.Continue Reading

• Make your incident response policy a living document

  Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members.Continue Reading

• CISSP Domain 4 quiz: Network security basics

  Think you know network security basics inside and out? Take this 10-question quiz to find out how well you’ve prepared for Domain 4 of the CISSP exam.Continue Reading

• CISSP Domain 4: Communications and network security

  Brush up on network security fundamentals like segmentation and secure routing in this CISSP exam study guide for Domain 4, Communication and Network Security.Continue Reading

• How does a private bug bounty program compare to a public program?

  Explore the differences of public versus private bug bounty programs, as well as the benefits of each one. Expert Mathew Pascucci explains the risk and return of both programs.Continue Reading

• The CISO job seems to be finally getting the credit it's due

  The CISO job has risen from the trenches of the IT department to a seat at the C-suite decision-makers' table. But time in the spotlight comes with great risk and responsibilities.Continue Reading

• What does a CISO do now? It's a changing, increasingly vital role

  What does a CISO do in this day and age? The responsibilities of a chief information security officer, the senior executive responsible for an organization's information security program, are growing dramatically. Once relegated to the IT department...Continue Reading

• Growing data protection risks and how to manage them

  Companies today collect more data from more sources than ever before. Often the data is distributed across on-premises environments, cloud systems and third-party networks. The network perimeter behind which most enterprise data once resided is gone...Continue Reading

• computer exploit

  A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.Continue Reading

• How to make a SIEM system comparison before you buy

  The current trend in SIEM systems involves machine learning capabilties. Even so, direct human management is still essential for SIEM to be effective.Continue Reading

• What a data protection officer can offer enterprises subject to GDPR

  The EU GDPR requires that organizations appoint a data protection officer, but is that really necessary for security? Expert Francoise Gilbert examines the compliance requirement.Continue Reading

• Application containers: What are the major risks?

  NIST recently issued guidance on mitigating the security risks of application containers. Expert Judith Myerson outlines some of the risks and fixes highlighted in the guide.Continue Reading

• CISSP Domain 3 quiz: Security engineering

  In preparing for Domain 3, Security Engineering, CISSP candidates should review a wide range of concepts, from security models to cryptography systems.Continue Reading

• CISSP Domain 3: Security systems engineering

  Planning to take the CISSP exam? Brush up on essential concepts and vocabulary in security systems engineering, covered in Domain 3, in this Security School.Continue Reading

• Secure DevOps brings better, faster, safer software

  When it comes to creating apps and other software, the need for security is increasingly clear. But how to implement DevSecOps, not so much.Continue Reading

• Interception threatens TLS security; now what?

  As global cyberattacks have exploded in recent months, the speed of infection is causing damage, not only to targeted industries and nation states, but to corporate valuations. In June, FedEx warned that the Petya cyberattack, which disrupted ...Continue Reading

• Google Cloud Key Management Service (KMS)

  Google Cloud Key Management Service (KMS) is a cloud service for managing encryption keys for other Google cloud services that enterprises can use to implement cryptographic functions.Continue Reading

• How to craft an application security strategy that's airtight

  A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out.Continue Reading

• Learn what network access control systems can do for you

  Network access control systems keep rogue or compromised devices off of corporate networks. See how they work and the other security technologies with which they work.Continue Reading

• Cryptography attacks: The ABCs of ciphertext exploits

  Encryption is used to protect data from peeping eyes, making cryptographic systems an attractive target for attackers. Here are 18 types of cryptography attacks to watch out for.Continue Reading

• CISSP Domain 2 quiz: Data security control, asset protection

  Domain 2 of the CISSP exam, known as asset security, covers data security control, classification, ownership and more. Test your knowledge with this 10-question practice quiz.Continue Reading

• CISSP Domain 2: Asset security

  This Security School will help prepare you for Domain 2 of the CISSP exam, providing overviews of data encryption methods, data ownership concepts and asset protection.Continue Reading

• Security teams must embrace DevOps practices or get left behind

  DevOps practices can help improve enterprise security. Frank Kim of the SANS Institute explains how infosec teams can embrace them.Continue Reading

• Biometrics and beyond: Online authentication techniques get personal

  Biometrics and behavioral analysis is taking hold as security pros search for authentication tools to thwart increasingly aggressive and innovative hacking attacks.Continue Reading

• Are biometric authentication methods and systems the answer?

  Biometric authentication methods, like voice, fingerprint and facial recognition systems, may be the best replacement for passwords in user identity and access management.Continue Reading

• What you need to know about setting up a SOC

  Setting up a SOC is different for every enterprise, but there are some fundamental steps with which to start. Expert Steven Weil outlines the basics for a security operations center.Continue Reading

• Symantec Endpoint Protection and the details for buyers to know

  Expert Ed Tittel examines Symantec Endpoint Protection, an intrusion prevention, firewall and antimalware product for physical and virtual endpoints.Continue Reading

• A closer look at Kaspersky antimalware protection services

  Expert Ed Tittel looks at Kaspersky antimalware product Endpoint Security, which provides multilayered protection against malware, phishing attacks and other exploits.Continue Reading

• Interfacing with an information technology entrepreneur

  E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works.Continue Reading

• Four technologies that could transform information security programs

  With digital transformations underway in many industries, CIOs aren't the only ones who need to have the next big thing on their radar. What security innovations should you follow to ready your organization's information security programs?

  The ...Continue Reading

• Details of Trend Micro Worry-Free Business Security Services

  Expert Ed Tittel takes a closer look at Trend Micro Worry-Free Business Security Services, an antivirus and antimalware product for small organizations.Continue Reading

• Trend Micro OfficeScan endpoint protection software and its offerings

  Expert contributor Ed Tittel takes a look at Trend Micro OfficeScan, an endpoint protection product with antivirus and antimalware functionality for physical and virtualized endpoints.Continue Reading

• The various offers of Microsoft System Center Endpoint Protection

  Expert Ed Tittel examines System Center Endpoint Protection, Microsoft's native Windows antivirus and antimalware security product.Continue Reading

• An in-depth look into McAfee Endpoint Threat Protection

  McAfee Endpoint Threat Protection is an antimalware protection product that is designed to secure Windows systems against malware, data loss and other threats in standalone or networked environments.Continue Reading

• Sophos Endpoint Protection and an overview of its features

  Expert Ed Tittel examines Sophos Endpoint Protection, an endpoint security platform with antivirus, antimalware and more.Continue Reading

• SHA-1 collision: How the attack completely breaks the hash function

  Google and CWI researchers have successfully developed a SHA-1 attack where two pieces of data create the same hash value -- or collide. Expert Michael Cobb explains how this attack works.Continue Reading

• CISSP Domain 1: Cybersecurity and risk management

  Partner with business leaders and apply information security management principles to best address enterprise governance, risk management and compliance needs.Continue Reading

• Advanced Persistent Security

  In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations.Continue Reading

• What data loss prevention systems and tactics can do now

  Setting up systems to preventing data loss is a must for companies of all sizes. Learn the basics of and what's new in data loss prevention and how to keep your DLP system humming.Continue Reading

• Finding a secure managed file transfer tool: Key considerations

  Need to ensure you are transferring large files securely? Consider an advanced managed file transfer product, preferably one with enterprise file synchronization and sharing abilities.Continue Reading

• CISSP Domain 1 quiz: Security and risk management

  Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz.Continue Reading

• Evaluating endpoint security products for antimalware protection

  Expert contributor Ed Tittel explores key criteria for evaluating endpoint security products to determine the best option for antimalware protection for your organization.Continue Reading

• Security analysis principles and techniques for IT pros

  The drive for greater security fuels IT more than ever, but fighting infosec threats depends on locating the right data sets and analyzing them efficiently.Continue Reading

• Tactics for security threat analysis tools and better protection

  Threat analysis tools need to be in top form to counter a deluge of deadly security issues. Here are tips for getting the most from your analytics tool.Continue Reading

• The best endpoint security practices are evolving and essential

  Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, ...Continue Reading

• Do thoughts of your least secure endpoint keep you up at night?

  Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies.Continue Reading

• IT security governance fosters a culture of shared responsibility

  Effective information security governance programs require a partnership between executive leadership and IT. All parties work toward a common goal of protecting the enterprise.Continue Reading

• The digital certificate: How it works, which to buy

  This expert guide on the digital certificate provides essential information to what can be a complex purchase. Learn about the options and how to find the best for one for your network.Continue Reading

• Ransomware detection and prevention tools you need now

  Enterprises should improve their ransomware defense methods by examining the features in existing security tool deployments and deciding if replacements are needed.Continue Reading

• What breach detection systems are best for corporate defenses?

  A system breach is inevitable, and BDS products provide a valuable means of detection. But a strategy that blends both defense and offense is the best approach to security.Continue Reading

• Guide to vendor-specific IT security certifications

  The abundance of vendor-specific information technology security certifications can overwhelm any infosec professional. Expert Ed Tittel helps navigate the crowded field.Continue Reading

• Recent ransomware attacks got you? Don't cry; fight back!

  Recent ransomware attacks may make you WannaCry, but there's no time for that. Start here to learn how to fight back against would-be hostage-taking hackers.Continue Reading

• How threat intelligence feeds aid organizations' security posture

  This Security School explores how threat intelligence feeds works and discusses the types of vendor services that exist now.Continue Reading

• Report: Threat hunting is more SOC than intel

  Threat hunting is driven by alerts with less emphasis on cyberthreat intelligence, according to researchers. Yet 60% of those surveyed cited measurable security improvements.Continue Reading

• Acquiring cybersecurity insurance: Why collaboration is key

  Cybersecurity insurance is becoming more important to enterprises as threats increase. Sean Martin explains why enterprise departments need to work together to acquire it.Continue Reading

• How does a privacy impact assessment affect enterprise security?

  A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments.Continue Reading

• Managing access to keep privileged users' credentials secure

  Privilege creep is a constant threat. It's why privileged user management must be part of any comprehensive security plan and always at the top of an infosec pro's to-do list.Continue Reading

• Mobile endpoint security: What enterprise infosec pros must know now

  Do you know how to take care of mobile endpoint security in your enterprise? This guide walks you through all aspects of the issue, from policy and strategy to emerging threats.Continue Reading

• Cybersecurity careers soar with security leadership skills

  Security leadership abilities are hard to quantify. Certifications and degrees may ease the way into a career in cybersecurity, but hard-won experience is usually the surer path into a role that can influence meaningful change in today's complex ...Continue Reading

• Is threat hunting the next step for modern SOCs?

  The emergence of threat hunting programs underscores the importance of the human factor in fighting the most dangerous and costly security threats.Continue Reading

• Polycom CISO focused on ISO 27001 certification, data privacy

  Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.Continue Reading

• CISO job requires proven track record in business and security

  In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater.Continue Reading

• Introduction to Social Media Investigation: A Hands-on Approach

  In this excerpt from chapter four of Introduction to Social Media Investigation: A Hands-on Approach, author Jennifer Golbeck discusses privacy controls on social media.Continue Reading

• Is your IAM policy a roadmap to security or leading you off a cliff?

  Identity and access management, or IAM, has long been a crucial consideration in the formulation of corporate security strategy. IAM policy today must contend with a variety of major changes sweeping the world of IT. One of the latest is the spread ...Continue Reading