Opinion

Opinion

• 4 identity predictions for 2023

  Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more.  Continue Reading

• Understanding the importance of data encryption

  Encryption is a foundational element of cybersecurity. Organizations should implement encryption to counter the ever-growing threat of data breaches.  Continue Reading

• 5 ways to enable secure software development in 2023

  Security teams have to help developers ensure security software development, but in today's rapidly scaling cloud environments, it's a challenging task.  Continue Reading

• 6 cybersecurity buzzwords to know in 2023

  Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out.  Continue Reading

• 3 enterprise network security predictions for 2023

  It's shaping up to be another banner year for network security. 2023 may see decryption-less threat detection, connected home-caused enterprise breaches and new SASE drivers.  Continue Reading

• XDR definitions don't matter, outcomes do

  Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023.  Continue Reading

• 7 steps to implementing a successful XDR strategy

  There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps.  Continue Reading

• Secure development focus at KubeCon + CloudNativeCon 2022

  The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon.  Continue Reading

• Multichannel communications need more than email security

  To remain protected against social engineering attacks in all communication channels, enterprises need new security strategies that extend beyond email to new collaboration tools.  Continue Reading

• Security hygiene and posture management requires new tools

  Using multiple tools to address security hygiene and posture management at scale is costly and difficult. A new converged security technology category may be the answer.  Continue Reading

• How Sheltered Harbor helps banks navigate cyber-recovery

  Banks must be able to recover quickly from a cyber attack -- a difficult task, given the volume and sophistication of attacks. The not-for-profit Sheltered Harbor aims to help.  Continue Reading

• Multifactor authentication isn't perfect, passwordless is better

  Passwords are frequently the root cause of breaches, and multifactor authentication only provides a stopgap for account protection. It's time to adopt a passwordless strategy.  Continue Reading

• 5 ways to improve your cloud security posture

  With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why.  Continue Reading

• How data security posture management complements CSPM

  Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data.  Continue Reading

• How to start developing a plan for SASE implementation

  From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap.  Continue Reading

• Data security as a layer in defense in depth against ransomware

  Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack.  Continue Reading

• Why 2023 is the year of passwordless authentication

  Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication.  Continue Reading

• What's driving converged endpoint management and security?

  Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG.  Continue Reading

• Top cloud security takeaways from RSA 2022

  Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG.  Continue Reading

• ESG analysts discuss how to manage compliance, data privacy

  ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture.  Continue Reading

• Data security requires DLP platform convergence

  Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features.  Continue Reading

• Making sense of conflicting third-party security assessments

  Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective.  Continue Reading

• Shifting security left requires a GitOps approach

  Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed.  Continue Reading

• IaC security options help reduce software development risk

  The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk.  Continue Reading

• Cloud application developers need built-in security

  Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs.  Continue Reading

• Hybrid workforce model needs long-term security roadmap

  From SASE to ZTNA to EDR to VPNs, enterprises need to deploy the technologies to develop a secure hybrid workforce model now that can work into the future.  Continue Reading

• Cybersecurity for remote workers: Lessons from the front

  Tackle the security challenges COVID-19 wrought by using this playbook from an experienced disaster-zone responder.  Continue Reading

• AI in cybersecurity ups your odds against persistent threats

  AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle.  Continue Reading

• The case for cybersecurity by design in application software

  Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it.  Continue Reading

• Develop internal cybersecurity talent to build your dream team

  Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development.  Continue Reading

• Importance of cybersecurity awareness never greater

  Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training.  Continue Reading

• Why nation-state cyberattacks must be top of mind for CISOs

  Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why.  Continue Reading

• Plan now for the future of network security

  How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future.  Continue Reading

• Bot management drives ethical data use, curbs image scraping

  Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience.  Continue Reading

• The future of facial recognition after the Clearview AI data breach

  The company that controversially scrapes data from social media sites for law enforcement clients announced a data breach. What does it mean for the future of facial recognition?  Continue Reading

• RSA 2020 wrap-up: VMware Carbon Black integrations; MAM for BYOD; how to handle non-employees

  RSA is always full of interesting things to learn about, so here are a few more vendors I sat down with.  Continue Reading

• Idaptive adds new remote employee onboarding option & passwordless authentication to Next-Gen Access

  Seeing more and more vendors jump on the passwordless train makes my heart swell!  Continue Reading

• RSA 2020 day 1: Windows 10X & secured core PCs; Hysolate updates; LastPass passwordless login

  Security-focused conferences are my time to shine--and geek out on the latest in security news.  Continue Reading

• Idaptive is taking machine learning for authentication and applying it to authorization

  We’ve seen AI/ML/analytics used for figuring out if a user is who they say they are. Now, how about if they’re doing what they should?  Continue Reading

• 2 components of detection and threat intelligence platforms

  Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool.  Continue Reading

• Fresh thinking on cybersecurity threats for 2020

  It's a good time to take a clear-eyed view of the likely security threats facing your organization. But then what? Experts suggest getting creative with your threat responses.  Continue Reading

• Where does 1Password Enterprise Password Manager fit in the EUC landscape?

  Reduce the chance of a breach due to poor password habits with password vaulting.  Continue Reading

• Shared responsibility model transparency boosts cloud security

  The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture.  Continue Reading

• Login.gov starts to fill the gap between social logins and enterprise identities

  Access federal services with a service designed for governmental use but that uses common standards.  Continue Reading

• What's the answer for 5G security?

  Learn about the planning of 3GPP in developing specifications for 5G security in this synopsis of 5G Americas' white paper, 'The Evolution of Security in 5G.'  Continue Reading

• When cyberthreats are nebulous, how can you plan?

  Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.  Continue Reading

• CISOs, does your incident response plan cover all the bases?

  Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response?  Continue Reading

• How to go passwordless if not all your apps support modern authentication standards

  We want to eliminate passwords ASAP, unfortunately, some older apps can stand in the way of progress—thankfully, some identity providers devised solutions.  Continue Reading

• Okta competing with Microsoft, Google, and others in passwordless offerings

  While giants Microsoft and Google try leading the passwordless charge, Okta also plans to help organizations cut down on password use.  Continue Reading

• NIST offers a handy vendor-neutral overview of zero trust architecture

  Curious about zero trust but don’t understand it yet or how to achieve it, then NIST is here to help you.  Continue Reading

• Okta is making big investments in on-premises identity

  Okta is also working to bring more context into access decisions.  Continue Reading

• How far is Google going in eliminating passwords?

  We looked at Microsoft, let’s see how a couple other vendors are doing as well, starting with Google.  Continue Reading

• When will we finally ditch passwords? Here’s Microsoft’s 4-step plan

  Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap?  Continue Reading

• A look at ID proofing: bootstrapping a digital ID using a mobile device and physical ID

  For the moment, it’s more for B2C than for employees, but it’s poised to keep spreading.  Continue Reading

• Securing IoT involves developers, manufacturers and end users alike

  Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures?  Continue Reading

• How does Menlo Security’s remote browser compare in an ever more crowded space?

  There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare?  Continue Reading

• IoT botnets reach new threshold in Q2 of 2019

  Defending against the rising number and increasing sophistication of IoT botnet attacks isn't an easy task. Learn about the latest threats and the techniques to mitigate them.  Continue Reading

• The must-have skills for cybersecurity aren't what you think

  The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change.  Continue Reading

• Is your identity management up to the task?

  IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle.  Continue Reading

• What's the difference between a password and a PIN?

  A question I've always had but was too afraid to ask when I first learned about passwordless experiences.  Continue Reading

• A look at MobileIron’s zero sign-on and passwordless authentication plans

  MobileIron’s “zero sign-on” tech uses phones to authenticate when accessing SaaS apps from unmanaged devices.  Continue Reading

• Who's to blame for ransomware attacks -- beyond the attackers?

  Cyberattackers are to blame for ransomware attacks, but what about companies that release flawed software or don't install patches? Our expert looks at where the buck stops.  Continue Reading

• Despite recent vulnerabilities, you shouldn’t stop using hardware security keys like Yubikey

  No solution is perfect, but these hardware security keys remain an awesome option in keeping accounts secure from attackers!  Continue Reading

• We talk a lot about access and authentication, but what about revoking user access?

  Google hopes to make it easier with their proposed Continuous Access Evaluation Protocol.  Continue Reading

• The top cloud security challenges are 'people problems'

  Cloud security begins at home. Considering the human factor in cybersecurity is step one when it comes to addressing how to keep critical assets safe in the cloud.  Continue Reading

• Putting cybersecurity for healthcare on solid footing

  CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center.  Continue Reading

• Cloud security threats need a two-pronged approach

  You'll need to burn the security 'candle' at both ends to keep cloud safe from both nation-state hackers and vulnerabilities caused by human error.  Continue Reading

• 2019 RSA Conference bottom line: People are security's strongest asset

  People in the security community and beyond are more important and influential than the leading technologies if the talk at the 2019 RSA Conference is any indication.  Continue Reading

• Idaptive officially launches their “Next-Gen Access Cloud” IDaaS platform

  Next-Gen Access Cloud has a new architecture, and Idaptive will continue to expand its machine learning capabilities.  Continue Reading

• What a proactive cybersecurity stance means in 2019

  Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital.  Continue Reading

• How paradigms shifting can alter the goals of attackers and defenders

  The use of disruptive technology is altering the way attackers and defenders set goals for network security. Learn more about the shifting field with Matt Pascucci.  Continue Reading

• Marcus Ranum: Systems administration is in the 'crosshairs'

  After years of spirited debates and top-notch interviews, columnist Marcus Ranum is signing (sounding?) off with some final thoughts on the future of security.  Continue Reading

• Ron Green: Keeping the payment ecosystem safe for Mastercard

  "We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014.  Continue Reading

• The threat hunting process is missing the human element

  Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt?  Continue Reading

• Why U.S. election security needs an immediate overhaul

  There's no evidence that threat actors have been able to manipulate or change vote counts in our elections, but Kevin McDonald says that doesn't mean it can't -- or won't -- happen.  Continue Reading

• Industries seek to improve third-party security risk controls

  Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.  Continue Reading

• White hat Dave Kennedy on purple teaming, penetration testing

  Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.  Continue Reading

• Kurt Huhn discusses the role of CISO in the Ocean State

  A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.  Continue Reading

• Why a unified local government security program is crucial

  When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.  Continue Reading

• With Pwned Passwords API, annoying password policies can finally go away

  Update password policies at your company by following the 2017 NIST regulations—improving user experience drastically, and the Pwned Passwords API can help.  Continue Reading

• Google's 'My Activity' data: Avoiding privacy and compliance risk

  Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats.  Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.  Continue Reading

• Fannie Mae CISO calls for more data on security incidents

  Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.  Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.  Continue Reading

• Yubikey is hot in the security space, so we tested the consumer experience

  How easy is it to use Yubikey and would I recommend it?  Continue Reading

• Q&A: Why data security controls are a hard problem to solve

  Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist.  Continue Reading

• Walmart's Jerry Geisler on the CISO position, retail challenges

  A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation.  Continue Reading

• Cybercrime study: Growing economic ecosystem spells trouble

  New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what?  Continue Reading

• Marcus Ranum decodes hardware vulnerabilities with Joe Grand

  Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand.  Continue Reading

• Healthcare CISO: 'Hygiene and patching take you a long way'

  Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details.  Continue Reading

• Cost of data privacy breach may not be enough

  While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook.  Continue Reading

• Fred Cohen on strategic security: 'Start with the assumptions'

  Cohen is a globally recognized expert in information protection and cybersecurity. Since coining the term 'computer virus,' he has remained a pioneer in information assurance.  Continue Reading

• Data protection compliance costs less than noncompliance

  Smaller companies -- with fewer than 5,000 employees -- in particular may be hit hard by GDPR requirements and other data compliance hurdles. A new report does the math.  Continue Reading

• No customer data leaks? Companies look down the rabbit hole

  When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation.  Continue Reading

• From security product marketing to CEO: Jennifer Steffens

  The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider.  Continue Reading

• A damaging spring of internet worms and poor performance

  Security is a hot topic for media outlets that report on stock markets as companies founder on corporate earnings. The financial fallout of global malware is a call to action.  Continue Reading

• Interfacing with an information technology entrepreneur

  E. Kelly Fitzsimmons started with coconuts and then sold four companies. A serial entrepreneur discusses security and technology startups and why embracing failure works.  Continue Reading

• Do thoughts of your least secure endpoint keep you up at night?

  Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies.  Continue Reading

• How intelligence data leaks caused collateral damage for infosec

  Alvaka Networks' Kevin McDonald looks at the real-world damage caused by data leaks at the CIA and NSA, which have put dangerous government cyberweapons in the hands of hackers  Continue Reading

• Wendy Nather: 'We're on a trajectory for profound change'

  This former CISO talks about her uncharted path from international banking to industry analysis. What's next for infosec? We ask the security strategist those questions and more.  Continue Reading