Business Management: Security Support and Executive Communications
-
Feature
12 Nov 2019
Use Azure Security Center to conduct a security posture assessment
In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture. Continue Reading
-
Tip
12 Nov 2019
How container adoption affects container security
Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago. Continue Reading
-
News
12 Nov 2019
How and why data breach lawsuits are settled
For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements. Continue Reading
-
News
12 Nov 2019
Application Guard to block malicious attachments in Office 365
Microsoft is bringing the Application Guard security container to Office 365 ProPlus this year, which could limit the threat of malicious Office documents for subscribers. Continue Reading
-
Tip
12 Nov 2019
A fresh look at enterprise firewall management
Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices that can help protect your organization. Continue Reading
-
Tip
11 Nov 2019
Zero-trust framework creates challenges for app dev
Enterprises implement zero-trust frameworks to adapt to today's changing IT infrastructures. Learn about the implications for app developers. Continue Reading
-
Tip
11 Nov 2019
3 security and ethics considerations for modern-day CISOs
Many conversations today revolve around security and ethics. A strong CISO voice is crucial to keeping enterprises safe while embracing this critical cultural awakening. Continue Reading
-
News
08 Nov 2019
ConnectWise ransomware attacks affecting Automate customers
ConnectWise warned that ransomware attacks are targeting open ports for its Automate on-premises application, but the company has offered few details about the nature of the attacks. Continue Reading
-
News
07 Nov 2019
Trend Micro insider threat steals, sells customer data
A Trend Micro employee stole and sold customer support data, which was used by a malicious third-party actor to scam consumer customers of the cybersecurity company. Continue Reading
-
Feature
07 Nov 2019
Creating and managing a zero-trust security framework
IEEE senior member Kevin Curran outlines how enterprises should introduce a zero-trust security framework and discusses implementation challenges they are likely to face. Continue Reading
-
News
07 Nov 2019
SSL certificate abuse drives growing number of phishing attacks
Phishing attacks against the United Nations and humanitarian organizations show how threat actors are weaponizing valid SSL certificates and how hard it is to stop the abuse. Continue Reading
-
News
06 Nov 2019
Firefox bug is enabling attackers to freeze out users
A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading
-
Tip
06 Nov 2019
Risks of container escape vulnerabilities and how to counter them
Container escape vulnerabilities create new challenges for security and risk management teams. Learn more about container escapes and how to prevent exploitation. Continue Reading
-
Feature
06 Nov 2019
4 innovative ways to remedy the cybersecurity skills gap
Learn how companies should adapt to hire, recruit and retain top-notch employees during the current cybersecurity workforce shortage. Continue Reading
-
News
05 Nov 2019
First BlueKeep attacks in the wild may be dark portents
Following months of warnings from law enforcement and the infosec community, the first BlueKeep exploit campaign was discovered in the wild and experts say it won't be the last. Continue Reading
-
Feature
04 Nov 2019
Assessing the value of personal data for class action lawsuits
Determining the value of consumers' personal data exposed in a breach can be a challenge. Security and legal experts discuss what factors are involved in the equation. Continue Reading
-
Quiz
04 Nov 2019
Test your grasp of AI threats, privacy regulations and more
Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
-
News
01 Nov 2019
Threat Stack Application Security Monitoring adds Python support
Now supporting both Python and Node.js, Application Security Monitoring can identify risk throughout the software development lifecycle for both third-party and native code. Continue Reading
-
Opinion
01 Nov 2019
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
- 01 Nov 2019
- E-Zine 01 Nov 2019
-
Opinion
01 Nov 2019
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
- 01 Nov 2019
-
Feature
01 Nov 2019
Report shows CISOs, IT unprepared for privacy regulations
Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading
- 01 Nov 2019
-
Feature
01 Nov 2019
A cybersecurity skills gap demands thinking outside the box
Today's security team shortages can't be filled using yesterday's thinking. Learn what other IT security leaders are doing to plug the skills gap and keep their organization safe. Continue Reading
- 01 Nov 2019
-
Infographic
01 Nov 2019
Enterprises feel the pain of cybersecurity staff shortages
It's hard enough keeping up with today's threats on a good day. But when your IT organization is spread thin, especially in terms of cybersecurity staff, the challenges mount. Continue Reading
-
Feature
01 Nov 2019
AI for good or evil? AI dangers, advantages and decisions
Good guys and bad guys both use AI, but the bad guys don't need to worry about complying with rules and regulations. What can security leaders do to level the playing field? Continue Reading
- 01 Nov 2019
-
News
31 Oct 2019
Adsterra still connected to malvertising campaign, despite denials
Despite a pledge of "zero tolerance" for malicious activity, ad network Adsterra was found to be once again connecting with the Master134 malvertising campaign. Continue Reading
-
News
30 Oct 2019
Imperva CEO steps down following breach investigation
Chris Hylen unexpectedly stepped down as CEO of Imperva in the wake of a data breach involving cloud WAF customer data, though it's unclear if the two events are connected. Continue Reading
-
News
30 Oct 2019
Splunk Mission Control launch enables a unified SOC
Mission Control is intended to unify Splunk Enterprise Security, Splunk Phantom and Splunk User Behavior Analytics into the Splunk Security Operations Suite. Continue Reading
-
News
29 Oct 2019
Adobe exposure includes data on 7.5 million users
Adobe exposed data on 7.5 million users and employees and one expert says the incident highlights why production data shouldn't be used in test environments. Continue Reading
-
Tip
29 Oct 2019
Understand the top 4 use cases for AI in cybersecurity
AI applications in security offers organizations four unique benefits. Learn how machine learning advances can change industry approaches to threat detection and prevention. Continue Reading
-
Answer
29 Oct 2019
What are the roles and responsibilities of a liaison officer?
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
-
Opinion
29 Oct 2019
How to go passwordless if not all your apps support modern authentication standards
We want to eliminate passwords ASAP, unfortunately, some older apps can stand in the way of progress—thankfully, some identity providers devised solutions. Continue Reading
-
Feature
28 Oct 2019
How the future of data privacy regulation is spurring change
Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading
-
Tip
28 Oct 2019
5 cloud storage privacy questions to ask potential providers
Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service. Continue Reading
-
Feature
25 Oct 2019
On a penetration tester career path, flexibility and curiosity are key
Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path. Continue Reading
-
News
25 Oct 2019
Cyber insurance has changed incident response -- for better or worse
Cyber insurance carriers are assuming greater control over how enterprises conduct incident response, which has caused angst and frustration among some security vendors. Continue Reading
-
Quiz
24 Oct 2019
CompTIA PenTest+ practice test questions to assess your knowledge
Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing. Continue Reading
-
News
23 Oct 2019
Another CCleaner attack hits Avast supply chain
Avast was able to stop an attempted supply chain attack targeting its CCleaner software, but experts say all enterprises should be wary of similar supply chain attacks. Continue Reading
-
Feature
23 Oct 2019
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
-
News
22 Oct 2019
Forcepoint Web Security offering reaches for the edge
Forcepoint has delivered a web-based security tool leveraging elastic cloud gateway technology that allows admins to access content from any remote location. Continue Reading
-
News
22 Oct 2019
Bugcrowd launches Attack Surface Management platform
The new platform provides an extra layer of testing by sending its findings to Bugcrowd's crowdsourced security testing tools. Continue Reading
-
Tip
22 Oct 2019
How to address cloud IAM challenges
Cloud services are major players in most companies now and can have a major impact on the management of access and identity governance. Learn how to handle cloud IAM challenges. Continue Reading
-
Answer
22 Oct 2019
The difference between AES and DES encryption
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between AES and DES. Continue Reading
-
News
21 Oct 2019
Sophos acquisition bid presents potential growth, peril
Private equity firm Thoma Bravo made an offer to acquire Sophos for approximately $3.9 billion. Analysts discuss what the deal might mean for the endpoint security vendor. Continue Reading
-
News
21 Oct 2019
Malware detection methods struggle to keep up with evolving threats
Experts discuss the increasingly complex methods of malware detection needed when dealing with everything from low-level attackers to advanced persistent threat groups. Continue Reading
-
Feature
21 Oct 2019
Netscout CSO speaks to third-party risk, security gender gap
Veteran CSO at Netscout Deb Briggs recaps her fireside chat with Cisco CSO Edna Conway at FutureCon 2019, including their discussion on third-party risk and the gender gap in the security industry. Continue Reading
-
Answer
21 Oct 2019
6 different types of hackers, from black hat to red hat
Black, white and grey hats are familiar to security pros, but as the spectrum evolves to include green, blue and red, things get muddled. Brush up on types of hackers, new and old. Continue Reading
-
Feature
18 Oct 2019
DevSecOps model requires security get out of its comfort zone
Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
-
Answer
17 Oct 2019
Is a cybersecurity insurance policy a worthy investment?
Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a wise investment to prevent risk. Continue Reading
-
Opinion
17 Oct 2019
Okta competing with Microsoft, Google, and others in passwordless offerings
While giants Microsoft and Google try leading the passwordless charge, Okta also plans to help organizations cut down on password use. Continue Reading
-
News
16 Oct 2019
Exposed Docker hosts open the door for cryptojacking
Security researchers discovered a new Docker worm that has been targeting exposed hosts in order to spread cryptojacking malware to other containers. Continue Reading
-
Answer
16 Oct 2019
How should I choose a cybersecurity insurance provider?
To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and how to get the answers you need. Continue Reading
-
Tip
15 Oct 2019
Essential instruments for a pen test toolkit
Does your penetration testing toolkit have the proper contents? Learn the must-have tool for any pen tester, as well as specific tools for wireless, network and web app pen testing. Continue Reading
-
Answer
15 Oct 2019
What types of cybersecurity insurance coverage are available?
Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization. Continue Reading
-
Opinion
15 Oct 2019
NIST offers a handy vendor-neutral overview of zero trust architecture
Curious about zero trust but don’t understand it yet or how to achieve it, then NIST is here to help you. Continue Reading
-
News
14 Oct 2019
Imperva breach update puts blame on exposed AWS API keys
Imperva CTO Kunal Anand posted updated information regarding the recent breach affecting Cloud WAF customers and admitted poor security controls led to the compromise. Continue Reading
-
Opinion
14 Oct 2019
Okta is making big investments in on-premises identity
Okta is also working to bring more context into access decisions. Continue Reading
-
News
11 Oct 2019
Cybersecurity threats on the rise, prey on human nature
Cybersecurity attacks continue to rise, taking advantage of network vulnerabilities -- and human ones. First National Technology Solutions' CISO offers advice. Continue Reading
-
News
11 Oct 2019
Palo Alto Networks launches new version of Demisto SOAR platform
New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile app providing chat support and updates for users. Continue Reading
-
News
09 Oct 2019
Twitter 2FA data 'inadvertently' used for advertising
Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time. Continue Reading
-
Opinion
09 Oct 2019
How far is Google going in eliminating passwords?
We looked at Microsoft, let’s see how a couple other vendors are doing as well, starting with Google. Continue Reading
-
Tip
08 Oct 2019
Defining and evaluating SOC as a service
As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise. Continue Reading
-
News
08 Oct 2019
NSA warns VPN vulnerabilities exploited by nation-state hackers
Nation-state hackers are exploiting previously disclosed vulnerabilities in VPNs from Pulse Secure, Palo Alto Networks and Fortinet, according to a security advisory from the NSA. Continue Reading
-
News
08 Oct 2019
Experts expect hospital ransomware attacks to continue
One week after being hit by a ransomware attack, hospitals in Alabama are turning away patients while working on recovery, and experts warn of similar attacks in the future. Continue Reading
-
Feature
08 Oct 2019
Choosing between an SSL/TLS VPN vs. IPsec VPN
Infosec pros need to know the ins and outs of SSL/TLS VPNs vs. IPsec VPNs to better understand which product's features will fulfill the needs of their organization. Get help comparing here. Continue Reading
-
Feature
07 Oct 2019
To secure DevOps, break culture and tooling barriers
The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading
-
Feature
07 Oct 2019
The 3 pillars of a DevSecOps model
In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading
-
Tip
07 Oct 2019
How to beef up S3 bucket security to prevent a breach
Security teams have plenty of tools at their disposal to help their organizations achieve and maintain S3 bucket security. Learn about the threats and best practices to stay safe. Continue Reading
-
Tip
04 Oct 2019
Virtual network security measures to thwart access threats
Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues. Continue Reading
-
Podcast
04 Oct 2019
Risk & Repeat: Trump takes aim at DNC hack and CrowdStrike
This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference. Continue Reading
-
News
03 Oct 2019
Zendesk breach in 2016 affected 10,000 customers
Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details. Continue Reading
-
Feature
03 Oct 2019
How security teams benefit from traffic mirroring in the cloud
Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks. Continue Reading
-
News
03 Oct 2019
Ping Identity launches identity and access management tool
PingCentral aims to streamline the identity and access management processes and bridge the gap between IAM teams and application teams to improve productivity. Continue Reading
-
News
02 Oct 2019
Hospital ransomware attacks lead to patients being turned away
Ransomware attacks hit seven hospitals in Australia and three in Alabama, with the Alabaman hospitals being forced to turn away patients because of the attacks. Continue Reading
-
Tip
02 Oct 2019
How can DNS privacy issues be addressed?
Learn two techniques for improving end-user DNS privacy protection that prevent DNS from exposing information about websites users visit and the people users communicate with. Continue Reading
-
News
01 Oct 2019
Bulletproof host raided in former NATO bunker
German authorities arrested seven in raid of bulletproof hosting company CyberBunker -- which was housed in a former NATO bunker -- for allegedly hosting dark web marketplaces. Continue Reading
-
Tip
01 Oct 2019
Top enterprise 5G security concerns and how to address them
The benefits of 5G are aplenty, but the next-generation LTE technology also presents a number of risks. Learn how to securely deploy 5G in your enterprise. Continue Reading
-
Feature
01 Oct 2019
Your third-party risk management best practices need updating
Organizations must modernize third-party risk management best practices to adapt to the changing technology landscape. Diversify risk assessments with these expert tips. Continue Reading
-
News
01 Oct 2019
Sophos launches Managed Threat Response service
The new offering is built on Sophos' endpoint security platform Intercept X Advanced, with capabilities supported by the company's recent acquisition of Rook Security and DarkBytes. Continue Reading
-
Tip
30 Sep 2019
The 3 types of DNS servers and how they work
DNS is a core internet technology, instrumental in mapping human-readable domains into corresponding IP addresses. Learn about the three DNS server types and their roles in the internet. Continue Reading
-
Tip
30 Sep 2019
How PCI DSS compliance milestones can be a GDPR measuring stick
Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates. Continue Reading
-
News
27 Sep 2019
New York files lawsuit over Dunkin' breach response
The New York attorney general filed a lawsuit against Dunkin' Brands regarding attacks dating back to 2015 and alleges the company failed to respond or notify victims properly. Continue Reading
-
Answer
27 Sep 2019
Should I invest in attack simulation tools?
Attack simulation tools -- along with third-party penetration testing -- can help improve an organization's enterprise security. Find out why. Continue Reading
-
Feature
26 Sep 2019
Top tips for using the Kali Linux pen testing distribution
It's the best Linux distro for penetration testers' toolkits, but it's not just any Linux. Get tips on Kali Linux pen testing from project lead Jim O'Gorman. Continue Reading
-
News
26 Sep 2019
After Bugcrowd pilot, Air Force bug bounty program eyes expansion
The U.S. Air Force is eyeing an expansion of its bug bounty efforts after partnering with Bugcrowd on a three-month pilot program for its cloud platform. Continue Reading
-
Answer
26 Sep 2019
Penetration testing vs. red team: What's the difference?
Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses. Continue Reading
-
Answer
26 Sep 2019
When should I use breach and attack simulation tools?
Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure. Continue Reading
-
News
25 Sep 2019
Trump pushes debunked DNC hack conspiracy in call with Ukraine
In a call with the Ukrainian president that is now the focus of an impeachment inquiry, President Trump discussed CrowdStrike and asked for help with finding a 'server.' Continue Reading
-
Answer
25 Sep 2019
Do network layer and application layer DDoS attacks differ?
Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects. Continue Reading
-
Tip
25 Sep 2019
Build an agile cybersecurity program with Scrum
Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams. Continue Reading
-
Feature
25 Sep 2019
How to use SOAR tools to simplify enterprise infosec programs
SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
-
News
24 Sep 2019
Cloudflare battles malicious bots with 'fight mode'
Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. Continue Reading
-
Feature
24 Sep 2019
Using DNS RPZ to pump up cybersecurity awareness
Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading
-
Opinion
24 Sep 2019
When will we finally ditch passwords? Here’s Microsoft’s 4-step plan
Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap? Continue Reading
-
Tip
23 Sep 2019
How software-defined perimeter authentication ups security
Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security. Continue Reading