Enterprise network security

The network security tools to combat modern threats

Incorporating new network security tools and methods into your enterprise's infosec program may mean the difference between staying safe or falling victim to an attack. Continue Reading

Boost network security visibility with these 4 technologies

The network is where it's at if you want to stop malicious actors. But first you need to up your network visibility. Learn about four technologies that can help. Continue Reading

Network visibility and monitoring tools now amp up security

Three technology trends are currently making network visibility even more central to security tools. Learn more about the impact of big data, AI and APIs. Continue Reading

Why Secure Access Service Edge is the future of SD-WAN

Secure Access Service Edge -- or SASE -- architecture transitions from network designs that revolve around the data center to a model based on identity and user context. Continue Reading

Use network traffic analysis to detect next-gen threats

Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading

After a data breach occurs, follow this network security checklist

Before a network breach occurs, you should already have a response plan in place. To make sure you're taking a proactive approach, follow this network security checklist. Continue Reading

Network security vs. application security: What's the difference?

Different tools protect different assets at the network and application layers. But both network and application security need to support the larger security plan. Continue Reading

When cyberthreats are nebulous, how can you plan?

Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading

AI threats, understaffed defenses and other cyber nightmares

 Continue Reading

Increase security visibility with network automation tasks

IT teams can set up automation tasks that generate security reports about network traffic data. These read-only dashboards are useful for executives that ask for system updates. Continue Reading

Forcepoint Web Security offering reaches for the edge

Forcepoint has delivered a web-based security tool leveraging elastic cloud gateway technology that allows admins to access content from any remote location. Continue Reading

5 steps to follow in a network security audit checklist

Planning, execution, analysis, reporting and follow-up are the basic elements of a network security audit checklist. But coordination among IT teams is also important. Continue Reading

Cybersecurity threats on the rise, prey on human nature

Cybersecurity attacks continue to rise, taking advantage of network vulnerabilities -- and human ones. First National Technology Solutions' CISO offers advice. Continue Reading

How to develop and implement a network security plan

When formulating a focused network security plan, you'll need to address specific questions about outbound traffic, user logins and government regulations. Continue Reading

Data center transformation drives the ADC security use case

Application delivery controllers play many roles, but the ADC security use case might be most important. Learn about ADC features and how they boost data center security. Continue Reading

Virtual network security measures to thwart access threats

Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues. Continue Reading

Top enterprise 5G security concerns and how to address them

The benefits of 5G are aplenty, but the next-generation LTE technology also presents a number of risks. Learn how to securely deploy 5G in your enterprise. Continue Reading

Cybersecurity frameworks hold key to solid security strategy

Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options. Continue Reading

Gigamon launches platform to improve application visibility

Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading

Trustwave security platform provides visibility, control

Trustwave Fusion is a cloud-based cybersecurity platform designed with the goal of giving users better insight into how security resources are provided and monitored. Continue Reading

Hackers earn nearly $2M in HackerOne's hacking event

One hundred hackers and 75 hackers in training gathered in Las Vegas for HackerOne's hacking event to find security flaws in organizations, including Verizon Media and GitHub. Continue Reading

VMware's internal Service-defined Firewall reimagines firewalling

VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments. Continue Reading

Bibb County School District cybersecurity efforts use AI

Using AI-driven cybersecurity from ManagedMethods, a Georgia school district blocks external threats and identifies potentially harmful language in student documents. Continue Reading

Black Hat 2019 brings out new security, protection offerings

The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch. Continue Reading

New features added to Juniper Networks security platform

New features include containerized firewalls and the incorporation of SecIntel into MX Series routers as part of Juniper Networks' effort to provide security throughout a network. Continue Reading

IoT cybersecurity: Do third parties leave you exposed?

IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues. Continue Reading

Qualys IOC 2.0 update improves threat detection and response

Qualys IOC 2.0 comes with increased threat detection and response capabilities designed to more accurately detect indicators of compromise and potential cyberattacks. Continue Reading

The 5 network security basics you need to know

In this compilation, learn what network security is, as well as how it differs from cybersecurity, common -- and potentially confusing -- technologies, threats and more. Continue Reading

Identity management strategy starts with people, not technology

Organizations have the tough job of creating an overarching view of identity inside and out of the company. One thing they should remember? Focus on people rather than technology. Continue Reading

A glossary of 10 essential network security terms

This network security glossary covers both old and new key terms -- such as zero trust networks and microsegmentation -- that can bolster anyone's security vocabulary. Continue Reading

How to prevent cybersecurity attacks using this 4-part strategy

It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way. Continue Reading

Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading

How to retool incident response best practices for the digital age

As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible. Continue Reading

Build a proactive cybersecurity approach that delivers

Whether it's zero-trust, adaptive security or just plain common sense, IT leaders must embrace an approach to IT security that's proactive, not reactive. Continue Reading

AI network security tool autonomously does microsegmentation

To ensure network security, a U.S. law firm has turned to automated network microsegmentation vendor Edgewise. The startup uses machine learning to deploy microsegmentation. Continue Reading

ReliaQuest's cybersecurity platform integrates technologies

ReliaQuest's security analytics platform, GreyMatter, claims to improve threat detection by up to four times and reduce system downtime by 98% by integrating AI and human analysis. Continue Reading

Another 7.7M affected by American Medical Collection Agency breach

Roughly 7.7 million LabCorp customers may have been affected by an American Medical Collection Agency data breach. It's the same incident that affected Quest Diagnostics. Continue Reading

Huawei ban highlights 5G security issues CISOs must tackle

Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading

How to build a strong cloud network security strategy

Building a secure network in the cloud is different from securing a traditional network. Learn what the main differences are and how to establish cloud networking security. Continue Reading

AI, machine learning in cybersecurity focused on behavior

Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading

What does a zero-trust model mean for network security?

A zero-trust model limits access and permissions according to a defined set of parameters that enterprises specify for each application. Learn what this means for network security. Continue Reading

Cisco: Network security strategy requires IT, OT to play nice

Cisco told RSA attendees the need for network security on the factory floor is growing. Cisco says cooperation between IT and operations is key to protecting equipment. Continue Reading

Container security tools turn heads with expansion to hosts

Vendors that sell container security tools now face off against traditional security tool providers, as both vie for the attention of IT pros who look to fortify their cloud-native infrastructure. Continue Reading

CrowdStrike report says breakout time for threat actors is increasing

CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.' Continue Reading

Key steps to put your zero-trust security plan into action

There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading

What new technique does the Osiris banking Trojan use?

A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it poses with Nick Lewis. Continue Reading

Palo Alto Networks to acquire SOAR vendor Demisto

Palo Alto Networks announced its plan of acquiring SOAR vendor Demisto for $560 million to accelerate its Application Framework strategy and beef up security operations automation. Continue Reading

Astaroth Trojan returns, abuses antivirus software

Cybereason's Nocturnus Research team has discovered a new strain of the Astaroth Trojan that attacks antivirus software to steal credentials. Continue Reading

How do trusted app stores release and disclose patches?

A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis. Continue Reading

What are the pros and cons of machine learning in network security?

The predictive nature of machine learning can benefit network security strategies. But it can also benefit those looking to break through secure network barriers. Continue Reading

'SpeakUp' backdoor Trojan could spell further trouble for Linux servers

Check Point Research explains why SpeakUp, the new Trojan targeting Linux servers, has the potential to unleash more harm and offers pointers on how to defend against such malware. Continue Reading

CISO tackles banking cybersecurity and changing roles

Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading

A recap of notable 2018 networking trends and news

Before the final days of 2018 fade into history like so last-generation 4G, spend some time reviewing the news and trends that graced the networking industry this year. Continue Reading

What are the differences between network security vs. cybersecurity?

IT groups need to consider varying layers of security. For instance, the similarities and differences between cybersecurity and network security are closely entwined. Continue Reading

How does the resurgent VPNFilter botnet target victims?

After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick Lewis. Continue Reading

CISOs face the IoT security risks of stranger things

The internet of things, by its very design, extends enterprise technology infrastructure further and further out, computerizing devices whose functions, if corrupted, could have catastrophic results. The sheer scope of internet-connected devices is compounding IoT security risks: CISOs now must worry not only about compromised or stolen data but the potential for bad actors to hijack vehicles, heavy machinery and medical equipment.

"People talk about IoT being the new hot thing, but it has been there almost 20 years in medical care," said Taylor Lehmann, CISO for both Wellforce and its academic hospital, Tufts Medical Center based in Boston. "What has changed is the number of these devices and how many of these devices are vulnerable."

Strategies to manage IoT security risks outside of healthcare and a few other industries remain in the early stages. Many connected devices can't be patched or updated, nor do they have security features such as basic encryption and two-factor authentication. The skills to secure IoT, which require knowledge of software and hardware, are challenging to find.

Even so, experts say cybersecurity in the internet of things era draws on the same technologies and practices that have proven effective over the years, thereby giving CISOs and their organizations a roadmap for extending security as the number of devices multiplies. In this issue of Information Security magazine, we talk to CISOs and other information security experts about IoT security risks and strategies for managing them.

 Continue Reading

Stranger things: IoT security concerns extend CISOs' reach

The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities. Continue Reading

Stranger things: IoT security concerns extend CISOs' reach

 Continue Reading

How security operations centers work to benefit enterprises

One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading

Protecting the DNS protocol: How DNSSEC can help

Securing the DNS protocol is no joke. Learn what the DNS Security Extensions are and the efforts the United States government is taking to push DNSSEC adoption. Continue Reading

Ways to solve DNS security issues in your organization

Get up to speed fast on means and methods for reducing or eliminating security-related issues in DNS, an integral service upon which the internet depends. Continue Reading

Zero-trust model promises increased security, decreased risk

The zero-trust model takes focused and sustained effort, but promises to improve most companies' risk posture. Learn what it takes to get the most out of zero trust. Continue Reading

Mobile security issues require a unified approach

Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps. Continue Reading

Counter mobile device security threats with unified tools

Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses. Continue Reading

Fight a targeted cyberattack with network segmentation, monitoring

It takes a variety of tactics, including network segmenting and monitoring, to safeguard the network. Learn the latest defenses to keep your network safe. Continue Reading

Spectre, Meltdown vulnerabilities put SDS, HCI at risk

Spectre and Meltdown patches should be applied to hyper-converged and other software-defined storage products that run on hosts with user installed application processes. Continue Reading

Security compliance standards as a guide in endpoint plans

Consider security compliance regulations for your industry as a starting point and a guide for planning your specific approach to enterprise endpoint protection. Continue Reading

The endpoint security controls you should consider now

With the perimeter wall gone, securing enterprise endpoints is even more essential. Learn how automation and other developments can up endpoint protection now. Continue Reading

Get the best botnet protection with the right array of tools

Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading

Three reasons to implement an NAC system

The growth in devices on the network has heightened the need for network access control products. This article presents scenarios where an enterprise might need an NAC system. Continue Reading

Learn how to identify and prevent access control attacks

Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening. Continue Reading

Securing endpoints with supplementary tools protects data

Learn how network access control (NAC), data loss prevention (DLP) and robust data destruction tools secure the data in your corporate endpoints against data loss. Continue Reading

How do network management systems simplify security?

Network security teams can find themselves overwhelmed with protecting an enterprise network. Expert Matthew Pascucci explains how network management systems can help with that. Continue Reading

How NotPetya ransomware used legitimate tools to move laterally

WannaCry and NotPetya ransomware woke enterprises up to an expanded threat landscape. Expert Michael Cobb explains these threats and what enterprises can do to stop them. Continue Reading

The best endpoint security practices are evolving and essential

Ever since the first mobile device hit the enterprise network, best endpoint security practices have been a major IT concern. What's happened since then has been a staggering proliferation of the number and types of devices on the network, complicated by increasing numbers of mobile and remote corporate employees, all of which have essentially ended the traditional idea of a corporate network security perimeter. Firewalls and other more traditional security appliances may still be in use, and rightly so, but endpoint security management is more critical than ever in keeping enterprise systems and data safe from malicious actors.

The summer Insider Edition, our Information Security magazine quarterly e-zine, looks at what's new in endpoint security management, from the best endpoint security tools to consider now, and what other efforts beyond tools infosec pros can employ to best secure all those pesky mobile endpoints wandering in and out of corporate corridors.

This Insider Edition offers expert assessments on the endpoint security technology vendors have developed to combat mutating ransomware like WannaCry -- from machine learning to multivendor partnerships to behavior analytics. Also included is an exploration of mobile endpoint security tools like application containers and app wrapping. CISOs must focus now on how the threats, and the technological advances to fight them, are changing and factor these considerations into any endpoint security strategy.

Readers will come away with a deeper understanding of the best endpoint security tools and techniques available and be able to consider the most advanced approaches available to locking down the company data and systems that endpoints can access.

 Continue Reading

Advanced endpoint protection takes on the latest exploits

Advanced endpoint protection is arriving from all quarters -- machine learning, crafty sandboxes, behavior analytics. Learn how tech advances are being applied to endpoints. Continue Reading

Do thoughts of your least secure endpoint keep you up at night?

Some days, 'secure endpoint' feels like an oxymoron, but that soon may change. From smart sandboxes to advanced behavior analytics, learn what's new in endpoint security technologies. Continue Reading

Learn what breach detection system is best for your network

Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading

Outsourcing security services rises as MSSPs focus on industries

Despite increasing levels of specialization, managed security service providers often don't understand the business you're in. That may be changing. Continue Reading

Outsourcing security services rises as MSSPs focus on industries

 Continue Reading

Pulse Connect Secure offers a variety of authentication options

Expert Karen Scarfone takes a look at the Pulse Connect Secure series of SSL VPNs for securing the connection between clients and networks through encrypted tunnels. Continue Reading

SonicWALL SSL VPN provides security for organizations of any size

The SonicWALL SSL VPN protects remote client devices by creating a secure connection to enterprise networks, with many options for customized security features. Continue Reading

Ransomware prevention tools to win the fight

Fighting malware today means battling ransomware. Learn what ransomware prevention tools you need to acquire and how to perfect using the tools your company already owns. Continue Reading

Connected medical devices spark debate at RSA Conference session

An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading

RSA President Rohit Ghai details new cybersecurity platform at RSAC 2017

Michael Dell introduces RSA's newly appointed president, Rohit Ghai, who is set to lead the cybersecurity firm as it implements its new Business Driven Security platform. Continue Reading

Industrial Network Security

In this excerpt from chapter 3 of Industrial Network Security, authors Eric D. Knapp and Joel Langill discuss the history and trends of industrial cybersecurity. Continue Reading

Wireless intrusion prevention systems: A buyer's guide

In this SearchSecurity buyer's guide, learn why it's important to have a wireless intrusion prevention system to protect your Wi-Fi networks and how to pick the right WIPS product. Continue Reading

RSA NetWitness Logs and Packets: Security analytics product overview

Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats. Continue Reading

Securing VoIP: Keeping Your VoIP Networks Safe

In this excerpt of Securing VoIP: Keeping your VoIP Network Safe, author Regis (Bud) Bates outlines different approaches to VoIP security and offers best practices to ensure infrastructure security is intact. Continue Reading

The best SSL VPN products in the market

SSL VPNs are essential for securing network connections and communications. Here's a look at the best SSL VPN products in the industry. Continue Reading

Pervasive sensing: How it affects enterprise and IoT security

Pervasive sensing is a relatively new concept, but its security risks are well-developed. Expert Ernie Hayden explains this new trend and its associated security implications. Continue Reading

Comparing the top wireless intrusion prevention systems

Expert Karen Scarfone examines the top wireless intrusion prevention systems (WIPS) to help readers determine which may be best for them. Continue Reading

Six criteria for procuring security analytics software

Security analytics software can be beneficial to enterprises. Expert Dan Sullivan explains how to select the right product to fit your organization's needs. Continue Reading

Comparing the top SSL VPN products

Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them. Continue Reading

The three enterprise benefits of SSL VPN products

Expert Karen Scarfone outlines the ways SSL VPN products can secure network connections and communications for organizations. Continue Reading

Introduction to security analytics tools in the enterprise

Expert Dan Sullivan explains how security analysis and analytics tools work, and how they provide enterprises with valuable information about impending attacks or threats. Continue Reading

Secure DMZ Web server setup advice

Network security expert Anand Sastry describes how to ensure a secure DMZ Web server setup involving network attached storage (NAS). Continue Reading

Should a domain controller be placed within the DMZ?

When creating an Active Directory network, is it necessary to place domain controllers in the DMZ? Network security expert Mike Chapple explains. Continue Reading