Network security
Enterprise cyberdefense strategies must include network security best practices. Get advice on essential network security topics such as remote access, VPNs, zero-trust security, NDR, endpoint management, IoT security, hybrid security, Secure Access Service Edge, mobile security and more.
Top Stories
-
Tip
15 Apr 2025
How to ensure OT secure remote access and prevent attacks
OT systems face threats from attackers targeting their remote access capabilities. Segmenting networks is one important step. Learn other ways to safeguard your OT systems. Continue Reading
-
Tip
04 Apr 2025
IPsec vs. SSL VPNs: What are the differences?
New technologies get all the headlines, but VPNs aren't going away anytime soon. Speed and security are among the factors to consider when determining what type of VPN to use. Continue Reading
-
News
26 Sep 2024
Ransomware Task Force finds 73% attack increase in 2023
The Institute for Security and Technology's Ransomware Task Force says a shift to big game hunting tactics led to a significant rise in attacks last year. Continue Reading
-
News
24 Sep 2024
Arkansas City water treatment facility hit by cyberattack
While disruptions are limited, the attack on the water treatment facility highlights how the critical infrastructure sector remains a popular target for threat actors. Continue Reading
-
Tutorial
24 Sep 2024
How to use tcpreplay to replay network packet files
The suite of tools that comprise tcpreplay offers administrators a variety of network security options. Learn some of the benefits of this free utility. Continue Reading
-
Tip
19 Sep 2024
DNS security best practices to implement now
DNS is a key component in any enterprise network. Auditing DNS servers and encrypting DNS traffic are just two of the steps to take to protect your organization's DNS deployment. Continue Reading
-
Podcast
19 Sep 2024
SecOps' new frontier in the remote work era: HR
A CISO shares the story of how his SOC staff caught and contained a North Korean agent posing as a software engineer, saying he hopes to raise awareness of a growing threat. Continue Reading
-
News
19 Sep 2024
FBI disrupts another Chinese state-sponsored botnet
The FBI said the massive botnet, which included 260,000 connected devices, was developed and operated by a publicly traded Chinese company named Integrity Technology Group. Continue Reading
-
News
18 Sep 2024
Orca: AI services, models falling short on security
New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
-
News
13 Sep 2024
Fortinet confirms data breach, extortion demand
Fortinet confirmed that a threat actor stole data from a third-party cloud-based shared file drive, which affected a small number of customers, but many questions remain. Continue Reading
-
Answer
11 Sep 2024
HTTP vs. HTTPS: What's the difference?
HTTP and HTTPS are web communication protocols. HTTP lacks security, while HTTPS encrypts data to adhere to the security standards of confidentiality, integrity and authenticity. Continue Reading
-
News
09 Sep 2024
Akira ransomware gang targeting SonicWall VPN accounts
Arctic Wolf recently observed the Akira ransomware gang compromising SonicWall SSL VPN accounts, which could be connected to a critical vulnerability in SonicOS. Continue Reading
-
Definition
06 Sep 2024
What is network detection and response (NDR)?
Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack. Continue Reading
-
News
06 Sep 2024
Ransomware rocked healthcare, public services in August
Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, manufacturing and the public sector. Continue Reading
-
News
04 Sep 2024
White House unveils plan to improve BGP security
The Office of the National Cyber Director has published a roadmap for internet routing security that outlines recommendations for mitigating BGP hijacking and other threats. Continue Reading
-
News
03 Sep 2024
FBI: North Korean hackers targeting cryptocurrency employees
North Korean state-sponsored threat actors have been conducting successful social engineering campaigns against cryptocurrency employees over the last several months. Continue Reading
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
-
News
22 Aug 2024
GuidePoint talks ransomware negotiations, payment bans
GuidePoint Security's Mark Lance discusses the current ransomware landscape and the steps that go into negotiating potential payments with cybercriminal gangs. Continue Reading
-
News
21 Aug 2024
Microchip Technology discloses cyberattack, business delays
The microprocessor manufacturer says it detected malicious activity in its network over the weekend, which disrupted business operations and impaired its ability to fulfill orders. Continue Reading
-
Video
21 Aug 2024
An explanation of cybersecurity
Cybersecurity protects internet-connected systems from attacks, covering hardware, software and data. Continue Reading
-
Definition
16 Aug 2024
What is an endpoint protection platform (EPP)?
An endpoint protection platform (EPP) is a security technology that safeguards endpoint devices. Continue Reading
-
Feature
15 Aug 2024
The 5 different types of firewalls explained
The firewall remains a core fixture in network security. But, with five types of firewalls, three firewall deployment models and multiple placement options, things can get confusing. Continue Reading
-
Tip
15 Aug 2024
How to select an MDR security service
With the threat landscape as challenging as it is, organizations are looking for reinforcements. One option is to bolster detection and response via third-party MDR services. Continue Reading
-
News
07 Aug 2024
Akamai warns enterprises that VPN attacks will only increase
During Black Hat USA 2024, Akamai's Ori David revealed new VPN post-exploitation techniques that open the attack vector to threat actors of all skill levels. Continue Reading
-
Tip
07 Aug 2024
12 types of endpoint security
With the rise of remote work, mobile devices and IoT, the traditional security perimeter extends beyond corporate networks, making endpoint security crucial for organizations. Continue Reading
-
Tutorial
07 Aug 2024
Examine a captured packet using Wireshark
Wireshark is a useful tool for capturing network traffic data. Network pros can make the most of the tool by analyzing captured packets to see what that data means for troubleshooting. Continue Reading
-
Definition
02 Aug 2024
What is endpoint security? How does it work?
Endpoint security is the protection of endpoint devices against cybersecurity threats. Continue Reading
-
News
01 Aug 2024
InfoSec community sounds off on CrowdStrike outage, next steps
Security experts offered their thoughts on the recent IT outage, praising CrowdStrike's response time but saying the outage highlights issues in the software updating process. Continue Reading
-
News
30 Jul 2024
Microsoft: Ransomware gangs exploiting VMware ESXi flaw
VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch. Continue Reading
-
Feature
29 Jul 2024
How the Change Healthcare attack may affect cyber insurance
UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies. Continue Reading
-
Definition
29 Jul 2024
What is SSH (Secure Shell) and How Does It Work?
SSH (Secure Shell or Secure Socket Shell) is a network protocol that gives users -- particularly systems administrators -- a secure way to access a computer over an unsecured network. Continue Reading
-
Tutorial
25 Jul 2024
How to use PuTTY for SSH key-based authentication
This tutorial on the open source PuTTY SSH client covers how to install it, its basic use and step-by-step instructions for configuring key-based authentication. Continue Reading
-
News
24 Jul 2024
KnowBe4 catches North Korean hacker posing as IT employee
KnowBe4 says it hired a new principal security engineer for its internal AI team, but quickly detected suspicious activity originating from the employee's workstation. Continue Reading
-
Tip
24 Jul 2024
What is ERP security and why is it critical?
An ERP system is vulnerable whether it's on premises or in the cloud, and supply chain attacks continue to increase. Learn why it's important to secure your company's ERP software. Continue Reading
-
Tutorial
23 Jul 2024
Intro: How to use BlackArch Linux for pen testing
BlackArch Linux offers a lot of pen testing and security benefits, but it requires knowledgeable and independent professionals who can put the distribution to work. Continue Reading
-
Video
23 Jul 2024
WPA2 vs. WPA3
Wireless security has evolved from WEP to WPA protocols and play a pivotal role in safeguarding against cyberattacks. Continue Reading
-
News
23 Jul 2024
Dragos: New ICS malware FrostyGoop abuses Modbus
Dragos published research Tuesday unveiling an industrial control systems-focused malware it dubbed FrostyGoop that targets Modbus to disrupt critical infrastructure. Continue Reading
-
News
22 Jul 2024
Microsoft: Faulty CrowdStrike update affected 8.5M devices
Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread. Continue Reading
-
Tip
22 Jul 2024
Where to place a firewall in an enterprise network
Firewalls are a foundational element of a strong security posture, and their positioning affects both enterprise performance and cyberdefense. Continue Reading
-
Answer
19 Jul 2024
How to protect port 139 from SMB attacks
Keeping port 139 open is perfectly normal -- but only for good reason. Without the proper protections, it can present a major security risk. Continue Reading
-
News
18 Jul 2024
Fin7 helps ransomware gangs with EDR bypass
SentinelOne found the Russia-based cybercriminal group is helping other threat actors, including ransomware gangs, to evade detection with a custom tool named AvNeutralizer. Continue Reading
-
News
11 Jul 2024
Ransomware gangs increasingly exploiting vulnerabilities
New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs for initial access during 2023 and 2024. Continue Reading
-
Answer
11 Jul 2024
CASB vs. SASE: What's the difference?
CASB and SASE enhance network and SaaS application security. CASB acts as a security layer for cloud services, while SASE integrates networking and security into one framework. Continue Reading
-
Tip
11 Jul 2024
Understand the uses of blockchain in data centers
Blockchain is most famous for its cryptocurrency applications, but data centers can employ it for a variety of business-related reasons -- including increased security. Continue Reading
-
News
09 Jul 2024
Governments issue warning on China's APT40 attacks
Government agencies say APT40 continues to pose significant risk to organizations across the globe by exploiting vulnerabilities in public-facing applications. Continue Reading
-
News
08 Jul 2024
Ransomware hits CDK Global, public sector targets in June
The prevalent threat continued to cause disruptions last month as city halls were forced to close and auto dealerships faced downstream effects after an attack against CDK Global. Continue Reading
-
Definition
05 Jul 2024
What is a cyber attack? How they work and how to stop them
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
-
Feature
01 Jul 2024
Compare 5 single-vendor SASE providers
SASE has broad enterprise appeal because it combines security and connectivity. With so many vendor options available, enterprises might need help narrowing the search. Continue Reading
-
News
27 Jun 2024
Supply chain attacks conducted through Polyfill.io service
In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats. Continue Reading
-
Answer
26 Jun 2024
SPF, DKIM and DMARC: What are they and how do they work together?
Internet protocols for email authentication -- SPF, DKIM and DMARC -- coordinate defense against spammers, phishing and other spoofed email problems. Continue Reading
-
Definition
25 Jun 2024
What is security information and event management (SIEM)?
Security information and event management (SIEM) is an approach to security management that combines security information management (SIM) and security event management (SEM) functions into one security management system. Continue Reading
-
News
21 Jun 2024
Biden administration bans Kaspersky Lab products in US
The Biden administration announced a ban on Kaspersky Lab products inside the United States due to the antivirus vendor's ties with the Russian government. Continue Reading
-
News
20 Jun 2024
SolarWinds Serv-U vulnerability under attack
The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind's Serv-U file transfer product. Continue Reading
-
News
20 Jun 2024
Phoenix SecureCore UEFI firmware bug affects Intel processors
Multiple Intel processors and hundreds of PC models are potentially vulnerable to a recently disclosed vulnerability in Phoenix SecureCore UEFI firmware. Continue Reading
-
News
18 Jun 2024
EPAM denies link to Snowflake customer attacks
EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases. Continue Reading
-
Definition
18 Jun 2024
DNS attack
A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system. Continue Reading
-
Feature
17 Jun 2024
CASB vs. CSPM vs. CWPP: Comparing cloud security tool types
Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things. Continue Reading
-
Definition
13 Jun 2024
secure access service edge (SASE)
Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native security technologies and delivers them as a single cloud service. Continue Reading
-
Definition
13 Jun 2024
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between devices on a network. Continue Reading
-
News
12 Jun 2024
Black Basta might have exploited Microsoft flaw as zero-day
While investigating a ransomware attack, Symantec found evidence that suggests Black Basta threat actors exploited a Microsoft vulnerability as a zero-day. Continue Reading
-
Answer
12 Jun 2024
Zero trust vs. defense in depth: What are the differences?
Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other. Continue Reading
-
Tip
11 Jun 2024
SASE vs. SSE: Explaining the differences
Most security professionals are familiar with secure access service edge, but now, there's a new tool for administrators to consider: security service edge. Continue Reading
-
Tip
10 Jun 2024
Why it's SASE and zero trust, not SASE vs. zero trust
When it comes to adopting SASE or zero trust, it's not a question of either/or, but using SASE to establish and enable zero-trust network access. Continue Reading
-
Guest Post
07 Jun 2024
SASE operational pain points and how to fix them
SASE offers companies a compelling security strategy, but it takes time to ensure network teams have the visibility and management oversight they need. Continue Reading
-
Definition
07 Jun 2024
proof of concept (PoC) exploit
A proof of concept (PoC) exploit is a nonharmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software. Continue Reading
-
News
06 Jun 2024
Critical Progress Telerik vulnerability under attack
Threat actors are targeting vulnerable Progress Telerik Report Server systems just days after a proof of concept was published detailing a vulnerability exploit chain. Continue Reading
-
News
06 Jun 2024
Ransomware ravaged schools and cities in May
The public sector took the brunt of ransomware in May, while another damaging attack against a healthcare company disrupted patient access to pharmacy services. Continue Reading
-
News
03 Jun 2024
Mandiant: Ransomware investigations up 20% in 2023
The cybersecurity company observed a sharp rise in activity on data leak sites in 2023 as well as an increase in ransomware actors using legitimate commercial tools during attacks. Continue Reading
-
News
30 May 2024
Law enforcement conducts 'largest ever' botnet takedown
An international law enforcement effort called 'Operation Endgame' disrupted several infamous malware loaders and botnets used by ransomware gangs and other cybercriminals. Continue Reading
-
Answer
30 May 2024
Top 6 benefits of zero-trust security for businesses
The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
-
News
29 May 2024
Check Point discovers vulnerability tied to VPN attacks
While Check Point identified CVE-2024-24919 as the root cause behind recent attack attempts on its VPN products, it's unclear if threat actors gained access to customer networks. Continue Reading
-
News
28 May 2024
Check Point warns of threat actors targeting VPNs
Check Point said threat actors were targeting a small number of customers by attempting to compromise local VPN accounts that only utilized passwords for authentication. Continue Reading
-
News
28 May 2024
How AI could bolster software supply chain security
Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software. Continue Reading
-
Definition
23 May 2024
wireless intrusion prevention system (WIPS)
A wireless intrusion prevention system (WIPS) is a dedicated security device or integrated software application that monitors a wireless local area network (WLAN) or Wi-Fi network's radio spectrum for rogue access points (APs) and other wireless threats. Continue Reading
-
Definition
23 May 2024
virtual firewall
A virtual firewall is a firewall device or service that provides network traffic filtering and monitoring for virtual machines (VMs) in a virtualized environment. Continue Reading
-
News
21 May 2024
Rapid7 warns of alarming zero-day vulnerability trends
The cybersecurity vendor tracked vulnerabilities that were used by threat actors in mass compromise events and found more than half were exploited as zero days. Continue Reading
-
News
20 May 2024
CyberArk to acquire Venafi from Thoma Bravo for $1.5B
CyberArk said it intends to help enterprises with the growing number of machine identities, which the company said surpasses human identities by a ratio of 40 to 1. Continue Reading
-
News
16 May 2024
What LockBitSupp charges mean for ransomware investigations
At RSA Conference 2024, Recorded Future's Allan Liska discussed evolving ransomware trends and how authorities recently exposed the LockBit ransomware group ringleader. Continue Reading
-
News
16 May 2024
IBM sells QRadar SaaS assets to Palo Alto Networks
The deal with Palo Alto Networks comes one year after IBM announced QRadar Suite, an AI-enhanced security platform that combined existing SIEM and XDR products. Continue Reading
-
News
15 May 2024
AI-driven attacks seen as chief cloud security threat
Tried and true cloud security threats are on the rise. But according to a new report from Palo Alto Networks, the specter of generative AI threats has organizations concerned. Continue Reading
-
News
14 May 2024
SonicWall CEO talks transformation, security transparency
SonicWall's CEO said that following a string of serious vulnerabilities the company responded to in 2021, product development and quality assurance operations were overhauled. Continue Reading
-
Definition
10 May 2024
Pegasus malware
Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected device, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram. Continue Reading
-
Feature
09 May 2024
Build a resilient network: What I learned from 5 thought leaders
At the 2024 'Strategies for a Resilient Network' summit, five thought leaders shared best practices to help you achieve optimal network resiliency. Learn more. Continue Reading
-
News
08 May 2024
National Security Agency warns against paying ransoms
Rob Joyce and David Luber, former and current directors of cybersecurity at the NSA, discuss how the ransomware attack on Change Healthcare exemplified the cons of paying ransoms. Continue Reading
-
News
08 May 2024
White House: Threats to critical infrastructure are 'severe'
While the White House released the new National Cybersecurity Strategy last year to help combat threats to critical infrastructure organizations, attacks have continued. Continue Reading
-
News
07 May 2024
SentinelOne: Ransomware actors are adapting to EDR
At RSA Conference 2024, SentinelOne's Alex Stamos discussed ongoing global threats such as ransomware and how threat actors are changing their techniques. Continue Reading
-
News
07 May 2024
U.S. agencies continue to observe Volt Typhoon intrusions
A panel of experts at RSA Conference 2024 discussed Volt Typhoon and warned the Chinese nation-state threat group is still targeting and compromising U.S. organizations. Continue Reading
-
Definition
06 May 2024
social engineering penetration testing
Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit. Continue Reading
-
News
06 May 2024
Cisco details Splunk security integrations, AI developments
Just two months after Cisco completed its $28 billion acquisition of analytics giant Splunk, the company added XDR capabilities into Splunk Enterprise Security. Continue Reading
-
News
01 May 2024
U.S. warns of pro-Russian hacktivist attacks against OT systems
CISA calls on OT device manufacturers to implement more effective security protocols as attacks against critical infrastructure organizations continue. Continue Reading
-
Definition
01 May 2024
remote access
Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a network connection. Continue Reading
-
News
30 Apr 2024
Change Healthcare breached via Citrix portal with no MFA
UnitedHealth Group CEO Andrew Witty's opening statement for Wednesday's congressional hearing shed more light on the ransomware attack against Change Healthcare. Continue Reading
-
Tip
30 Apr 2024
How SASE convergence affects organizational silos
Most enterprises have siloed departments, but SASE's convergence of network and security functions is disrupting those constructs and driving the need for more team communication. Continue Reading
-
Definition
25 Apr 2024
disaster recovery (DR)
Disaster recovery (DR) is an organization's ability to respond to and recover from an event that negatively affects business operations. Continue Reading
-
News
25 Apr 2024
Dymium scares ransomware attacks with honeypot specters
Dymium, a security startup that recently emerged from stealth, offers ransomware defense for data stores with a network of honeypot traps for spoofing attackers. Continue Reading
-
News
24 Apr 2024
Critical CrushFTP zero-day vulnerability under attack
While a patch is now available, a critical CrushFTP vulnerability came under attack as a zero-day and could allow attackers to exfiltrate all files on the server. Continue Reading
-
Tip
23 Apr 2024
Creating a patch management policy: Step-by-step guide
A comprehensive patch management policy is insurance against security vulnerabilities and bugs in networked hardware and software that can disrupt your critical business processes. Continue Reading
-
News
18 Apr 2024
Cisco discloses high-severity vulnerability, PoC available
The security vendor released fixes for a vulnerability that affects Cisco Integrated Management Controller, which is used by devices including routers and servers. Continue Reading
-
Answer
18 Apr 2024
Stateful vs. stateless firewalls: Understanding the differences
Stateful firewalls are the norm in most networks, but there are still times where a stateless firewall fits the bill. Learn how these firewalls work and what approach might be best. Continue Reading
-
News
17 Apr 2024
Mandiant upgrades Sandworm to APT44 due to increasing threat
Over the past decade, Sandworm has been responsible for high-severity attacks that highlight the group's persistence, evasion techniques and threat to government bodies. Continue Reading
-
News
16 Apr 2024
OT security vendor Nozomi Networks lands Air Force contract
Nozomi Networks CEO Edgard Capdevielle said the $1.25 million contract will be a guarantee that 'our products will continue to meet the requirements of the Air Force.' Continue Reading
-
News
11 Apr 2024
CISA discloses Sisense breach, customer data compromised
CISA is investigating a breach of data analytics vendor Sisense that may have exposed customers' credentials and secrets and could impact critical infrastructure organizations. Continue Reading