Network security

Enterprise cyberdefense strategies must include network security best practices. Get advice on essential network security topics such as remote access, VPNs, zero-trust security, NDR, endpoint management, IoT security, hybrid security, Secure Access Service Edge, mobile security and more.

Top Stories

News 06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities

Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
News 05 Dec 2023
Ransomware ramps up against private sector in November

Ransomware disclosures and reports increased again in November, with the most disruptive and dangerous attacks occurring against healthcare organizations. Continue Reading

Tip 16 Mar 2022

3 benefits of sustainable cybersecurity in the enterprise

Sustainable cybersecurity means taking the long view on cyber-risk mitigation. Explore the technical, financial, societal and reputational wins it can net for the enterprise. Continue Reading
Tip 15 Mar 2022

How to secure NetOps initiatives using Agile methodology

As more NetOps teams implement Agile methods, network and security testing must be part of a holistic approach that involves developers, networking and security teams working together. Continue Reading
News 10 Mar 2022

Log4Shell vulnerability continues to menace developers

Months after it was first disclosed, the Log4j RCE vulnerability remains widespread on code-sharing sites and open source repositories, according to security researchers. Continue Reading
Answer 10 Mar 2022

Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
News 09 Mar 2022

Researchers disclose new Spectre V2 vulnerabilities

The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack. Continue Reading
News 08 Mar 2022

Researchers uncover vulnerabilities in APC Smart-UPS devices

Researchers with Armis found a trio of vulnerabilities in uninterruptible power supply (UPS) devices from APC that could be remotely exploited by threat actors. Continue Reading
News 01 Mar 2022

Nvidia confirms breach, proprietary data leaked online

Nvidia has confirmed some of the claims from a little-known ransomware gang that allegedly broke into the network of the GPU giant and stole corporate data. Continue Reading
News 25 Feb 2022

Arista embeds security software in campus switches

Arista Networks will embed network detection and response software in campus switches to provide AI-driven threat detection across the network. Continue Reading
News 25 Feb 2022

Researchers find access brokers focused on US targets

Security vendors studied 'access broker' advertisements on the dark web, which provide ransomware groups with the network and system access required for data thefts. Continue Reading
Tip 25 Feb 2022

A review of Zscaler SASE architecture

Zscaler has a strong cloud-native architecture for secure internet access. But it doesn't deliver SD-WAN or converge internet access and WAN security, leaving it with only part of a SASE platform. Continue Reading
Tip 23 Feb 2022

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
News 23 Feb 2022

IBM: REvil dominated ransomware activity in 2021

IBM X-Force's Threat Intelligence Index report also found a 'triple extortion' ransomware tactic in 2021, where threat actors use DDoS attacks to put extra pressure on victims. Continue Reading
News 17 Feb 2022

SonicWall: Ransomware attacks increased 105% in 2021

While 2021 represented a turning point for law enforcement and government action against ransomware, SonicWall still observed massive growth in attacks. Continue Reading
News 15 Feb 2022

Juniper acquires zero-trust security startup WiteSand

Juniper has acquired zero-trust security company WiteSand. The startup's cloud-native technology could find a home in Juniper's Mist and SASE platforms. Continue Reading
News 15 Feb 2022

CrowdStrike: Attackers are moving faster, harder to detect

The CrowdStrike '2022 Global Threat Report' said attackers are getting better at exploiting vulnerabilities and moving through compromised networks before defenders can spot them. Continue Reading
News 09 Feb 2022

Palo Alto announces ML-enabled software update and firewalls

Palo Alto's updated PAN-OS software uses machine learning to analyze network traffic in real time, and two firewall appliances provide the processing power to support it. Continue Reading
Guest Post 09 Feb 2022

How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
News 01 Feb 2022

Iranian hacking groups pick up the pace with new attacks

Two security vendors are reporting a fresh wave of targeted attacks and malware outbreaks believed to be the work of Iranian state-sponsored threat groups. Continue Reading
Feature 31 Jan 2022

Edge, public cloud, security drive network transformation

Networking is starting to reflect innovations in compute and public cloud. A notable change will be how network teams view networking and security as a holistic platform. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
Feature 27 Jan 2022

Log4j explained: Everything you need to know

Log4j, which is embedded in popular services and frameworks, became a headache for many businesses by the end of 2021. Businesses affected include Apple, Microsoft and VMware. Continue Reading
Tip 26 Jan 2022

Integrating zero-trust practices into private 5G networks

One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
Tip 20 Jan 2022

Introduction to automated penetration testing

Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
News 20 Jan 2022

Cisco: Patching bugs is about more than CVSS numbers

Cisco's Kenna Security advised enterprises to consider more than just CVSS scores and update advisories when deciding when and how to address security vulnerabilities. Continue Reading
News 19 Jan 2022

FireEye, McAfee Enterprise relaunch as XDR-focused Trellix

Though the new company is a combination of two high-profile security vendors, private equity firm STG relaunched the merger under an entirely different name. Continue Reading
Tip 18 Jan 2022

How to implement network segmentation for better security

For a network segmentation strategy to be effective and improve security, network teams need to create detailed security policies, identify each resource and use allowlists. Continue Reading
News 13 Jan 2022

Ukrainian police bust unnamed ransomware gang

A law enforcement raid in Ukraine resulted in the arrest of five suspects accused of deploying ransomware through phishing emails and making more than $1 million. Continue Reading
News 11 Jan 2022

SonicWall SMA 100 appliances beset by multiple vulnerabilities

SonicWall's security appliances can be compromised by several attacks on five vulnerabilities, including one remote code execution bug, according to Rapid7. Continue Reading
News 11 Jan 2022

NetUSB flaw could impact millions of routers

SentinelOne researcher Max Van Amerongen said the only way to fix the high-severity vulnerability is to update the router firmware, which can be a difficult process. Continue Reading
Feature 04 Jan 2022

Is quantum computing ready to disrupt cybersecurity?

Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
Tip 04 Jan 2022

7 API security testing best practices, with checklist

APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
News 30 Dec 2021

Threat actors target HPE iLO hardware with rootkit attack

Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild. Continue Reading
Tip 30 Dec 2021

Explore 9 essential elements of network security

Network security isn't a one-size-fits-all strategy. Dive into the various segments of network security, and learn how they overlap and interact with each other. Continue Reading
News 15 Dec 2021

Nation-state threat groups are exploiting Log4Shell

Multiple nation-state actors are taking advantage of the critical log4j 2 vulnerability, making mitigation even more urgent for some enterprises and government agencies. Continue Reading
Guest Post 15 Dec 2021

The importance of automated certificate management

Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
News 15 Dec 2021

'Insane' spread of Log4j exploits won't abate anytime soon

Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability. Continue Reading
News 14 Dec 2021

Hive ransomware claims hundreds of victims in 6-month span

Group-IB research has revealed that Hive ransomware-as-a-service operations are back and busier than ever, with a rapidly growing victim list over a short amount of time. Continue Reading
Tip 14 Dec 2021

4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
News 09 Dec 2021

Threat actors targeting MikroTik routers, devices

Eclypsium researchers found vulnerable MikroTik devices have become a popular target for threat actors, who are exploiting known flaws that remain unpatched. Continue Reading
Tip 06 Dec 2021

How to get started with attack surface reduction

Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
News 03 Dec 2021

Hundreds of new vulnerabilities found in SOHO routers

Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks. Continue Reading
News 02 Dec 2021

Former Ubiquiti engineer arrested for inside threat attack

Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
News 01 Dec 2021

New Yanluowang ransomware mounting targeted attacks in US

Symantec threat analysts observed the new ransomware operation abusing legitimate tools such as ConnectWise's remote access product to move laterally inside networks. Continue Reading
Feature 24 Nov 2021

Ultimate guide to secure remote access

This comprehensive secure remote access guide outlines the strategies, tools and best practices to provide anywhere access while protecting data, systems and users. Continue Reading
Feature 23 Nov 2021

SecOps' need for traffic data drives NetSecOps collaboration

Security teams want to analyze network traffic data to identify anomalies and threats. As a result, network and security teams need to find ways to work together. Continue Reading
News 19 Nov 2021

Cybercriminals discuss new business model for zero-day exploits

Digital Shadows observed increased chatter on dark web forums about the possible emergence of a new business model that would rent out zero-day exploits as a service. Continue Reading
News 18 Nov 2021

CISA, Microsoft warn of rise in cyber attacks from Iran

CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises. Continue Reading
News 18 Nov 2021

New side channel attack resurrects DNS poisoning threat

A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites. Continue Reading
News 15 Nov 2021

FBI email system compromised to issue fake alerts

An unknown threat actor sent emails warning of a supply chain attack through an FBI portal used by law enforcement agencies to communicate with one another. Continue Reading
Guest Post 15 Nov 2021

Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
Tip 15 Nov 2021

How zero-trust SDP can work with a VPN for remote work

Implementing software-defined perimeter and zero-trust security models with a corporate VPN adds significant layers of user and device verification and authentication. Continue Reading
News 11 Nov 2021

AT&T launches a managed SASE offering with Cisco

AT&T aims its latest managed SASE service at enterprises using Cisco hardware. The offering's features range from firewall and secure web gateway functionality to DNS layer security. Continue Reading
News 11 Nov 2021

Aruba Central breach exposed customer data

HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
News 11 Nov 2021

Trend Micro reveals 'Void Balaur' cybermercenary group

New Trend Micro research revealed a cybermercenary group that has been actively targeting high-profile organizations and individuals across the globe since 2015. Continue Reading
News 11 Nov 2021

Citrix DDOS bug leaves networks vulnerable

Citrix patched a critical bug in its Application Delivery Controller and Gateway software that left networks open to DDOS attacks. It also fixed a less-severe SD-WAN WANOP bug. Continue Reading
Guest Post 10 Nov 2021

4 concepts that help balance business and security goals

The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
News 04 Nov 2021

DDoS botnet exploiting known GitLab vulnerability

A botnet is using a critical GitLab vulnerability, which was disclosed and patched in April, to launch powerful DDoS attacks that have surpassed 1 Tbps. Continue Reading
News 26 Oct 2021

Researcher cracks 70% of neighborhood Wi-Fi passwords

A CyberArk researcher showed that $50 worth of hardware and some attack scripts are all you need to break into home and small business Wi-Fi networks. Continue Reading
News 20 Oct 2021

'LightBasin' hackers spent 5 years hiding on telco networks

A state-sponsored hacking group has been moving undetected on the networks of more than a dozen telecommunications providers, observing traffic and collecting data for years. Continue Reading
News 12 Oct 2021

Cybereason and Google Cloud join forces for new XDR service

Cybereason and Google Cloud have teamed up to combat future security threats with accelerated XDR capabilities. Continue Reading
News 30 Sep 2021

Researchers hack Apple Pay, Visa 'Express Transit' mode

Academic researchers discover an attack technique that enables them to make fraudulent transactions on locked iPhones when Apple Pay and Visa cards are set up for transit mode. Continue Reading
News 29 Sep 2021

Telegram bots allowing hackers to steal OTP codes

A simplified new attack tool based on Telegram scripts is allowing criminals to steal one-time password credentials and take over user accounts and drain bank funds. Continue Reading
News 22 Sep 2021

Symantec: Staging activity observed on Exchange servers

Threat actors appear to be targeting Microsoft Exchange servers with pre-ransomware activity, including one attempt to exfiltrate data. Continue Reading
News 02 Sep 2021

FTC drops the hammer on SpyFone for privacy violations

The FTC has decried SpyFone, a remote tracking app for mobile phones, as stalkerware and ordered it to notify all individuals who were tracked by the app. Continue Reading
News 02 Sep 2021

Accellion-related breach disclosures continue to unfold

Beaumont Health disclosed some patient data was exposed through an attack on Accellion's FTA product, nine months after the attack on the legacy file transfer software occurred. Continue Reading
News 01 Sep 2021

Beware of proxyware: Connection-sharing services pose risks

Cisco Talos warns that sharing internet connections with random people via third-party app like Honeygain and Peer2Profit could lead to malware installations and other threats. Continue Reading
News 27 Aug 2021

T-Mobile offers details of data breach that affected 40M

According to T-Mobile, the hackers who stole its customer database had knowledge of the company's network and testing setup. The hack was a carefully planned network breach. Continue Reading
Guest Post 18 Aug 2021

How attackers use open source intelligence against enterprises

Cato Networks' Etay Maor explains how cybercriminals use open source intelligence to detect and attack vulnerable enterprise networks and employees. Continue Reading
News 18 Aug 2021

Mandiant, CISA warn of critical ThroughTek IoT bug

Mandiant warns the vulnerability, which could affect more than 80 million IoT devices, poses a huge risk to end users' security and privacy and should be mitigated appropriately. Continue Reading
News 17 Aug 2021

Palo Alto Networks: Personal VPNs pose risks to enterprises

Researchers from Palo Alto Networks published a new report detailing the risks that personal VPNs pose to enterprise networks, including evasion tactics to bypass firewalls. Continue Reading
News 05 Aug 2021

Apple's M1 silicon brings new challenges for malware defenders

Noted security researcher Patrick Wardle told Black Hat 2021 attendees that catching malware attacks on new macOS systems requires learning the subtleties of ARM64 architecture. Continue Reading
News 04 Aug 2021

Researchers crack new Let's Encrypt validation feature

Multiperspective validation can be thwarted with a traffic-throttling technique that could lead to attackers obtaining digital certificates for domains they don't own. Continue Reading
News 30 Jun 2021

SentinelOne IPO raises $1.2 billion, beating estimates

the endpoint security vendor has gone public in one of the largest IPOs in the cybersecurity industry. Continue Reading
Tip 29 Jun 2021

How to select an MDR service that's right for your company

A well-engineered managed detection and response system can provide a lot of benefits. But, before deploying an MDR service, determine exactly what you expect from a provider. Continue Reading
Feature 28 Jun 2021

What are cloud containers and how do they work?

Containers in cloud computing have evolved from a security buzzword. Deployment of cloud containers is now an essential element of IT infrastructure protection. Continue Reading
Opinion 25 Jun 2021

Hybrid workforce model needs long-term security roadmap

From SASE to ZTNA to EDR to VPNs, enterprises need to deploy the technologies to develop a secure hybrid workforce model now that can work into the future. Continue Reading
News 24 Jun 2021

HPE jumps into zero trust with Project Aurora

Enterprise giant HPE says its new zero-trust offering, dubbed Project Aurora, will make its debut later this year with the GreenLake hybrid cloud platform. Continue Reading
Answer 10 Jun 2021

The top 6 SSH risks and how regular assessments cut danger

By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is secure. Continue Reading
Tip 04 Jun 2021

5 steps to secure the hybrid workforce as offices reopen

Companies must now face the security challenges of overseeing a hybrid workforce as employees return to the office. Continue Reading
Feature 02 Jun 2021

What is secure remote access in today's enterprise?

Out with the old, in with the new. The meaning of secure remote access, and how organizations achieve it, is changing. Here's what you need to know. Continue Reading
Tip 01 Jun 2021

Who is responsible for secure remote access management?

The pandemic exposed the need for a strong secure remote access strategy. Now, organizations need to figure out which team must make it happen. Continue Reading
Feature 28 May 2021

MDM vs. MAM: What are the key differences?

Mobile workers are productive and even essential to business success. But IT has to protect corporate apps and data -- as well as worker privacy -- via MDM, MAM or both. Continue Reading
Guest Post 24 May 2021

Why cloud changes everything around network security

Vishal Jain examines why the data center mindset doesn't work for network security when it comes to using the public cloud and how companies should think instead. Continue Reading
Feature 21 May 2021

How to secure remote access for the hybrid work model

With the post-COVID-19 hybrid work model taking shape, discover the technologies and trends analysts and IT leaders view as the anchors to ensure secure remote access. Continue Reading
News 20 May 2021

CrowdStrike breaks down 'Golden SAML' attack

The nightmare scenario, demonstrated at RSA Conference 2021, was used by threat actors in the SolarWinds breach and gave them control over both cloud and on-premises systems. Continue Reading
Tip 20 May 2021

Create a remote access security policy with this template

The expansion of remote work has created complicated security risks. Get help developing and updating a remote access security policy. Download our free template to get started. Continue Reading
News 19 May 2021

Cisco shares lessons learned in zero-trust deployment

The networking giant explained at RSA Conference 2021 how it was able to deploy a company-wide zero trust model in less than six months, and what it learned along the way. Continue Reading
Tip 19 May 2021

How to build a cloud security observability strategy

Security observability in the cloud involves more than workload monitoring. Read up on the essential observability components and tools needed to reap the security benefits. Continue Reading
Feature 19 May 2021

12 essential features of advanced endpoint security tools

In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies. Continue Reading
Feature 14 May 2021

Endpoint security strategy: Focus on endpoints, apps or both?

Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both. Continue Reading
Tip 14 May 2021

Enterprises mull 5G vs. Wi-Fi security with private networks

While Wi-Fi security can be implemented just as securely as 5G, mechanisms built into 5G offer some compelling benefits to enterprises considering private 5G networks. Continue Reading
News 13 May 2021

'FragAttacks' eavesdropping flaws revealed in all Wi-Fi devices

Security researcher Mathy Vanhoef said every Wi-Fi device is impacted by at least one of the 12 vulnerabilities, and most devices are vulnerable to several of the flaws. Continue Reading
Feature 10 May 2021

From EDR to XDR: Inside extended detection and response

As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms. Continue Reading
News 06 May 2021

'BadAlloc' vulnerabilities spell trouble for IoT, OT devices

A week after Microsoft revealed 25 memory allocation vulnerabilities in several IoT and OT products, some devices have been patched, while others have not. Continue Reading
News 26 Apr 2021

Hackers targeting VPN vulnerabilities in ongoing attacks

As remote work increased during the pandemic, threat actors increasingly targeted known vulnerabilities. Continue Reading
News 21 Apr 2021

Zero-day flaw in Pulse Secure VPN exploited in attacks

A remote code execution vulnerability found in Pulse Secure VPN appliances has been exploited in attacks affecting government, defense and financial organizations. Continue Reading
Tip 16 Apr 2021

6 SSH best practices to protect networks from attacks

SSH is essential, but default installations can be costly. Auditing and key management are among critical SSH best practices to employ at any organization. Continue Reading
Tip 15 Apr 2021

Unify on-premises and cloud access control with SDP

One security framework available to organizations struggling with on-premises and cloud access control issues is a software-defined perimeter. Learn how SDP can help. Continue Reading
News 08 Apr 2021

Cring ransomware attacking vulnerable Fortigate VPNs

A vulnerability impacting Fortinet's Fortigate VPN, first disclosed and patched in 2019, is being exploited by Cring ransomware operators to extort bitcoin from enterprises. Continue Reading
Tip 07 Apr 2021

MDR vs. MSSP: Why it's vital to know the difference

When assessing MDR vs. MSSP, the key is understanding why the two aren't interchangeable and how each handles response. Continue Reading

1
2
3
4
5
6
7
8
9

Networking

8 network tasks administrators can do quicker from the CLI
Admins can use the command-line interface to manage network tasks. Learn how to streamline automation, troubleshoot networks and ...
5 phases to build a network automation architecture
The implementation of a network automation architecture involves several elements, including a core orchestration engine, ...
Top 5 use cases for 5G augmented and virtual reality
By integrating augmented and virtual reality technologies with 5G, several industries could reap significant benefits. But beware...

CIO

Federal procurement of AI tools hurt by White House rules
Obstacles facing Biden's executive order on AI and draft OMB guidance include lack of clarity around AI procurement and inability...
Congress might act on AI-generated content in 2024
Misinformation is an issue facing digital platforms that's being exacerbated by AI-generated content, something Congress could ...
7 top business process management benefits, advantages
Streamlined workflows, greater agility and scalability, tighter process controls, reduced risks, lower costs and better customer ...

Enterprise Desktop

12 best patch management software and tools for 2024
These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...
Tanium aims to be first with autonomous endpoint management
The new term 'autonomous endpoint management' aims to offer IT teams AI-driven automation that can improve employee experience ...
The 6 best rugged computers for business use cases
Finding the right device for a business scenario can be challenging, and adding rugged conditions to the mix can complicate ...

Cloud Computing

How to implement AI into cloud management and operations
AI is becoming a transformative feature of cloud, but it means nothing if you don't have a proper strategy. Find out how to fold ...
New dev tools at AWS re:Invent shape the future of cloud
Noteworthy tools and updates for developers at AWS re:Invent 2023 included AWS Fault Injection Service, Amazon Q Code ...
Evaluate serverless computing best practices
Serverless computing strategies require enterprises to evaluate tools, features and costs, while understanding application ...

ComputerWeekly.com

UK networks glow as Openreach hits halfway point in UK broadband upgrade plan
Full-fibre forges ahead as Openreach progresses towards plan to extend gigabit to vast majority of UK promises over next three ...
Former Post Office investigator called subpostmaster campaigners ‘crooks’
Former Post Office investigator labelled subpostmasters attempting to clear there names as ‘crooks’
Fancy Bear targets Nato entities via critical Outlook flaw
A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according ...

Close