Network security

Enterprise cyberdefense strategies must include network security best practices. Get advice on essential network security topics such as remote access, VPNs, zero-trust security, NDR, endpoint management, IoT security, hybrid security, Secure Access Service Edge, mobile security and more.

Top Stories

Tip 17 Nov 2023
An introduction to IoT penetration testing

IoT systems are complex, and that makes checking for vulnerabilities a challenge. Penetration testing is one way to ensure your IoT architecture is safe from cyber attacks. Continue Reading
News 16 Nov 2023
CISA, FBI issue alert for ongoing Scattered Spider activity

The government advisory follows several high-profile attacks attributed to Scattered Spider, which uses advanced social engineering techniques like SIM swapping. Continue Reading

Tip 20 Sep 2019

Tips and tricks to integrate IT and OT teams securely

IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined. Continue Reading
Tip 20 Sep 2019

What's the role of people in IT/OT security?

To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures. Continue Reading
Feature 10 Sep 2019

Designing IoT security: Experts warn against cutting corners

Security, though costly, is essential for IoT devices; a single breach can destroy a company's reputation. IoT security by design can avoid devastating incidents. Continue Reading
News 06 Sep 2019

Trustwave security platform provides visibility, control

Trustwave Fusion is a cloud-based cybersecurity platform designed with the goal of giving users better insight into how security resources are provided and monitored. Continue Reading
News 05 Sep 2019

Hackers earn nearly $2M in HackerOne's hacking event

One hundred hackers and 75 hackers in training gathered in Las Vegas for HackerOne's hacking event to find security flaws in organizations, including Verizon Media and GitHub. Continue Reading
Tip 04 Sep 2019

IoT security risks persist; here's what to do about them

Nontech manufacturers building IoT devices combined with resource constraints is a recipe for disaster. It's the reality of IoT security issues, and the problem isn't going away. Continue Reading
News 04 Sep 2019

USBAnywhere vulnerabilities put Supermicro servers at risk

Security researchers discovered BMC vulnerabilities -- dubbed USBAnywhere -- in Supermicro servers that could put systems at risk of remote attacks via virtualized USB drives. Continue Reading
Feature 28 Aug 2019

VMware's internal Service-defined Firewall reimagines firewalling

VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments. Continue Reading
News 28 Aug 2019

Imperva security incident exposes cloud WAF customer data

Imperva told its cloud WAF customers to change passwords and SSL certificates after a security incident exposed data and potentially put customers at risk for further attacks. Continue Reading
News 23 Aug 2019

Carbon Black acquisition bolsters VMware's security play

VMware announced an agreement to acquire endpoint security vendor Carbon Black in an effort to boost its cloud security offerings; the all-cash deal is valued at $2.1 billion. Continue Reading
Opinion 23 Aug 2019

Securing IoT involves developers, manufacturers and end users alike

Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures? Continue Reading
Opinion 14 Aug 2019

IoT botnets reach new threshold in Q2 of 2019

Defending against the rising number and increasing sophistication of IoT botnet attacks isn't an easy task. Learn about the latest threats and the techniques to mitigate them. Continue Reading
News 12 Aug 2019

Black Hat 2019 brings out new security, protection offerings

The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch. Continue Reading
News 05 Aug 2019

New features added to Juniper Networks security platform

New features include containerized firewalls and the incorporation of SecIntel into MX Series routers as part of Juniper Networks' effort to provide security throughout a network. Continue Reading
Infographic 01 Aug 2019

IoT cybersecurity: Do third parties leave you exposed?

IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues. Continue Reading
News 31 Jul 2019

Qualys IOC 2.0 update improves threat detection and response

Qualys IOC 2.0 comes with increased threat detection and response capabilities designed to more accurately detect indicators of compromise and potential cyberattacks. Continue Reading
News 30 Jul 2019

URGENT/11 VxWorks vulnerabilities affect millions of devices

Researchers and developer Wind River disagree over how many devices and users are at risk from the URGENT/11 vulnerabilities in the VxWorks real-time operating system. Continue Reading
Tip 29 Jul 2019

SD-WAN security benefits go beyond the obvious

SD-WAN does more than extend corporate networks. Key SD-WAN security benefits that capitalize on the technique's architecture could change the face of SD-WAN in the enterprise. Continue Reading
Answer 26 Jul 2019

How can endpoint security features help combat modern threats?

The antivirus of yesteryear isn't a strong enough competitor to beat modern enterprise threats. Learn about the endpoint security features ready to tackle these battles head-on. Continue Reading
News 23 Jul 2019

Researchers fool Cylance AI antimalware with 'simple' bypass

Security researchers developed a method to make "pure AI" antimalware products classify malware as benign, but it is unclear what antimalware solutions could be considered "pure AI." Continue Reading
News 17 Jul 2019

Claroty extends platform to include IoT device security

Claroty has upgraded Continuous Threat Detection to include support for IoT device security, keeping pace with the proliferation of IoT devices in the enterprise. Continue Reading
News 03 Jul 2019

FTC settles lawsuit over D-Link security claims

D-Link settled a U.S. Federal Trade Commission lawsuit, which alleged the company failed to take basic steps to address security flaws and weaknesses in its products. Continue Reading
Tip 26 Jun 2019

IPsec vs. SSL VPN: Comparing speed, security risks and technology

IPsec VPNs and SSL VPNs both encrypt network data, but they do it differently. Learn about the differences and how to determine the right solution for your organization. Continue Reading
News 19 Jun 2019

Fortinet launches new WAN and edge security platform

Fortinet's Secure SD-Branch platform uses Fortinet security products to converge WAN and security into an integrated platform and protect access edges. Continue Reading
News 13 Jun 2019

CrowdStrike IPO success puts spotlight on endpoint security

Cybersecurity firm CrowdStrike made its successful Wall Street debut Wednesday. The company closed its trading with a share price of $58. Continue Reading
Tip 04 Jun 2019

Zero-trust security model means more than freedom from doubt

A zero-trust security model has a catchy name, but the methodology means more than not trusting any person or device on the network. What you need to know. Continue Reading
News 31 May 2019

New Sophos endpoint security software releases

Sophos has released Intercept X for Server with endpoint detection and response to protect users against blended threats and proactively detect stealthy attacks. Continue Reading
News 29 May 2019

Tortuga launches Radix-M, new firmware security product

Tortuga Logic has launched a firmware security platform that automatically performs security validation of firmware on SoC designs using an existing platform from Cadence. Continue Reading
News 24 May 2019

CrowdStrike, NSS Labs settle legal disputes over product testing

CrowdStrike and NSS Labs have ended their legal dispute with a confidential settlement agreement, which resolves all lawsuits including NSS Labs' antitrust suit against the vendor. Continue Reading
Tip 17 May 2019

Endpoint security tools get an essential upgrade

Malware, APTs and other threats are getting smarter, but so are endpoint detection and response products. Learn what the latest versions can do to keep threats away. Continue Reading
Feature 13 May 2019

DDoS attacks among top 5G security concerns

DDoS attacks top the list of primary security concerns for mobile operators now that 5G wireless is advancing as the number of connected devices grows. Continue Reading
Feature 13 May 2019

Next-generation firewall comparison based on company needs

Compare leading next-generation firewalls to help find the option that best fits your IT environment and security needs. Continue Reading
News 02 May 2019

CrowdStrike tackles BIOS attacks with new Falcon features

CrowdStrike added firmware attack detection capabilities to its Falcon platform and also expanded its partnership with Dell to help organizations tackle BIOS threats. Continue Reading
Opinion 01 May 2019

Cloud security threats need a two-pronged approach

You'll need to burn the security 'candle' at both ends to keep cloud safe from both nation-state hackers and vulnerabilities caused by human error. Continue Reading
Tip 23 Apr 2019

How to build a strong cloud network security strategy

Building a secure network in the cloud is different from securing a traditional network. Learn what the main differences are and how to establish cloud networking security. Continue Reading
Feature 23 Apr 2019

10 endpoint security products to protect your business

Check out this product roundup and discover all the features endpoint security protection offers, such as patch management, email protection and reporting. Continue Reading
News 22 Apr 2019

IoT device testing made possible with BeStorm X

BeStorm X, a black-box fuzzer by Beyond Security and Ubiquitous AI, tests IoT devices to identify security weaknesses and vulnerabilities before they're exploited. Continue Reading
News 12 Apr 2019

WPA3 flaws found in Dragonfly handshake

Researchers discovered vulnerabilities in the WPA3 protocol, specifically in the Dragonfly handshake authentication, allowing for multiple exploits branded Dragonblood. Continue Reading
News 11 Apr 2019

Huawei security questioned around the world

Troubles continue for Huawei as new bans and government reports put security into question, but the company is attempting to fight back against the criticism. Continue Reading
News 10 Apr 2019

Nokia: 5G network slicing could be a boon for security

According to Nokia's Kevin McNamee, the rise of 5G will mean more danger of IoT botnets, but also more options to secure those devices -- including using network slicing for segmentation. Continue Reading
News 09 Apr 2019

NSS Labs CTO Jason Brvenik talks security testing challenges

NSS Labs CTO Jason Brvenik talks about his company's relationship with security vendors following the company's antitrust suit against several endpoint protection vendors last year. Continue Reading
News 05 Apr 2019

Radware: DDoS amplification attacks increasing, evolving

As DDoS attacks continue to evolve, planning for DDoS attack prevention and mitigation has become a critical business priority. Radware's Daniel Smith offers advice. Continue Reading
Answer 03 Apr 2019

What is a password spraying attack and how does it work?

Password spraying isn't a sophisticated attack, but don't discount the attackers if you detect one. Find out how this brute-force technique works and how to defend against it. Continue Reading
News 29 Mar 2019

Fortinet: 5G to present new edge computing security concerns

Although the rollout of 5G connectivity will enable new edge computing opportunities, John Maddison, executive VP at Fortinet, said it will also require new security considerations. Continue Reading
News 28 Mar 2019

NSS Labs CTO discusses advanced endpoint protection testing, challenges

NSS Labs released the results of its new endpoint protection group test at RSA Conference 2019. NSS Labs CTO Jason Brvenik talks about the results, testing challenges and more. Continue Reading
Tip 27 Mar 2019

How to secure network devices in a hostile world

Find out how to secure network devices by locking down the biggest, riskiest holes to protect them from exploits long before some or all of the network crashes. Continue Reading
Tip 26 Mar 2019

Protect your enterprise against shadow IT in the cloud

More technologies than ever are available to people now that the cloud is so pervasive, and, as a result, shadow IT has become a problem. Expert Michael Cobb explains what to do. Continue Reading
Answer 21 Mar 2019

How can I detect fileless malware attacks?

Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Tip 21 Mar 2019

8 ways to protect building management systems

Security threats to building management systems can come from numerous sources. Expert Ernie Hayden outlines these potential threats and how to protect against them. Continue Reading
Tip 20 Mar 2019

How does BGP hijacking work and what are the risks?

The lack of security protections in BGP means that route hijacking can be easy, especially for organized crime or state-backed threat actors. Here are ways to deal with it. Continue Reading
Answer 18 Mar 2019

How do I stop the screaming channel wireless threat?

A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards to prevent these attacks? Continue Reading
Feature 18 Mar 2019

Find the right tool using this antimalware software comparison

Compare endpoint antimalware software products for organizations based on features, level of protection and vendor offerings. Continue Reading
Answer 14 Mar 2019

Why do DDoS attack patterns rise in the autumn?

DDoS attack patterns indicate a sharp escalation in the fall. Why does that occur and what can be done to guard against these attacks? Continue Reading
News 08 Mar 2019

VMware firewall strategy to focus on 'known good' behavior

VMware is taking a different approach to firewalls by focusing on 'known good' behavior to better police east-west traffic within enterprise environments. Continue Reading
Answer 08 Mar 2019

Should I worry about the Constrained Application Protocol?

The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
News 07 Mar 2019

Microsoft promotes zero-trust security over firewalls

Microsoft told RSA Conference attendees a zero-trust model is better than firewalls for protecting corporate data -- a stance that some said doesn't go far enough. Continue Reading
News 07 Mar 2019

FBI: How we stopped the Mirai botnet attacks

FBI Special Agent Elliott Peterson gave RSA attendees a behind-the-scenes look at the investigation into the Mirai botnet following the devastating DDoS attacks in 2016. Continue Reading
News 06 Mar 2019

Cisco: Network security strategy requires IT, OT to play nice

Cisco told RSA attendees the need for network security on the factory floor is growing. Cisco says cooperation between IT and operations is key to protecting equipment. Continue Reading
News 26 Feb 2019

Android brings FIDO2 certification to 1 billion devices

The FIDO Alliance announced Android has received FIDO2 certification, which will bring the ability to sign into websites and apps with biometrics, rather than passwords. Continue Reading
Tip 18 Feb 2019

How to deploy deep packet inspection in the cloud

Despite privacy concerns about deep packet inspection, it can help improve cloud network security for enterprises. Expert Frank Siemons explains how to avoid potential pitfalls. Continue Reading
Answer 18 Feb 2019

How do I stop the Vidar malvertising attack?

The Vidar malvertising attack was part of a two-pronged intrusion that included the installation of ransomware in endpoints. How can enterprises protect themselves? Continue Reading
News 12 Feb 2019

Senators want potential VPN threat investigated by DHS

Two senators called on the Department of Homeland Security to investigate the possibility that VPNs are allowing valuable information to be routed to foreign adversaries. Continue Reading
News 31 Jan 2019

Dell unveils endpoint security portfolio with CrowdStrike, Secureworks

Dell has teamed up with CrowdStrike and Secureworks for SafeGuard and Response, a portfolio of endpoint security technology and services, to tackle the shifting threat landscape. Continue Reading
Tip 29 Jan 2019

How a Windows antimalware tool helps endpoint security

The Windows Defender Antivirus program was updated to include sandbox network security. Learn why this is so important and why security professionals have been asking for it. Continue Reading
Answer 28 Jan 2019

Will DNS Flag Day affect you? Infoblox's Cricket Liu explains

What is DNS Flag Day? That's when old and broken DNS servers will stop working, improving DNS performance and safety for all. Infoblox's chief DNS architect Cricket Liu explains. Continue Reading
News 25 Jan 2019

SafeRide tackles connected vehicle security with machine learning

SafeRide's vXRay technology aims to improve security for connected vehicles with unsupervised machine learning. Can it keep hackers out of the driver's seat? Continue Reading
Answer 18 Jan 2019

Java deserialization attacks: What are they and how do they work?

The TP-Link EAP Controller for Linux was recently found to be vulnerable to attacks. Learn from Judith Myerson what this means for users and how it can be prevented. Continue Reading
Answer 17 Jan 2019

Ping of death: What is it and how is Apple affected?

An Apple vulnerability recently resurfaced and is targeting Apple devices that are connected to public hotspots. Discover what this vulnerability is and how to protect your devices. Continue Reading
Answer 16 Jan 2019

Network shaping: How does it enable BGP attacks to divert data?

The use of BGPsec protocols was found after looking into threat actors in China that controlled U.S. internet traffic. Discover how this technique works and how it can be mitigated. Continue Reading
News 31 Dec 2018

Why dating app security flaws should concern enterprises

Vulnerable dating apps on BYODs pose risks to more than just individual users. Find out what security flaws are common in these apps and what they mean for enterprises. Continue Reading
Tip 19 Dec 2018

The benefits of using a cloud honeypot for threat intelligence

A cloud honeypot can help enterprises gather threat intelligence. Expert Frank Siemons explains why a cloud-based honeypot deployment is preferable to a traditional one. Continue Reading
News 18 Dec 2018

Huawei bans set to continue, despite lack of supporting evidence

While the number of countries with Huawei bans in place grows and more issue warnings, a German investigation found no evidence of spying to support the fear. Continue Reading
Tip 13 Dec 2018

How a flaw in Apple DEP misuses an MDM server

Hackers are able to enroll their devices in an organization's MDM server via a flaw in Apple DEP. Expert Michael Cobb explains how hackers conduct these attacks. Continue Reading
Answer 11 Dec 2018

FragmentSmack: How is this denial-of-service exploited?

FragmentSmack, a DDoS vulnerability first discovered in Linux, affects Windows as well as nearly 90 Cisco products. Discover how it can be exploited with Judith Myerson. Continue Reading
Infographic 03 Dec 2018

Still no answers to endpoint security protection, survey finds

The frequency of endpoint attacks is on the rise, with 76% of IT security professionals reporting that their organization was compromised by new or zero-day (unknown) exploits. Continue Reading
Tip 21 Nov 2018

How to configure a vTAP for cloud networks

A vTAP can give enterprises better visibility into their cloud networks. Expert Frank Siemons of InfoSec Institute explains how virtual network TAPs work and the available options. Continue Reading
Answer 19 Nov 2018

How does a Bluetooth vulnerability enable validation attacks?

Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated. Continue Reading
Blog Post 12 Nov 2018

Android Ecosystem Security Transparency Report is a wary first step

Reading through Google's first quarterly Android Ecosystem Security Transparency Report feels like a mix of missed opportunities and déjà vu all over again. Much of what is in the new Android ... Continue Reading
News 09 Nov 2018

New spam botnet infects over 100,000 home routers

News roundup: A new spam botnet infected over 100,000 home routers through a UPnP vulnerability, according to researchers. Plus, HSBC Bank reported a data breach, and more. Continue Reading
News 02 Nov 2018

Bleedingbit vulnerabilities put Wi-Fi access points at risk

Armis researchers discovered two chip-level Bluetooth vulnerabilities -- dubbed Bleedingbit -- that could allow pseudo-remote code execution on wireless access points. Continue Reading
Feature 02 Nov 2018

Mobile security trends: app containers, app wrapping for BYOD

Threats evolve, and so should mobile security strategies. Mike Chapple explains how an app containers and app wrapping can protect enterprise devices and corporate assets. Continue Reading
Tip 25 Oct 2018

How to protect enterprise ICS networks with firewalls

ICS network security can be improved using firewalls. Expert Ernie Hayden explains how ICS-specific firewalls can help keep ICS networks strong and protected. Continue Reading
Answer 18 Oct 2018

How does the resurgent VPNFilter botnet target victims?

After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick Lewis. Continue Reading
News 11 Oct 2018

Patched MikroTik router vulnerability worse than initially thought

Tenable Research finds new exploits of an already patched MikroTik router vulnerability that could enable hackers to launch remote code execution attacks. Continue Reading
Tip 04 Oct 2018

How Shodan helps identify ICS cybersecurity vulnerabilities

Shodan can be a helpful tool for security pros to locate ICS cybersecurity vulnerabilities. Expert Ernie Hayden explains how Shodan works and how it can be used for security. Continue Reading
Answer 26 Sep 2018

Android Trojan: How is data being stolen from messaging apps?

Trustlook Labs discovered an Android Trojan stealing data from messaging apps. Learn what mobile security pros should look for to detect this malware with expert Nick Lewis. Continue Reading
News 24 Sep 2018

AI and machine learning expected to solve security problems

A global Ponemon survey of security professionals found that many believe artificial intelligence and machine learning technology will improve enterprise and IoT security. Continue Reading
Answer 19 Sep 2018

WPA3 protocol: Should enterprises implement the changes?

The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update with Judith Myerson. Continue Reading
Answer 18 Sep 2018

What is VPNFilter malware and how can users protect themselves?

A new threat named VPNFilter was discovered by cybersecurity researchers after home and office routers were compromised. Learn how this malware works with Judith Myerson. Continue Reading
News 17 Sep 2018

New Mirai variant attacks Apache Struts vulnerability

New variants of the Gafgyt and Mirai botnets are targeting unpatched enterprise devices, which indicates a greater shift away from consumer devices, according to researchers. Continue Reading
Answer 17 Sep 2018

How can attackers exploit a buffer underflow vulnerability?

A buffer underflow was found to be caused by a vulnerability in strongSwan's open source VPN. Learn how this is possible and how attackers can exploit it with Judith Myerson. Continue Reading
Answer 10 Sep 2018

How does the Android Rowhammer exploit affect users?

Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices. Continue Reading
Tip 30 Aug 2018

How hard-coded credentials threaten ICS security

Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors and threaten ICS security. Expert Ernie Hayden explains the threat and what enterprises can do about it. Continue Reading
Tip 23 Aug 2018

Network reconnaissance: How to use SI6 Networks' IPv6 toolkit

SI6 Networks' IPv6 toolkit can do network reconnaissance using search engines and the Certificate Transparency framework. Learn how to use IPv6 toolkits from expert Fernando Gont. Continue Reading
Answer 22 Aug 2018

My Cloud EX2: How can this device expose unauthorized data?

SpiderLabs discovered My Cloud EX2 backup devices exposing unauthorized HTTP requests. Join Judith Myerson as she explains how this happens, as well as the impact on DLNA devices. Continue Reading
Answer 20 Aug 2018

How does an IMSI catcher exploit SS7 vulnerabilities?

A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts mobile communication at risk. Continue Reading
Answer 16 Aug 2018

What is missing from the NIST/DHS botnet security report?

The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis. Continue Reading
Tip 07 Aug 2018

What to do when IPv4 and IPv6 policies disagree

Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules. Continue Reading
Tip 25 Jul 2018

Anonymity tools: Why the cloud might be the best option

The cloud might be the best of the available anonymity tools. Expert Frank Siemons explains the other options for anonymity for security and why the cloud is the best for privacy. Continue Reading
News 19 Jul 2018

NSS Labs ranks next-gen firewalls, with some surprises

Researchers used individual test reports and comparison data to determine the value of investments in next-generation firewall technology. Continue Reading