User Authentication Services
Top Stories
-
Feature
27 May 2020
Top 3 advantages of smart cards -- and potential disadvantages
As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
-
Feature
05 Feb 2019
Compare the top multifactor authentication vendors
What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products. Continue Reading
-
News
24 Jan 2020
Proofpoint: Ransomware payments made in half of U.S. attacks
According to Proofpoint's 2020 'State of the Phish' report, 51% of U.S. organizations surveyed opted to pay threat actors after being hit with a successful ransomware attack. Continue Reading
-
News
23 Jan 2020
AWS leak exposes passwords, private keys on GitHub
UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys. Continue Reading
-
Tip
22 Jan 2020
How to write a quality penetration testing report
Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one. Continue Reading
-
News
22 Jan 2020
Netgear under fire after TLS certificates found in firmware -- again
Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor. Continue Reading
-
Answer
22 Jan 2020
What are the most common digital authentication methods?
In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal. Continue Reading
-
Answer
21 Jan 2020
How effective are traditional authentication methods?
Are you up to date on the most popular digital authentication methods and their potential cybersecurity risks? Learn how the right technology can improve and secure access management. Continue Reading
-
News
21 Jan 2020
2019 data breach disclosures: 10 more of the biggest
Here is a list of 10 of the largest data breaches (mostly) from the second half of 2019, including DoorDash, T-Mobile, Capital One and more. Continue Reading
-
Tip
21 Jan 2020
Improve data security in the modern enterprise
From growing attack surfaces to new regulations, these data security considerations must be on every company's radar. Continue Reading
-
Infographic
21 Jan 2020
Compare container security companies for the best protection
Securing containers can be a challenge when faced with buying the right platform. Discover these container security companies and their capabilities in this graphic. Continue Reading
-
Tip
21 Jan 2020
Lyft's open source asset tracking tool simplifies security
Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps. Continue Reading
-
Feature
21 Jan 2020
Understanding the CSA Cloud Controls Matrix and CSA CAIQ
Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure cloud compliance and more. Continue Reading
-
News
20 Jan 2020
CyCognito turning tables by using botnets for good
In this Q&A with CyCognito CEO Rob Gurzeev, he discusses what led to his company, how attack simulations work and how he plans to spend the company's recent round of funding. Continue Reading
-
News
17 Jan 2020
McAfee CEO Chris Young steps down, Peter Leav to take over
Chris Young has stepped down as McAfee CEO, and Peter Leav is taking his place. Young led the company's spin-out from Intel in 2016 after joining the chip maker two years earlier. Continue Reading
-
News
17 Jan 2020
Unpatched Citrix vulnerability expands as mitigations fall short
Citrix discovered another product affected by last month's vulnerability, while security researchers found an attacker blocking exploits of the vulnerability. Continue Reading
-
Tip
16 Jan 2020
Craft an effective application security testing process
For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
-
News
15 Jan 2020
NSA reports flaw in Windows cryptography core
Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA. Continue Reading
-
Feature
14 Jan 2020
5 application security threats and how to prevent them
The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses. Continue Reading
-
News
14 Jan 2020
CrowdStrike: Intrusion self-detection, dwell time both increasing
The 2019 CrowdStrike Services Cyber Front Lines Report found that while the percentage of organizations that self-detected an intrusion is up, dwell time has gone up as well. Continue Reading
-
News
14 Jan 2020
Citrix patches for ADC and Gateway flaw to begin rolling out next week
Citrix announced security fixes on the way one month after disclosing a vulnerability in its ADC and Gateway appliances, which has already seen preliminary attacks in the wild. Continue Reading
-
Tip
14 Jan 2020
HIPAA compliance checklist: The key to staying compliant in 2020
Putting together a HIPAA compliance program can be fraught with difficulty. Review best practices and a HIPAA compliance checklist to avoid common pitfalls and pass an audit. Continue Reading
-
News
13 Jan 2020
Signal Sciences: Enterprises still overlooking web app security
Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that. Continue Reading
-
Answer
13 Jan 2020
7 TCP/IP vulnerabilities and how to prevent them
While many TCP/IP security issues are in the protocol suite's implementation, there are some vulnerabilities in the underlying protocols to be aware of. Continue Reading
-
News
10 Jan 2020
Threat actors scanning for vulnerable Citrix ADC servers
Scans for vulnerable Citrix servers were discovered by security researchers following the disclosure of a remote code execution flaw in Citrix ADC and Gateway products. Continue Reading
-
News
08 Jan 2020
Experts weigh in on risk of Iranian cyberattacks against U.S.
Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S. Continue Reading
-
Tip
08 Jan 2020
Top 10 cybersecurity predictions: 2020 edition
When it comes to cybersecurity predictions, in many ways, 2020 is a continuation of the present. Emerging trends include nation-state activity, IoT infrastructure attacks and more. Continue Reading
-
News
07 Jan 2020
Broadcom sells Symantec Cyber Security Services to Accenture
Accenture agreed to acquire Symantec's Cyber Security Services business from Broadcom, less than six months after Broadcom acquired Symantec's enterprise business. Continue Reading
-
Quiz
07 Jan 2020
CISM practice questions to prep for the exam
Risk management is at the core of being a security manager. Practice your risk management knowledge with these CISM practice questions. Continue Reading
-
News
07 Jan 2020
Pulse Secure VPN vulnerability targeted with ransomware
Threat actors appear to be exploiting vulnerable Pulse Secure VPN servers to hit enterprises with ransomware attacks, even though a patch has been available since April 2019. Continue Reading
-
Feature
07 Jan 2020
The who, what, why -- and challenges -- of CISM certification
Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you. Continue Reading
-
Tip
06 Jan 2020
AI and machine learning in cybersecurity: Trends to watch
AI and machine learning in cybersecurity are not so much useful to security teams today as they are necessary. Examine cybersecurity automation trends and benefits. Continue Reading
-
News
06 Jan 2020
5 cybersecurity vendors to watch in 2020
A number of cybersecurity startups earned tens of millions of dollars in venture capital investments last year. Here are five such vendors poised to emerge and grow in 2020. Continue Reading
-
Tip
02 Jan 2020
5 steps to a secure cloud control plane
A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are five steps to a secure cloud control plane. Continue Reading
-
Tip
02 Jan 2020
3 steps to prepare IT operations for multi-cloud
Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team with the right people and processes to adapt smoothly. Continue Reading
-
Tip
31 Dec 2019
NIST CSF provides guidelines for risk-based cybersecurity
Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
-
Tip
30 Dec 2019
IT vs. OT security -- and how to get them to work together
While IT and OT security have historically been separate, the advent of IoT is forcing the two together. Cross-pollinating IT with OT is critical to ensuring IoT security. Continue Reading
-
News
30 Dec 2019
BigID: New privacy regulations have ended 'the data party'
New privacy laws are changing data management practices in the enterprise. BigID co-founder Nimrod Vax discusses the importance of being 'data native' in the era of the CCPA. Continue Reading
-
Feature
27 Dec 2019
Editor's picks: Most pressing cybersecurity stories in 2019
As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months. Continue Reading
-
News
26 Dec 2019
Siemplify looks to streamline security operations for enterprises
Siemplify aims to become the security equivalent of Salesforce. Chief strategy officer Nimmy Reichenberg discusses the company's plans for 2020 and the obstacles it faces. Continue Reading
-
Opinion
23 Dec 2019
Shared responsibility model transparency boosts cloud security
The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture. Continue Reading
-
News
20 Dec 2019
F5 Networks to acquire Shape Security for $1 billion
F5 Networks is acquiring Shape Security for approximately $1 billion in a move to strengthen its presence in the application security and anti-fraud markets. Continue Reading
-
News
19 Dec 2019
Clumio eyes security, BaaS expansion with VC funding
Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss their company's roadmap and how Clumio addresses ransomware threats in a way that's different from other backup providers. Continue Reading
-
News
19 Dec 2019
Two attacks on Maze ransomware list confirmed
Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom. Continue Reading
-
Tip
19 Dec 2019
Learn some key cloud workload protection best practices
Learn key practices to protect cloud workloads whether using VMs, endpoints or containers. And don't forget to consider the best means for building a fruitful feedback loop. Continue Reading
-
Tip
19 Dec 2019
What cloud workload security tools and controls work best?
Read on to learn how to build a cloud security model that allows your team to embed controls and monitor deployment without getting in the way of business processes. Continue Reading
-
Feature
19 Dec 2019
ICS security challenges and how to overcome them
Security cannot be an afterthought in internet-connected industrial control systems. IEEE member Kayne McGladrey offers best practices to stay safe in a connected world. Continue Reading
-
Answer
19 Dec 2019
Host IDS vs. network IDS: Which is better?
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective enterprise security. Continue Reading
-
News
18 Dec 2019
Cyberinsurance is on the rise -- and so is ransomware
A debate has erupted between the insurance industry and the infosec community over whether cyberinsurance payouts have led to the surge in ransomware attacks this year. Continue Reading
-
News
17 Dec 2019
Maze gang outs ransomware victims in shame campaign
The threat actors behind Maze ransomware started a campaign to pressure victims into paying ransom by publicly listing successful attacks and threatening to leak data. Continue Reading
-
Feature
17 Dec 2019
Data breach risk factors, response model, reporting and more
Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
-
Tip
17 Dec 2019
Perimeterless security still has borders -- and APIs need it
Many people believe perimeterless security means borders are a thing of the past. But virtual borders secure APIs needed by mobile users and cloud workloads. Check out how to manage them. Continue Reading
-
Opinion
17 Dec 2019
Login.gov starts to fill the gap between social logins and enterprise identities
Access federal services with a service designed for governmental use but that uses common standards. Continue Reading
-
News
16 Dec 2019
Latest city ransomware attack: New Orleans
The city of New Orleans declared a state of emergency as the government tries to get systems back online following a ransomware attack Friday morning. Continue Reading
-
Feature
16 Dec 2019
The ins and outs of cyber insurance coverage
Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
-
News
16 Dec 2019
Siemens ICS flaws could allow remote exploits
Siemens recommends locking down industrial control systems as security researchers disclose 54 bugs, including remote exploit flaws, but only three patches are available. Continue Reading
-
News
13 Dec 2019
Google expands multiple Chrome password protection features
Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company. Continue Reading
-
News
13 Dec 2019
RSA teams up with Yubico for passwordless authentication
RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit. Continue Reading
-
News
12 Dec 2019
Pentagon CMMC program to vet contractor cybersecurity
The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks. Continue Reading
-
Tip
12 Dec 2019
Master IoT and edge computing security challenges
Edge devices are not necessarily designed with security in mind. Organizations need to think critically about how to approach today's edge computing security challenges. Continue Reading
-
Feature
11 Dec 2019
Ideal DevSecOps strategy requires the right staff and tools
Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
-
News
10 Dec 2019
City of Pensacola hit by ransomware attack
A cyberattack, later confirmed to be ransomware, hit the city of Pensacola, Florida on Saturday, and the city is currently in the process of responding. Continue Reading
-
News
10 Dec 2019
Ryuk ransomware change breaks decryption tool
The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, according to security researchers. Continue Reading
-
Tip
10 Dec 2019
Use a data privacy framework to keep your information secure
Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats. Continue Reading
-
Feature
10 Dec 2019
Best practices to help CISOs prepare for CCPA
With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading
-
Answer
10 Dec 2019
How to prevent port scan attacks
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks. Continue Reading
-
Answer
09 Dec 2019
How can companies identify IT infrastructure vulnerabilities?
New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat intelligence services can help. Continue Reading
-
Answer
05 Dec 2019
What are best practices for a modern threat management strategy?
Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both. Continue Reading
-
News
05 Dec 2019
DOJ takes action against Dridex malware group, Evil Corp
The U.S. Justice Department indicts two alleged members of the Russian threat group behind the Dridex banking Trojan, known as Evil Corp, and offers a $5 million bounty. Continue Reading
-
Answer
05 Dec 2019
IT security threat management tools, services to combat new risks
Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading
-
Tip
05 Dec 2019
How to implement zero-trust cloud security
The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to implement zero-trust cloud security from expert Dave Shackleford. Continue Reading
-
News
05 Dec 2019
Session cookie mishap exposed HackerOne private reports
A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack and earned a bug bounty for their efforts. Continue Reading
-
News
04 Dec 2019
NSS Labs drops antitrust suit against AMTSO, Symantec and ESET
NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a contentious legal battle in the endpoint security market. Continue Reading
-
News
02 Dec 2019
Exposed Firebase databases hidden by Google search
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet. Continue Reading
-
Answer
26 Nov 2019
What is the role of CISO in network security?
The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees. Continue Reading
-
Feature
26 Nov 2019
Role of AI in cybersecurity and 6 possible product options
Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them. Continue Reading
-
News
25 Nov 2019
Ransomware attacks shaking up threat landscape -- again
Threat actors have employed new techniques and built more sophisticated business models for their ransomware campaigns, which has had devastating consequences. Continue Reading
-
Answer
25 Nov 2019
The network security tools to combat modern threats
Incorporating new network security tools and methods into your enterprise's infosec program may mean the difference between staying safe or falling victim to an attack. Continue Reading
-
Tip
25 Nov 2019
As cybersecurity insurance coverage becomes common, buyer beware
Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy. Continue Reading
-
Tip
22 Nov 2019
Building a security operations center with these features
Building a security operations center means understanding the key features you need to ensure your network remains protected against threats. Continue Reading
-
News
22 Nov 2019
Android Security Rewards program expands, adds $1.5M bounty
Google expanded its Android bug bounty program to include data exfiltration and lock screen bypass and raised its top prize for a full chain exploit of a Pixel device. Continue Reading
-
Answer
22 Nov 2019
What are the top network security techniques for modern companies?
Protecting the enterprise network remains integral to overall IT security. Here are the top network security techniques enterprises are using to protect data. Continue Reading
-
Tip
22 Nov 2019
The top 3 use cases for AI endpoint security tools
Endpoint attack surfaces are growing, and cybersecurity pros struggle to keep up. Consider the following use cases for AI endpoint security techniques in the enterprise. Continue Reading
-
News
21 Nov 2019
IBM Cloud Pak for Security aims to unify hybrid environments
IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data. Continue Reading
-
News
21 Nov 2019
Ohio builds 'Cyber Reserve' to combat cyberattacks
Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks. Continue Reading
-
Answer
21 Nov 2019
Do you have the right set of penetration tester skills?
Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path. Continue Reading
-
Feature
20 Nov 2019
Designing the future of cyber threat intelligence sharing
Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
-
Opinion
20 Nov 2019
What's the answer for 5G security?
Learn about the planning of 3GPP in developing specifications for 5G security in this synopsis of 5G Americas' white paper, 'The Evolution of Security in 5G.' Continue Reading
-
Answer
20 Nov 2019
Comparing Diffie-Hellman vs. RSA key exchange algorithms
See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
-
Tip
20 Nov 2019
How to use and manage BitLocker encryption
Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it. Continue Reading
-
News
19 Nov 2019
Louisiana ransomware attack hits government systems
A ransomware attack on Louisiana government systems has been contained, according to Governor John Bel Edwards, and experts are praising the state's response. Continue Reading
-
News
19 Nov 2019
CrowdStrike: Incident response times still too long
A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident. Continue Reading
-
Feature
19 Nov 2019
Rise in ransomware attacks prompts new prevention priorities
Officials predict that already widespread ransomware attacks will only grow in scale and influence, while urging organizations to act now to guard against them. Continue Reading
-
Tip
19 Nov 2019
Boost network security visibility with these 4 technologies
The network is where it's at if you want to stop malicious actors. But first you need to up your network visibility. Learn about four technologies that can help. Continue Reading
-
Tip
19 Nov 2019
Network visibility and monitoring tools now amp up security
Three technology trends are currently making network visibility even more central to security tools. Learn more about the impact of big data, AI and APIs. Continue Reading
-
Tip
18 Nov 2019
Use network traffic analysis to detect next-gen threats
Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading
-
News
15 Nov 2019
Check Point: Qualcomm TrustZone flaws could be 'game over'
Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because of the extremely sensitive data stored in mobile secure elements. Continue Reading
-
News
14 Nov 2019
InfoTrax settles FTC complaint, will implement infosec program
InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program. Continue Reading
-
News
13 Nov 2019
Microsoft to apply CCPA protections to all US customers
Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states. Continue Reading
-
News
13 Nov 2019
ZombieLoad v2 disclosed, affects newest Intel chips
Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch. Continue Reading
-
Feature
13 Nov 2019
Build new and old strategies into insider threat management
The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture. Continue Reading
-
Feature
13 Nov 2019
Benefits of using Azure Security Center for security assessments
Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches. Continue Reading