User Authentication Services

Top Stories

Feature 27 May 2020
Top 3 advantages of smart cards -- and potential disadvantages

As smart card adoption increases, it is prudent to take a closer look at how this technology can improve data security. Here, read more about the benefits of smart cards. Continue Reading
Feature 05 Feb 2019
Compare the top multifactor authentication vendors

What makes a multifactor authentication tool right for an enterprise? This article compares four of the leading multifactor authentication vendors and reviews their products. Continue Reading

News 24 Jan 2020

Proofpoint: Ransomware payments made in half of U.S. attacks

According to Proofpoint's 2020 'State of the Phish' report, 51% of U.S. organizations surveyed opted to pay threat actors after being hit with a successful ransomware attack. Continue Reading
News 23 Jan 2020

AWS leak exposes passwords, private keys on GitHub

UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys. Continue Reading
Tip 22 Jan 2020

How to write a quality penetration testing report

Writing a penetration testing report might not be the most fun part of the job, but it's a critical component. These tips will help you write a good one. Continue Reading
News 22 Jan 2020

Netgear under fire after TLS certificates found in firmware -- again

Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor. Continue Reading
Answer 22 Jan 2020

What are the most common digital authentication methods?

In order to build and maintain a comprehensive access management program, enterprise leaders must get to know the various forms of digital authentication at their disposal. Continue Reading
Answer 21 Jan 2020

How effective are traditional authentication methods?

Are you up to date on the most popular digital authentication methods and their potential cybersecurity risks? Learn how the right technology can improve and secure access management. Continue Reading
News 21 Jan 2020

2019 data breach disclosures: 10 more of the biggest

Here is a list of 10 of the largest data breaches (mostly) from the second half of 2019, including DoorDash, T-Mobile, Capital One and more. Continue Reading
Tip 21 Jan 2020

Improve data security in the modern enterprise

From growing attack surfaces to new regulations, these data security considerations must be on every company's radar. Continue Reading
Infographic 21 Jan 2020

Compare container security companies for the best protection

Securing containers can be a challenge when faced with buying the right platform. Discover these container security companies and their capabilities in this graphic. Continue Reading
Tip 21 Jan 2020

Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps. Continue Reading
Feature 21 Jan 2020

Understanding the CSA Cloud Controls Matrix and CSA CAIQ

Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure cloud compliance and more. Continue Reading
News 20 Jan 2020

CyCognito turning tables by using botnets for good

In this Q&A with CyCognito CEO Rob Gurzeev, he discusses what led to his company, how attack simulations work and how he plans to spend the company's recent round of funding. Continue Reading
News 17 Jan 2020

McAfee CEO Chris Young steps down, Peter Leav to take over

Chris Young has stepped down as McAfee CEO, and Peter Leav is taking his place. Young led the company's spin-out from Intel in 2016 after joining the chip maker two years earlier. Continue Reading
News 17 Jan 2020

Unpatched Citrix vulnerability expands as mitigations fall short

Citrix discovered another product affected by last month's vulnerability, while security researchers found an attacker blocking exploits of the vulnerability. Continue Reading
Tip 16 Jan 2020

Craft an effective application security testing process

For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
News 15 Jan 2020

NSA reports flaw in Windows cryptography core

Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA. Continue Reading
Feature 14 Jan 2020

5 application security threats and how to prevent them

The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses. Continue Reading
News 14 Jan 2020

CrowdStrike: Intrusion self-detection, dwell time both increasing

The 2019 CrowdStrike Services Cyber Front Lines Report found that while the percentage of organizations that self-detected an intrusion is up, dwell time has gone up as well. Continue Reading
News 14 Jan 2020

Citrix patches for ADC and Gateway flaw to begin rolling out next week

Citrix announced security fixes on the way one month after disclosing a vulnerability in its ADC and Gateway appliances, which has already seen preliminary attacks in the wild. Continue Reading
Tip 14 Jan 2020

HIPAA compliance checklist: The key to staying compliant in 2020

Putting together a HIPAA compliance program can be fraught with difficulty. Review best practices and a HIPAA compliance checklist to avoid common pitfalls and pass an audit. Continue Reading
News 13 Jan 2020

Signal Sciences: Enterprises still overlooking web app security

Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that. Continue Reading
Answer 13 Jan 2020

7 TCP/IP vulnerabilities and how to prevent them

While many TCP/IP security issues are in the protocol suite's implementation, there are some vulnerabilities in the underlying protocols to be aware of. Continue Reading
News 10 Jan 2020

Threat actors scanning for vulnerable Citrix ADC servers

Scans for vulnerable Citrix servers were discovered by security researchers following the disclosure of a remote code execution flaw in Citrix ADC and Gateway products. Continue Reading
News 08 Jan 2020

Experts weigh in on risk of Iranian cyberattacks against U.S.

Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S. Continue Reading
Tip 08 Jan 2020

Top 10 cybersecurity predictions: 2020 edition

When it comes to cybersecurity predictions, in many ways, 2020 is a continuation of the present. Emerging trends include nation-state activity, IoT infrastructure attacks and more. Continue Reading
News 07 Jan 2020

Broadcom sells Symantec Cyber Security Services to Accenture

Accenture agreed to acquire Symantec's Cyber Security Services business from Broadcom, less than six months after Broadcom acquired Symantec's enterprise business. Continue Reading
Quiz 07 Jan 2020

CISM practice questions to prep for the exam

Risk management is at the core of being a security manager. Practice your risk management knowledge with these CISM practice questions. Continue Reading
News 07 Jan 2020

Pulse Secure VPN vulnerability targeted with ransomware

Threat actors appear to be exploiting vulnerable Pulse Secure VPN servers to hit enterprises with ransomware attacks, even though a patch has been available since April 2019. Continue Reading
Feature 07 Jan 2020

The who, what, why -- and challenges -- of CISM certification

Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you. Continue Reading
Tip 06 Jan 2020

AI and machine learning in cybersecurity: Trends to watch

AI and machine learning in cybersecurity are not so much useful to security teams today as they are necessary. Examine cybersecurity automation trends and benefits. Continue Reading
News 06 Jan 2020

5 cybersecurity vendors to watch in 2020

A number of cybersecurity startups earned tens of millions of dollars in venture capital investments last year. Here are five such vendors poised to emerge and grow in 2020. Continue Reading
Tip 02 Jan 2020

5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are five steps to a secure cloud control plane. Continue Reading
Tip 02 Jan 2020

3 steps to prepare IT operations for multi-cloud

Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team with the right people and processes to adapt smoothly. Continue Reading
Tip 31 Dec 2019

NIST CSF provides guidelines for risk-based cybersecurity

Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
Tip 30 Dec 2019

IT vs. OT security -- and how to get them to work together

While IT and OT security have historically been separate, the advent of IoT is forcing the two together. Cross-pollinating IT with OT is critical to ensuring IoT security. Continue Reading
News 30 Dec 2019

BigID: New privacy regulations have ended 'the data party'

New privacy laws are changing data management practices in the enterprise. BigID co-founder Nimrod Vax discusses the importance of being 'data native' in the era of the CCPA. Continue Reading
Feature 27 Dec 2019

Editor's picks: Most pressing cybersecurity stories in 2019

As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months. Continue Reading
News 26 Dec 2019

Siemplify looks to streamline security operations for enterprises

Siemplify aims to become the security equivalent of Salesforce. Chief strategy officer Nimmy Reichenberg discusses the company's plans for 2020 and the obstacles it faces. Continue Reading
Opinion 23 Dec 2019

Shared responsibility model transparency boosts cloud security

The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture. Continue Reading
News 20 Dec 2019

F5 Networks to acquire Shape Security for $1 billion

F5 Networks is acquiring Shape Security for approximately $1 billion in a move to strengthen its presence in the application security and anti-fraud markets. Continue Reading
News 19 Dec 2019

Clumio eyes security, BaaS expansion with VC funding

Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss their company's roadmap and how Clumio addresses ransomware threats in a way that's different from other backup providers. Continue Reading
News 19 Dec 2019

Two attacks on Maze ransomware list confirmed

Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom. Continue Reading
Tip 19 Dec 2019

Learn some key cloud workload protection best practices

Learn key practices to protect cloud workloads whether using VMs, endpoints or containers. And don't forget to consider the best means for building a fruitful feedback loop. Continue Reading
Tip 19 Dec 2019

What cloud workload security tools and controls work best?

Read on to learn how to build a cloud security model that allows your team to embed controls and monitor deployment without getting in the way of business processes. Continue Reading
Feature 19 Dec 2019

ICS security challenges and how to overcome them

Security cannot be an afterthought in internet-connected industrial control systems. IEEE member Kayne McGladrey offers best practices to stay safe in a connected world. Continue Reading
Answer 19 Dec 2019

Host IDS vs. network IDS: Which is better?

Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective enterprise security. Continue Reading
News 18 Dec 2019

Cyberinsurance is on the rise -- and so is ransomware

A debate has erupted between the insurance industry and the infosec community over whether cyberinsurance payouts have led to the surge in ransomware attacks this year. Continue Reading
News 17 Dec 2019

Maze gang outs ransomware victims in shame campaign

The threat actors behind Maze ransomware started a campaign to pressure victims into paying ransom by publicly listing successful attacks and threatening to leak data. Continue Reading
Feature 17 Dec 2019

Data breach risk factors, response model, reporting and more

Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
Tip 17 Dec 2019

Perimeterless security still has borders -- and APIs need it

Many people believe perimeterless security means borders are a thing of the past. But virtual borders secure APIs needed by mobile users and cloud workloads. Check out how to manage them. Continue Reading
Opinion 17 Dec 2019

Login.gov starts to fill the gap between social logins and enterprise identities

Access federal services with a service designed for governmental use but that uses common standards. Continue Reading
News 16 Dec 2019

Latest city ransomware attack: New Orleans

The city of New Orleans declared a state of emergency as the government tries to get systems back online following a ransomware attack Friday morning. Continue Reading
Feature 16 Dec 2019

The ins and outs of cyber insurance coverage

Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing. Continue Reading
News 16 Dec 2019

Siemens ICS flaws could allow remote exploits

Siemens recommends locking down industrial control systems as security researchers disclose 54 bugs, including remote exploit flaws, but only three patches are available. Continue Reading
News 13 Dec 2019

Google expands multiple Chrome password protection features

Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company. Continue Reading
News 13 Dec 2019

RSA teams up with Yubico for passwordless authentication

RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit. Continue Reading
News 12 Dec 2019

Pentagon CMMC program to vet contractor cybersecurity

The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks. Continue Reading
Tip 12 Dec 2019

Master IoT and edge computing security challenges

Edge devices are not necessarily designed with security in mind. Organizations need to think critically about how to approach today's edge computing security challenges. Continue Reading
Feature 11 Dec 2019

Ideal DevSecOps strategy requires the right staff and tools

Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
News 10 Dec 2019

City of Pensacola hit by ransomware attack

A cyberattack, later confirmed to be ransomware, hit the city of Pensacola, Florida on Saturday, and the city is currently in the process of responding. Continue Reading
News 10 Dec 2019

Ryuk ransomware change breaks decryption tool

The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, according to security researchers. Continue Reading
Tip 10 Dec 2019

Use a data privacy framework to keep your information secure

Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats. Continue Reading
Feature 10 Dec 2019

Best practices to help CISOs prepare for CCPA

With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading
Answer 10 Dec 2019

How to prevent port scan attacks

The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks. Continue Reading
Answer 09 Dec 2019

How can companies identify IT infrastructure vulnerabilities?

New, sophisticated technology is available to help infosec pros find IT infrastructure vulnerabilities. Automated pen testing and outsourcing threat intelligence services can help. Continue Reading
Answer 05 Dec 2019

What are best practices for a modern threat management strategy?

Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both. Continue Reading
News 05 Dec 2019

DOJ takes action against Dridex malware group, Evil Corp

The U.S. Justice Department indicts two alleged members of the Russian threat group behind the Dridex banking Trojan, known as Evil Corp, and offers a $5 million bounty. Continue Reading
Answer 05 Dec 2019

IT security threat management tools, services to combat new risks

Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading
Tip 05 Dec 2019

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to implement zero-trust cloud security from expert Dave Shackleford. Continue Reading
News 05 Dec 2019

Session cookie mishap exposed HackerOne private reports

A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack and earned a bug bounty for their efforts. Continue Reading
News 04 Dec 2019

NSS Labs drops antitrust suit against AMTSO, Symantec and ESET

NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a contentious legal battle in the endpoint security market. Continue Reading
News 02 Dec 2019

Exposed Firebase databases hidden by Google search

A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet. Continue Reading
Answer 26 Nov 2019

What is the role of CISO in network security?

The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well as the ability to communicate security policies to nontechnical employees. Continue Reading
Feature 26 Nov 2019

Role of AI in cybersecurity and 6 possible product options

Cyberthreats loom large in this modern IT environment. Explore the six most common roles of AI in cybersecurity and the products synthesizing them. Continue Reading
News 25 Nov 2019

Ransomware attacks shaking up threat landscape -- again

Threat actors have employed new techniques and built more sophisticated business models for their ransomware campaigns, which has had devastating consequences. Continue Reading
Answer 25 Nov 2019

The network security tools to combat modern threats

Incorporating new network security tools and methods into your enterprise's infosec program may mean the difference between staying safe or falling victim to an attack. Continue Reading
Tip 25 Nov 2019

As cybersecurity insurance coverage becomes common, buyer beware

Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy. Continue Reading
Tip 22 Nov 2019

Building a security operations center with these features

Building a security operations center means understanding the key features you need to ensure your network remains protected against threats. Continue Reading
News 22 Nov 2019

Android Security Rewards program expands, adds $1.5M bounty

Google expanded its Android bug bounty program to include data exfiltration and lock screen bypass and raised its top prize for a full chain exploit of a Pixel device. Continue Reading
Answer 22 Nov 2019

What are the top network security techniques for modern companies?

Protecting the enterprise network remains integral to overall IT security. Here are the top network security techniques enterprises are using to protect data. Continue Reading
Tip 22 Nov 2019

The top 3 use cases for AI endpoint security tools

Endpoint attack surfaces are growing, and cybersecurity pros struggle to keep up. Consider the following use cases for AI endpoint security techniques in the enterprise. Continue Reading
News 21 Nov 2019

IBM Cloud Pak for Security aims to unify hybrid environments

IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data. Continue Reading
News 21 Nov 2019

Ohio builds 'Cyber Reserve' to combat cyberattacks

Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks. Continue Reading
Answer 21 Nov 2019

Do you have the right set of penetration tester skills?

Pen testing is more than just the fun of breaking into systems. Learn about the critical penetration tester skills potential candidates must master to become proficient in their career path. Continue Reading
Feature 20 Nov 2019

Designing the future of cyber threat intelligence sharing

Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
Opinion 20 Nov 2019

What's the answer for 5G security?

Learn about the planning of 3GPP in developing specifications for 5G security in this synopsis of 5G Americas' white paper, 'The Evolution of Security in 5G.' Continue Reading
Answer 20 Nov 2019

Comparing Diffie-Hellman vs. RSA key exchange algorithms

See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
Tip 20 Nov 2019

How to use and manage BitLocker encryption

Built into business versions of the Windows OS, Microsoft BitLocker encryption is an integral enterprise encryption tool. Read on to learn how BitLocker works and how to manage it. Continue Reading
News 19 Nov 2019

Louisiana ransomware attack hits government systems

A ransomware attack on Louisiana government systems has been contained, according to Governor John Bel Edwards, and experts are praising the state's response. Continue Reading
News 19 Nov 2019

CrowdStrike: Incident response times still too long

A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident. Continue Reading
Feature 19 Nov 2019

Rise in ransomware attacks prompts new prevention priorities

Officials predict that already widespread ransomware attacks will only grow in scale and influence, while urging organizations to act now to guard against them. Continue Reading
Tip 19 Nov 2019

Boost network security visibility with these 4 technologies

The network is where it's at if you want to stop malicious actors. But first you need to up your network visibility. Learn about four technologies that can help. Continue Reading
Tip 19 Nov 2019

Network visibility and monitoring tools now amp up security

Three technology trends are currently making network visibility even more central to security tools. Learn more about the impact of big data, AI and APIs. Continue Reading
Tip 18 Nov 2019

Use network traffic analysis to detect next-gen threats

Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading
News 15 Nov 2019

Check Point: Qualcomm TrustZone flaws could be 'game over'

Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because of the extremely sensitive data stored in mobile secure elements. Continue Reading
News 14 Nov 2019

InfoTrax settles FTC complaint, will implement infosec program

InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program. Continue Reading
News 13 Nov 2019

Microsoft to apply CCPA protections to all US customers

Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states. Continue Reading
News 13 Nov 2019

ZombieLoad v2 disclosed, affects newest Intel chips

Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch. Continue Reading
Feature 13 Nov 2019

Build new and old strategies into insider threat management

The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program that combines AI, zero-trust principles and a healthy security culture. Continue Reading
Feature 13 Nov 2019

Benefits of using Azure Security Center for security assessments

Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches. Continue Reading