Sort results by: Published date | Company name
Showing items 1-25

Supercharge Your SIEM: How Domain Intel Enhances Situational Awareness [ Source: DomainTools ]

April 2015- Security Information and Event Management (SIEM) tools have become indispensable for the modern enterprise. These are the eyes and ears of a security team, providing them with the ability to detect network anomalies and track down threats. But even the best SIEM tool falls short when it comes to situational awareness of key "outside the firewall" aspects of an attack. Security professionals have long understood that they must evolve quickly to meet the challenges of ...

IDG: Why Application Security is a Business Imperative [ Source: Veracode ]

April 2015- The harsh reality is that most internally developed applications are not assessed for critical security vulnerabilities such as SQL injection. IDG Research Services recently surveyed top IT and security executives at enterprises across a variety of industries in the U.S., U.K. and Germany to better understand the enterprise security landscape. This paper examines the survey results.

Why Security Analysts Can't Live Without Big Data [ Source: Platfora ]

April 2015- Recent high-profile data breaches in financial services, retail, healthcare, and other major industries underscore two things for today's organizations: determined cybercriminals are adept at finding and fully exploiting even the smallest security gap, and detection of their activity often comes much too late - and at great cost for the business.

But with almost no purpose-built tools to help analyze security incidents, detect root causes, and unearth larger attacks before adversaries succeed at ...

Rules of Engagement: A Call to Action to Automate Breach Response [ Source: Digital Guardian ]

December 2014- This Forrester report is a call to action for a more automated threat response process based on developing a set of cyber "rules of engagement" that will empower security teams to act more quickly and aggressively to stop data breaches before they can threaten the business.

Defending Against Advanced Threats - Addressing the Cyber Kill Chain [ Source: Proofpoint ]

April 2015- As clearly evidenced by the daily headlines about security breaches, traditional defense tools are failing to protect enterprises from advanced targeted attacks. A deeper understanding of these attacks and how cybercriminals approach them is key to ensuring your organization is protected.

Understanding the Cyber Kill Chain model and how attackers use the cycle of compromise, persistence and exfiltration against an organization is simple but creating an architecture and supporting policies to address it ...

Unified Security Management vs. SIEM: A Technical Comparison [ Source: AlienVault ]

September 2014- SIEM solutions have been widely adopted to help IT teams correlate data from a variety of security point products. However, traditional SIEM deployments require a great deal of time, money and expertise to properly normalize data feeds, create correlation rules to detect threats and tune those rules to limit false positives. Download this white paper to learn more about how a different approach - Unified Security Management (USM) - is delivering improved threat detection, starting ...

Best Practices for AWS Security [ Source: AlienVault ]

January 2015- Amazon Web Services is one of the most secure public cloud platforms available, with deep datacenter security and many user-accessible security features. But, don't forget that you are still responsible for everything you deploy on top of AWS, and for properly configuring AWS security features. This paper covers AWS security best practices to get you started and focus your efforts as you begin to develop a comprehensive cloud security strategy.

Outsider Threat Protection: Building a Kill Chain Defense [ Source: Digital Guardian ]

November 2014- The Kill Chain Defense exploits a critical weakness in the outsider attack model; for an attack to be successful, all steps must be completed and the target data exfiltrated from the organization. This white paper explains the Kill Chain Defense model and how it can be used to pragmatically prevent outsider attackers from succeeding.

Advanced Threat Defense Tactics [ Source: GENERAL DYNAMICS Fidelis Cybersecurity Solutions ]

March 2015- Advanced Persistent Threats (APTs) in the online realm are a painful reality for companies of all sizes, from the largest enterprises down to small and medium-sized businesses (SMBs). Business leaders might be tempted to think that their own organizations are exempt from APTs, or that the security measures they already have in place are adequate to defend against these persistent, methodical attacks. Yet those temptations must be avoided. If your business has something of value ...

Who are you trying to protect? [ Source: Gemalto ]

August 2014- If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. But not all users are created equal. Some need more stringent forms of authentication than others. So who are you trying to protect?

The Right Way to Protect Against DDoS Attacks [ Source: F5 ]

October 2014- CIOs want harmony. Security directors loathe point products. Network operations won't buy into anything new. CIOs can get the harmony they need around DDoS mitigation by extending the F5 Application Delivery Controller into a hybrid solution: on premises with a new cloud component. Read the white paper to learn more.

The Expectation of SSL Everywhere [ Source: F5 ]

March 2015- SSL is the set of cryptographic protocols that secure data in transit. Today SSL is often the only tool standing between your organization and the bad actors. The stakes around SSL have been upleveled to the limit. Whether or not it's convenient to admit, it's time for organizations to uplevel their overall security posture to protect this last line of defense. Read this white paper to learn how your organization can properly embrace a higher ...

Next-Generation Network Security: A Buyers' Guide [ Source: Cisco ]

March 2015- Read this buyers' guide for an in-depth explanation of the factors that impel organizations to look at next-generation security solutions.

Achieve Deeper Network Security and Application Control [ Source: Dell SonicWALL ]

March 2015- Discover a next-generation firewall solution that combats emerging threats effectively and without compromise while reducing the total cost of ownership (TCO). Read this paper and learn how NGFWs help you achieve a deeper level of security and safeguard your organization against today's evolving threats.

G2000 Firm Secures Critical Financial Applications and Generates 192% ROI (Forrester) [ Source: Veracode ]

March 2015- Learn how a global firm secured 400 critical applications and generated an ROI of 192% with cloud-based automation and centralization. The firm previously relied on a traditional on-premises scanning tool, but success was limited because specialized expertise was required to tune and interpret results. As a result, the firm's AppSec program only covered a small fraction of the firm's applications. This Forrester case study includes a detailed financial model showing how the firm leveraged centralized ...

How a Global Manufacturer Secures Its Software Supply Chain [ Source: Veracode ]

March 2015- A global manufacturer found that over 90% of their vendor applications had critical OWASP Top 10 vulnerabilities. The company now leverages Veracode's automated cloud-based service to audit hundreds of third-party applications per year without requiring access to proprietary vendor source code. It also tracks vendor progress with supplier scorecards from the Veracode platform, and has modified its procurement process to contractually require suppliers to meet its security policies. The company has also dramatically scaled its program ...

Hacking Exposed 7 - Chapter 10: Web and Database Hacking (McGraw-Hill) [ Source: Veracode ]

March 2015- Read this classic reference text to get into the cyberattacker's mind and understand the latest attack vectors and web application threats. The prerequisite for dealing with cybersecurity is knowledge: download this critical chapter to learn about web application vulnerabilities and hacking techniques; freely-available crawling tools; and countermeasures to protect your web application infrastructure.

Secure Agile Development (Securosis) [ Source: Veracode ]

March 2015- This white paper is for security professionals who want to understand how to embed security into the Agile SDLC. It describes Agile development and the issues developers face, so both teams can work together better. Agile frameworks have become the new foundation for code development, and secure development practices, just like every other facet of development, must fit within the Agile framework — not the other way around.

The CISO's Handbook - Presenting to The Board (Forrester) [ Source: Veracode ]

March 2015- This report describes strategies for articulating your risk posture and security strategy to executives so you can position yourself as a key influencer in the boardroom. Written by a CISO, it offers guidance on: answering common questions such as “How secure are we”; describing how your strategy aligns with the goals of the business; and helping the board understand complex security issues.

Four Reasons Not to Nuke an Infected Machine: Reimaging Isnt The Only Option [ Source: ThreatTrack Security ]

March 2015- Many organizations still cling to the rigid practice of reimaging every infected machine. However, the costs of reimaging often outweighs the benefit. Learn why you should adopt an alternative approach to reimaging to remediate threats.

Is it Phishing or an APT? [ Source: ThreatTrack Security ]

March 2015- Spear phishing is a primary means by which APTs target and infiltrate networks. This paper describes the element of a phishing attack and how to keep your organization safe from advanced threats.

Losing the Battle - The Need for a New Approach to Advanced Protection [ Source: ThreatTrack Security ]

March 2015- This paper outlines the challenges of fighting APTs and outlines a solution purpose-built to find and stop attacks in progress allowing for mitigation before it's too late.

SaaS Security: Mind the Gap [ Source: Adallom ]

November 2013- This joint paper from EMC and Adallom provides a brief overview of emerging gaps and trust issues common to SaaS providers.

IDC Analyst Connection: The Evolving Threat Landscape [ Source: ThreatTrack Security ]

February 2015- Today's cybercrime environment has evolved from quick smash-and-grab tactics to persistent campaigns involving specialized malware. In response, a new category of security technology aimed at detecting, analyzing and preventing such threats is emerging. ThreatTrack Security discussed this trend with Charles Kolodgy, IDC's Research Vice President for IDC's Security Products Service.

How to Stop Social Media Hacks [ Source: Proofpoint ]

February 2015- A how to guide describing the key steps that organizations should take to prevent their social media accounts from being hacked.

Securing Enterprise Applications [ Source: Onapsis ]

November 2014- Business-critical platforms such as SAP and Oracle have been in place for more than a decade, however a majority of firms using these applications currently have gaps in their security program. There are many reasons for these security gaps ranging from a reliance on generic security tools, to IT teams lacking complete understanding of how application platforms work.

Next 25