Sort results by: Published date | Company name
Showing items 1-25

Beyond Whois: How Extended Domain Profiles Can Yield Unexpected Insights [ Source: DomainTools ]

November 2014- Every investigation has a starting point. A basic Whois query takes just a few seconds but can quickly provide the foundation for a successful investigation However, it's often the data that does NOT reside in a Whois record that can be truly illuminating. Like a CarFax report that goes beyond the vehicle title, there is a wealth of knowledge captured in other public data that can be invaluable to an investigator when leveraged appropriately. This ...

Supercharge Your SIEM: How Domain Intel Enhances Situational Awareness [ Source: DomainTools ]

April 2015- Security Information and Event Management (SIEM) tools have become indispensable for the modern enterprise. These are the eyes and ears of a security team, providing them with the ability to detect network anomalies and track down threats. But even the best SIEM tool falls short when it comes to situational awareness of key "outside the firewall" aspects of an attack. Security professionals have long understood that they must evolve quickly to meet the challenges of ...

Best Practices for Dealing with Phishing and Next-Generation Malware [ Source: ThreatTrack Security ]

April 2015- Despite the billions of dollars spent each year on anti-phishing, anti-malware, antianti- spam and other security solutions, threats still find their way into most organizations despite the best efforts of security teams to stop them. In fact, for many organizations the problem is actually getting worse over time. The consequences of these incursions can be severe, and in some extreme cases cause a business to go bankrupt.

Cybercriminals Wreak Havoc Beyond Big Enterprises [ Source: ThreatTrack Security ]

April 2015- Breaches at large enterprises grab headlines, but cybercriminals are developing a taste for smaller businesses. The mid-market (companies with 500 to 2,500 employees) is becoming fertile ground for cybercriminals looking to exploit unsuspecting organizations with valuable data to steal and much more to lose.

Key Tools for Maximizing Your Hybrid Cloud Investment [ Source: XO Communications ]

April 2015- Explore the optimization tools that give you the ability to see and control the performance and security of your WAN traffic, a vital component to your cloud success. Among other things, these tools help you counteract the effects of latency introduced by geographical WAN distances and allow you to alleviate network congestion that might results from sending a lot large files and retransmitting dropped packets.

Dealing with Data Breaches and Data Loss Prevention [ Source: Proofpoint ]

April 2015- As data grows and organizations become more vast, the risk of sensitive data being breached increases at an alarming pace. With data breaches making the headlines more than ever, organizations are forced to consider the safety of their data, the policies they have in place to protect it, and the strategies and tools at their disposal for breach mitigation.

Download the latest research report from Osterman Research, Inc., Dealing with Data Breaches and ...

The New Phishing Threat: Phishing Attacks [ Source: Proofpoint ]

April 2015- The threat of email borne attacks is greater than ever with malware volumes increasing drastically. One of the most common, and difficult to detect, email threats comes in the form of phishing and spear-phishing emails.

Historically, phishing attacks targeted end-users with attackers going after credentials to financial accounts. But modern phishing attacks have evolved toward targeting sensitive corporate data as evidenced by the high profile data breaches targeted at diverse organizations including RSA ...

Unified Security Management vs. SIEM: A Technical Comparison [ Source: AlienVault ]

September 2014- SIEM solutions have been widely adopted to help IT teams correlate data from a variety of security point products. However, traditional SIEM deployments require a great deal of time, money and expertise to properly normalize data feeds, create correlation rules to detect threats and tune those rules to limit false positives. Download this white paper to learn more about how a different approach - Unified Security Management (USM) - is delivering improved threat detection, starting ...

Best Practices for AWS Security [ Source: AlienVault ]

January 2015- Amazon Web Services is one of the most secure public cloud platforms available, with deep datacenter security and many user-accessible security features. But, don't forget that you are still responsible for everything you deploy on top of AWS, and for properly configuring AWS security features. This paper covers AWS security best practices to get you started and focus your efforts as you begin to develop a comprehensive cloud security strategy.

Principles & Policies of Perpetual Paranoia: The New Rules for Enterprise IT Security [ Source: Certes ]

March 2015- Enterprise users are putting many more demands on IT security than ever before. At the same time, the IT security architecture is being tested by hackers at unprecedented levels.

In the middle of this "perfect storm" of demands and challenges, how is IT security to cope? How do the stakeholders in network, applications and information security departments gain clarity and alignment to ensure gaps are plugged and compliance needs are met? An emerging ...

Implementing Software-Defined Security with CloudPassage Halo [ Source: CloudPassage ]

March 2015- Software-defined security (SDSec) is an architectural approach to security and compliance that implements controls in a manner that abstracts them from physically-oriented elements such as topology, hardware, or physical location.

This paper summarizes the five architectural principles of SDSec and the ways in which CloudPassage has implemented them by building the Halo SDSec platform for cloud infrastructure.

Who are you trying to protect? [ Source: Gemalto ]

August 2014- If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. But not all users are created equal. Some need more stringent forms of authentication than others. So who are you trying to protect?

G2000 Firm Secures Critical Financial Applications and Generates 192% ROI (Forrester) [ Source: Veracode ]

March 2015- Learn how a global firm secured 400 critical applications and generated an ROI of 192% with cloud-based automation and centralization. The firm previously relied on a traditional on-premises scanning tool, but success was limited because specialized expertise was required to tune and interpret results. As a result, the firm's AppSec program only covered a small fraction of the firm's applications. This Forrester case study includes a detailed financial model showing how the firm leveraged centralized ...

Hacking Exposed 7 - Chapter 10: Web and Database Hacking (McGraw-Hill) [ Source: Veracode ]

March 2015- Read this classic reference text to get into the cyberattacker's mind and understand the latest attack vectors and web application threats. The prerequisite for dealing with cybersecurity is knowledge: download this critical chapter to learn about web application vulnerabilities and hacking techniques; freely-available crawling tools; and countermeasures to protect your web application infrastructure.

Secure Agile Development (Securosis) [ Source: Veracode ]

March 2015- This white paper is for security professionals who want to understand how to embed security into the Agile SDLC. It describes Agile development and the issues developers face, so both teams can work together better. Agile frameworks have become the new foundation for code development, and secure development practices, just like every other facet of development, must fit within the Agile framework — not the other way around.

The CISO's Handbook - Presenting to The Board (Forrester) [ Source: Veracode ]

March 2015- This report describes strategies for articulating your risk posture and security strategy to executives so you can position yourself as a key influencer in the boardroom. Written by a CISO, it offers guidance on: answering common questions such as “How secure are we”; describing how your strategy aligns with the goals of the business; and helping the board understand complex security issues.

Federated Identity Service Buyers Guide [ Source: Radiant Logic ]

April 2015- To ensure security these days, the entire diverse and distributed enterprise identity infrastructure must become one secure global service. A federated identity service based on virtualization is the answer for protecting today's increasingly federated environments—and evolving them to meet future demands and opportunities. In this paper, we'll look at how such a service helps you manage all this complexity and see how other solutions stack up.

Four Reasons Not to Nuke an Infected Machine: Reimaging Isnt The Only Option [ Source: ThreatTrack Security ]

March 2015- Many organizations still cling to the rigid practice of reimaging every infected machine. However, the costs of reimaging often outweighs the benefit. Learn why you should adopt an alternative approach to reimaging to remediate threats.

Losing the Battle - The Need for a New Approach to Advanced Protection [ Source: ThreatTrack Security ]

March 2015- This paper outlines the challenges of fighting APTs and outlines a solution purpose-built to find and stop attacks in progress allowing for mitigation before it's too late.

IDC Analyst Connection: The Evolving Threat Landscape [ Source: ThreatTrack Security ]

February 2015- Today's cybercrime environment has evolved from quick smash-and-grab tactics to persistent campaigns involving specialized malware. In response, a new category of security technology aimed at detecting, analyzing and preventing such threats is emerging. ThreatTrack Security discussed this trend with Charles Kolodgy, IDC's Research Vice President for IDC's Security Products Service.

How to Stop Social Media Hacks [ Source: Proofpoint ]

February 2015- A how to guide describing the key steps that organizations should take to prevent their social media accounts from being hacked.

The SAP Security Survival Guide [ Source: Onapsis ]

January 2015- As a CISO, learn which questions to ask in order to uncover security challenges facing your SAP systems.

Analysis of Cybercrime Infrastructure [ Source: Proofpoint ]

January 2015- Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe. This Proofpoint research report provides a detailed and rarely seen inside view of the infrastructure, tools and techniques that enabled this cybercrime group to infect over 500,000 PCs.

Key facts from the Proofpoint analysis:
• Qbot (aka Qakbot) botnet of 500,000 infected systems sniffed “conversations&...

Sleeping Through the Alarm: What Breaches Should be Telling Us, and Why the Message is Missed [ Source: SafeNet ]

April 2015- Security professionals are living in a time of rapid and fundamental change. Computing and delivery models, user platforms and devices, and security threats have changed radically in recent years. However, in many ways, the security technologies and approaches employed by many organizations have remained relatively static, sometimes leading to disastrous results. To gain a picture of how organizations are contending with the changing technology and security landscape, SafeNet undertook an extensive survey.

This ...

Open Source Software -Security Risks and Best Practices [ Source: Rogue Wave Software ]

January 2015- Third-party applications, including open source software (OSS), make up an increasing proportion of enterprise applications. By some estimates, up to 80 percent of the source code in many new commercial applications is open source. It is easy to understand why. OSS allows developers to build applications faster, adding functionality without writing source code from scratch. Open source communities provide new features, shortening time to market and helping organizations gain competitive advantage.

Open source can ...

Defend Against Injection-Based Attacks [ Source: Rogue Wave Software ]

January 2015- We'll explore some of the most common security vulnerabilities currently plaguing the software development industry, and present different ways in which Static Code Analysis, or SCA, can detect them.

In this paper, we'll:
• Provide a detailed description of the weakness
• Show how it presents itself to the end user and the developer
• Explain mitigation strategies to help resolve each issue.

Next 25