Sort results by: Published date | Company name
Showing items 1-25

Consumer Web Portals at Risk [ Source: RSA ]

September 2014- This report discusses the top business risks related to the security of consumer facing portals and the latest identity-related technologies that some organizations are already using or plan to adopt to minimize their risk.

The State of Advanced Persistent Threats [ Source: IBM ]

September 2014- Enterprises are unprepared to deal with APT attacks. According to a new Ponemon Institute study, APTs are changing the threat landscape, rendering current security controls ineffective.

In Advanced Persistent Threats (APTs) and targeted attacks, attackers use a myriad of tools and techniques to breach into an organizations' network, steal sensitive information and compromise its operations. Many APTs are launched with a specific purpose such as to gather information, including financial data, PII, or ...

Why Threat Intelligence is Critical for Next-Generation Firewalls [ Source: Dell Software ]

August 2014- Few organizations evaluating a next-generation firewall take the time to look at the threat intelligence network behind it. Yet this security resource analyzes and distributes intelligence that is essential to blocking advanced malware, zero-day attacks, targeted attacks and other advanced threats.

A top-tier threat intelligence network makes a major difference between a really effective next-generation firewall (NGFW) and a mediocre one, and some vendors invest far more in this area than others. This ...

Next-Gen Security [ Source: Dell Software ]

August 2014- SSL decryption and inspection keeps attackers away from your data and out of your network. Today between 25 and 35 percent of enterprise traffic is secured using the secure sockets layer (SSL) protocol, according to NSS Labs. In some vertical industries SSL traffic comprises as much as 70 percent of network traffic. This is expected, since SSL is commonly used for everything from e-commerce to online banking. More recently, however, cybercriminals have started using SSL to hide their ...

Understanding & Addressing OWASP's Newest Top Ten Threat: Using Components with Known Vulnerabilities [ Source: Sonatype ]

August 2014- Many organizations turn to the Open Web Application Security Project (OWASP) to help ensure that their code and applications are secure. Recently OWASP's Top Ten list of application security risks was updated to include "A9: Using components with known vulnerabilities." This means organizations need to expand their security approach to accommodate components - which are reusable blocks of code that are assembled together to create an application. These re-usable components now comprise 90% of an average ...

Information Security Buyer's Guide [ Source: AccessData ]

August 2014- This Buyer's Guide will aid organizations in specifying information security solutions for rapid detection and resolution. The need for these solutions has never been greater as organizations struggle to fight a deluge of sophisticated cyber threats and breaches. Many go undetected until it's too late to do much more than conduct triage, assess the damage and initiate massive shareholder and public damage control. This situation puts board members, c-suite executives and security experts in the ...

Advanced Evasion Techniques for Dummies [ Source: McAfee ]

July 2014- This book provides an overview of network security in general, and explains how cybercriminals can use hidden or currently undetectable methods to penetrate protected network systems. Advanced evasion techniques (AETs) bypass current common network security solutions. They can transport any attack or exploit through network security devices and firewalls, next generation firewalls, intrusion detection and prevention systems, and even routers doing deep packet inspection. In this book you'll find out all about AETs, and get ...

10 Best Practices for URL Filtering [ Source: McAfee ]

July 2014- URL filtering, which blocks users from accessing websites that are malicious or erode productivity, is an essential security best practice. Discover 10 ways to make this easier and more effective to implement.

Seven Key Features to Help You Stop Advanced Evasion Techniques at the Firewall [ Source: McAfee ]

July 2014- Computer networks are built to facilitate the flow of communication, not stop it. Unfortunately, data packets can be manipulated to look normal yet contain an exploit. These techniques evade standard security measures and, in most cases, can deliver a malicious payload without detection. Often, these advanced evasion techniques (AETs) take advantage of rarely used protocol properties in unexpected combinations.

Most network security devices are not capable of detecting them. While many pass industry ...

Mitigate Compensation Risk in Banking [ Source: IBM ]

July 2014- Read this new paper to learn about the current challenges faced by banking organization around compensation and see how incentive compensation management (ICM) solution can overcome these common challenges and turn ICM into an effective competitive tool.

You'll discover, how ICM can

• Align sales behaviors with corporate goals

• Automate commission calculations

• Improve transparency and performance in reporting and auditing

Learn how you ...

eBook: An IT Auditor's Guide to Security Controls & Risk Compliance [ Source: Bit9 ]

July 2014- Most organizations must comply with multiple standards covering privacy, corporate financial data, Protected Health Information and credit card data. Fortunately, the overlapping standards agree on a single concept; implementing appropriate security controls to protect information from improper disclosure.

However, GRC requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that ...

5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain [ Source: SurfWatch Labs ]

July 2014- Cybersecurity for the enterprise. There is no silver bullet. But as business becomes more connected and as data moves further outside the organizational walls, enterprises need look at weaknesses in the security chain - and a good place to start is in the supply chain.

Small businesses sit on the "front lines" in the round-the-clock cybercrime battle. Think about how many small businesses, suppliers and customers have access to different areas of an ...

Top 10 Things Every Web Application Firewall Should Provide [ Source: Imperva ]

July 2014- Securing Web applications against cybercriminals, hacktivists, and state-sponsored hackers is a never-ending effort. Web application firewalls have become the central platform for protecting applications against all online threats. This white paper explains in detail the 10 features that every Web application firewall should provide.

Forensic Domain Mapping: How to Reverse Engineer Domain Ownership in a Cyber Investigation [ Source: DomainTools ]

July 2014- For investigators tasked with identifying the perpetrator of online fraud, it's often the little things that can make the difference. Cyber investigators must work diligently to ferret out the smallest details in order to snare their quarry. Investigating a digital crime is not so dissimilar as investigating a crime in the 'real world'. While popular TV shows might have you believe that a single fiber found at the scene of a crime will lead directly ...

Domain Attribution: Piercing the Veil of Masked Domain Owners [ Source: DomainTools ]

July 2014- As the Internet has evolved to become a primary channel of trade and commerce, so has the sophistication of criminal organizations and other perpetrators of fraudulent schemes who take advantage of domain privacy features as a means by which to mask their true identity. Domain privacy, a controversial topic since its introduction in 2003, provides domain owners with the option to substitute the registrar's contract information for their own. While there are a variety of legitimate ...

Best Practices Guide: Using DNS Data for Threat Intelligence and Incident Forensics [ Source: DomainTools ]

July 2014- Cybercrime represents a major threat to both government and businesses, costing the economy hundreds of billions of dollars in losses every year. Often, the most challenging part for an investigator is discovering the who behind an attack. Is it a coordinated attack orchestrated by a criminal syndicate or an amateur hacker looking for a backdoor into your network? If the actual individual cannot be identified-as is too often the case-then investigators can build a Threat ...

Integrating the Network and Endpoints to Detect Unknown Threats [ Source: Symantec ]

April 2014- Modern day attackers are launching increasingly more sophisticated, targeted attacks designed to evade signature-based security technologies. Despite having made significant investment in a range of protection technologies, security leaders still wonder whether their network has been infiltrated, how far the threats have spread and which assets have been compromised.

The traditional approach of relying on disparate network and endpoint protection technologies is no longer enough. Detecting advanced targeted attacks requires an integrated, multi-layered ...

Cybersecurity for Dummies eBook [ Source: Palo Alto Networks ]

July 2014- APTs (advanced persistent threats) have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cyber-criminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Controlling these threats requires multiple security disciplines working together in context. While no single solution will solve the problem of advanced threats on its own, next-generation security ...

Still Using Proxies for URL Filtering? There's a Better Way [ Source: Palo Alto Networks ]

July 2014- Firewalls enforce network access via a positive control model, where only specific traffic defined in policies is granted access to the network while all other traffic is denied. Access Control Lists (ACLs) initially performed this functionality, often in routers, but their rudimentary approach gave way to dedicated packet filtering and stateful inspection firewall devices that offered deeper levels of access controls. Unfortunately, these traditional firewalls shared a common shortcoming - an inability to see all ...

3 Questions to Ask Your DNS Host [ Source: Neustar ]

June 2014- Learn the three key questions you should be asking your DNS host when it comes to protection against DDoS Attacks.

White Book : Cloud Security - The Definitive Guide to Managing Risk in the New ICT Landscape [ Source: Fujitsu America Inc. ]

June 2014- Cloud computing is demonstrating its potential to transform the way IT-based services are delivered to organizations, the journey to cloud is no longer question of "if" but rather "when", and a large number of enterprises have already travelled some way down this path.

However, there is one overwhelming question that is still causing many CIOs and their colleagues to delay their move to cloud: Is cloud computing secure? As many unwary businesses have ...

The Insider Threat: Detecting Indicators of Human Compromise [ Source: Tripwire ]

June 2014- Your organization's greatest asset is also its greatest risk. The employees, contractors and trusted business partners you rely on to keep your organization running can also cause it the most damage. A malicious insider can use authorized credentials to do unauthorized things, bring your network down or repeatedly steal data from your organization without being detected.

Learn about the Insider Threat Kill Chain and what you can do to protect your organization from ...

Stopping Zero Day Exploits Dummies Book [ Source: IBM ]

June 2014- Cyber attacks are growing every day and become serious threats to your organization, but how do you know and understand the threats out there?

Download a copy of this book, and you discover the zero-day exploits and threats used to compromise your enterprise. You also learn about a promising new technology developed by Trusteer, an IBM company, which provides effective yet transparent protection to enterprise endpoints. Start reading Stopping Zero-Day Exploits For Dummies, ...

10 Things Your Next Firewall Must Do [ Source: Palo Alto Networks ]

June 2014- For enterprises looking at Next-Generation Firewall's, the most important consideration is: Will this new technology empower your security teams to securely enable applications to the benefit of the organization? It's not about blocking applications, but safely enabling them.

In this booklet, you'll find practical advice on:

• The how and why of next-generation security

• How to turn security into a business enabler

• 10 critical functions your ...

Security Configuration Management For Dummies [ Source: Tripwire ]

May 2014- Securing your server and network configurations may be the smartest security work you can do. Why? Continually protected and hardened systems keep your data safe, repel exploits and provide measurable confidence. But it's hard to do. How do you get started? What are the capabilities to look for in an effective solution?

Security Configuration Management For Dummies shows you how to:

• Adopt and implement a security hardening policy

&...

Reducing Costs with Next-generation Network Security [ Source: Palo Alto Networks ]

June 2014- This paper details real cases from three businesses, the legacy infrastructure they replaced, the Palo Alto Networks next-generation security platform they deployed, and the substantial savings they realized - cutting capital and operations costs by 50% on average.

Next 25