March 2015- Learn how a global firm secured 400 critical applications and generated an ROI of 192% with cloud-based automation and centralization. The firm previously relied on a traditional on-premises scanning tool, but success was limited because specialized expertise was required to tune and interpret results. As a result, the firm?s AppSec program only covered a small fraction of the firm?s applications. This Forrester case study includes a detailed financial model showing how the firm leveraged centralized ...
March 2015- A global manufacturer found that over 90% of their vendor applications had critical OWASP Top 10 vulnerabilities. The company now leverages Veracodes automated cloud-based service to audit hundreds of third-party applications per year without requiring access to proprietary vendor source code. It also tracks vendor progress with supplier scorecards from the Veracode platform, and has modified its procurement process to contractually require suppliers to meet its security policies. The company has also dramatically scaled its program ...
March 2015- Read this classic reference text to get into the cyberattackers mind and understand the latest attack vectors and web application threats. The prerequisite for dealing with cybersecurity is knowledge: download this critical chapter to learn about web application vulnerabilities and hacking techniques; freely-available crawling tools; and countermeasures to protect your web application infrastructure.
March 2015- This white paper is for security professionals who want to understand how to embed security into the Agile SDLC. It describes Agile development and the issues developers face, so both teams can work together better. Agile frameworks have become the new foundation for code development, and secure development practices, just like every other facet of development, must fit within the agile framework not the other way around.
March 2015- This report describes strategies for articulating your risk posture and security strategy to executives so you can position yourself as a key influencer in the boardroom. Written by a CISO, it offers guidance on: answering common questions such as How secure are we?; describing how your strategy aligns with the goals of the business; and helping the board understand complex security issues.
March 2015- Many organizations still cling to the rigid practice of reimaging every infected machine. However, the costs of reimaging often outweighs the benefit. Learn why you should adopt an alternative approach to reimaging to remediate threats.
March 2015- Spear phishing is a primary means by which APTs target and infiltrate networks. This paper describes the element of a phishing attack and how to keep your organization safe from advanced threats.
March 2015- This paper outlines the challenges of fighting APTs and outlines a solution purpose-built to find and stop attacks in progress allowing for mitigation before it's too late.
November 2013- This joint paper from EMC and Adallom provides a brief overview of emerging gaps and trust issues common to SaaS providers.
February 2015- Today's cybercrime environment has evolved from quick smash-and-grab tactics to persistent campaigns involving specialized malware. In response, a new category of security technology aimed at detecting, analyzing and preventing such threats is emerging. ThreatTrack Security discussed this trend with Charles Kolodgy, IDC's Research Vice President for IDC's Security Products Service.
February 2015- A how to guide describing the key steps that organizations should take to prevent their social media accounts from being hacked.
November 2014- Business-critical platforms such as SAP and Oracle have been in place for more than a decade, however a majority of firms using these applications currently have gaps in their security program. There are many reasons for these security gaps ranging from a reliance on generic security tools, to IT teams lacking complete understanding of how application platforms work.
January 2015- Gaps in security practices of business-critical applications running on SAP are causing organizations to rethink their current approach and embrace a new strategy.
January 2015- As a CISO, learn which questions to ask in order to uncover security challenges facing your SAP systems.
Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe. This Proofpoint research report provides a detailed and rarely seen inside view of the infrastructure, tools and techniques that enabled this cybercrime group to infect over 500,000 PCs.
Key facts from the Proofpoint analysis:
• Qbot (aka Qakbot) botnet of 500,000 infected systems sniffed “conversations&...
Third-party applications, including open source software (OSS), make up an increasing proportion
of enterprise applications. By some estimates, up to 80 percent of the source code in many new
commercial applications is open source. It is easy to understand why. OSS allows developers to
build applications faster, adding functionality without writing source code from scratch. Open source
communities provide new features, shortening time to market and helping organizations gain
Open source can ...
January 2015- By providing developers with the right tools to detect, understand, and fix problems early, your business can simplify software development, shorten development lifecycles, and improve the quality of software code. The end result is increased innovation, secure applications, and a faster time to market - all at a lower cost. Read this whitepaper to learn more.
For years, developers have known that one of the best ways to reassure users is by signing code using a digital signature accessed via a private key issued by a respected certificate authority. But signed code is not invulnerable. Due to lax key security and vetting processes, malware has managed to infiltrate applications with signed code.
Extended Validation (EV) Code Signing Certificates help to halt malware infiltration by requiring a rigorous vetting process ...
January 2015- The malware threat and resulting lack of confidence on the part of online users puts software developers and other companies that rely on software downloads at risk. Code signing is an industry-recommended and widely-used defense against tampering, corruption, or malware infection in software code, armed with a powerful method to both identify code and assure the identity of the code signer. This white paper discusses the malware threat, the potential impact on your business, and ...
January 2015- Download Protecting Android Applications with Secure Code Signing Certificates and learn the value of secure code signing practices for building more secure Android apps as well as how these certificates play a key role in helping developers enhance the safety of their applications, their users, and their reputations.
December 2014- Protecting data in motion has become a high priority for a growing number of companies. As more companies face the real and growing threat of data theft, along with increased regulatory pressure to protect their data, encryption of data in motion has gone from a "nice to have" technology to a critical budgeted project. However, companies that have deployed IPsec VPNs across their network have discovered that while encryption is a great mode of data ...
December 2014- This new IDG survey reveals optimism about the ability of next-generation firewalls to help IT balance productivity and security. With two issues becoming increasingly crucial, IT faces conflicting mandates from the business. On one hand, employees demand access from devices beyond the firewall-smartphones, tablets, home PCs and laptops. On the other hand, risk management dictates corporate data must remain protected. The overarching challenge: balance productivity and security. Within that mandate, however, lie several other challenges, ...
December 2014- Your current firewall may be jeopardizing your security. This white paper explains exactly where traditional firewalls fall short, and how next-generation firewalls can help you counter today's threats, manage web 2.0 apps and enforce acceptable-use policies. If your company has a traditional firewall, it is probably jeopardizing your security and costing you money. Firewalls are an essential part of network security, but most are very limited. They can close unneeded ports, apply routing rules to packets ...
November 2014- Learn about the tools, technologies and techniques required for comprehensive detection and remediation of advanced malware threats and why traditional signature-based approaches fall short of protecting your organization.
November 2014- Learn what CISOs can do to better protect their organizations from security breaches, and why a big data security analytics architecture is necessary for threat detection and response.
View All Categories
Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management
Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers
Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services
Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business
Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends
Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds
Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats
Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services
Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services