- Privileged Access Users in the Enterprise
- Tackling the Top 3 IT Service Management Challenges
- Next-Generation Network Security: A Buyers' Guide
- Addressing the Full Attack Continuum: A New Threat-Centric Security Model for Before, During, and After an Attack
- Case Study: Everbridge Manages Traffic and Security across Global Cloud Providers and Local Data Centers
May 2014- Contractors are becoming a much larger part of modern business. But most organizations struggle to grant them the right access, and failing to do so can lead to serious security breaches. It's time to find something that will work with your environment--even when contractors are a part of it. This paper explains how you can rethink your identity and access provisioning for better security across the organization. You don't have to live with the risk ...
May 2014- This paper discusses the role of out-of-band authentication in battling e-crime.
June 2014- Strengthening online services and protecting funds requires stronger techniques to thwart the wrong user armed with all the right information. Read this paper to learn more.
July 2014- The threat of user-based attacks has never been higher, with 76% of all breaches coming from accounts with access to sensitive data. With the exploitation of remote vendor access a huge concern, learn how to make working with your contractors more secure with this free e-Book from ObserveIT.
October 2014- Financial services firms and energy companies two industries highly targeted by cybercriminals must move quickly to address their cybersecurity deficiencies and shore up their defenses against advanced malware threats.
October 2014- C-level executives regard the role of CISO primarily as a target for finger-pointing in the event of a data breach, and have little faith that individuals in the role could hold other leadership positions.
October 2014- Email remains the #1 threat vector for many organizations. To fight the onslaught of cyber threats, nothing short of a multilayered security architecture, backed by strict security policies and staff training, can protect an organization.
With the number of advanced attacks increasing every daymost undiscovered through traditional detection and response solutionstruly hunting for threats within your environment can be a laborious task. To combat this, enterprises must focus on prioritizing endpoint data collection over detection, leveraging comprehensive threat intelligence, and expanding detection beyond the moment of compromise.
To combat this, enterprises must focus on:
- Prioritizing endpoint data collection ...
Ponemon Institute has completed its fifth year studying the cost of cyber crime to businesses around the world. The 2014 Cost of Cyber Crime study taps the collective experience of 257 organizations in seven countries. It shows that cyber crime and its associated cost to businesses continue to rise. But there is good news, too. Security defenses and a strong security posture help drive down the losses.
Separate reports exist for each country, and this ...
October 2014- For the fifth year running, the United States led the world in number and cost of cyber attacks. The Ponemon Institute surveyed 59 U.S. companies, performing 544 individual interviews to assess their experience with cyber crime. The mean annualized cost for the U.S. companies surveyed was $12.7 million—up 9.3 percent from last year. There is good news, though. A strong security posture and deployment of security intelligence systems drives down the cost for many companies. ...
September 2014- This report outlines Forrester's take on the endpoint security trends seen from Q2 2013 to Q4 2014, looking at IT spend, and the adoption of Endpoint Security Software-As-A-Service. Forrester provides data for organizations to benchmark their spending patterns against their peers, and strategize their endpoint security adoption decisions.
September 2014- Protecting the government's data is an all-consuming, top priority. As the federal government's data growth continues to spiral, and as the types of data threats and leakage change, data and storage managers have no choice but to be on the front lines of protecting their agencies' data. That means first building a solid data storage and management foundation one that ensures that all data is accounted for at all times and that it's continually backed ...
Why is it that so many web applications are certified to be compliant with a particular standard such as PCI DSS and yet are still compromised? According to data compiled by the DatalossDB project, breaches caused by web applications and web-related flaws comprise 11% of all breaches while another 18% fall into the "hack" category (some of which are likely web application related).
Is the scanner the problem? Is it the auditor? On the other hand, ...
February 2014- This paper provides insight to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which calls for "a set of industry standards and best practices to help organizations manage cybersecurity risks". Specifically, this paper describes how Tenables solutions can be leveraged to help meet the guidelines and practices outlined in the components of the Cybersecurity Framework. Organizations can use the Framework to focus on a risk - based approach to align its vulnerability ...
July 2014- Recent breaches have targeted a fatal flaw in the way organizations have approached security over the last two decades. While the focus has been on investing in multiple preventive security technologies-centralized authentication, desktop virus prevention, automated patching, next generation firewalls, sandboxes for zero-day malware, and security event management-adversaries have taken advantage of blind spots that have widened as the IT landscape has evolved. The recent breaches occurred not because of unknown weaknesses in the defensive ...
Every week brings new stories of companies damaged by the breach of sensitive information, a problem that can be prevented by identity-centric best practices. Preventing data loss and protecting sensitive information from unauthorized access should be a top concern of every company. Although implementing strong authentication throughout your organization should be a consideration, starting with those employees who have elevated access is a good start.
Privileged users exist in every organization and they ...
September 2014- This report discusses the top business risks related to the security of consumer facing portals and the latest identity-related technologies that some organizations are already using or plan to adopt to minimize their risk.
Enterprises are unprepared to deal with APT attacks. According to a new Ponemon Institute study, APTs are changing the threat landscape, rendering current security controls ineffective.
In Advanced Persistent Threats (APTs) and targeted attacks, attackers use a myriad of tools and techniques to breach into an organizations' network, steal sensitive information and compromise its operations. Many APTs are launched with a specific purpose such as to gather information, including financial data, PII, or ...
Few organizations evaluating a next-generation firewall take the time to look at the threat intelligence network behind it. Yet this security resource analyzes and distributes intelligence that is essential to blocking advanced malware, zero-day attacks, targeted attacks and other advanced threats.
A top-tier threat intelligence network makes a major difference between a really effective next-generation firewall (NGFW) and a mediocre one, and some vendors invest far more in this area than others. This ...
November 2014- SSL decryption and inspection keeps attackers away from your data and out of your network. Today between 25 and 35 percent of enterprise traffic is secured using the secure sockets layer (SSL) protocol, according to NSS Labs. In some vertical industries SSL traffic comprises as much as 70 percent of network traffic. This is expected, since SSL is commonly used for everything from e-commerce to online banking. More recently, however, cybercriminals have started using SSL to hide their ...
August 2014- Many organizations turn to the Open Web Application Security Project (OWASP) to help ensure that their code and applications are secure. Recently OWASP's Top Ten list of application security risks was updated to include "A9: Using components with known vulnerabilities." This means organizations need to expand their security approach to accommodate components - which are reusable blocks of code that are assembled together to create an application. These re-usable components now comprise 90% of an average ...
August 2014- This Buyer's Guide will aid organizations in specifying information security solutions for rapid detection and resolution. The need for these solutions has never been greater as organizations struggle to fight a deluge of sophisticated cyber threats and breaches. Many go undetected until it's too late to do much more than conduct triage, assess the damage and initiate massive shareholder and public damage control. This situation puts board members, c-suite executives and security experts in the ...
July 2014- This book provides an overview of network security in general, and explains how cybercriminals can use hidden or currently undetectable methods to penetrate protected network systems. Advanced evasion techniques (AETs) bypass current common network security solutions. They can transport any attack or exploit through network security devices and firewalls, next generation firewalls, intrusion detection and prevention systems, and even routers doing deep packet inspection. In this book you'll find out all about AETs, and get ...
July 2014- URL filtering, which blocks users from accessing websites that are malicious or erode productivity, is an essential security best practice. Discover 10 ways to make this easier and more effective to implement.
Computer networks are built to facilitate the flow of communication, not stop it. Unfortunately, data packets can be manipulated to look normal yet contain an exploit. These techniques evade standard security measures and, in most cases, can deliver a malicious payload without detection. Often, these advanced evasion techniques (AETs) take advantage of rarely used protocol properties in unexpected combinations.
Most network security devices are not capable of detecting them. While many pass industry ...
View All Categories
Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management
Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers
Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services
Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business
Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends
Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds
Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats
Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services
Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services