Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
PCI DSS v4.0 is coming, here's how to prepare to comply
Organizations need to start laying the groundwork to reap the benefits of the forthcoming PCI DSS v4.0 specification. Creating a team to focus on the upgrade is one good step. Continue Reading
5 key questions to evaluate cloud detection and response
Consider these five questions before deciding to invest in a specialized cloud detection and response product. Continue Reading
How to conduct a secure code review
Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
-
8 secure file transfer services for the enterprise
With a plethora of options, finding the best secure file transfer service for your business can pose a challenge. Learn how to make an informed decision. Continue Reading
5 reasons to integrate ESG and cybersecurity
Every business faces global systemic risks, yet most have failed to integrate cybersecurity with ESG programs. Here are five reasons why integration makes good business sense. Continue Reading
Data security as a layer in defense in depth against ransomware
Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack.Continue Reading
Why 2023 is the year of passwordless authentication
Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication.Continue Reading
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe.Continue Reading
Understanding 3 key automated DevSecOps tools
SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from.Continue Reading
10 top open source security testing tools
From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is.Continue Reading
-
5 data security challenges enterprises face today
Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet.Continue Reading
Importance of enterprise endpoint security during a pandemic
Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it.Continue Reading
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans.Continue Reading
The importance of data security in the enterprise
Three industry experts discuss the criticality of data security in the enterprise, including the significance of data breaches and compliance regulations.Continue Reading
Top 10 UEBA enterprise use cases
The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks.Continue Reading
10 biggest data breaches in history, and how to prevent them
Did you know the biggest data breach in history exposed a whopping 3 billion records? Learn more about the largest data breaches and get advice on how to prevent similar attacks.Continue Reading
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan.Continue Reading
4 criteria to measure cybersecurity goal success
Measuring the success of cybersecurity goals is challenging because they are components of larger goals and often probabilistic rather than deterministic.Continue Reading
Clearing up cybersecurity architecture confusion, challenges
There's no lack of cybersecurity frameworks, but there is a lack of resources to help small and midsize organizations build a cybersecurity architecture -- until now.Continue Reading
How to write a cybersecurity job posting
Is your organization struggling to find cybersecurity talent? Your job descriptions could be the problem. Learn how to write a good cybersecurity job posting.Continue Reading
How to define cyber-risk appetite as a security leader
In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite.Continue Reading
A 'CISO evolution' means connecting business value to security
As cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite.Continue Reading
How to find your niche in cybersecurity
It's difficult to navigate a career in cybersecurity, especially with all the varying roles. A veteran CISO offers advice on how to find your niche in the security industry.Continue Reading
Why the next-gen telecom ecosystem needs better regulations
The telecom industry keeps the world connected but also poses national and cybersecurity risks. Learn why the sector needs better -- and uniform -- regulations.Continue Reading
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground.Continue Reading
What's driving converged endpoint management and security?
Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG.Continue Reading
Top metaverse cybersecurity challenges to consider
The metaverse introduces cybersecurity problems companies must address, from identity and privacy to moderation and physical security.Continue Reading
Top cloud security takeaways from RSA 2022
Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and mitigate cybersecurity skills shortages, according to ESG.Continue Reading
How hackers use AI and machine learning to target enterprises
AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks.Continue Reading
How to evaluate security service edge products
As organizations become more cloud-centric and adapt to remote work, a new technique known as security service edge is gaining traction.Continue Reading
11 open source automated penetration testing tools
From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks.Continue Reading
8 benefits of DevSecOps automation
DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks.Continue Reading
Using SSH tunneling for good and evil
Secure Shell tunneling takes the secure application protocol to the next level for bypassing firewalls and creating secure connections everywhere.Continue Reading
How ransomware kill chains help detect attacks
Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack.Continue Reading
Top 4 source code security best practices
Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code.Continue Reading
Why using ransomware negotiation services is worth a try
If stakeholders decide to pay ransomware demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout.Continue Reading
ESG analysts discuss how to manage compliance, data privacy
ESG analysts offer three recommendations for effective data governance: good C-level and IT leadership, visibility into cloud infrastructure and understanding cloud architecture.Continue Reading
Apple, Microsoft, Google expand FIDO2 passwordless support
Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS.Continue Reading
How cryptocurrencies enable attackers and defenders
Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike.Continue Reading
How micropatching could help close the security update gap
Countless known but unpatched vulnerabilities pose significant, ongoing risk to the typical enterprise. Learn how micropatching could help close the security update gap.Continue Reading
Compare zero trust vs. the principle of least privilege
Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies.Continue Reading
Case study: Scaling DevSecOps at Comcast
Comcast's DevSecOps transformation started small but quickly gained steam, resulting in 85% fewer security incidents in production. Learn more in this case study.Continue Reading
The top secure software development frameworks
Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks.Continue Reading
Do phishing simulations work? Sometimes
Phishing simulations are becoming increasingly popular to pinpoint which employees fall victim to scams, but their effectiveness and morality have been called into question.Continue Reading
Data security requires DLP platform convergence
Cloud adoption, combined with an anytime, anyplace, any device workforce requires a converged data loss prevention platform to secure data -- not point products with DLP features.Continue Reading
What are the benefits and challenges of microsegmentation?
Administrators are assessing microsegmentation to beef up access control and security. But deploying microsegmentation can be complex.Continue Reading
Unethical vulnerability disclosures 'a disgrace to our field'
The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says.Continue Reading
Comparing network segmentation vs. microsegmentation
Network segmentation and microsegmentation both control access but vary in how they do it, as well as how granular their approach is. Learn the differences here.Continue Reading
Traditional IT vs. critical infrastructure cyber-risk assessments
When it comes to critical infrastructure cybersecurity, the stakes are uniquely high. Assessing associated cyber-risk, in turn, is uniquely challenging.Continue Reading
Study attests: Cloud apps, remote users add to data loss
A study from ESG found many customers attribute data loss and compliance troubles to the race to put apps in the cloud and accommodate remote workers amid the pandemic.Continue Reading
Making sense of conflicting third-party security assessments
Third-party security assessments from different sources may not always agree, but that doesn't mean they can be ignored. Learn how Mitre ATT&CK can provide perspective.Continue Reading
The benefits and challenges of managed PKIs
Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization.Continue Reading
Should companies ask for a SaaS software bill of materials?
Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why.Continue Reading
How secure are one-time passwords from attacks?
Adding an additional authentication layer makes it harder for attackers to get into accounts, but not all authentication factors are equal -- especially when it comes to OTPs.Continue Reading
How effective is security awareness training? Not enough
Annual security awareness trainings do little to improve security. Learn why they aren't helpful, and discover steps to improve your organization's training program.Continue Reading
The importance of HR's role in cybersecurity
HR teams must keep security top of mind when hiring and onboarding employees and enforcing data privacy policies. Get advice on the procedures and mechanisms to do so.Continue Reading
Why CISOs need to understand the business
While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company.Continue Reading
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security.Continue Reading
Review Microsoft Defender for endpoint security pros and cons
Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls.Continue Reading
2 zero-trust cloud security models emerge as demands shift
Security teams are beefing up enterprise defenses as cloud services become more essential. Zero trust -- tailored to assets, as well as users -- is an integral part of the equation.Continue Reading
3 benefits of sustainable cybersecurity in the enterprise
Sustainable cybersecurity means taking the long view on cyber-risk mitigation. Explore the technical, financial, societal and reputational wins it can net for the enterprise.Continue Reading
Top 3 Web3 security and business risks
The third iteration of the internet is quickly coming to fruition. With Web3 comes an evolution in business risks, however, as well as susceptibility to traditional risks.Continue Reading
Top DevSecOps certifications and trainings
Check out some of the top DevSecOps certifications and trainings that can help professionals learn how to shift security left in the software development lifecycle.Continue Reading
Use digital identity proofing to verify account creation
Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address.Continue Reading
Implement API rate limiting to reduce attack surfaces
Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here.Continue Reading
API security methods developers should use
Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated.Continue Reading
10 cybersecurity certifications to boost your career in 2022
A consensus of industry professionals rank these 10 security certifications as the most coveted by employers and security pros.Continue Reading
Top 6 critical infrastructure cyber-risks
Cyber attacks on critical infrastructure assets can cause enormous and life-threatening consequences. Discover the top cyber-risks to critical infrastructure here.Continue Reading
Why companies need cybersecurity and cyber resilience
Companies need cybersecurity and cyber-resilience plans to not only protect against attacks, but also mitigate damage in the aftermath of a successful one.Continue Reading
Top 5 essential open source cybersecurity tools for 2022
Some of the open source tools highlighted in our top five list have been around for decades; others are relatively new. Each has proven to be highly useful and valuable.Continue Reading
6 blockchain use cases for cybersecurity
Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain.Continue Reading
Pros and cons of manual vs. automated penetration testing
Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization.Continue Reading
The importance of a policy-driven threat modeling approach
An expanding threat landscape, combined with increasing cloud use and a cybersecurity skill shortage, is driving the need for a policy-driven threat modeling approach.Continue Reading
IaC security options help reduce software development risk
The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk.Continue Reading
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond?Continue Reading
Top 10 ransomware targets in 2022 and beyond
One in three organizations suffered ransomware attacks in a single year, according to research. And while some industries are taking particularly hard hits, no one is safe.Continue Reading
What is cyber hygiene and why is it important?
Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.Continue Reading
5 infosec predictions for 2022
If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months.Continue Reading
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach.Continue Reading
5 cybersecurity predictions for 2022
ESG analysts took a look into their crystal balls to predict what we'll see in enterprise cybersecurity in 2022. Is your company prepared if the predictions come true?Continue Reading
ransomware
Ransomware is a subset of malware in which the data on a victim's computer is locked -- typically by encryption -- and payment is demanded before the ransomed data is decrypted and access is returned to the victim.Continue Reading
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs.Continue Reading
GDPR as we enter 2022: Challenges, enforcement and fines
Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more.Continue Reading
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links.Continue Reading
Browse 9 email security gateway options for your enterprise
Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at the current market leaders and their standout features.Continue Reading
Passwordless authentication issues to address before adoption
The technology for passwordless authentication exists, but challenges remain. Companies must grapple with differing use cases, legacy software, adoption costs and more.Continue Reading
Top blockchain security attacks, hacks and issues
These five factors have created issues for the blockchain security landscape. Learn more about blockchain hacks and attacks and how they will affect the future of Web3.Continue Reading
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers.Continue Reading
The components and objectives of privacy engineering
Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives.Continue Reading
The intersection of privacy by design and privacy engineering
Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how.Continue Reading
Ultimate guide to secure remote access
This comprehensive secure remote access guide outlines the strategies, tools and best practices to provide anywhere access while protecting data, systems and users.Continue Reading
The complete guide to ransomware
Organizations in every industry can be targets of cybercrime for profit. Get expert advice on ransomware prevention, detection and recovery in our comprehensive guide.Continue Reading
What is risk management and why is it important?
Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.Continue Reading
How to evaluate and deploy an XDR platform
Not all extended detection and response platforms are created equal. Don't take the XDR plunge before knowing exactly what to look for in an XDR platform.Continue Reading
10 CCPA enforcement cases from the law's first year
It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance.Continue Reading
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go.Continue Reading
The benefits of an IT management response
Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too?Continue Reading
3 components to consider when selecting an MDR service
In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision.Continue Reading
Should companies pay after ransomware attacks? Is it illegal?
It's not a question of whether a company will fall prey to ransomware, but when. Executives should focus on deciding to pay or not pay the ransom and on any legal fallout.Continue Reading
CompTIA SYO-601 exam pivots to secure bigger attack surface
The latest CompTIA Security+ exam, SYO-601, tests skills and knowledge for dealing with an expanded attack surface and the latest forms of assault on cybersecurity defenses.Continue Reading