Problem solve

Problem solve

Get help with specific problems with your technologies, process and projects.

• How to conduct a secure code review

  Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading

• 3 threats dirty data poses to the enterprise

  The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading

• Key software patch testing best practices

  Every company has to update and patch its software, but unless the process is carefully managed, serious problems can occur. How can you make sure you're following the right steps? Continue Reading

• Are 14-character minimum-length passwords secure enough?

  When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe. Continue Reading

• Prepare for deepfake phishing attacks in the enterprise

  Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading

• Case study: Why it's difficult to attribute nation-state attacks

  If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware.Continue Reading

• Tips for using a threat profile to prevent nation-state attacks

  Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile.Continue Reading

• Top 7 enterprise cybersecurity challenges in 2022

  Security teams faced unprecedented challenges in 2021. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2022.Continue Reading

• 6 types of insider threats and how to prevent them

  From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues.Continue Reading

• How to overcome GDPR compliance challenges

  As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions.Continue Reading

• Use microsegmentation to mitigate lateral attacks

  Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement.Continue Reading

• Top cybersecurity leadership challenges and how to solve them

  Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda.Continue Reading

• Protect APIs against attacks with this security testing guide

  API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them.Continue Reading

• How to mitigate Log4Shell, the Log4j vulnerability

  The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat.Continue Reading

• Enterprise cybersecurity hygiene checklist for 2022

  Enterprise cybersecurity hygiene must be a shared responsibility between employees and employers. Follow these steps to get the job done by both.Continue Reading

• Top 4 cloud misconfigurations and best practices to avoid them

  Cloud security means keeping a close eye on how cloud resources and assets are configured. Some simple steps can keep you safe from hackers and other malicious activities.Continue Reading

• Why image-based phishing emails are difficult to detect

  Image-based phishing emails are becoming increasingly popular with attackers. Learn how these hard-to-detect scams bypass email filters to infiltrate victims' systems.Continue Reading

• How SBOMs for cybersecurity reduce software vulnerabilities

  With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks.Continue Reading

• 6 reasons unpatched software persists in the enterprise

  Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks.Continue Reading

• How to create a ransomware incident response plan

  A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started.Continue Reading

• How to prevent ransomware: 6 key steps to safeguard assets

  Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices to keep attackers out.Continue Reading

• How to remove ransomware, step by step

  Prevention is key when it comes to ransomware infections. But there are ways to recover data if a device is compromised. Uncover four key steps to ransomware removal.Continue Reading

• Top 3 ransomware attack vectors and how to avoid them

  Adversaries use three common entryways to infect systems with ransomware. Learn how to prevent your organization from falling victim to an attack.Continue Reading

• 3 ransomware detection techniques to catch an attack

  It's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods.Continue Reading

• How attackers use open source intelligence against enterprises

  Cato Networks' Etay Maor explains how cybercriminals use open source intelligence to detect and attack vulnerable enterprise networks and employees.Continue Reading

• Is bitcoin safe? How to secure your bitcoin wallet

  As bitcoin use increases, so too have the number of cyber attacks on cryptocurrency exchanges and wallets. Learn how to keep bitcoin use secure.Continue Reading

• How to defend against TCP port 445 and other SMB exploits

  Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place.Continue Reading

• Use a decentralized identity framework to reduce enterprise risk

  To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure.Continue Reading

• How to conduct security patch validation and verification

  Learn about the verification and validation phases of the security patch deployment cycle, two steps key to ensuring an organization's patch management procedure is proactive.Continue Reading

• How to prevent software piracy

  Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property.Continue Reading

• How to rank enterprise network security vulnerabilities

  Risk management programs yield massive data on network security vulnerabilities. Infosec pros must rank risks to prioritize remediation efforts.Continue Reading

• Mitigate threats with a remote workforce risk assessment

  Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees.Continue Reading

• The top 6 SSH risks and how regular assessments cut danger

  By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is secure.Continue Reading

• 3 steps to zero-day threat protection

  Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage.Continue Reading

• 4 ways to handle the cybersecurity skills shortage in 2021

  More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how.Continue Reading

• Learn how to mitigate container security issues

  The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods.Continue Reading

• Adopting containers and preventing container security risks

  When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching.Continue Reading

• 6 ways to prevent insider threats every CISO should know

  Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats.Continue Reading

• How to fix the top 5 cybersecurity vulnerabilities

  Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses.Continue Reading

• 3 ways CISOs can align cybersecurity to business goals

  To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises.Continue Reading

• How attackers counter incident response after a data breach

  It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed.Continue Reading

• Explore 5 business email compromise examples to learn from

  Gift cards are for gifts, never for payment. Explore real-world examples of business email compromise to learn common attack patterns and red flags.Continue Reading

• Technical controls to prevent business email compromise attacks

  Technical controls are at the heart of preventing successful business email compromise attacks. Learn about those and extra considerations to keep your business secure.Continue Reading

• Top 10 types of information security threats for IT teams

  Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond.Continue Reading

• CERT vs. CSIRT vs. SOC: What's the difference?

  What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization.Continue Reading

• 4 tips to help CISOs get more C-suite cybersecurity buy-in

  CISOs can get more cybersecurity buy-in with cohesive storytelling, focusing on existential security threats, leading with CARE and connecting security plans to business objectives.Continue Reading

• Use business email compromise training to mitigate risk

  Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious.Continue Reading

• Enterprise ransomware prevention measures to enact in 2021

  Enterprises must shore up their ransomware prevention efforts by strengthening security awareness, adding email controls, and developing and testing incident response plans.Continue Reading

• How to address and prevent security alert fatigue

  An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences.Continue Reading

• 5 cybersecurity lessons from the SolarWinds breach

  Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach.Continue Reading

• Top 11 cloud security challenges and how to combat them

  Before jumping feet-first into the cloud, understand the new and continuing top cloud security challenges your organization is likely to face -- and how to mitigate them.Continue Reading

• What is bloatware? How to identify and remove it

  Unwanted pre-installed software -- also known as bloatware -- has long posed security threats for computers and other devices. Here are strategies for how to detect bloatware and uninstall the potential threat.Continue Reading

• How to address the skills gap of security and IT personnel

  In part two of Jonathan Meyers' look at the skills gap challenge companies face in cybersecurity, he offers recommendations to consider when ensuring your teams have the skills needed.Continue Reading

• Remote work cybersecurity challenges and how to address them

  The mass migration to home-based work brought on by COVID-19 poses new cybersecurity risks and amplifies old ones. Here's what organizations need to do.Continue Reading

• 8 challenges every security operations center faces

  Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will face as they implement a security operations center.Continue Reading

• The challenge of addressing the IT and security skills gap

  In the first of a two-part series, Jonathan Meyers examines the issues surrounding the security skills gap that companies must contend with due to limited budgets, training and more.Continue Reading

• What are the biggest hardware security threats?

  Hardware security threats -- and strategies to overcome them -- are evolving as enterprises increasingly install autonomous capabilities for smart building and IoT projects.Continue Reading

• 5 steps to get IoT cybersecurity and third parties in sync

  Third parties often prove to be the weak links when it comes to IoT cybersecurity. Learn what you can do to minimize the risk while reaping the benefits that outside vendors bring.Continue Reading

• Addressing the expanding threat attack surface from COVID-19

  CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely.Continue Reading

• Top 3 challenges of a zero-trust security model

  There are three main zero-trust security challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them.Continue Reading

• Critical IIoT security risks cloud IoT's expansion into industry

  The convergence of IoT with industrial processes increases productivity, improves communications and makes real-time data readily available. But serious IIoT security risks must be considered as well.Continue Reading

• Prevent cloud account hijacking with 3 key strategies

  The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise.Continue Reading

• An inside look at the CCSP cloud security cert

  Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide.Continue Reading

• 3 steps to secure codebase updates, prevent vulnerabilities

  Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe.Continue Reading

• AI security concerns keeping infosec leaders up at night

  Conversations about 'AI as a solution' may overlook potentially grave AI security issues. Explore the potential infosec implications of the emerging technology in this video.Continue Reading

• 'Secure by Design' principles include failures, exceptions

  Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines.Continue Reading

• Exception handling best practices call for secure code design

  Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples.Continue Reading

• 10 RDP security best practices to prevent cyberattacks

  Securing remote connections is critical, especially in a pandemic. Enact these RDP security best practices at your organization to prevent ransomware, brute-force attacks and more.Continue Reading

• Hands-on guide to S3 bucket penetration testing

  Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide.Continue Reading

• How to handle Amazon S3 bucket pen testing complexity

  Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers.Continue Reading

• Build shadow IT policy to reduce security risks

  Security risks have increased during the pandemic as remote workers try to get things done. Find out how CISOs can better manage by creating a shadow IT policy.Continue Reading

• Security pros explain how to prevent cyber attacks

  Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks.Continue Reading

• How to mitigate an HTTP request smuggling vulnerability

  Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack.Continue Reading

• 6 persistent enterprise authentication security issues

  Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues.Continue Reading

• How CISOs can deal with cybersecurity stress and burnout

  Being a paramedic and working in cybersecurity taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles.Continue Reading

• Minorities in cybersecurity face unique and lasting barriers

  IT is facing renewed scrutiny into its lack of diversity. Explore the unique barriers minorities in cybersecurity face and why hiring approaches are ill equipped to address them.Continue Reading

• Complexity exacerbates cloud cybersecurity threats

  As cloud becomes intrinsic to IT, shifting roles have led to some risks being overlooked. But companies are getting smarter about alleviating cloud cybersecurity threats.Continue Reading

• How to address and close the cloud security readiness gap

  Cloud security readiness remains a shortcoming for companies despite the majority using cloud services. Here are three steps they can take to close the cloud security gap.Continue Reading

• 5 steps to help prevent supply chain cybersecurity threats

  Follow five steps to lower the risk of supply chain cybersecurity threats, from creating third-party risk management teams to using blockchain and hyperledger and more.Continue Reading

• Interconnected critical infrastructure increases cybersecurity risk

  Separately managed but interconnected critical infrastructure sectors are not all bound to security requirements and may be at risk of cascading attacks.Continue Reading

• 3 must-ask post-pandemic questions for CISOs

  The worldwide health pandemic has created multiple challenges for today's CISOs and their security teams. Ask these three questions to stay safe in a post-pandemic workplace.Continue Reading

• How to prevent network eavesdropping attacks

  One of the biggest challenges of network eavesdropping attacks is they are difficult to detect. Read about prevention measures to help keep your network safe from snoopers and sniffers.Continue Reading

• In biometrics, security concerns span technical, legal and ethical

  Biometrics are increasingly being used for enterprise security, but they are not without technical, legal and ethical concerns, which teams must address before deployment.Continue Reading

• Identifying and troubleshooting VPN session timeout issues

  Troubleshooting VPN session timeout and lockout issues should focus first on isolating where the root of the problem lies -- be it the internet connection, the VPN vendor or the user device.Continue Reading

• How security teams can prevent island-hopping cyberattacks

  Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud.Continue Reading

• Top 2 post-COVID-19 CISO priorities changing in 2020

  CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal.Continue Reading

• How to balance secure remote working with on-site employees

  Post-pandemic, organizations must strike the right balance between on-site and remote work security. Here's how to make sure your cybersecurity program is prepared.Continue Reading

• How a security researcher spots a phishing email attempt

  When security expert Steven Murdoch spotted a phishing email in his inbox, the researcher in him decided to investigate. Here's what he learned about criminal phishing tactics.Continue Reading

• How to protect the network from ransomware in 5 steps

  Stronger network security could be the key to preventing a ransomware infection. Follow these five steps to protect your network from ransomware.Continue Reading

• Prevent spyware through user awareness and technical controls

  Find out how to protect devices from spyware and educate users to avoid the most common traps from which spyware infections might come, including phishing attacks and rogue apps.Continue Reading

• The risks and effects of spyware

  Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix infected devices.Continue Reading

• Mitigating ransomware and phishing attacks during a pandemic

  Where most see crisis, cybercriminals see opportunity. Learn how security leaders can meet the challenges of mitigating ransomware threats and phishing attacks during a pandemic.Continue Reading

• Cybersecurity impact analysis template for pandemic planning

  This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event.Continue Reading

• Securing a remote workforce amplifies common cybersecurity risks

  Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks.Continue Reading

• Coronavirus phishing threats force heightened user awareness

  As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense.Continue Reading

• How to prepare for ransomware and phishing attacks

  Follow these best practices to properly prepare for ransomware and phishing attacks, as well as further steps to stay secure in the face of a pandemic or widespread health event.Continue Reading

• With US ban, Huawei products put CISOs on notice

  The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations.Continue Reading

• Phishing protection: Keep employees from getting hooked

  Share this list of phishing techniques and detection tips to help employees avoid phishing schemes. Plus, review technologies to protect your enterprise from phishing attacks.Continue Reading

• Coronavirus phishing scams increase amid pandemic's spread

  Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation.Continue Reading

• Answering the top IoT risk management questions

  Vulnerable IoT devices are commonly installed on enterprise networks, putting IT on the lookout for security issues. Here are answers to the biggest IoT risk management questions.Continue Reading