Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
U.S. data privacy protection laws: 2025 guide
Growing concerns over the processing, storage and protection of personal data, plus the GenAI effect, are leading to the passage of new local and regional privacy regulations. Continue Reading
User provisioning and deprovisioning: Why it matters for IAM
Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
-
EDR vs. XDR vs. MDR: Key differences and benefits
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
Top 10 identity and access management risks
Organizational security is undermined by a number of identity and access management problems. Learn what those risks are and get ideas on how to solve them. Continue Reading
Address skills shortages with third-party data discovery tools
Homegrown might be best in some scenarios, but resource-constrained security teams should consider third-party tools for data discovery and resilience.Continue Reading
3 key generative AI data privacy and security concerns
Those charged with protecting and ensuring the privacy of user data are facing new challenges in the age of generative AI.Continue Reading
10 API security testing tools to mitigate risk
Securing APIs properly requires testing throughout their design lifecycle. Explore 10 leading API security testing tools for automated, continuous security testing.Continue Reading
Top AI security certifications to consider
AI security certifications, much like AI itself, are evolving. Does it make sense to go through the time and money to obtain a credential, given how quickly the field is changing?Continue Reading
Study shows securing SaaS applications growing in importance
Securing all types of SaaS applications ranks high among security pros, but the broad mandate can mean the need for better SaaS security platforms and tools.Continue Reading
-
How to achieve crypto-agility and future-proof security
Quantum computing will render current asymmetric encryption algorithms obsolete. Organizations need to deploy crypto-agile systems to remain protected.Continue Reading
EDR vs. SIEM: Key differences, benefits and use cases
Endpoint detection and response and security information and event management tools offer organizations benefits, but each plays a specific role, so it's worth having both.Continue Reading
How to define cyber-risk appetite as a security leader
In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite.Continue Reading
What is risk management? Importance, benefits and guide
Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.Continue Reading
API security maturity model to assess API security posture
As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities.Continue Reading
Research reveals strategies to improve cloud-native security
As organizations focus on the cloud to deliver and scale applications, security teams struggle to keep up. Recent research points to how teams can effectively manage cloud security risk.Continue Reading
DNS security best practices to implement now
DNS is a key component in any enterprise network. Auditing DNS servers and encrypting DNS traffic are just two of the steps to take to protect your organization's DNS deployment.Continue Reading
Top vulnerability management challenges for organizations
Organizations understand vulnerability management is essential to identifying cyber-risks, but coordinating teams, tools and handling CVEs keeps the pressure on.Continue Reading
Microsoft Copilot for Security: 5 use cases
Copilot for Security can assist security pros -- from managers and CISOs to incident responders and SOC members -- in maintaining security posture and addressing security gaps.Continue Reading
How AI could change threat detection
AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity threats and how its benefits could grow as AI matures.Continue Reading
What is threat detection and response (TDR)? Complete guide
Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization.Continue Reading
6 steps toward proactive attack surface management
With organizations' attack surfaces growing, new research shows better asset management, tighter access policies like zero trust and consistent configuration standards can help.Continue Reading
Cyber-risk quantification challenges and tools that can help
While cybersecurity risk should inform budget and strategy decisions, quantifying risk and the ROI of mitigation efforts isn't easy. Cyber-risk quantification tools can help.Continue Reading
Cyber-risk management remains challenging
Strong cyber-risk management demands collaboration and coordination across business management, IT operations, security and software development in an ever-changing environment.Continue Reading
What is network detection and response (NDR)?
Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack.Continue Reading
Threat hunting frameworks, techniques and methodologies
Threat hunting's proactive approach plays a vital role in defending against cyberattacks. Learn about the frameworks, methodologies and techniques that make it so effective.Continue Reading
4 AI cybersecurity jobs to consider now and in the future
Now hiring: At the intersection of AI and cybersecurity, career opportunities are emerging. Explore four new jobs that combine AI and security expertise.Continue Reading
Why is SecOps becoming both easier and more difficult?
While SecOps has become easier in some ways, enterprises still struggle with areas such as data volumes, threat intelligence analysis and security alert volume and complexity.Continue Reading
5 open source Mitre ATT&CK tools
Security teams that use the Mitre ATT&CK framework should consider using these open source tools to help map attacker techniques to the knowledge base.Continue Reading
Security teams need to prioritize DSPM, review use cases
New research showed data resilience is a top priority for security teams, as data security posture management grows to help manage and protect data and improve GenAI.Continue Reading
CrowdStrike outage lessons learned: Questions to ask vendors
In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur.Continue Reading
Cyber-risk management: Key takeaways from Black Hat 2024
Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks.Continue Reading
How to select an MDR security service
With the threat landscape as challenging as it is, organizations are looking for reinforcements. One option is to bolster detection and response via third-party MDR services.Continue Reading
Black Hat USA 2024 takeaways for data security and IAM
Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security.Continue Reading
EDR testing: How to validate EDR tools
Cutting through an EDR tool's marketing hype is difficult. Ask vendors questions, and conduct testing before buying a tool to determine if it solves your organization's pain points.Continue Reading
How invisible MFA works to reduce UX friction
Traditional MFA provides benefits but tests users' patience. Explore how invisible MFA can make it easier to access resources and reduce MFA fatigue.Continue Reading
Highlights from CloudNativeSecurityCon 2024
This year's Cloud Native Computing Foundation CloudNativeSecurityCon highlighted cloud-native security issues to its many attendees who don't hold security-focused roles.Continue Reading
How to prepare for a secure post-quantum future
Quantum computing is expected to arrive within the next decade and break current cryptographic algorithms. SANS' Andy Smith explains how to start securing your company now.Continue Reading
How to assess SOC-as-a-service benefits and challenges
While in-house SOCs are costly and complex to build and maintain, SOC as a service provides a more affordable, cloud-based alternative. Explore benefits and challenges.Continue Reading
Be prepared for breach disclosure and a magnitude assessment
Organizations need to take a proactive approach to monitoring data stores continuously, and in the case of a breach, assess the magnitude quickly and accurately. DSPM can help you.Continue Reading
Evolving ZeroFont phishing attacks target Outlook users
Threat actors are using a new twist on a longtime phishing tactic to compel corporate end users to open malicious emails. Learn how ZeroFont attacks work and how to prevent them.Continue Reading
5 key capabilities for effective cyber-risk management
Faced with relentless cyberattacks, organizations need to shore up their cyber-risk management programs by updating legacy tools and checking out new vendor options.Continue Reading
CISO advice for addressing cyber-risk management challenges
Cyber-risk management is simple in concept and difficult in practice. CISOs weigh in on some potential ways to reign in the chaos, educate executives and mitigate cyber-risks.Continue Reading
The differences between open XDR vs. native XDR
Extended detection and response tools are open or native. Learn the differences between them, and get help choosing the right XDR type for your organization.Continue Reading
The ultimate guide to cybersecurity planning for businesses
This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks.Continue Reading
8 cloud detection and response use cases
Unsure whether cloud detection and response is useful for your organization? These eight use cases could make CDR indispensable.Continue Reading
CrowdStrike chaos casts a long shadow on cybersecurity
As organizations recover from today’s outages, the cybersecurity industry will need to develop new security software evaluation criteria and requirements and learn to parlay risks.Continue Reading
Is today's CrowdStrike outage a sign of the new normal?
A CrowdStrike update with a faulty sensor file has global implications for Windows systems. But competitors need to limit the finger-pointing in case it happens to them.Continue Reading
CISOs on how to improve cyberthreat intelligence programs
Organizations need to take a focused approach to gain visibility into targeted threats for cyber-risk mitigation and incident response.Continue Reading
How AI-driven SOC tech eased alert fatigue: Case study
Alert fatigue is real, and it can cause big problems in the SOC. Learn how generative AI can improve security outcomes and reduce analysts' frustration in this case study.Continue Reading
EDR vs. antivirus: What's the difference?
Endpoint detection and response and antivirus tools both protect enterprise networks, and both have distinct advantages. Which is better for your organization?Continue Reading
AWS makes strong case for its security advantages at re:Inforce
At re:Inforce 2024, AWS shared details of its secure-by-design measures to protect customer data.Continue Reading
CASB vs. CSPM vs. CWPP: Comparing cloud security tool types
Let's break down some cloud security alphabet soup. CASB, CSPM and CWPP overlap to an extent, but you'll want to pay close attention to how they accomplish different things.Continue Reading
The enduring importance of digital trust
Digital trust is an increasingly important issue, yet confusion remains about what exactly it is, how to achieve it and how to get started.Continue Reading
Identiverse 2024: Key takeaways in identity security
The 2024 Identiverse conference addressed identity access management challenges, AI's ability to streamline IAM workflows and nonhuman identity management for identity pros.Continue Reading
The 10 best cloud security certifications for IT pros in 2024
Certifications can help security pros prove their baseline knowledge of infosec topics. Consider adding these top cloud security certifications to your arsenal.Continue Reading
Why it's SASE and zero trust, not SASE vs. zero trust
When it comes to adopting SASE or zero trust, it's not a question of either/or, but using SASE to establish and enable zero-trust network access.Continue Reading
Reporting ransomware attacks: Steps to take
The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. This expert advice outlines the process.Continue Reading
What is cloud security management? A strategic guide
This cloud security guide explains challenges enterprises face today; best practices for securing and managing SaaS, IaaS and PaaS; and comparisons of cloud-native security tools.Continue Reading
Using ChatGPT as a SAST tool to find coding errors
ChatGPT is lauded for its ability to generate code for developers, raising questions about the security of that code and the tool's ability to test code security.Continue Reading
Dell Technologies World was all about AI; what about security?
At Dell Technologies World 2024, Dell made it crystal clear that it is all-in on AI, but the company must also emphasize the importance of cybersecurity.Continue Reading
RSA Conference wrap-up: The state of cybersecurity disconnect
The cybersecurity industry isn't prepared for massive changes in play. It needs to focus more on the mission rather than cybersecurity technology widgets.Continue Reading
Top 6 benefits of zero-trust security for businesses
The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here.Continue Reading
How to converge networking and security teams: Key steps
Companies can reap a lot of benefits by merging their networking and security teams. But it takes careful planning to make it work.Continue Reading
10 risk-related security updates you might have missed at RSAC
AI was a prominent theme at RSA Conference, but many security vendors also delivered risk-focused capabilities to help infosec pros better manage their risk posture.Continue Reading
5 Mitre ATT&CK framework use cases
The Mitre ATT&CK framework helps security teams better protect their organizations. Read up on five Mitre ATT&CK use cases to consider adopting, from red teaming to SOC maturity.Continue Reading
CISSP or CISM: Which should you pursue?
For hopeful practitioners, the question of whether to pursue CISSP or CISM depends on their career goals and interests. For some, the question should be, 'Why not both?'Continue Reading
How AI-driven patching could transform cybersecurity
At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities.Continue Reading
3 reasons Synopsys is selling its app security business
Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry.Continue Reading
Lessons learned from high-profile data breaches
Equifax. Colonial Pipeline. Sony. Target. All are high-profile data breaches, and all offer key lessons to learn that prevent your organization from falling victim to an attack.Continue Reading
5 key takeaways from RSA Conference 2024
At RSA Conference 2024, the infosec industry showed their efforts to push forward in AI and to fill gaps that should help security practitioners do their jobs more effectively.Continue Reading
RSAC panel debates confidence in post-quantum cryptography
The Cryptographers' Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability.Continue Reading
SSPM vs. CSPM: What's the difference?
Posture management in the cloud is key, but evaluating different tools, such as SaaS security posture management and cloud security posture management platforms, can be confusing.Continue Reading
AWS to protect its cloud using CrowdStrike security products
AWS is replacing a variety of security products with the CrowdStrike Falcon Platform to further secure applications and data on its cloud.Continue Reading
Security updates from Google Cloud Next '24 center on GenAI
Google has infused Gemini into its security tools and while GenAI isn’t going to solve every security problem right away, its assistive capabilities save much needed time.Continue Reading
RSAC 2024: Real-world cybersecurity uses for GenAI
Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity.Continue Reading
3 ways AI is transforming cloud security, according to experts
Generative AI only recently burst into the collective consciousness, but experts say it is already changing cloud security -- on both the defensive and offensive sides.Continue Reading
Traditional MFA isn't enough, phishing-resistant MFA is key
Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails.Continue Reading
4 steps CISOs can take to raise trust in their business
When CISOs align their investments with CIOs' tech investments, both can fuel business success and enable greater trust with customers, employees and partners.Continue Reading
3 Keycloak authorization strategies to secure app access
Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access.Continue Reading
Optimize encryption and key management in 2024
Enterprise Strategy Group research highlighted the encryption challenges enterprises face, including lack of encryption, cryptographic infrastructure inadequacies and more.Continue Reading
4 types of cloud security tools organizations need in 2024
From CIEM to SSE, these four types of cloud security tools help boost security efforts as organizations continue to expand their cloud environments.Continue Reading
Pros and cons of 7 breach and attack simulation tools
Breach and attack simulation software can significantly beef up an organization's network defense strategy. But not all tools are made equally.Continue Reading
5 trends in the cyber insurance evolution
As cyber insurance companies evolve, they will wield more power throughout the industry. Check out five areas where cyber insurance trends are changing the cybersecurity market.Continue Reading
Benefits and challenges of NetOps-SecOps collaboration
Organizations need to tread carefully when planning how to converge their networking and security teams to achieve potential benefits and mitigate the challenges.Continue Reading
Identity, data security expectations for RSA Conference 2024
Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM.Continue Reading
5 areas to help secure your cyber-risk management program
To meet the challenges of managing cyber-risk, organizations need to have a cyber-risk management plan in place. Look at five areas to better secure your organization's assets.Continue Reading
Private vs. public cloud security: Benefits and drawbacks
Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security and multi-cloud security -- before deciding on an enterprise deployment modelContinue Reading
Top 6 data security posture management use cases
Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities.Continue Reading
Agent vs. agentless security: Learn the differences
Enterprises can either use an agent or agentless approach to monitor and secure their networks. Each approach has benefits and drawbacks.Continue Reading
Surprising ways Microsoft Copilot for Security helps infosec
Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures.Continue Reading
Cloud detection and response is, and will stay, a team sport
CISOs should push for federated technologies, common processes and formal communications between teams to ensure cloud detection and response is effective and efficient.Continue Reading
Cybersecurity market researchers forecast significant growth
The cybersecurity market is growing and changing at a rapid pace, leading to major opportunities for vendors, heightened confusion for buyers and new challenges for CISOs.Continue Reading
Threat intelligence programs need updating -- and CISOs know it
Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services.Continue Reading
Why companies need attack surface management in 2024
The attack surface is in a constant state of change and growth -- which is bad news for cyber-risk management. This vulnerability needs to be addressed.Continue Reading
Ransomware preparedness kicks off 2024 summit series
BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here.Continue Reading
Benefits and challenges of managed cloud security services
The rapid drive to hybrid and multi-cloud environments has organizations scrambling to get proper protections into place. For many, external security support is critical.Continue Reading
Top 7 data loss prevention tools for 2024
Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't.Continue Reading
Shadow AI poses new generation of threats to enterprise IT
AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it.Continue Reading
GenAI development should follow secure-by-design principles
Every company wants a piece of the GenAI pie, but rushing to develop a product without incorporating secure-by-design principles could harm their business and customers.Continue Reading