Problem solve
Get help with specific problems with your technologies, process and projects.
Problem solve
Get help with specific problems with your technologies, process and projects.
Quishing on the rise: How to prevent QR code phishing
A monthslong quishing campaign demonstrated how cybercriminals are using QR codes to trick users. Here's what enterprise security leaders need to know. Continue Reading
Plan ahead to reduce cloud forensics challenges
Laying out a detailed framework that governs how -- and how quickly -- information is shared by CSPs can help ease the problems associated with collecting forensics data. Continue Reading
Protect against current and future threats with encryption
Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
-
How to reduce risk with cloud attack surface management
Attack surfaces continue to expand, fueled in part by the cloud. Attack surface management is a key way to identify vulnerable assets and reduce the risk to a corporate network. Continue Reading
Addressing the confusion around shift-left cloud security
To clarify how shift-left security should work in terms of cloud-based application development, Enterprise Strategy Group analyst Melinda Marks dives deep into the process. Continue Reading
7 ways to mitigate CISO liability and risk
Recent civil and criminal cases have brought CISO liability questions to the fore. Learn how to understand and manage personal risk exposure as a security executive.Continue Reading
Cloud-native security metrics for CISOs
Author and chief risk officer Rich Seiersen talks about the challenges of securing cloud-native applications and how to use metrics to improve their effectiveness.Continue Reading
How to defend against TCP port 445 and other SMB exploits
Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place.Continue Reading
Top 7 enterprise cybersecurity challenges in 2023
Security teams faced unprecedented challenges in 2022. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2023.Continue Reading
How to prevent deepfakes in the era of generative AI
Businesses must be ever vigilant in detecting the increasingly sophisticated nuances of deepfakes by applying security techniques that range from the simple to the complex.Continue Reading
-
How to fix the top 5 API vulnerabilities
APIs are more ubiquitous than ever, but many are still subject to well-known and often easily preventable vulnerabilities.Continue Reading
How to mitigate low-code/no-code security challenges
Don't adopt low-code/no-code application development approaches without considering these best practices to mitigate and prevent their inherent security risks.Continue Reading
SMS pumping attacks and how to mitigate them
Online forms that use SMS can be costly to organizations if they are vulnerable to SMS pumping attacks. Use the following methods to mitigate or prevent this fraud-based attack.Continue Reading
Why enterprise SecOps strategies must include XDR and MDR
Adopting extended detection and response and employing managed detection and response services may be the missing pieces of the SOC modernization puzzle.Continue Reading
Top 10 types of information security threats for IT teams
Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond.Continue Reading
CERT vs. CSIRT vs. SOC: What's the difference?
What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization.Continue Reading
10 types of security incidents and how to handle them
Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe.Continue Reading
How to fix the top 5 cybersecurity vulnerabilities
Check out how to fix the top five cybersecurity vulnerabilities to prevent data loss whether the problem is poor endpoint security, ineffective network monitoring or other issues.Continue Reading
What reverse shell attacks are and how to prevent them
Attackers use reverse shells to covertly attack an organization's environment. Discover what a reverse shell is and how to mitigate such attacks.Continue Reading
Enterprise cybersecurity hygiene checklist for 2023
Enterprise cybersecurity hygiene must be a shared responsibility between employees and employers. Follow these steps to get the job done by both.Continue Reading
How to prevent and detect lateral movement attacks
Reduce the success of lateral movement attacks by performing these eight key cybersecurity activities at strategic, operational and proactive levels.Continue Reading
How to prevent and mitigate process injection
Process injection is a defense evasion technique that helps attackers hide from enterprise security systems. Learn how it works and how to mitigate it.Continue Reading
How to implement least privilege access in the cloud
More organizations are moving their resources to the cloud but are not paying attention to how cloud access privileges are allocated. Learn how to limit access in the cloud.Continue Reading
How to prevent SQL injection with prepared statements
One of the top defenses against SQL injection is prepared statements. In this book excerpt, learn what prepared statements are and how to extend their defense.Continue Reading
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them.Continue Reading
Common lateral movement techniques and how to prevent them
Lateral movement techniques enable attackers to dig deeper into compromised environments. Discover what lateral movement attacks are and four attack techniques.Continue Reading
5 ways to overcome multifactor authentication vulnerabilities
Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more.Continue Reading
Types of vulnerability scanning and when to use each
Vulnerability scanning gives companies a key weapon when looking for security weaknesses. Discovery, assessment and threat prioritization are just a few of its benefits.Continue Reading
How to build a shadow IT policy to reduce risks, with template
With a shadow IT policy in place, organizations reduce security risks from unapproved applications and services that employees introduce independently.Continue Reading
Security hygiene and posture management requires new tools
Using multiple tools to address security hygiene and posture management at scale is costly and difficult. A new converged security technology category may be the answer.Continue Reading
Types of cloud malware and how to defend against them
Cloud malware isn't going away anytime soon, but organizations have a growing number of tools at their disposal to combat the threat.Continue Reading
How to use PuTTY for SSH key-based authentication
This tutorial on the open source PuTTY SSH client covers how to install it, its basic use, and step-by-step instructions for configuring key-based authentication.Continue Reading
Top 6 challenges of a zero-trust security model
Zero trust has a number of challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them.Continue Reading
Solve ICS security issues with ICS and IT team convergence
It's predicted that threat actors will weaponize industrial control systems to harm or kill humans by 2025. Prepare by learning how to balance ICS and security convergence.Continue Reading
How data security posture management complements CSPM
Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data.Continue Reading
How to conduct a secure code review
Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities.Continue Reading
3 threats dirty data poses to the enterprise
The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them.Continue Reading
Key software patch testing best practices
Every company has to update and patch its software, but unless the process is carefully managed, serious problems can occur. How can you make sure you're following the right steps?Continue Reading
Are 14-character minimum-length passwords secure enough?
When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe.Continue Reading
Prepare for deepfake phishing attacks in the enterprise
Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector.Continue Reading
Case study: Why it's difficult to attribute nation-state attacks
If two attacks look similar, don't assume they're from the same attacker. It's difficult to attribute nation-state attacks, as evidenced by the notorious 2016 Odinaff malware.Continue Reading
Tips for using a threat profile to prevent nation-state attacks
Is your organization concerned about state-sponsored attacks? Threat profiling can help prevent nation-state attacks. Get advice on how to create an effective threat profile.Continue Reading
6 types of insider threats and how to prevent them
From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues.Continue Reading
How to overcome GDPR compliance challenges
As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions.Continue Reading
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement.Continue Reading
Top cybersecurity leadership challenges and how to solve them
Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda.Continue Reading
Protect APIs against attacks with this security testing guide
API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them.Continue Reading
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat.Continue Reading
Top 4 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on how cloud resources and assets are configured. Some simple steps can keep you safe from hackers and other malicious activities.Continue Reading
Why image-based phishing emails are difficult to detect
Image-based phishing emails are becoming increasingly popular with attackers. Learn how these hard-to-detect scams bypass email filters to infiltrate victims' systems.Continue Reading
How SBOMs for cybersecurity reduce software vulnerabilities
With SBOMs, companies will know what components constitute the software they purchase, making it easier for security teams to understand and manage vulnerabilities and risks.Continue Reading
6 reasons unpatched software persists in the enterprise
Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks.Continue Reading
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started.Continue Reading
How to prevent ransomware: 6 key steps to safeguard assets
Ransomware can cost companies billions in damage. Incorporate these ransomware prevention best practices to keep attackers out.Continue Reading
How to remove ransomware, step by step
Prevention is key when it comes to ransomware infections. But there are ways to recover data if a device is compromised. Uncover four key steps to ransomware removal.Continue Reading
Top 3 ransomware attack vectors and how to avoid them
Adversaries use three common entryways to infect systems with ransomware. Learn how to prevent your organization from falling victim to an attack.Continue Reading
3 ransomware detection techniques to catch an attack
It's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods.Continue Reading
How attackers use open source intelligence against enterprises
Cato Networks' Etay Maor explains how cybercriminals use open source intelligence to detect and attack vulnerable enterprise networks and employees.Continue Reading
Is bitcoin safe? How to secure your bitcoin wallet
As bitcoin use increases, so too have the number of cyber attacks on cryptocurrency exchanges and wallets. Learn how to keep bitcoin use secure.Continue Reading
Use a decentralized identity framework to reduce enterprise risk
To reduce the risk of identity theft for customers, partners and employees, companies should look at integrating a decentralized identity framework into existing infrastructure.Continue Reading
How to conduct security patch validation and verification
Learn about the verification and validation phases of the security patch deployment cycle, two steps key to ensuring an organization's patch management procedure is proactive.Continue Reading
How to prevent software piracy
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property.Continue Reading
How to rank enterprise network security vulnerabilities
Risk management programs yield massive data on network security vulnerabilities. Infosec pros must rank risks to prioritize remediation efforts.Continue Reading
Mitigate threats with a remote workforce risk assessment
Risk assessments are more necessary than ever as organizations face the challenge of protecting remote and hybrid workers alongside in-office employees.Continue Reading
The top 6 SSH risks and how regular assessments cut danger
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is secure.Continue Reading
3 steps to zero-day threat protection
Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage.Continue Reading
4 ways to handle the cybersecurity skills shortage in 2021
More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how.Continue Reading
Learn how to mitigate container security issues
The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods.Continue Reading
Adopting containers and preventing container security risks
When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching.Continue Reading
6 ways to prevent insider threats every CISO should know
Too often, organizations focus exclusively on external risks to security. Infosec expert Nabil Hannan explains what CISOs can do to effectively assess and prevent insider threats.Continue Reading
3 ways CISOs can align cybersecurity to business goals
To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises.Continue Reading
How attackers counter incident response after a data breach
It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed.Continue Reading
Explore 5 business email compromise examples to learn from
Gift cards are for gifts, never for payment. Explore real-world examples of business email compromise to learn common attack patterns and red flags.Continue Reading
Technical controls to prevent business email compromise attacks
Technical controls are at the heart of preventing successful business email compromise attacks. Learn about those and extra considerations to keep your business secure.Continue Reading
4 tips to help CISOs get more C-suite cybersecurity buy-in
CISOs can get more cybersecurity buy-in with cohesive storytelling, focusing on existential security threats, leading with CARE and connecting security plans to business objectives.Continue Reading
Use business email compromise training to mitigate risk
Effective BEC training can prevent scams designed to exploit the brain's automatic responses. It starts by teaching employees to slow down and make the unconscious conscious.Continue Reading
Enterprise ransomware prevention measures to enact in 2021
Enterprises must shore up their ransomware prevention efforts by strengthening security awareness, adding email controls, and developing and testing incident response plans.Continue Reading
How to address and prevent security alert fatigue
An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences.Continue Reading
5 cybersecurity lessons from the SolarWinds breach
Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach.Continue Reading
Top 11 cloud security challenges and how to combat them
Before jumping feet-first into the cloud, understand the new and continuing top cloud security challenges your organization is likely to face -- and how to mitigate them.Continue Reading
What is bloatware? How to identify and remove it
Unwanted pre-installed software -- also known as bloatware -- has long posed security threats for computers and other devices. Here are strategies for how to detect bloatware and uninstall the potential threat.Continue Reading
How to address the skills gap of security and IT personnel
In part two of Jonathan Meyers' look at the skills gap challenge companies face in cybersecurity, he offers recommendations to consider when ensuring your teams have the skills needed.Continue Reading
8 challenges every security operations center faces
Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will face as they implement a security operations center.Continue Reading
The challenge of addressing the IT and security skills gap
In the first of a two-part series, Jonathan Meyers examines the issues surrounding the security skills gap that companies must contend with due to limited budgets, training and more.Continue Reading
What are the biggest hardware security threats?
Hardware security threats -- and strategies to overcome them -- are evolving as enterprises increasingly install autonomous capabilities for smart building and IoT projects.Continue Reading
5 steps to get IoT cybersecurity and third parties in sync
Third parties often prove to be the weak links when it comes to IoT cybersecurity. Learn what you can do to minimize the risk while reaping the benefits that outside vendors bring.Continue Reading
Addressing the expanding threat attack surface from COVID-19
CISOs need to ensure they and their security teams are aware of the new threats created by many businesses expanding their attack surface with many employees still working remotely.Continue Reading
Critical IIoT security risks cloud IoT's expansion into industry
The convergence of IoT with industrial processes increases productivity, improves communications and makes real-time data readily available. But serious IIoT security risks must be considered as well.Continue Reading
Prevent cloud account hijacking with 3 key strategies
The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise.Continue Reading
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide.Continue Reading
3 steps to secure codebase updates, prevent vulnerabilities
Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe.Continue Reading
AI security concerns keeping infosec leaders up at night
Conversations about 'AI as a solution' may overlook potentially grave AI security issues. Explore the potential infosec implications of the emerging technology in this video.Continue Reading
'Secure by Design' principles include failures, exceptions
Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines.Continue Reading
Exception handling best practices call for secure code design
Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples.Continue Reading
10 RDP security best practices to prevent cyberattacks
Securing remote connections is critical, especially in a pandemic. Enact these RDP security best practices at your organization to prevent ransomware, brute-force attacks and more.Continue Reading
Hands-on guide to S3 bucket penetration testing
Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide.Continue Reading
How to handle Amazon S3 bucket pen testing complexity
Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers.Continue Reading
Security pros explain how to prevent cyber attacks
Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks.Continue Reading
How to mitigate an HTTP request smuggling vulnerability
Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack.Continue Reading
6 persistent enterprise authentication security issues
Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues.Continue Reading