As organizations shift more to the cloud, it means they will increasingly rely on networks and infrastructure they don't own or directly manage. Yet this infrastructure is just as critical to consume and deliver the applications and services as when it was in the data center. Alex Henthorn-Iwane, VP Product Marketing at ThousandEyes, outlines 6 key network considerations that IT managers should take into account before shifting to the cloud.
The cost of data breaches is higher for small businesses than large enterprises. Not only do small businesses have to weather the initial expense of a data breach — an average of $120,000 per incident — they also have to recover from the massive reputation hit a data breach causes. Janice Miller of Safety Today outlines what SMB owners need to know.
When is the last time your company truly thought about the security of your network, devices and data? If this answer isn’t “yesterday” or “today,” then your agency, and the client data it is entrusted with, might be at risk. Dror Liwer, CISO of Coronet, outlines what agencies can do to get serious about cybersecurity.
With hundreds, if not thousands of security alerts per day pouring into Security Operations Centers (SOC), security professionals are fighting a losing battle. Fortunately, tried-and-true manufacturing techniques can turn the tide. Heather Hixon of DFLabs outlines two techniques that can help even the playing field between SOCs and their adversaries.
In 2019, security teams will start using more technologies to achieve detection and response versus simply relying only on standard SIEM alone. But deploying more and more technologies is not enough. SVP strategy at CyberInt Itay Yanovski explains why organizations need to look at Security Operations Centers (SOC) in a different way.
Whether you’re building a security operations center or ensuring that your existing security operations team has all its bases covered, you must ensure that you’re properly protecting your digital assets. Jorge Alago, cybersecurity architecture lead at Veristor, provides a quick rundown of 8 essential components that should be core to your security efforts.
There is a widespread need for organizations to modernize their security operations. Why? It creates the structure to eliminate distractions caused by chasing compliance mandates and the latest “shiny technology objects” and allows security organizations to reduce enterprise risk. Mark Maxey of Optiv outlines how to get started on modernizing operations.
This article introduces the concept of a Software Defined Perimeter (SDP) as a progressive security model. Don Boxley, co-founder and CEO of DH2i, explains how an SDP overcomes today’s most prevalent data security challenges – especially as cloud adoption continues to soar – while presenting numerous, previously unattainable benefits.
With security often seen as an obstacle in the path of innovation, adhering to project delivery deadlines and staying agile, it can be something of a dirty word in the software industry. Pieter Danhieux, CEO of Secure Code Warrior, explains how to engage developers to code securely, bridge the gap between the development and security functions of the business, and strive for a higher build standard of software.
Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 2 of this two-part series, Dave Moore, founder of Internet Safety Group, walks the reader through a well-crafted response plan and reviews of the top backup programs.
With the problematic talent shortage in security, organizations are consistently operating understaffed and team members are forced to pick up the slack, which results in job fatigue and stress. Eric Sheridan, Chief Scientist at WhiteHat Security, offers three strategies for overcoming security burnout.
Last year Locky, NotPetya and WannaCry ransomware savaged Internet users, with billions of dollars lost, data destroyed, worldwide shipping disrupted, and reputations damaged. Even though they are the most hacked businesses on the Internet, many SMBs do not have proper cybersecurity protections in place. In part 1 of this two-part series, Dave Moore, founder of Internet Safety Group, explains why and how SMBs need to make Internet safety training a top priority.
When it comes to protecting end-user devices, many enterprises see two choices: either lock down devices and limit what users can access, or prioritize productivity and take some chances with security. Tal Zamir shows why this either/or proposition is untenable for CISOs, IT and end-users, and how a new software-defined endpoint approach is enabling enterprises to deliver completely secure and totally unrestricted user experience.
With the GDPR now in effect, businesses across Europe are adjusting to a new regulatory environment. David McLeod of activpayroll examines the GDPR's impact on the payroll landscape, and how employers might boost their compliance performance.
When Remotive.io founder Rodolphe Dutel tweeted “Tech companies must offer trust, not toys, to attract and retain talent,” it went viral. Rather than offering toys – ping pong tables, beer fridges, etc. – to lure in more candidates, Rodolphe outlines what organizations should offer instead to attract the best talent, and why.
Given all the vendor- and analyst-speak in the security space, it’s become difficult for organizations to know the difference between Security Information and Event Management (SIEM) and security analytics. Here are 6 ways to tell a SIEM from a security analytics product.
Regularly measuring the effectiveness of cybersecurity efforts is challenging but essential to avoid security incidents. The ROI of security investments should be based on how much loss the organization could avoid due to the investment. In this article, Netwrix CEO Steve Dickson covers a combination of quantitative and qualitative methods to evaluate the return on security investments (ROSI).
99% of successful attacks involve vulnerabilities that have been known to cybersecurity professionals for at least one year. Nollaig Heffernan describes the issues that exist today with applying software patches, primarily at the application layer, and advises on how to mange the patching effort and where priorities should lie for organizations.
We kicked off 2017 with a lot of excitement around a nasty set of SMB vulnerabilities which led to the devastatingly successful WannaCry and NotPetya attacks, and 2018 started off with a similar level of excitement concerning the Spectre and Meltdown vulnerabilities. Ivanti’s Chris Goettl discusses which trends have surfaced and what to watch for during the rest of the year.
What are the signs of a breach? Are you catching them all or do you have a false sense of security (yes, pun intended) when it comes to all things cyber within your organization? Sean Martin reaches out to the community of experts to help him identify some ways to spot the signs of a breach that might not be immediately evident.
Organizations of all sizes are vulnerable to cybersecurity threats, and they need to be able to detect indicators of compromise in order to address risks and respond to attacks. Integrating SIEM and SOAR combines the power of each to create a more robust, efficient and responsive security program – which ultimately allows security teams to avoid alert fatigue.
Today’s CISOs have one thing in common: the pressing need for funding to keep their security programs vital. Worldwide IT security spending jumped nearly 8 percent in the past year to top $90 billion, and it’s forecast to climb above $113 billion by 2020, but despite these numbers, executive decision-makers now want InfoSec costs inexorably linked to business value and return on investment.
Cybersecurity startups, relying on a seemingly endless stream of cash from VCs, are facing a harsh reality as organizations take a harder look at their cybersecurity ROI. When the funding stops, what does that mean for the industry and customers left holding the bag?
Organizations can benefit from handling more data and doing more with their existing data, even when obstacles stand in their way. Here are three challenges that hold companies back from using more data and three difficulties of doing more with that data.
With the proliferation of attack types and the reality that threat actors are getting smarter, faster, and more efficient at compromising networks, today’s Security Operation Centers (SOC) must be more flexible and agile to detect and stop threats.
The fact is that the people behind the keyboards are your weakest endpoints and the apathy in recognizing that fact is the biggest security threat of organizations today. So, what do we do to address this risk?
From time to time, we get asked about support for business rules. Usually, the person asking the question comes from a background in traditional Business Process Management (BPM), where business rules are treated as a discrete subject. What can we do to make sure business rules don’t need to be treated as something discrete and separate?
Even with some of the largest breaches taking place recently, amid the deluge of attacks around the world and targeting all industries, the WannaCry and Petya attacks may earn a hashmark in a historical for changing for forcing the security community to reconsider its posture.
Enterprises are struggling to find secure ways to allow trusted users access sensitive data. Traditional security models designed to protect limited entry points to the data are no longer viable. These best practices, presented by Gurucul’s CEO, Saryu Nayyar, can help address the challenges.
VoIP and IP PBXs bring multiple benefits to businesses: from slashing telco costs, to increasing productivity, to boosting overall efficiency within the workplace. However, where there are pros there are almost always cons. It’s apparent that vendors and users need to become more attentive with regard to the potential risks involved when using IP for communications and actively undertake precautions to prevent being hacked.