Results ordered by term relevance.

May 8, 2017 | Endpoints
By Dave Kennedy, IANS Faculty

 Weighing Traditional vs. Next-Gen Endpoint Protection

Traditional endpoint protection platforms (EPPs) like McAfee or Symantec tend to have rich feature sets, but are lagging in newer capabilities. Next-gen endpoint solutions, on the other hand, have cutting-edge features but don't offer a broad range of functionality. In this Ask-an-Expert live interaction, IANS Faculty Dave Kennedy compares the two spaces and offers recommendations for getting the best of both worlds.

Read More »


December 9, 2016 | Risk Management
By Rich Guida, IANS Faculty

 Understanding the Relationship Between Physical and Logical Information Security

The relationship between physical security and cybersecurity can be more closely linked than some organizations might think. In this Ask-an-Expert written response, IANS Faculty Rich Guida details specific instances (i.e., insider threats) where the two types of security come together and offers insight into the practice of "incrementalism."

Read More »


November 28, 2016 | Embedded Systems and Internet of Things
By Chris Poulin, IANS Faculty

 Hidden Threats in Smart Buildings

In a quest to reduce energy consumption and make daily activities more convenient and pleasant for their occupants, smart buildings are becoming ever more interconnected, internet-connected and complex. In this report, IANS Faculty Chris Poulin details the latest advances in smart building technologies, the hidden threats they expose and key steps to take to ensure your smart building doesn’t become your latest threat vector.

Read More »


November 14, 2016 | Data Classification
By Kevin Beaver, IANS Faculty

 Where, Exactly, Is Your Information?

Do you know where all of your critical data is located? Studies show that few information security pros do. In this report, IANS Faculty Kevin Beaver underscores the importance of data classification and offers tips to not only find exactly where sensitive information is located, but establish the right controls to ensure you always know where it is and that it’s secured effectively.

Read More »


November 7, 2016 | Malware and Advanced Threats
By Adam Ely, IANS Faculty

 Protecting Against the Latest Wave of DDoS Attacks

Now that Internet-of-Things (IoT)-based DDoS attacks are in the news, is it time to rethink your DDoS strategy? In this Ask-an-Expert live interaction, IANS Faculty Adam Ely outlines key strategies to implement at the network, server and operations level to defend against all types of DDoS attacks, even this latest iteration.

Read More »


October 31, 2016 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Application-Level DoS: Are You Ready?

Application-level DoS attacks can be difficult to detect, challenging to diagnose, and when effectively exploited, they can render your application completely inaccessible. In this report, IANS Faculty Jason Gillam explains how application-level DoS works and offers some key mitigation strategies. 

Read More »


October 27, 2016 | Insider Threats
By John Strand, IANS Faculty

 Going from Reactive to Proactive with Insider Threats

Honing your response to an insider threat is difficult enough, but building on the program to proactively identify and thwart potential malicious insiders is fraught with risk. In this Ask-an-Expert live interaction, IANS Faculty John Strand outlines the importance of partnering with HR, choosing the right tool set and funding the program adequately.

Read More »


October 18, 2016 | Mainframe and Legacy Systems
By Philip Young, IANS Faculty

 Mainframes, APIs and the False Sense of Security

Mainframes usually hold companies’ most sensitive, mission-critical data. As more organizations decide to open up their mainframe “crown jewels” to participate in today’s mobile/cloud world, however, is mainframe security keeping up? In this report, IANS Faculty Philip Young details the riskiest areas of the mainframe and explains how best to secure them against today’s threats.

Read More »


October 13, 2016 | Networking and Network Devices
By Mike Saurbaugh, IANS Faculty

 What to Look for in a Secure Web Gateway

Secure web gateways provide a staple in network infrastructure and the market seems to suggest they will be around for the next few years. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh explores the capabilities of modern proxy solutions and offers selection criteria to help evaluate various solutions.

Read More »


November 2, 2016 | Risk Management
By Michael Pinch, IANS Faculty

 Breaking Down the Top 5 Security Risks Facing Health Care Organizations

The top priorities for health care organizations today are uptime and free access to data, which means companies in this space face a number of security challenges. In this Ask-an-Expert written response, IANS Faculty Mike Pinch details the major security risks the health care industry is dealing with today - from ransomware to the Internet of Things - and offers strategies for tackling these challenges.

Read More »


January 4, 2017 | Regulations & Legislation
By Daniel Maloof, IANS Managing Editor

 Trump and Security: What to Expect in the New Administration

We all know incoming U.S. President Donald Trump is focused on physical security and building the wall, but what about cybersecurity policy? In this report, a handful of IANS Faculty detail what they believe we should expect from the new Donald Trump administration in terms of digital privacy, consumer protections, the EU-U.S. Privacy Shield, the U.S. Cybersecurity Framework and more.

Read More »


January 12, 2017 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q4 2016

A new vulnerability or breach seems to be discovered daily, but which should be taken more seriously and which are overhyped? In this report, IANS Faculty Mike Saurbaugh looks back over the major breaches and vulnerabilities of the past three months, explains them and provides real-world context and perspective.

Read More »


February 9, 2017 | Incident Response Planning
By Ondrej Krehel, IANS Faculty

 Getting the Most from Your Incident Response Engagement

The actions taken after an incident can either lead to improving your security posture and building trust with your customers – or not. In this report, IANS Faculty Ondrej Krehel details ways to ensure the findings uncovered during your incident response (IR) engagements are fully internalized and integrated into your processes and business continuity plans going forward. 

Read More »


February 15, 2017 | Virtual Private Networks
By Dave Shackleford, IANS Faculty

 DirectAccess: Understanding the Pros and Cons

Microsoft's DirectAccess offers some clear operational and cost advantages for organizations, but it also brings with it some potential drawbacks from a security perspective. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford assesses these pros and cons and details some of the security considerations organizations need to take into account when deciding to implement DirectAccess. 

Read More »


February 23, 2017 | Malware and Advanced Threats
By Kevin Beaver, IANS Faculty

 Strategies for Thwarting State-Sponsored Hacks

State-sponsored attackers are, by definition, highly skilled and highly funded. How can we keep up? In this report, IANS Faculty Kevin Beaver details the challenges around state-sponsored hacking, including the threats, vulnerabilities and risks that must be addressed, starting today, if organizations are going to stay off their radar. 

Read More »


March 2, 2017 | Malware and Advanced Threats
By Ken Van Wyk, IANS Faculty

 Fake News: Fighting a Rampant Malware Delivery Mechanism

Due to its unprecedented success during the recent presidential election, fake news is increasingly being adopted by hackers as an elegant malware delivery mechanism, on par with spear-phishing email. In this report, IANS Faculty Ken Van Wyk details how fake news can be weaponized and offers some concrete steps to protect your company.

Read More »


March 7, 2017 | Security Operations Centers (SOCs)
By Mike Rothman, IANS Faculty

 Overcoming Resistance to SOC Data Collection

How can you run an effective security operations center (SOC) when operations won't provide you with the right data? In this Ask-an-Expert live interaction, IANS Faculty Mike Rothman outlines some potential reasons for operations' lack of cooperation and provides strategies for overcoming them.

Read More »


March 15, 2017 | Team Structure and Management
By Adam Ely, IANS Faculty

 Revamping the Security Organization

Every enterprise is different, as is the makeup of just about every security team. Are there any best practices for creating the ideal security organization? In this Ask-an-Expert live response, IANS Faculty Adam Ely offers some strategies for reworking the security organization to gain better alignment, agility and effectiveness.

Read More »


March 16, 2017 | Embedded Systems and Internet of Things
By Aaron Turner, IANS Faculty

 Balancing Business Benefits with IoT Dangers

Some say IoT stands for Internet of Threats, but businesses and consumers are rushing headlong into the adoption of everything from wearables to smart buildings. In this report, IANS Faculty Aaron Turner examines the enterprise risks of IoT and explores defensive tactics to help build a short- and long-term strategy to effectively and securely employ IoT technology. 

Read More »


March 22, 2017 | Mobile Access and Device Management
By Aaron Turner, IANS Faculty

 Enterprise Mobility: Defining a Security Strategy

Enterprises today are on their third generation of mobile technologies, and each iteration has had its own unique challenges. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details some of the highest-impact risks organizations face in the mobility space today and offers some maturity-specific approaches companies can take to combat these risks. 

Read More »


March 22, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Setting Requirements for Vendors Storing Sensitive Data

Vetting and managing vendors has become increasingly important for organizations in recent years, particularly for those that are storing, processing or transmitting sensitive data. In this Ask-an-Expert written response, IANS Faculty Josh More walks through a simplified approach to assessing, qualifying, classifying and verifying vendors to ensure they can be trusted to handle sensitive data. 

Read More »


February 27, 2017 | Vendor and Partner Management
By Josh More, IANS Faculty

 Managing Vendors With Disparate Frameworks

Vendor due diligence becomes even more challenging when there are a variety of information security frameworks in play. In this Ask-an-Expert written response, IANS Faculty Josh More details two approaches to the problem: a formalized mapping process using the COBIT framework and an ad-hoc approach designed to prioritize the specific risks facing the organization. 

Read More »


March 31, 2017 | DevOps Organization and Strategy
By Michael Pinch, IANS Faculty

 Making Threat Modeling an Integral Part of the Development Process

Threat modeling is a critical part of the mature software delivery process, especially in DevOps environments, but ensuring it's integrated effectively and seamlessly can be tricky. In this Ask-an-Expert written response, IANS Faculty Mike Pinch offers some tips for inserting threat modeling into the development process, along with some key tools to consider.

Read More »


April 3, 2017 | Malware and Advanced Threats
By Mike Saurbaugh, IANS Faculty

 IANS Vulnerability and Breach Update: Q1 2017

A new vulnerability or breach seems to be discovered daily, but which should be taken more seriously and which are overhyped? In this report, IANS Faculty Mike Saurbaugh looks back over the major breaches and vulnerabilities of the past three months, explains them and provides real-world context and perspective.

Read More »


April 7, 2017 | Cloud Network and Host Controls
By Dave Shackleford, IANS Faculty

 IANS Cloud Security Update: Q1 2017

As more organizations move services and computing assets into cloud service provider environments, the need for adequate security controls grows as well. In this quarterly research report, IANS Faculty Dave Shackleford updates IANS’ clients on the new developments occurring in the cloud security arena.

Read More »


April 14, 2017 | Enterprise and IT Compliance Management
By Josh More, IANS Faculty

 Addressing PCI’s ‘One Primary Function’ Requirement

While PCI DSS 3.2 requires that IT implement just one primary function per server, it isn't exactly clear about what compliance entails. In this Ask-an-Expert written response, IANS Faculty Josh More explains the requirement and offers strategies for defending common business practices.

Read More »


April 25, 2017 | Team Structure and Management
By David Kolb, IANS Faculty

 Thriving When Policy and Business Priorities Clash

Corporate policy and business priorities live at two ends of a spectrum, and security professionals often find themselves at the collision point. In this report, IANS Faculty David Kolb and Chief Research Officer Stan Dolberg explore three types of intelligence (emotional, organizational and political) and offer tips for harnessing them to thrive in an environment where policies and priorities often clash. 

Read More »


April 26, 2017 | Privileged Access Management
By Aaron Turner, IANS Faculty

 Choosing an IDAM Tool for the Future

Finding one tool to handle both identity and privileged identity management is difficult enough, but what about one that will also provide the right set of capabilities as identity needs evolve in the future? In this Ask-an-Expert written response, IANS Faculty Aaron Turner details how to evaluate current vendors to ensure they remain relevant today and tomorrow.

Read More »


April 28, 2017 | Penetration Testing and Red Teaming
By Kevin Johnson, IANS Faculty

 Drafting a Pen-Testing Request for Quote (RFQ)

Contracting with third-parties for penetration tests -- against both internal and externally facing resources -- is an important part of security. But what is the best way to craft a request-for-quote? In this Ask-an-Expert written response, IANS Faculty Kevin Johnson examines a sample draft RFQ and offers recommendations to ensure all the bases are covered.

Read More »


May 2, 2017 | Team Structure and Management
By Mike Saurbaugh, IANS Faculty

 Creating a Workable Security Ambassador Program

We all know the importance of getting the business actively involved in security, but what's the best way to go about it? In this Ask-an-Expert live interaction, IANS Faculty Mike Saurbaugh explains how to build a workable security ambassador program that can act as a force multiplier across the business.

Read More »


May 3, 2017 | Security Analytics and Visualization
By Stephen McHenry, IANS Faculty

 Applying User and Entity Behavioral Analytics (UEBA) to Improve Security

As the market for user and entity behavioral analytics (UEBA) solutions continues to evolve, the need for these types of solutions will increase. At the same time, UEBA also poses challenges related to privacy, data security, policy and deployment/storage options. In this report, IANS Faculty Stephen McHenry examines the current state of the UEBA marketplace and offers some scenarios in which it could prove effective for organizations today and in the future. 

Read More »


May 16, 2017 | Threat Detection and Hunt Teaming
By Marcus Ranum, IANS Faculty

 Building a Low-Interaction Honeypot on Linux

A low-interaction honeypot is a great threat detection tool, but it can be difficult to create and configure. In this Ask-an-Expert written response, IANS Faculty Marcus Ranum steps through the process of building a Linux-based honeypot with specific services, such as Telnet, SSH, etc.

Read More »