An Intrusion Prevention System is any device which exercises access control to protect computers from exploitation. "Intrusion prevention" technology is considered by some to be an extension of intrusion detection (IDS) technology, but it is actually another form of access control, like an application layer firewall. The latest Next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an Intrusion-prevention system.
Cybercriminals today are launching attacks against businesses by copying sophisticated malware and techniques used to target governments and high-profile organizations. Don’t get caught in the crossfire. Read our special report "Who's spying on you?"
You would be hard pressed to find a single employee who comes to the office without a personal mobile device. Most probably use those devices outside the office to send work-related email messages. BYOD is a reality in today's business world.
The Digital Security and Surveillance eZine is about channel partners extending their expertise in Internet Protocol to a whole new arena. For these partners, security goes well beyond software, firewalls, VPNs and other security offerings commonly discussed in the industry. These partners are combining networks, storage, cameras and similar technologies into full solutions designed to help protect the customer.
SANS Institute looks at how network attacks can be avoided by utilizing a SIEM platform that combines historical data with real-time data from network sources and security policies for better, more accurate reporting.
This whitepaper serves as a guide in choosing the right combination of Strong Authentication methods that best fits your business, your organization and your employees’ different roles and responsibilities.
Collaboration and information sharing activities are already fiercely regulated all over the world but as laws and regulations continue to emerge this presents a driving need for business decision makers to ensure legal compliance. In this White Paper we make recommendations about the steps organizations should take as part of a program to help achieve legal compliance; readers will soon appreciate that man y of these steps can only be taken with the involvement and support of CIOs and CISOs.
Advanced evasions will break the security protection model that most organizations are using today. Given this changing threat landscape we need to rethink traditional security models. Here’s advice on how to evade AETs.
The SANS 20 Critical Security Controls are known for driving effective security programs across government agencies, establishing guidelines for security professionals to ensure the confidentiality, integrity and availability of information technology assets. This paper describes how automating these controls using QualysGuard can protect your organization with continuous security while drastically lowering costs.
Automated Vulnerability Management (VM) solutions help you discover devices running in your network, determine whether they are vulnerable to attack, find fixes to the underlying problems, and protect yourself while those fixes are being implemented. This checklist of best practices will save you time and help you understand what to look for when selecting a VM, whether you have a dozen systems or a million.
Automated Web Application Scanning (WAS) solutions help you discover web apps running in your network, determine whether they are vulnerable to attack, understand how to fix them, and protect your business. This checklist of best practices will save you time and help you understand what to look for when selecting a WAS solution, whether you have a handful of apps or thousands.
A zero-day threat is a vulnerability that becomes known to the vendor on the same day it becomes known to the public, meaning IT assets targeted by a zero-day threat won't have a patch available when it's needed. However, zero-day attacks operate in a realm of the probable - they work only because there are exploitable vulnerabilities within IT systems. Many of these can, and should be prevented.
This guide describes why organizations are vulnerable to zero-day attacks, and what you can do to add a zero-day offense to your existing vulnerability management processes to protect your organization's assets and data.
There is a security risk in your organization that can render all of your security controls worthless with a single click. It is dynamic and changes in real-time. It is the weakest link in your infrastructure, and no singular security appliance or software exists that can lock it down. What's more, you have not one but hundreds-perhaps thousands-of these risks, each sitting behind a desk in your organization. While users represent the single largest security risk to organizations, there are measures you can put in place to mitigate the risk they can introduce to your organization. This eBook explores the different kinds of user-based risks in today's corporate environment, including mobile devices and cloud services, and gives actionable guidance on how to mitigate these risks.
After a string of high-profile attacks against financial services companies and online retailers, Internet data centers are increasingly the targets of hackers and cybercriminals who view them as vulnerable to new and different kinds of attacks. Read how your can protect your company's valuable data.
As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to the user's confidential personal and financial information. In this Mobile Security Guide, we'll walk you through the mobile malware landscape and what you need to know to keep your organization's data safe.