David Strom

David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld, and other publications. He can be reached through his web site, or on Twitter @dstrom.

How to choose a certificate management tool

How to choose the best VPN for security and privacy

How to choose the best VPN for security and privacy

Virtual private networks still have a place in the enterprise for protecting data and networks. Here's what you need to know when selecting a VPN.

How to evaluate SOC-as-a-service providers

How to evaluate SOC-as-a-service providers

Not every organization that needs a security operations center can afford to equip and staff one. A number of providers provide SOC as a service. Here's what you need to know about them and how the market has matured.

Top tools and best practices for WordPress security

Top tools and best practices for WordPress security

Poorly secured WordPress websites are a favorite hacker target. Use these tools and advice to keep them out.

12 risk-based authentication tools compared

12 risk-based authentication tools compared

Risk-based authentication tools have become more sophisticated and popular as companies transition away from dependence on password protection.

Red vs. blue vs. purple teams: How to run an effective exercise

Red vs. blue vs. purple teams: How to run an effective exercise

Playing the role of an attacker can make your team better at defense if you include all the stakeholders and carefully design goals.

What is Magecart? How this hacker group steals payment card data

What is Magecart? How this hacker group steals payment card data

Hacking groups that make up Magecart are effective and persistent at stealing customer and payment card data through skimmers. Here's how they work and what you can do to mitigate the risk.

9 cloud and on-premises email security suites compared

9 cloud and on-premises email security suites compared

These email security suites have evolved to keep pace with email-enabled threats.

MITRE ATT&CK framework: Understanding attack methods

MITRE ATT&CK framework: Understanding attack methods

The MITRE ATT&CK framework is a living, growing document of threat tactics and techniques that have been observed from millions of attacks on enterprise networks.

How to find the right testing tool for Okta, Auth0, and other SSO solutions

How to find the right testing tool for Okta, Auth0, and other SSO solutions

Implementing a single sign-on solution can be complicated, especially if you have apps that are not in the SSO vendor's catalog. These tools can simplify the process.

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework.

CSPM explained: Filling the gaps in cloud security

CSPM explained: Filling the gaps in cloud security

Cloud security posture management (CSPM) provides threat intelligence, detection, and remediation for complex cloud environments.

Load More