David Strom

David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld, and other publications. He can be reached through his web site, or on Twitter @dstrom.

The Sony hacker indictment: 5 lessons for IT security

The Sony hacker indictment: 5 lessons for IT security

The recent indictment of North Korean hacker Park Jin Hyok contains valuable information from the FBI’s investigation that will help you defend against similar attacks.

New tools protect your AWS infrastructure

New tools protect your AWS infrastructure

Rhino Security and Amazon offer tools to improve visibility into your AWS cloud environments, making it easier to find configuration errors and vulnerabilities.

How to perform a risk assessment: Rethinking the process

How to perform a risk assessment: Rethinking the process

New regulations and a changing threat landscape mean you need a different approach to your security risk assessment process.

What is a CASB? What you need to know before you buy

What is a CASB? What you need to know before you buy

Cloud access security brokers have come a long way in a few years and can be an effective way to manage authentication and encryption across cloud and on-premise systems.

How risk-based authentication has become an essential security tool

How risk-based authentication has become an essential security tool

A new generation of risk-based authentication (RBA) products can improve both customer experience and security. Here's what to look for in them.

Honeypots as deception solutions: What to look for and how to buy

Honeypots as deception solutions: What to look for and how to buy

Commercial and open source honeypot tools are now effective deception solutions. Here's what you need to know before implement them.

4 open-source Mitre ATT&CK test tools compared

4 open-source Mitre ATT&CK test tools compared

Any of these tools from Endgame, Red Canary, Mitre, and Uber will get your red team and pentesters started with Mitre's ATT&CK framework.

What is Mitre's ATT&CK framework? What red teams need to know

What is Mitre's ATT&CK framework? What red teams need to know

The ATT&CK framework allows security researchers and red teams to better understand hacker threats.

Inside RSA's state-of-the-art fraud intelligence command center

Inside RSA's state-of-the-art fraud intelligence command center

RSA’s Anti-Fraud Command Center helps financial services firms stay a step ahead of fraudsters and criminals. The ultimate goal: Someday make it not worth their effort to even try.

10 questions to answer before running a capture the flag (CTF) contest

10 questions to answer before running a capture the flag (CTF) contest

Running your own CTF contest can build security skills and help identify new internal and external talent. Learn what types of challenges you need to include, how to make the contest run smoothly, and other logistics to consider.

How to protect your network from PowerShell exploits

How to protect your network from PowerShell exploits

PowerShell is a powerful and versatile tool for both Windows sysadmins and hackers, who use it to build malicious scripts that avoid detection. This advice will make it harder for them to do so.

SandBlast Mobile simplifies mobile security

SandBlast Mobile simplifies mobile security

Check Point's SandBlast Mobile fits in between mobile device managers and security event log analyzers, and actually makes it easier to manage the overall security footprint of your entire mobile device fleet.

Securing the smart home

Securing the smart home

First in a series of articles on the best ways to deploy and secure smart home technology.

Zix wins 5-vendor email encryption shootout

Zix wins 5-vendor email encryption shootout

In this review, we looked at five email encryption products, four of which employ encryption gateways and one that’s end-to-end. The gateways usually rely on plug-ins to Outlook and browsers so you can continue using your existing...

Check Point SandBlast takes endpoint protection to another level

Check Point SandBlast takes endpoint protection to another level

Check Point has long been known as a firewall company but it is reaching beyond its roots with a new series of protective technologies under its SandBlast line.

10 cutting-edge tools that take endpoint security to a new level

10 cutting-edge tools that take endpoint security to a new level

The 10 products we tested in this review go beyond proactive monitoring and endpoint protection and look more closely at threats. They evaluate these threats in a larger ecosystem, combining the best aspects from network intrusion...

How to buy endpoint security products

How to buy endpoint security products

While there is no single endpoint security product that can suit all situations, endpoint configurations and IT requirements, there are a few key things to consider in your purchase.

9-vendor authentication roundup: The good, the bad and the ugly

9-vendor authentication roundup: The good, the bad and the ugly

New ‘smart’ tokens and risk-based factors deliver tighter security, but setups remain complex and user interfaces need a facelift.

5 trends shaking up multi-factor authentication

5 trends shaking up multi-factor authentication

Perhaps the biggest surprise in our review of nine multi-factor authentication products is that physical tokens are making a comeback. Many IT managers were hoping that software-based tokens, which are easier to deploy and manage,...

Buyer’s Guide to 9 multi-factor authentication products

Buyer’s Guide to 9 multi-factor authentication products

The two-factor authentication market has moved toward what is now being called multi-factor authentication. One of the key features being new types of hardware-based tokens. Here are individual reviews of nine MFA products.

Load More