Security Practices

Security Practices | News, how-tos, features, reviews, and videos

Multi-factor authentication (MFA) / two-factor authentication (2FA) / one-time security code

Can WebAuthn and U2F finally give us safe and easy Two-Factor authentication?

Using your smartphone for two-factor authentication is easy, but it's not as secure as you might think. The real future for secure 2FA lies in the WebAuthn and Universal 2nd Factor standards.

puzzle pieces / network / connections / component parts of a whole / microservices

Why XDR must include MDR

Technology alone isn't enough; organizations need help with security operations.

mobile security / threat detection / traffic analysis

XDR is coming: 5 steps CISOs should take today

Beyond threat detection and response, CISOs should think of XDR as an opportunity to modernize the SOC, automating processes, and improving staff productivity. Here's your XDR game plan for 2021.

security audit - risk assessment - network analysis

Microsoft 365 Advanced Audit: What you need to know

Microsoft's powerful new auditing options will help detect intrusions and see what was accessed...if you've paid for the right licenses.

audit binary compliance magnifying glass investigate

5 ways to combat audit fatigue

The growing number of audits for security and privacy regulatory compliance is stressing security personnel and draining resources from security operations. Here's how to better manage them.

Strategy  >  Moving chess pieces as abstract data overlays the game

5 ways attackers counter incident response, and how to stop them

IR has become a chess match with attackers who can cleverly spoil responders' efforts and keep a foothold in systems. Here's how they do it and how to kick them out for good.

A user reviews data and statistical models. [analytics / analysis / tracking / monitoring / logging]

How to optimize Windows event logging to better investigate attacks

The default event logging in Windows 10 won't give you enough information to properly conduct intrusion forensics. These settings and tools will help you collect the needed log data.

Tortoise-defense formation of the Spartans  >  warfare / war games / red team binary target / attack

Why BT's red team strikes for real

UK-based BT's red team conducts attacks on live systems without informing the rest of the business or the blue team defending it. BT Group CSO Les Anderson says this is key to the company's proactive approach to security.

jet aircraft is maneuvering for landing 149957988

Report: China supported C919 airliner development through cyberespionage

Chinese hackers and intelligence agencies coordinated cyberattacks to gather intellectual property of aerospace firms to gain competitive advantage.

security system vulnerabilities - a grid of locks with several unlocked

The case for continuous automated security validation

Organizations must truly understand their vulnerabilities at all times to make the right risk mitigation decisions. Continuous automated security validation can provide that.

ai robotics mathematics equation analytics virtual screen

HP gives software robots their own IDs to audit their activities

What are your robots up to? HP's new in-house Digital ID for software robots, a CSO50 award winner, makes it easier to keep track of robotic process automation (RPA).

abstract arrows direction process magnifying glass search investigate

What is digital forensics? And how to land a job in this hot field

Digital forensics is the application of scientific investigatory techniques to digital crimes and attacks. Think beyond the awful (and justly cancelled) TV show CSI Cyber; digital forensics is a crucial aspect of law and business in...

computer forensics

Building your forensic analysis toolset

Every security team should have these types of digital forensics tools available. Many are free, and there are enough options to find one that suits your skills and approach.

forensics threat hunter cyber security thumbprint

Why you need a digital forensics team (and the skills to look for)

Prevention and detection aren't enough. To better defend against future intrusions, you need a strong digital forensics team that can analyze attacks.

computer forensics

How to set up a successful digital forensics program

The time to set up a digital forensics program is before you have a breach. Here are the decisions you need to make.

Exclamation point on screen warning alert caution stop

Ways to improve your security team’s response time

Every second counts when it comes to incident response. With proper staffing, a streamlined procedure and the right tools in place, responding to threats can be a far less daunting task.

number 4 four film strip

4 cybersecurity developments to watch in 2018

Be ready for when the future arrives, start monitoring a pipeline of emerging technologies.

Insider threat becomes reality for Elon Musk

Every company needs to worry about the insider threat and Tesla is no exception. Now, Tesla has sued former employee Martin Tripp for sabotage and intellectual property theft.

Josh Schulte: CIA insider gone south or repugnant criminal?

Josh Schulte, believed to have been the source of the leaked the "Vault 7" Wikileaks trove of CIA tools, has been charged with a heinous crime concerning illegal images.

sepia number 3 film reel top three

The 3 hidden costs of incident response

Every business function seeks to apply finite resources to maximum benefit, and to do that effectively in security, like threats, requires a keen understanding of those costs that are known and those that are hiding.

Load More