Insider

Get exclusive access to premium articles, product guides, reviews, how-tos, and more from CIO, CSO, Computerworld, InfoWorld, ITworld, and Network World - the best enterprise tech publications in the business. Learn more!

One lock in a series is unlocked / weakness / vulnerability

Tips to harden Active Directory against SolarWinds-type attacks

The SolarWinds attackers took advantage of Active Directory to gain a foothold. Here's what configurations and policies to check to better protect your network.

infographic of cloudscape reflect to modern multicloud technology picture id1262031859 2

How one multicloud-based business manages security controls

AppsFlyer processes 80 terabytes of data a day across multiple cloud hosting services. It scales its security needs by keeping a close eye on identity governance and access controls.

virtual puzzle cube / problem-solving / solution / strategy

How to reboot a broken or outdated security strategy

CISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders.

detection radar computer bug threats identify breach  by the lightwriter kao studio getty

5 things to look for in an XDR solution

The XDR market is hot, with vendors large and small jumping on the bandwagon. Here are 5 key capabilities to look for when evaluating XDR solutions.

Australia  >  Sydney  >  Streetscape / vanishing-point perspective / path / future / progress

3 security career lessons from 'Back to the Future'

You don't need to be able to predict the future to have a successful security career, but you had darned well better be able to learn from the past.

digital cloud computing cyber security digital data network future picture id1216520824

Top 7 security mistakes when migrating to cloud-based apps

As organizations rush key apps to the cloud to support remote workers, they often create opportunities for attackers. These are the most common mistakes to avoid.

cyber attack alert

How to prepare for and respond to a SolarWinds-type attack

If you can perform these tasks on your Windows network, then you are properly prepared to respond to a nation-state attack like SolarWinds.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

5 questions CISOs should ask prospective corporate lawyers

Where can you find an attorney with the knowledge and insight to help you navigate thorny privacy and security issues? These five questions will help you find the right match.

cso security malware breach hack alert gettyimages 1144604134 by solarseven 2400x1600px

How to block malicious JavaScript files in Windows environments

Attackers frequently send malicious JavaScript files through bogus emails. It's easy to block these files from reaching a hapless user. Here's how.

A network of linked question marks.

6 board of directors security concerns every CISO should be prepared to address

The COVID pandemic and spike in cybercriminal activity has raised interest in security among corporate boards. These are the concerns and questions CISOs say they are now hearing from them.

Shaking hands

Perfect strangers: How CIOs and CISOs can get along

The rise of security as a strategic imperative has altered the relationship between IT and infosec leaders. Here’s how CIOs and CISOs can become better partners.

Fraud / deception / social engineering  >  A wolf in sheep's clothing in a binary environment.

Why 2021 will be a big year for deception technology

New use cases, MITRE Shield support, and greater awareness will drive market growth and penetration.

Two figures within a data center / server maze, strewn with clouds.

What CISOs need to know about Europe's GAIA-X cloud initiative

A new cloud platform based on "European values" around data sovereignty, data protection and privacy will be an alternative to the likes of AWS or Azure.

Windows security and protection [Windows logo/locks]

How attackers exploit Windows Active Directory and Group Policy

Attackers have learned to use Active Directory and Group Policy to find weaknesses in Windows networks and identify targets. Here's what you can do to prevent that.

Skull-and-crossbones, code and the 'stop' gesture: hand held forward, palm out, fingers pointing up

How to use Windows Defender Attack Surface Reduction rules

With Microsoft's Attack Surface Reduction, you can set rules to block risky actions for each workstation on your network.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

Do you have a security tools gap?

Studies show that most CISOs think they have a security tools gap, but a deeper dive into the issue uncovers a much more complex dynamic.

CSO  >  security shield / binary code / handshake / agreement / contract

10 biggest cybersecurity M&A deals in 2020

COVID-19 hasn't slowed the pace of mergers and acquisitions for 2020, although the size of the transactions is down from last year.

risk assessment - safety analysis - security audit

EU's DORA regulation explained: New risk management requirements for financial firms

The proposed Digital Operational Resilience Act includes new incident response and third-party risk requirements for financial firms operating within the EU. Passage is expected, so plan now.

Mousetrap and cheese, seen floor-level from the perspective of the mouse.

4 top deception tools and how they ensnare attackers

Deception tools have come a long way in a few years and can now more closely emulate real network activity and help security teams identify and stop attacks.

open source box open box out of the box empty

Using open source for identity projects: 8 considerations

Consider these eight points to decide whether you can securely use open-source code in your identity management projects.

Load More