Security

This paper explores the capabilities behind Fortinet’s Next-Generation Firewalls. The FortiGate devices provide a consolidated security offering backed by high-performance network protection for a lower TCO than other vendors.

Learn the six key cost considerations when evaluating cloud services and the best practices on selecting a suitable provider.

Verizon’s longstanding Data Breach Investigations Report1, or DBIR, is an excellent starting point to understand the larger trends in security and data protection.

Leveraging the cloud to bring cost effectiveness and efficiency to an organisation must always be coupled with advanced security measures. Learn how Centrify, through its wide range of products, is able to provide firms both basic and advanced identity access management solutions - making fully integrated security possible.

See a visual representation of the GRC framework needed within an organization to meet today's governance, risk and compliance needs, as well as how an organization should view GRC, its guiding principles and final objectives.

This paper discusses the value of operational technologies while acknlowledging there is a "value ceiling" for some niche tools, highlighting the opportunity to seek broader value as part of the GRC program maturity process.

This business continuity white paper will help you address which sources to comply with and why, how to handle conflicts between the sources, how to prioritize your efforts.

This paper illustrates the major challenges faced by today's Federal IA professionals, and offers solutions, along with ROI for each of those challenges.

RSA, the security division of EMC, was positioned by Gartner in the Leader’s quadrant of the 2013 Magic Quadrant for Business Continuity Management Platforms based on completeness of vision and ability to execute.

RSA, the security division of EMC has received the highest rating of “Strong Positive” in Gartner MarketScope for IT Governance, Risk & Compliance Management (IT GRC) 2013 for the fifth consecutive time.

RSA, the security division of EMC, was positioned by Gartner in the Leader’s quadrant of the 2013 Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms based on completeness of vision and ability to execute.

Regardless of platform, the Web has become a hub of information and productivity. The browser has evolved to become one of the most-used applications, which has drawn the attention of cyber criminals – making it a potential Achilles heel for security.

Continuous Monitoring has become an overused and overhyped term in security circles, driven by US Government mandate (now called Continuous Diagnostics and Mitigation). But that doesn’t change the fact that monitoring needs to be a cornerstone of your security program, within the context of a risk-based paradigm. This paper from Securosis discusses Continuous Security Monitoring, including how to do it, and the most applicable use cases they have seen in the real world. It also provides a step-by-step guide for things to do for each use case to move forward with a monitoring initiative.

Organizations today are reevaluating their security strategies as they move their data and applications to the cloud. This whitepaper by Bloor Research discusses the challenges of security in the cloud and how the use of cloud-based services will enable organizations of all sizes, from the very smallest to multinational enterprises, to put trust back into the security equation.

Organizations have traditionally viewed vulnerability scanners as a tactical product, largely commoditized and only providing value around audit time. But with limited resources and a real need to reduce risk, organizations need the ability to pull in threat-related data, combine it with an understanding of what is vulnerable, and figure out what is at risk. This report from Securosis outlines how yesterday's vulnerability scanners are evolving to meet this need, emerging as a much more strategic component of an organization's control set than in the past. Learn how vulnerability scanners are evolving to provide real value beyond vulnerability reports for auditors - emerging as a strategic component helping organizations effectively lower risks.

Vulnerabilities in web applications are a major vector for cyber-crime. In large organizations, vulnerable web applications comprised 54% of all hacking breaches and led to 39% of compromised records, according to the 2012 Data Breach Investigation Report by Verizon Business. This paper describes how large enterprises can effectively discover, catalog and scan web applications to control this major risk vector as part of their organization’s overall vulnerability management program.

A zero-day threat is a vulnerability that becomes known to the vendor on the same day it becomes known to the public, meaning IT assets targeted by a zero-day threat won't have a patch available when it's needed. However, zero-day attacks operate in a realm of the probable - they work only because there are exploitable vulnerabilities within IT systems. Many of these can, and should be prevented. This guide describes why organizations are vulnerable to zero-day attacks, and what you can do to add a zero-day offense to your existing vulnerability management processes to protect your organization's assets and data.

Web applications have recently emerged as a top cybercriminal attack vector, and organizations that don’t take a proactive approach to app security may be setting themselves up for disaster. More than one-third of organizations still don’t have an application security program in place – what can you do to make sure you’re protected? Consult this informative survey today to discover your peers’ proven practices for app security success, and learn what you can do to stay protected – read on to get started.

The SANS 20 Critical Security Controls are known for driving effective security programs across government agencies, establishing guidelines for security professionals to ensure the confidentiality, integrity and availability of information technology assets. This paper describes how automating these controls using QualysGuard can protect your organization with continuous security while drastically lowering costs.

Automated Vulnerability Management (VM) solutions help you discover devices running in your network, determine whether they are vulnerable to attack, find fixes to the underlying problems, and protect yourself while those fixes are being implemented. This checklist of best practices will save you time and help you understand what to look for when selecting a VM, whether you have a dozen systems or a million.

Automated Web Application Scanning (WAS) solutions help you discover web apps running in your network, determine whether they are vulnerable to attack, understand how to fix them, and protect your business. This checklist of best practices will save you time and help you understand what to look for when selecting a WAS solution, whether you have a handful of apps or thousands.

Patching is a key strategy for managing vulnerabilities and ensuring enterprise-wide security. Unfortunately, there are often so many flaws in software that patching becomes an overwhelming process. This white paper describes an approach to patch management that allows you to prioritize vulnerabilities that pose the greatest risk and accelerate the speed at which patches are applied. Also inside, find ten steps to improve patching – read on to learn more.

Distributed denial-of-service attacks may be organized by type into a taxonomy that includes network attacks (layers 3 and 4), session attacks (layers 5 and 6), application attacks (layer 7), and business logic attacks. Each type may be matched with the best F5 technology for mitigating that attack. This paper explains how taken together, the F5 BIG-IP portfolio of products provides effective anti-attack technology for each layer of the taxonomy and can also defend against specific attack tools, network reconnaissance, and low-bandwidth asymmetric attacks.

This white paper examines the DDoS threat spectrum including conventional network attacks, HTTP and SSL floods, and an emerging wave of low-bandwidth threats, plus the new threat vectors likely to target emerging service platforms.

This whitepaper utilizes end-user interviews to better understand their DDoS defense plans, where they discovered a clear knowledge gap around the Denial of Service attacks in use and the defenses needed to maintain availability. The paper provides detail on the attacks in use, suggests realistic defensive architectures and tactics and explains the basic process required to have a chance of defending against a DDoS attack.