Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• 10 cybersecurity certifications to boost your career in 2024

  A consensus of industry professionals rank these 10 security certifications as the most coveted by employers and security pros -- plus links to 10 vendor security certifications. Continue Reading

• Cloud threat detection and response priorities for 2024

  To improve cloud detection and response, security pros need to get closer to cloud applications and software development processes. Here's how that can be accomplished. Continue Reading

• Application security consolidation remains nuanced

  As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading

• Kali vs. ParrotOS: 2 versatile Linux distros for security pros

  Network security doesn't always require expensive software. Two Linux distributions -- Kali Linux and ParrotOS -- can help enterprises fill in their security gaps. Continue Reading

• Key cybersecurity takeaways from AWS re:Invent

  Security was strongly emphasized throughout the AWS re:Invent user conference, with product updates to help companies secure data as they build apps and scale in the cloud. Continue Reading

• Assess security posture with the Cloud Security Maturity Model

  The Cloud Security Maturity Model enables organizations to assess their cloud security posture and optimize it as they continue their cloud journey.Continue Reading

• How organizations can learn from cloud security breaches

  Research shed light on cloud security breaches. It's time to learn from the past and mitigate these attacks in the future with strong cloud security and posture management.Continue Reading

• Amazon IAM announcements at re:Invent 2023

  At AWS re:Invent 2023, Amazon announced several new features around machine and human identities designed to improve identity and access management.Continue Reading

• 5 network security predictions for 2024

  Check out network security trends for 2024 from Enterprise Strategy Group, from SaaS security and rising DDoS attacks to network and endpoint convergence.Continue Reading

• Top 13 ransomware targets in 2024 and beyond

  Two in three organizations suffered ransomware attacks in a single year, according to recent research. And, while some sectors bear the brunt, no one is safe.Continue Reading

• How passwordless authentication aids identity security

  Enterprise Strategy Group's Jack Poller discusses survey results on user authentication practices and explains the security benefits of passwordless methods.Continue Reading

• Cybersecurity budgets lose momentum in uncertain economy

  Organizations' increasing prioritization of cybersecurity has protected most programs from major budget cuts. Even so, many CISOs are feeling the pinch.Continue Reading

• Security continues to lag behind cloud app dev cycles

  Enterprise Strategy Group research revealed security gaps in cloud-native software development -- issues that should be addressed as soon as possible.Continue Reading

• 4 tips to find cyber insurance coverage in 2024

  The cyber insurance industry is settling down but isn't without challenges. Read up on cyber insurance in 2024 and how to get the most from your organization's coverage this year.Continue Reading

• SBOM formats compared: CycloneDX vs. SPDX vs. SWID Tags

  Organizations can choose between three SBOM formats: CycloneDX, SPDX and SWID Tags. Learn more about them to determine which fits your organization best.Continue Reading

• Security highlights from KubeCon + CloudNativeCon 2023

  KubeCon + CloudNativeCon provided valuable insights for security teams supporting cloud-native development, including securing GenAI, platform engineering and supply chains.Continue Reading

• What is cyber hygiene and why is it important?

  Cyber hygiene, or cybersecurity hygiene, is a set of practices individuals and organizations perform regularly to maintain the health and security of users, devices, networks and data.Continue Reading

• How to protect your organization from IoT malware

  IoT devices are attractive targets to attackers, but keeping them secure isn't easy. Still, there are steps to take to minimize risk and protect networks from attacks.Continue Reading

• Traditional MFA isn't enough, phishing-resistant MFA is key

  Not every MFA technique is effective in combating phishing attacks. Enterprises need to consider new approaches to protect end users from fraudulent emails.Continue Reading

• SD-WAN deployments feed SASE network and security convergence

  Enterprise Strategy Group's Bob Laliberte discusses the latest findings in his newly released report and why SD-WAN's direct cloud connectivity feeds SASE business initiatives.Continue Reading

• Research points to 5 ways to improve cybersecurity culture

  Respondents to a new Enterprise Strategy Group/ISSA survey offered five key points on how to strengthen an organization's cybersecurity culture.Continue Reading

• 9 secure email gateway options for 2024

  Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at some current market leaders and their standout features.Continue Reading

• How to overcome the beginner cybersecurity career Catch-22

  The workforce gap constantly makes headlines, but that doesn't mean breaking into the field is easy. Get advice on how to start on an entry-level cybersecurity career path.Continue Reading

• Collaborate with third parties to ensure enterprise security

  Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly.Continue Reading

• Cloud-native app security? Ignore acronyms, solve problems

  When building a cloud-native application security strategy, avoid new acronym and product category confusion. Look for products that effectively address top challenges instead.Continue Reading

• What is cloud security management? Guide and best practices

  This cloud security guide explains challenges enterprises face today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools.Continue Reading

• Cloud-native firewalls are the next step in network security

  The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls.Continue Reading

• Takeaways from Oktane23: Okta AI, universal logout and more

  New game-changing security features from Okta speed threat detection and response times, enabling IT pros to log all users out of applications during a cyber attack.Continue Reading

• Security posture management a huge challenge for IT pros

  Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation.Continue Reading

• What is ransomware? How it works and how to remove it

  Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment.Continue Reading

• Transitioning to single-vendor SASE will take time

  New Enterprise Strategy Group research reveals enterprises are interested in single-vendor SASE -- but with multiple tools on hand, the transition will take planning and time.Continue Reading

• Secure service edge strengths drive SASE deployments

  Enterprise Strategy Group's John Grady discusses the latest findings in his newly released report and why businesses won’t start a SASE initiative without first implementing SSE.Continue Reading

• Google and Mandiant flex cybersecurity muscle at mWISE

  End-to-end cybersecurity coverage and generative AI could accentuate Google and Mandiant's combined cybersecurity opportunities -- with the right execution.Continue Reading

• How SOAR helps improve MTTD and MTTR metrics

  By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts.Continue Reading

• Strong identity security could've saved MGM, Caesars, Retool

  Three cyber attacks that featured vishing led to compromised identities, data loss and the interruption of operations. Passwordless authentication could have prevented all three.Continue Reading

• Google Cloud Next focuses on generative AI for security

  Google discussed its vision for applying generative AI to cybersecurity at its Google Cloud Next conference in August, with announcements about new features and capabilities.Continue Reading

• Time for an identity security revolution

  Identity needs to be the foundational component of the cybersecurity stack, because attackers are primarily after an organization's data.Continue Reading

• What is risk management and why is it important?

  Risk management is the process of identifying, assessing and controlling threats to an organization's capital, earnings and operations.Continue Reading

• The ultimate guide to cybersecurity planning for businesses

  This in-depth cybersecurity planning guide provides information and advice to help organizations develop a successful strategy to protect their IT systems from attacks.Continue Reading

• 10 antimalware tools for ransomware protection and removal

  Businesses face billions of malware and ransomware threats each year. Antimalware tools can help enterprises protect their networks and limit any damages that may occur.Continue Reading

• Identity needs a seat at the cybersecurity table

  The shift to the cloud and remote work, combined with the rise of phishing and other identity-related attacks, puts identity security at the forefront of cybersecurity concerns.Continue Reading

• Cut through cybersecurity vendor hype with these 6 tips

  Cybersecurity vendor hype can make purchasing decisions difficult. When considering a new product or service, think critically about whether it would truly add business value.Continue Reading

• SEC cyber attack regulations prompt 10 questions for CISOs

  New SEC regulations governing the disclosure of cyber attacks by public companies lead to 10 questions board members should ask their CISOs about managing cyber-risk.Continue Reading

• Enterprise dark web monitoring: Why it's worth the investment

  Getting an early warning that your data has been compromised is a key benefit of dark web monitoring, but there are many more. By knowing your enemies, you can better protect your assets.Continue Reading

• Should companies make ransomware payments?

  Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying.Continue Reading

• Adopt embedded penetration testing to keep IoT devices secure

  Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains.Continue Reading

• 5 digital forensics tools experts use in 2023

  A data breach prompts law enforcement and affected organizations to investigate. These five digital forensics tools help with evidence collection and incident response.Continue Reading

• Why using ransomware negotiation services is worth a try

  If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout.Continue Reading

• Best practices for reporting ransomware attacks

  Organizations must decide whether to report ransomware incidents to the authorities and disclose them to the public. Experts weigh in on the options and best practices.Continue Reading

• 8 vulnerability management tools to consider in 2023

  Vulnerability management tools help organizations identify and remediate system and application weaknesses and more. Choose your tool -- or tools -- carefully.Continue Reading

• Intersection of generative AI, cybersecurity and digital trust

  The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges.Continue Reading

• Enterprise communication security a growing risk, priority

  Enterprise Strategy Group's Dave Gruber discusses survey results on security threats related to the use of email and other communication and collaboration tools.Continue Reading

• Ransomware case study: Recovery can be painful

  In ransomware attacks, backups can save the day and the data. Even so, recovery can still be expensive and painful, depending on the approach. Learn more in this case study.Continue Reading

• Supercloud security concerns foreshadow concept's adoption

  Supercloud lets applications work together across multiple cloud environments, but organizations must pay particular attention to how they protect their assets.Continue Reading

• Enterprise risk management should inform cyber-risk strategies

  Cyber-risk doesn't exist in a vacuum. By understanding the broader enterprise risk management landscape, CISOs can make decisions that best serve the business.Continue Reading

• AI helps humans speed app modernization, improve security

  Enterprises are looking at AI-driven approaches to help human teams modernize and accelerate application development to refactor or build new apps and beef up cybersecurity.Continue Reading

• How API gateways improve API security

  API gateways keep APIs secure by providing rate limiting, DDoS protection and more. Learn more about these benefits, along with API gateway security best practices.Continue Reading

• Top 10 threat modeling tools, plus features to look for

  Automated threat modeling tools make identifying threats simpler, but the tools themselves can be fairly complex. Understanding where risks exist is only one part of the process.Continue Reading

• How AI benefits network detection and response

  Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response.Continue Reading

• Blockchain security: Everything you should know for safe use

  Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses.Continue Reading

• App development trends and their security implications

  Enterprise Strategy Group analysts look at how organizations are modernizing software development processes and how security teams can support the growth and scale.Continue Reading

• Cyber-risk quantification benefits and best practices

  It's not enough to know cybersecurity threats exist. More importantly, companies must understand cyber-risks in ways stakeholders can measure and discuss.Continue Reading

• New AWS security tools, updates help IT protect cloud apps

  AWS released a slew of updates to improve security as IT pros develop and deploy more enterprise applications via public cloud services.Continue Reading

• Risk assessment vs. threat modeling: What's the difference?

  Risk assessments and threat modeling each address potential risks. But they play distinct roles in how they help companies protect systems and data.Continue Reading

• Cisco releases new security offerings at Cisco Live 2023

  At Cisco Live 2023, Cisco emphasized its plans to emphasize security, rolling out a host of new initiatives from secure access to AI-aided security to cloud-native app security.Continue Reading

• Benefits of risk-based vulnerability management over legacy VM

  Risk-based vulnerability management not only offers a proactive way to identify vulnerable assets, but it also helps prevent alert fatigue and improve patch prioritization.Continue Reading

• Top blockchain attacks, hacks and security issues explained

  Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues.Continue Reading

• 6 blockchain use cases for cybersecurity

  Is blockchain secure by design, or should blockchains be designed for security? Learn more through these six security and privacy use cases for blockchain.Continue Reading

• Low-code/no-code use cases for security

  Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to benefit the security industry, too.Continue Reading

• Top breach and attack simulation use cases

  While pen tests offer a point-in-time report on the security of an organization's security defenses, breach and attack simulations offer regular or even constant status checks.Continue Reading

• The potential danger of the new Google .zip top-level domain

  How much should the average end user be concerned about the new .zip and .mov TLDs? They aren't as bad as some make them out to be, but it's still worth doing something about them.Continue Reading

• Closing the book on RSA Conference 2023

  AI, cloud security, SOC modernization and security hygiene and posture management were all hot topics at RSAC in San Francisco this year.Continue Reading

• 5 SBOM tools to start securing the software supply chain

  Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications.Continue Reading

• 2023 RSA Conference insights: Generative AI and more

  Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways.Continue Reading

• It's time to harden AI and ML for cybersecurity

  An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated.Continue Reading

• How Target built its DevSecOps culture using psychology

  Building a healthy DevSecOps culture isn't easy. Learn how Target used organizational psychology to get development and application security teams on the same page.Continue Reading

• Generative AI in SecOps and how to prepare

  Generative AI assistants could be game changers in the SOC -- but not if SecOps teams haven't prepared for them. Here's how to get ready.Continue Reading

• Standardized data collection methods can help fight cybercrime

  Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers.Continue Reading

• Pen testing amid the rise of AI-powered threat actors

  The importance of pen testing continues to increase in the era of AI-powered attacks, along with red teaming, risk prioritization and well-defined goals for security teams.Continue Reading

• 10 hot topics to look for at RSA Conference 2023

  RSA Conference 2023 promises another exciting year of cybersecurity discussions and hyperbole. Enterprise Strategy Group's Jon Oltsik shares what he hopes to see at the show.Continue Reading

• 5 ChatGPT security risks in the enterprise

  Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks.Continue Reading

• Top RSA Conference 2023 trends and topics

  Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more.Continue Reading

• Compare breach and attack simulation vs. penetration testing

  A deep dive into breach and attack simulation vs. penetration testing shows both tools prevent perimeter and data breaches. Find out how they complement each other.Continue Reading

• 8 cloud detection and response use cases

  Unsure whether cloud detection and response could be useful for your organization? These eight use cases could make CDR indispensable.Continue Reading

• 6 principles for building engaged security governance

  Security governance isn't enough. Enter engaged security governance -- an ongoing process that aligns business strategy with security across an organization.Continue Reading

• Is cybersecurity recession-proof?

  No field is totally immune to economic downturns, but flexible, practical and prepared cybersecurity professionals should be able to weather any upcoming storms.Continue Reading

• Research examines security operations proficiency issues

  Instead of looking at where security operations teams excel, Enterprise Strategy Group asked security pros where teams are least proficient. Learn where and how to fix it.Continue Reading

• Accurately assessing the success of zero-trust initiatives

  Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult.Continue Reading

• Top benefits of SOAR tools, plus potential pitfalls to consider

  To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success.Continue Reading

• Top 6 SOAR use cases to implement in enterprise SOCs

  Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts.Continue Reading

• Top incident response service providers, vendors and software

  Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options.Continue Reading

• Web3 blockchain enables users to take control of identity

  A centralized identity model creates security and privacy risks. Decentralized identity through Web3 could mitigate these risks, but companies must adapt to keep pace.Continue Reading

• Inside the PEIR purple teaming model

  Want to try purple team exercises but aren't sure how to do so? Try the 'Prepare, Execute, Identify and Remediate' purple teaming model.Continue Reading

• Understanding purple teaming benefits and challenges

  Blue teams and red teams are coming together to form purple teams to improve their organization's security posture. What does this mean for the rivals? And how does it work?Continue Reading

• Web 3.0 security risks: What you need to know

  Elements of the third version of the web are coming to fruition. But Web 3.0 also comes with new cybersecurity, financial and privacy threats besides the familiar risks of Web 2.0.Continue Reading

• Top takeaways from first CloudNativeSecurityCon

  TechTarget's Enterprise Strategy Group offers the main takeaways from the first vendor-neutral, practitioner-driven conference for security.Continue Reading

• How to become an incident responder: Requirements and more

  Incident response is a growth field that provides career growth options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications.Continue Reading

• DevSecOps needs to improve to grow adoption rates, maturity

  Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps.Continue Reading

• 6 data security predictions for 2023

  New tools are proliferating to secure data wherever it lives. Six data security trends -- ranging from AI washing to new data security platforms -- are in the forefront for 2023.Continue Reading

• 4 identity predictions for 2023

  Identity's place in the attack chain is driving the shift of identity responsibility from IT operations to security to look into passwordless, digital IDs, platforms and more.Continue Reading