Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Why zero-trust models should replace legacy VPNs

  Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option. Continue Reading

• Cloud-native security benefits and use cases

  'Cloud native' has described applications and services for years, but its place in security is less clear. Get insight into cloud-native security from expert Dave Shackleford. Continue Reading

• How cloud adoption is shaping digital identity trends in 2021

  Expert Carla Roncato explains what organizations need to know about emerging digital identity and security trends for the cloud, including CASB, CIEM and zero trust. Continue Reading

• Why cloud changes everything around network security

  Vishal Jain examines why the data center mindset doesn't work for network security when it comes to using the public cloud and how companies should think instead. Continue Reading

• How to build a cloud security observability strategy

  Security observability in the cloud involves more than workload monitoring. Read up on the essential observability components and tools needed to reap the security benefits. Continue Reading

• Container vs. VM security: Which is better?

  Security professionals often compare containers vs. VMs when determining whether virtualization or containerization is better for their company's security strategy.Continue Reading

• How to use CIS benchmarks to improve public cloud security

  Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level.Continue Reading

• How cloud monitoring dashboards improve security operations

  Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options.Continue Reading

• 6 AIOps security use cases to safeguard the cloud

  Explore six AIOps security use cases in cloud environments, such as threat intelligence analysis and malware detection, as well as expert advice on implementation considerations.Continue Reading

• Implement Kubernetes for multi-cloud architecture security

  Uncover how orchestration tools benefit multi-cloud environments, and get help selecting the right deployment model for Kubernetes in multi-cloud architectures.Continue Reading

• Guide to cloud security management and best practices

  This cloud security guide explains the challenges facing enterprises today, best practices for securing and managing SaaS, IaaS and PaaS, and comparisons of cloud-native security tools.Continue Reading

• The security battle over entitlements and permissions creep

  IT must continually keep track of entitlements and permissions for all their cloud services, with methods such as CI/CD tools, increased visibility and continuous monitoring.Continue Reading

• Private vs. public cloud security: Benefits and drawbacks

  Uncover the differences between private vs. public cloud security -- as well as hybrid cloud security -- before deciding on an enterprise deployment model.Continue Reading

• Review these 7 CASB vendors to best secure cloud access

  CASB technology offers threat protection, increased visibility and policy enforcement. Explore how these seven vendors stack up and protect access to cloud applications.Continue Reading

• Explore CASB use cases before you decide to buy

  CASB tools help to secure cloud applications so only authorized users have access. Discover more about this rapidly evolving technology in a CASB explained tutorial.Continue Reading

• Why it's SASE and zero trust, not SASE vs. zero trust

  SASE and zero trust are hot infosec topics. But, when it comes to adoption, it's not a question of either/or, but using SASE to establish and enable zero-trust network access.Continue Reading

• How cloud-based SIEM tools benefit SOC teams

  It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure.Continue Reading

• Choosing between proxy vs. API CASB deployment modes

  Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications.Continue Reading

• How to use the Mitre ATT&CK framework for cloud security

  Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure.Continue Reading

• How enterprise cloud VPN protects complex IT environments

  Do you know how enterprise cloud VPN differs from a traditional VPN? Explore how cloud VPN works and whether it's the right option for your hybrid IT environment.Continue Reading

• CASB, CSPM, CWPP emerge as future of cloud security

  Complexity has introduced new needs and challenges when securing cloud environments. Find out how CASB, CSPM and CWPP tools have evolved to meet the changing cloud landscape.Continue Reading

• An inside look at the CCSP cloud security cert

  Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide.Continue Reading

• How cloud security posture management protects multi-cloud

  Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy.Continue Reading

• Infrastructure as code's security risks and rewards

  Infrastructure as code can yield some exciting security benefits for enterprises, but they each come with drawbacks. Learn more about the most critical IaC security impacts.Continue Reading

• The importance of security, data encryption for cloud

  As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools.Continue Reading

• Cloud workload protection platform security benefits, features

  VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection platform help your organization solve the problem?Continue Reading

• Privacy-preserving machine learning assuages infosec fears

  Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how.Continue Reading

• Istio service mesh security benefits microservices, developers

  Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture.Continue Reading

• Benefits of open source container vulnerability scanning

  Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools.Continue Reading

• Top 6 cloud security analytics use cases

  Security analytics use cases vary from fraud detection to threat intelligence analysis. Learn how deploying this technology in the cloud can improve enterprise infosec programs.Continue Reading

• CCSK cert guide author's insights into cloud security credential

  The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more.Continue Reading

• Comparing single cloud vs. multi-cloud security challenges

  A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective.Continue Reading

• SASE identity policies enhance security and access control

  Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model.Continue Reading

• Benefits of cloud data discovery tools and services multiply

  With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options.Continue Reading

• Lyft's open source asset tracking tool simplifies security

  Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps.Continue Reading

• McAfee launches security tool Mvision Cloud for Containers

  Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in McAfee Mvision Cloud for Containers.Continue Reading

• How to evaluate CASB tools for multi-cloud deployments

  When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and security goals to get the context you need before you buy.Continue Reading

• Benefits of using Azure Security Center for security assessments

  Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches.Continue Reading

• How container adoption affects container security

  Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago.Continue Reading

• 5 cloud storage privacy questions to ask potential providers

  Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service.Continue Reading

• Defining and evaluating SOC as a service

  As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise.Continue Reading

• How security teams benefit from traffic mirroring in the cloud

  Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks.Continue Reading

• What are the best criteria to use to evaluate cloud service providers?

  Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and third-party assessments.Continue Reading

• Why CASB tools are crucial to your cloud security

  CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT.Continue Reading

• Complexity requires new cloud-based patch management strategies

  Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike.Continue Reading

• 4 necessary steps to evaluate public cloud security

  The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected.Continue Reading

• What do the top cloud security providers offer in 2019?

  Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which one is right for you.Continue Reading

• Why centralization in a multi-cloud security strategy is key

  When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls.Continue Reading

• The problems with cloud-based email security

  Cloud-based email security can be challenging for enterprises to achieve. Learn what makes it a challenge and how to secure email in the cloud from expert Dave Shackleford.Continue Reading

• How unsecured Firebase databases put critical data at risk

  Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases.Continue Reading

• The pros and cons of proxy-based security in the cloud

  Is proxy-based security in the cloud right for you? Expert Ed Moyle looks at the benefits and drawbacks of using proxies for Office 365 and other cloud platforms.Continue Reading

• How to apply cloud security controls in the network

  Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services.Continue Reading

• How hackers use Docker APIs for cryptojacking

  Remote access puts Docker APIs in a vulnerable position. Expert Dave Shackleford explains how hackers abuse Docker APIs to carry out cryptojacking attacks.Continue Reading

• What's different about Google Asylo for confidential computing?

  The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings.Continue Reading

• How the Microsoft Authenticator app integrates with Azure AD

  Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security.Continue Reading

• What Microsoft's InPrivate Desktop feature could mean for enterprises

  Microsoft's secretive, potential new feature InPrivate Desktop could give security teams access to disposable sandboxes. Expert Ed Moyle explains how the feature could work.Continue Reading

• How do SLAs factor into cloud risk management?

  While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management.Continue Reading

• Cloud browsers: The security benefits of anonymity in the cloud

  Cloud browsers can provide a level of security for users seeking anonymity in the cloud. Expert Frank Siemons of the Infosec Institute explains the benefits of cloud browsers.Continue Reading

• How to fight cloud security threats effectively

  Read this expert guide to discover which current tools, techniques, policies and principles best keep corporate cloud infrastructure, data and software most secure.Continue Reading

• A look at the new Google cloud security tools and features

  Google cloud security has been bolstered by new GCP tools and capabilities. Learn more about Google's improved cloud security features from expert Dave Shackleford.Continue Reading

• SaaS platform security: The challenges of cloud network security

  Organizations have the necessary tools to protect data stored and processed in IaaS platforms. Learn why SaaS platform security remains a challenge from expert Rob Shapland.Continue Reading

• Anonymity tools: Why the cloud might be the best option

  The cloud might be the best of the available anonymity tools. Expert Frank Siemons explains the other options for anonymity for security and why the cloud is the best for privacy.Continue Reading

• Harden cloud apps with a secure software development lifecycle

  Wouldn't it be nice if every application were 100% cloud-ready? Unfortunately, that's often not the case, which can lead to security risks down the line if not properly addressed.Continue Reading

• Is Docker's Kubernetes implementation good for security?

  Docker's Kubernetes implementation provides enterprises with container orchestration options. Expert Rob Shapland discusses what this move means for cloud security.Continue Reading

• Active cyber deception: Can it improve cloud security?

  Fidelis Cybersecurity introduced a cloud security platform with active cyber deception features. Expert Dave Shackleford discusses how active deception techniques can work in the cloud.Continue Reading

• Cloud endpoint security: Balance the risks with the rewards

  While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains.Continue Reading

• Are AWS certificate authority services trustworthy?

  AWS now operates as its own CA. What are the potential risks of the new AWS certificate authority services? Expert Dave Shackleford outlines the pros and cons of this new setup.Continue Reading

• Considering cloud threat intelligence and detection services

  Cloud threat intelligence and detection services can provide better security for enterprises. Expert Dave Shackleford discusses some offerings from the major cloud providers.Continue Reading

• How TLS mutual authentication for cloud APIs bolsters security

  Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle.Continue Reading

• The security concerns of cloud cryptomining services

  Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one.Continue Reading

• How Amazon GuardDuty could bolster enterprise cloud security

  The new Amazon GuardDuty aims to secure enterprise AWS accounts and workloads, but does it? Expert Ed Moyle takes a closer look at the tool and whether it's effective.Continue Reading

• What the Azure AD Connect vulnerability can teach enterprises

  Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw.Continue Reading

• How the Meltdown vulnerability affects cloud services

  The Meltdown vulnerability has far-reaching implications, including with cloud providers. Expert Dave Shackleford looks at the Meltdown CPU flaw and what it means for the cloud.Continue Reading

• How cloud access security brokers have evolved

  Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these acquisitions have changed the CASB industry.Continue Reading

• Top five cloud security applications for infosec pros

  The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services.Continue Reading

• The 12 biggest cloud security threats, according to the CSA

  The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks.Continue Reading

• How Microsoft uses secure enclaves to improve cloud security

  The use of secure enclaves in the Microsoft Azure confidential computing update aims to improve cloud storage security. Expert Rob Shapland explains how it works.Continue Reading

• Is cloud microsegmentation secure enough for enterprise use?

  The use of cloud microsegmentation in enterprises has been met with some hesitation. Expert Dave Shackleford discusses why there are reservations and what the benefits are.Continue Reading

• The Cloud Security Ecosystem

  In this excerpt from chapter seven of The Cloud Security Ecosystem, authors Ryan Ko and Kim-Kwang Raymond Choo discuss protecting digital identity in the cloud.Continue Reading

• Why web application attacks are a growing threat to the cloud

  New research found that web application attacks present a significant threat to cloud environments. Rob Shapland explains the risks and what enterprises should do about them.Continue Reading

• Understanding VM escape vulnerabilities and how to avoid them

  In the last couple of years, VM escape vulnerabilities have popped up and caused problems for enterprises that rely on the cloud. Expert Ed Moyle explains how to handle these issues.Continue Reading

• How Microsoft SRD uses AI to help developers with security

  Microsoft SRD is a new cloud service that aims to detect vulnerabilities in software using artificial intelligence. Expert Dave Shackleford explains what that means.Continue Reading

• What security risks does rapid elasticity bring to the cloud?

  Enterprises can benefit from cloud features such as rapid elasticity and measured services, but they bring new security risks with them. Expert Matthew Pascucci explains.Continue Reading

• How to keep an Amazon S3 bucket from becoming public

  A public-facing Amazon S3 bucket caused problems for major organizations, including Booz Allen Hamilton. Expert Rob Shapland explains what happened and how to prevent it.Continue Reading

• Why the use of blockchain in the cloud is growing quickly

  Blockchain cloud services may offer organizations the ability to shift away from traditional cryptography models. Expert Dave Shackleford discusses what options are available.Continue Reading

• How to use a cloud-based sandbox to analyze malware

  A cloud-based sandbox can be a helpful tool for enterprises looking to bolster their intrusion prevention systems. Expert Rob Shapland explains how to leverage this technology.Continue Reading

• How DevOps tools can be used to integrate cloud automation

  DevOps tools can be used to deploy secure cloud automation. Expert Dave Shackleford looks at how this works and which tools are the best bet for DevSecOps.Continue Reading

• How can enterprises use SOC 2 reports to evaluate cloud providers?

  Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use.Continue Reading

• Google Cloud KMS: What are the security benefits?

  Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.Continue Reading

• How AWS Artifact tackles regulatory compliance for enterprises

  A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact.Continue Reading

• Microsoft Azure Security Center: Successful or stagnated?

  Now that Microsoft's Azure Security Center has been out and in use for a while, expert Ed Moyle takes a look at how successful it is and where it's headed in enterprise use.Continue Reading

• How to strategically implement CASBs in the enterprise

  CASBs can offer help for enterprises that leverage cloud services. Expert Ajay Kumar examines the use cases, functions and architectures of cloud access security brokers.Continue Reading

• How can AWS Organizations help secure cloud accounts?

  A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it compares to AWS IAM.Continue Reading

• How cloud endpoint protection products benefit enterprises

  Cloud endpoint protection products are outpacing standard endpoint protections. Expert Frank Siemons discusses the evolution of these products and how they benefit enterprises.Continue Reading

• How Microsoft's Secure Data Exchange bolsters cloud data security

  Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland looks at the service and how it works for enterprises.Continue Reading

• Project Springfield: How does Microsoft's fuzzing as a service work?

  Microsoft's fuzzing as a service cloud initiative, called Project Springfield, can make a significant difference to software security. Expert Matthew Pascucci explains.Continue Reading

• How should organizations vet a cloud collaboration app?

  A cloud collaboration app can be a useful tool for enterprises, but they should be thoroughly vetted before use. Expert Matthew Pascucci discusses what security features to review.Continue Reading

• A look at the shared responsibility model of cloud providers

  Many cloud providers now offer a shared responsibility model for their customers. Expert Dave Shackleford looks at the major providers' models and what they might be missing.Continue Reading

• How bring your own encryption in the cloud works for enterprises

  Bring your own encryption offerings for the cloud are more common now. Expert Ed Moyle discusses the benefits and drawback of BYOE and what to know before implementation.Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading