Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Benefits of cloud data discovery tools and services multiply

  With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options. Continue Reading

• Lyft's open source asset tracking tool simplifies security

  Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps. Continue Reading

• McAfee launches security tool Mvision Cloud for Containers

  Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in McAfee Mvision Cloud for Containers. Continue Reading

• How to evaluate CASB tools for multi-cloud deployments

  When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and security goals to get the context you need before you buy. Continue Reading

• Benefits of using Azure Security Center for security assessments

  Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches. Continue Reading

• How container adoption affects container security

  Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago.Continue Reading

• Understand CASB technology before you buy

  CASB technology offers threat protection, increased visibility and policy enforcement. Explore how these tools protect access to cloud applications, and then compare some of the top products.Continue Reading

• 5 cloud storage privacy questions to ask potential providers

  Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service.Continue Reading

• Defining and evaluating SOC as a service

  As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise.Continue Reading

• How security teams benefit from traffic mirroring in the cloud

  Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks.Continue Reading

• What are the best criteria to use to evaluate cloud service providers?

  Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and third-party assessments.Continue Reading

• Why CASB tools are crucial to your cloud security

  CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT.Continue Reading

• Complexity requires new cloud-based patch management strategies

  Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike.Continue Reading

• 4 necessary steps to evaluate public cloud security

  The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected.Continue Reading

• What do the top cloud security providers offer in 2019?

  Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which one is right for you.Continue Reading

• Why centralization in a multi-cloud security strategy is key

  When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls.Continue Reading

• The problems with cloud-based email security

  Cloud-based email security can be challenging for enterprises to achieve. Learn what makes it a challenge and how to secure email in the cloud from expert Dave Shackleford.Continue Reading

• How unsecured Firebase databases put critical data at risk

  Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases.Continue Reading

• The pros and cons of proxy-based security in the cloud

  Is proxy-based security in the cloud right for you? Expert Ed Moyle looks at the benefits and drawbacks of using proxies for Office 365 and other cloud platforms.Continue Reading

• How to apply cloud security controls in the network

  Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services.Continue Reading

• How hackers use Docker APIs for cryptojacking

  Remote access puts Docker APIs in a vulnerable position. Expert Dave Shackleford explains how hackers abuse Docker APIs to carry out cryptojacking attacks.Continue Reading

• What's different about Google Asylo for confidential computing?

  The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings.Continue Reading

• How the Microsoft Authenticator app integrates with Azure AD

  Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security.Continue Reading

• What Microsoft's InPrivate Desktop feature could mean for enterprises

  Microsoft's secretive, potential new feature InPrivate Desktop could give security teams access to disposable sandboxes. Expert Ed Moyle explains how the feature could work.Continue Reading

• How do SLAs factor into cloud risk management?

  While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management.Continue Reading

• Cloud browsers: The security benefits of anonymity in the cloud

  Cloud browsers can provide a level of security for users seeking anonymity in the cloud. Expert Frank Siemons of the Infosec Institute explains the benefits of cloud browsers.Continue Reading

• Consider international cloud security standards, legal reqs

  Whether you're accessing (or operating) the cloud from Miami, Milan or Mumbai, you need to ensure those services meet regional cloud security standards and legal requirements.Continue Reading

• How to fight cloud security threats effectively

  Read this expert guide to discover which current tools, techniques, policies and principles best keep corporate cloud infrastructure, data and software most secure.Continue Reading

• A look at the new Google cloud security tools and features

  Google cloud security has been bolstered by new GCP tools and capabilities. Learn more about Google's improved cloud security features from expert Dave Shackleford.Continue Reading

• SaaS platform security: The challenges of cloud network security

  Organizations have the necessary tools to protect data stored and processed in IaaS platforms. Learn why SaaS platform security remains a challenge from expert Rob Shapland.Continue Reading

• Secure development lifecycle in the cloud: Trust but verify

  Cloud providers may advertise their apps as secure, but it’s up to enterprises to validate those claims and confirm adherence to a secure development lifecycle.Continue Reading

• Anonymity tools: Why the cloud might be the best option

  The cloud might be the best of the available anonymity tools. Expert Frank Siemons explains the other options for anonymity for security and why the cloud is the best for privacy.Continue Reading

• Harden cloud apps with a secure software development lifecycle

  Wouldn't it be nice if every application were 100% cloud-ready? Unfortunately, that's often not the case, which can lead to security risks down the line if not properly addressed.Continue Reading

• Is Docker's Kubernetes implementation good for security?

  Docker's Kubernetes implementation provides enterprises with container orchestration options. Expert Rob Shapland discusses what this move means for cloud security.Continue Reading

• Active cyber deception: Can it improve cloud security?

  Fidelis Cybersecurity introduced a cloud security platform with active cyber deception features. Expert Dave Shackleford discusses how active deception techniques can work in the cloud.Continue Reading

• Cloud endpoint security: Balance the risks with the rewards

  While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains.Continue Reading

• Are AWS certificate authority services trustworthy?

  AWS now operates as its own CA. What are the potential risks of the new AWS certificate authority services? Expert Dave Shackleford outlines the pros and cons of this new setup.Continue Reading

• Considering cloud threat intelligence and detection services

  Cloud threat intelligence and detection services can provide better security for enterprises. Expert Dave Shackleford discusses some offerings from the major cloud providers.Continue Reading

• How TLS mutual authentication for cloud APIs bolsters security

  Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle.Continue Reading

• The security concerns of cloud cryptomining services

  Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one.Continue Reading

• How Amazon GuardDuty could bolster enterprise cloud security

  The new Amazon GuardDuty aims to secure enterprise AWS accounts and workloads, but does it? Expert Ed Moyle takes a closer look at the tool and whether it's effective.Continue Reading

• What the Azure AD Connect vulnerability can teach enterprises

  Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw.Continue Reading

• How the Meltdown vulnerability affects cloud services

  The Meltdown vulnerability has far-reaching implications, including with cloud providers. Expert Dave Shackleford looks at the Meltdown CPU flaw and what it means for the cloud.Continue Reading

• How cloud access security brokers have evolved

  Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these acquisitions have changed the CASB industry.Continue Reading

• Top five cloud security applications for infosec pros

  The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services.Continue Reading

• The 12 biggest cloud security threats, according to the CSA

  The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks.Continue Reading

• How Microsoft uses secure enclaves to improve cloud security

  The use of secure enclaves in the Microsoft Azure confidential computing update aims to improve cloud storage security. Expert Rob Shapland explains how it works.Continue Reading

• Is cloud microsegmentation secure enough for enterprise use?

  The use of cloud microsegmentation in enterprises has been met with some hesitation. Expert Dave Shackleford discusses why there are reservations and what the benefits are.Continue Reading

• The Cloud Security Ecosystem

  In this excerpt from chapter seven of The Cloud Security Ecosystem, authors Ryan Ko and Kim-Kwang Raymond Choo discuss protecting digital identity in the cloud.Continue Reading

• Why web application attacks are a growing threat to the cloud

  New research found that web application attacks present a significant threat to cloud environments. Rob Shapland explains the risks and what enterprises should do about them.Continue Reading

• Understanding VM escape vulnerabilities and how to avoid them

  In the last couple of years, VM escape vulnerabilities have popped up and caused problems for enterprises that rely on the cloud. Expert Ed Moyle explains how to handle these issues.Continue Reading

• How Microsoft SRD uses AI to help developers with security

  Microsoft SRD is a new cloud service that aims to detect vulnerabilities in software using artificial intelligence. Expert Dave Shackleford explains what that means.Continue Reading

• What security risks does rapid elasticity bring to the cloud?

  Enterprises can benefit from cloud features such as rapid elasticity and measured services, but they bring new security risks with them. Expert Matthew Pascucci explains.Continue Reading

• How to keep an Amazon S3 bucket from becoming public

  A public-facing Amazon S3 bucket caused problems for major organizations, including Booz Allen Hamilton. Expert Rob Shapland explains what happened and how to prevent it.Continue Reading

• Why the use of blockchain in the cloud is growing quickly

  Blockchain cloud services may offer organizations the ability to shift away from traditional cryptography models. Expert Dave Shackleford discusses what options are available.Continue Reading

• How to use a cloud-based sandbox to analyze malware

  A cloud-based sandbox can be a helpful tool for enterprises looking to bolster their intrusion prevention systems. Expert Rob Shapland explains how to leverage this technology.Continue Reading

• How DevOps tools can be used to integrate cloud automation

  DevOps tools can be used to deploy secure cloud automation. Expert Dave Shackleford looks at how this works and which tools are the best bet for DevSecOps.Continue Reading

• How can enterprises use SOC 2 reports to evaluate cloud providers?

  Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use.Continue Reading

• Google Cloud KMS: What are the security benefits?

  Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.Continue Reading

• How AWS Artifact tackles regulatory compliance for enterprises

  A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact.Continue Reading

• Microsoft Azure Security Center: Successful or stagnated?

  Now that Microsoft's Azure Security Center has been out and in use for a while, expert Ed Moyle takes a look at how successful it is and where it's headed in enterprise use.Continue Reading

• How to strategically implement CASBs in the enterprise

  CASBs can offer help for enterprises that leverage cloud services. Expert Ajay Kumar examines the use cases, functions and architectures of cloud access security brokers.Continue Reading

• How can AWS Organizations help secure cloud accounts?

  A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it compares to AWS IAM.Continue Reading

• How cloud endpoint protection products benefit enterprises

  Cloud endpoint protection products are outpacing standard endpoint protections. Expert Frank Siemons discusses the evolution of these products and how they benefit enterprises.Continue Reading

• How Microsoft's Secure Data Exchange bolsters cloud data security

  Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland looks at the service and how it works for enterprises.Continue Reading

• Project Springfield: How does Microsoft's fuzzing as a service work?

  Microsoft's fuzzing as a service cloud initiative, called Project Springfield, can make a significant difference to software security. Expert Matthew Pascucci explains.Continue Reading

• How should organizations vet a cloud collaboration app?

  A cloud collaboration app can be a useful tool for enterprises, but they should be thoroughly vetted before use. Expert Matthew Pascucci discusses what security features to review.Continue Reading

• A look at the shared responsibility model of cloud providers

  Many cloud providers now offer a shared responsibility model for their customers. Expert Dave Shackleford looks at the major providers' models and what they might be missing.Continue Reading

• How bring your own encryption in the cloud works for enterprises

  Bring your own encryption offerings for the cloud are more common now. Expert Ed Moyle discusses the benefits and drawback of BYOE and what to know before implementation.Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading

• What to know about SIEM as a service before deployment

  There's been increased interest in SIEM as a service and enterprises need to get to know the model before using it. Expert Frank Siemons explains what's different about it.Continue Reading

• Lessons learned from the Microsoft Office 365 SAML 2.0 flaw

  The Microsoft Office 365 SAML flaw that allowed attackers to bypass authentication was resolved quickly, but offers enterprises some important lessons. Expert Ed Moyle discusses.Continue Reading

• How a cloud-based HSM can boost enterprise security with enough effort

  There are both security benefits and risks to using a cloud-based HSM in an enterprise. Expert Dave Shackelford discusses the arguments for and against cloud HSMs.Continue Reading

• Picking the best CASB for your enterprise

  Cloud access security brokers, or CASBs, are either in-house network gateways or security-as-a-service cloud offerings that inspect network traffic destined for the cloud. This guide equips security pros with the knowledge they need to buy the best ...Continue Reading

• Why the DROWN vulnerability requires constant vigilance

  The DROWN vulnerability affected hundreds of SaaS applications, and they're not all completely fixed yet. Expert Ed Moyle discusses the SSLv2 vulnerability and how to manage it.Continue Reading

• Cloud data classification services: How they benefit organizations

  Data classification services from CSPs are important for organizations strengthening their cloud security posture. Expert Dave Shackleford explains the perks of these services.Continue Reading

• Using the shared responsibility model to secure your cloud environment

  The shared responsibility model for cloud services puts different sets of security duties on vendors and customers. Learn what to expect when moving services to the cloud.Continue Reading

• A look at the cloud migration challenges enterprises could face

  One of the most common problems facing organizations is dealing with many cloud migration challenges. Expert Dave Shackleford discusses the challenges and how to deal with them.Continue Reading

• How to make sanitizing data in the cloud easier for organizations

  Data sanitization is often required for compliance, but many organizations struggle with it in the cloud. Expert Frank Siemons discusses why and how to make it easier.Continue Reading

• The security risks of URL-shortening services for enterprises

  URL-shortening services have become a security threat to organizations. Expert Dave Shackleford explains why and how to mitigate the risks of shortened URLs.Continue Reading

• How cloud WAF implementations can improve application security

  Having to secure applications that are not locally hosted is possible with a cloud WAF. Expert Matt Pascucci explains how they work, and what enterprises need to understand.Continue Reading

• Cloud API security: How to interface with DevOps

  Security professionals need to get acquainted with cloud API security options available to development and operation teams regardless of the services they use.Continue Reading

• Cloud pen testing: What testers need to consider

  Before starting cloud penetration testing, there a few things to keep in mind. Expert Frank Siemons discusses limitations and techniques for pen testing cloud platforms.Continue Reading

• Why cloud onboarding requires an enterprise security plan

  Cloud onboarding shouldn't require sacrificing security. Expert Ed Moyle explains how enterprises can implement a plan to keep their organizations safe.Continue Reading

• How does Docker's hardware signing work?

  Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan goes over these new features.Continue Reading

• Can Contiv automate policies for container platforms?

  Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of this open source tool.Continue Reading

• OneOps: The value of cloud application lifecycle management

  The OneOps cloud application lifecycle management tool helps organizations regain control of cloud deployments and prevent vendor lock-in. Expert Rob Shapland explains how.Continue Reading

• How machine learning in the cloud can help enterprise security

  There's a growing trend of machine learning in the cloud and security should take advantage of it. Expert Dave Shackleford discusses machine learning and its benefits to security.Continue Reading

• How does AWS Directory Service offer security benefits?

  AWS has begun providing Active Directory management in the cloud. Expert Dan Sullivan explains this new Amazon service and what it means for users.Continue Reading

• Cloud identity management: Deciding on the right approach

  Cloud identity management can offer a lot of security benefits, but enterprises need to answer some questions before deployment. Expert Ed Moyle offers advice on what to ask.Continue Reading

• Cloud DLP: Can gateways rise to the challenge?

  Cloud access security brokers are quickly emerging as the technology of choice for enterprises seeking to implement data loss prevention controls in the cloud.Continue Reading

• Distinguishing types of cloud services and their security risks

  The different type of cloud services -- public, private and hybrid -- all provide different security for enterprises. Here's an explanation of each kind and their security pros and cons.Continue Reading

• Three perspectives on cloud identity and access management

  Identity access management (IAM) systems work to help keep security high by initiating, capturing, recording and managing user identities and access permissions. Cloud identity and access management systems can simplify these complex tasks, but ...Continue Reading

• Can virtual machine introspection improve cloud security?

  What is virtual machine introspection, and can it help improve cloud security? Expert Dan Sullivan explains techniques behind VM introspection and how it can boost security in the cloud.Continue Reading

• Is AWS WAF worth considering for enterprise cloud?

  The new Amazon WAF offers firewall features for the cloud. Expert Dan Sullivan explains how Amazon WAF can be integrated in the enterprise cloud.Continue Reading

• What does Amazon Inspector do for cloud security?

  Expert Dan Sullivan explains what benefits Amazon Web Services' new Amazon Inspector service offers in terms of assessing cloud security.Continue Reading

• How the Lucky 13 attack affects Amazon s2n security

  Amazon's s2n was targeted by the Lucky 13 attack and the discovery unnerved the security community. Expert Dave Shackleford discusses open source SSL/TLS risks like the s2n flaw.Continue Reading

• How can vaultless tokenization protect data in the cloud?

  How do vaultless tokenization and standard tokenization differ, and what is the best way to use them for securing cloud data? Expert Dan Sullivan offers guidance and use cases.Continue Reading

• How do new AWS APIs simulate IAM policies for cloud security?

  The newly released AWS APIs simulate IAM policies for security testing. Expert Dan Sullivan explains how to make the most of these APIs.Continue Reading

• What does Docker Content Trust mean for container security?

  Docker Content Trust offers improved container security through code signing. Expert Dan Sullivan explains why this matters for enterprise cloud users.Continue Reading