Evaluate

Evaluate

Weigh the pros and cons of technologies, products and projects you are considering.

• Review these 7 CASB vendors to best secure cloud access

  CASB technology offers threat protection, increased visibility and policy enforcement. Explore how these seven vendors stack up and protect access to cloud applications. Continue Reading

• CASB explained: Know its use cases before you buy

  CASB tools help to secure cloud applications so only authorized users have access. Discover more about this rapidly evolving technology in a CASB explained tutorial. Continue Reading

• Why it's SASE and zero trust, not SASE vs. zero trust

  SASE and zero trust are hot infosec topics. But, when it comes to adoption, it's not a question of either/or, but using SASE to establish and enable zero-trust network access. Continue Reading

• How cloud-based SIEM tools benefit SOC teams

  It's time for SIEM to enter the cloud age. Learn about the cloud-based SIEM features that can help SOC teams gain a holistic view of their organization's cloud infrastructure. Continue Reading

• Choosing between proxy vs. API CASB deployment modes

  Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading

• How to use the Mitre ATT&CK framework for cloud security

  Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure.Continue Reading

• How enterprise cloud VPN protects complex IT environments

  Do you know how enterprise cloud VPN differs from a traditional VPN? Explore how cloud VPN works and whether it's the right option for your hybrid IT environment.Continue Reading

• CASB, CSPM, CWPP emerge as future of cloud security

  Complexity has introduced new needs and challenges when securing cloud environments. Find out how CASB, CSPM and CWPP tools have evolved to meet the changing cloud landscape.Continue Reading

• An inside look at the CCSP cloud security cert

  Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide.Continue Reading

• How cloud security posture management protects multi-cloud

  Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy.Continue Reading

• Infrastructure as code's security risks and rewards

  Infrastructure as code can yield some exciting security benefits for enterprises, but they each come with drawbacks. Learn more about the most critical IaC security impacts.Continue Reading

• The importance of security, data encryption for cloud

  As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools.Continue Reading

• Cloud workload protection platform security benefits, features

  VMs and cloud environments make the task of protecting workloads more difficult than ever. Can a cloud workload protection platform help your organization solve the problem?Continue Reading

• Privacy-preserving machine learning assuages infosec fears

  Implementing privacy-preserving machine learning controls, such as federated learning and homomorphic encryption, can address top cloud security and privacy concerns. Learn how.Continue Reading

• Istio service mesh security benefits microservices, developers

  Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture.Continue Reading

• Benefits of open source container vulnerability scanning

  Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools.Continue Reading

• Top 6 cloud security analytics use cases

  Security analytics use cases vary from fraud detection to threat intelligence analysis. Learn how deploying this technology in the cloud can improve enterprise infosec programs.Continue Reading

• CCSK cert guide author's insights into cloud security credential

  The author of a Certificate of Cloud Security Knowledge exam guide offers insights into certifications, top considerations for those pursuing the CCSK and more.Continue Reading

• Comparing single cloud vs. multi-cloud security challenges

  A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs. multi-cloud for your organization from a security perspective.Continue Reading

• SASE identity policies enhance security and access control

  Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model.Continue Reading

• Benefits of cloud data discovery tools and services multiply

  With multi-cloud and privacy regulations becoming the new normal, infosec teams need data discovery tools and services to keep up. Learn more about available cloud options.Continue Reading

• Lyft's open source asset tracking tool simplifies security

  Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps.Continue Reading

• McAfee launches security tool Mvision Cloud for Containers

  Cloud security posture management, container images vulnerability scanning and DevOps integration are among features included in McAfee Mvision Cloud for Containers.Continue Reading

• How to evaluate CASB tools for multi-cloud deployments

  When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and security goals to get the context you need before you buy.Continue Reading

• Benefits of using Azure Security Center for security assessments

  Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches.Continue Reading

• How container adoption affects container security

  Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago.Continue Reading

• 5 cloud storage privacy questions to ask potential providers

  Data confidentiality in cloud computing is a major enterprise concern, yet providers are often lacking in their details. Here are the questions to ask before adopting a service.Continue Reading

• Defining and evaluating SOC as a service

  As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best model for your enterprise.Continue Reading

• How security teams benefit from traffic mirroring in the cloud

  Enterprises with the resources to deploy traffic mirroring are gaining security benefits. Frank Siemons explains how traffic mirroring has adapted to new and evolving cyber-risks.Continue Reading

• What are the best criteria to use to evaluate cloud service providers?

  Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and third-party assessments.Continue Reading

• Why CASB tools are crucial to your cloud security

  CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT.Continue Reading

• Complexity requires new cloud-based patch management strategies

  Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike.Continue Reading

• 4 necessary steps to evaluate public cloud security

  The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected.Continue Reading

• What do the top cloud security providers offer in 2019?

  Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which one is right for you.Continue Reading

• Why centralization in a multi-cloud security strategy is key

  When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls.Continue Reading

• The problems with cloud-based email security

  Cloud-based email security can be challenging for enterprises to achieve. Learn what makes it a challenge and how to secure email in the cloud from expert Dave Shackleford.Continue Reading

• How unsecured Firebase databases put critical data at risk

  Unsecured Google Firebase databases are similar to misconfigured AWS S3 buckets, but there are key differences. Expert Rob Shapland discusses the risks of unsecured cloud databases.Continue Reading

• The pros and cons of proxy-based security in the cloud

  Is proxy-based security in the cloud right for you? Expert Ed Moyle looks at the benefits and drawbacks of using proxies for Office 365 and other cloud platforms.Continue Reading

• How to apply cloud security controls in the network

  Implementing cloud security controls in the network requires a careful balance between protecting points of connectivity while still making it easy for users to access services.Continue Reading

• How hackers use Docker APIs for cryptojacking

  Remote access puts Docker APIs in a vulnerable position. Expert Dave Shackleford explains how hackers abuse Docker APIs to carry out cryptojacking attacks.Continue Reading

• What's different about Google Asylo for confidential computing?

  The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings.Continue Reading

• How the Microsoft Authenticator app integrates with Azure AD

  Microsoft expanded the Microsoft Authenticator app to integrate with tens of thousands of Azure AD apps. Expert Dave Shackleford explains how this tool is improving security.Continue Reading

• What Microsoft's InPrivate Desktop feature could mean for enterprises

  Microsoft's secretive, potential new feature InPrivate Desktop could give security teams access to disposable sandboxes. Expert Ed Moyle explains how the feature could work.Continue Reading

• How do SLAs factor into cloud risk management?

  While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management.Continue Reading

• Cloud browsers: The security benefits of anonymity in the cloud

  Cloud browsers can provide a level of security for users seeking anonymity in the cloud. Expert Frank Siemons of the Infosec Institute explains the benefits of cloud browsers.Continue Reading

• Consider international cloud security standards, legal reqs

  Whether you're accessing (or operating) the cloud from Miami, Milan or Mumbai, you need to ensure those services meet regional cloud security standards and legal requirements.Continue Reading

• How to fight cloud security threats effectively

  Read this expert guide to discover which current tools, techniques, policies and principles best keep corporate cloud infrastructure, data and software most secure.Continue Reading

• A look at the new Google cloud security tools and features

  Google cloud security has been bolstered by new GCP tools and capabilities. Learn more about Google's improved cloud security features from expert Dave Shackleford.Continue Reading

• SaaS platform security: The challenges of cloud network security

  Organizations have the necessary tools to protect data stored and processed in IaaS platforms. Learn why SaaS platform security remains a challenge from expert Rob Shapland.Continue Reading

• Secure development lifecycle in the cloud: Trust but verify

  Cloud providers may advertise their apps as secure, but it’s up to enterprises to validate those claims and confirm adherence to a secure development lifecycle.Continue Reading

• Anonymity tools: Why the cloud might be the best option

  The cloud might be the best of the available anonymity tools. Expert Frank Siemons explains the other options for anonymity for security and why the cloud is the best for privacy.Continue Reading

• Harden cloud apps with a secure software development lifecycle

  Wouldn't it be nice if every application were 100% cloud-ready? Unfortunately, that's often not the case, which can lead to security risks down the line if not properly addressed.Continue Reading

• Is Docker's Kubernetes implementation good for security?

  Docker's Kubernetes implementation provides enterprises with container orchestration options. Expert Rob Shapland discusses what this move means for cloud security.Continue Reading

• Active cyber deception: Can it improve cloud security?

  Fidelis Cybersecurity introduced a cloud security platform with active cyber deception features. Expert Dave Shackleford discusses how active deception techniques can work in the cloud.Continue Reading

• Cloud endpoint security: Balance the risks with the rewards

  While cloud endpoint security products, such as antivirus software, provide users with many benefits, the cloud connection also introduces risks. Expert Frank Siemons explains.Continue Reading

• Are AWS certificate authority services trustworthy?

  AWS now operates as its own CA. What are the potential risks of the new AWS certificate authority services? Expert Dave Shackleford outlines the pros and cons of this new setup.Continue Reading

• Considering cloud threat intelligence and detection services

  Cloud threat intelligence and detection services can provide better security for enterprises. Expert Dave Shackleford discusses some offerings from the major cloud providers.Continue Reading

• How TLS mutual authentication for cloud APIs bolsters security

  Secure access to cloud APIs is necessary but challenging. One viable option to combat that is TLS mutual authentication, according to expert Ed Moyle.Continue Reading

• The security concerns of cloud cryptomining services

  Cloud cryptomining as a service is a security risk to users. Expert Frank Siemons discusses cloud mining service providers and what to look out for if you use one.Continue Reading

• How Amazon GuardDuty could bolster enterprise cloud security

  The new Amazon GuardDuty aims to secure enterprise AWS accounts and workloads, but does it? Expert Ed Moyle takes a closer look at the tool and whether it's effective.Continue Reading

• What the Azure AD Connect vulnerability can teach enterprises

  Enterprises should learn from a Microsoft Azure AD Connect vulnerability that security requires a hands-on approach. Expert Rob Shapland takes a closer look at the permissions flaw.Continue Reading

• How the Meltdown vulnerability affects cloud services

  The Meltdown vulnerability has far-reaching implications, including with cloud providers. Expert Dave Shackleford looks at the Meltdown CPU flaw and what it means for the cloud.Continue Reading

• How cloud access security brokers have evolved

  Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these acquisitions have changed the CASB industry.Continue Reading

• Top five cloud security applications for infosec pros

  The top five cloud security applications for infosec pros cover a wide range of security issues. Expert Frank Siemons outlines the security reasons to use cloud services.Continue Reading

• The 12 biggest cloud security threats, according to the CSA

  The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how cloud risks compare to on-premises risks.Continue Reading

• How Microsoft uses secure enclaves to improve cloud security

  The use of secure enclaves in the Microsoft Azure confidential computing update aims to improve cloud storage security. Expert Rob Shapland explains how it works.Continue Reading

• Is cloud microsegmentation secure enough for enterprise use?

  The use of cloud microsegmentation in enterprises has been met with some hesitation. Expert Dave Shackleford discusses why there are reservations and what the benefits are.Continue Reading

• The Cloud Security Ecosystem

  In this excerpt from chapter seven of The Cloud Security Ecosystem, authors Ryan Ko and Kim-Kwang Raymond Choo discuss protecting digital identity in the cloud.Continue Reading

• Why web application attacks are a growing threat to the cloud

  New research found that web application attacks present a significant threat to cloud environments. Rob Shapland explains the risks and what enterprises should do about them.Continue Reading

• Understanding VM escape vulnerabilities and how to avoid them

  In the last couple of years, VM escape vulnerabilities have popped up and caused problems for enterprises that rely on the cloud. Expert Ed Moyle explains how to handle these issues.Continue Reading

• How Microsoft SRD uses AI to help developers with security

  Microsoft SRD is a new cloud service that aims to detect vulnerabilities in software using artificial intelligence. Expert Dave Shackleford explains what that means.Continue Reading

• What security risks does rapid elasticity bring to the cloud?

  Enterprises can benefit from cloud features such as rapid elasticity and measured services, but they bring new security risks with them. Expert Matthew Pascucci explains.Continue Reading

• How to keep an Amazon S3 bucket from becoming public

  A public-facing Amazon S3 bucket caused problems for major organizations, including Booz Allen Hamilton. Expert Rob Shapland explains what happened and how to prevent it.Continue Reading

• Why the use of blockchain in the cloud is growing quickly

  Blockchain cloud services may offer organizations the ability to shift away from traditional cryptography models. Expert Dave Shackleford discusses what options are available.Continue Reading

• How to use a cloud-based sandbox to analyze malware

  A cloud-based sandbox can be a helpful tool for enterprises looking to bolster their intrusion prevention systems. Expert Rob Shapland explains how to leverage this technology.Continue Reading

• How DevOps tools can be used to integrate cloud automation

  DevOps tools can be used to deploy secure cloud automation. Expert Dave Shackleford looks at how this works and which tools are the best bet for DevSecOps.Continue Reading

• How can enterprises use SOC 2 reports to evaluate cloud providers?

  Enterprises can use SOC 2 reports to evaluate cloud service providers. Expert Matthew Pascucci discusses the effectiveness of doing so, and what else companies can use.Continue Reading

• Google Cloud KMS: What are the security benefits?

  Google Cloud KMS is a new encryption key management service available for Google customers. Expert Matthew Pascucci discusses how this service works and its security benefits.Continue Reading

• How AWS Artifact tackles regulatory compliance for enterprises

  A new service called AWS Artifact aims to help enterprises simplify regulatory compliance. Expert Rob Shapland discusses the potential security benefits of Artifact.Continue Reading

• Microsoft Azure Security Center: Successful or stagnated?

  Now that Microsoft's Azure Security Center has been out and in use for a while, expert Ed Moyle takes a look at how successful it is and where it's headed in enterprise use.Continue Reading

• How to strategically implement CASBs in the enterprise

  CASBs can offer help for enterprises that leverage cloud services. Expert Ajay Kumar examines the use cases, functions and architectures of cloud access security brokers.Continue Reading

• How can AWS Organizations help secure cloud accounts?

  A new tool called AWS Organizations aims to make cloud account management more secure. Expert Matthew Pascucci explains how the tool works and how it compares to AWS IAM.Continue Reading

• How cloud endpoint protection products benefit enterprises

  Cloud endpoint protection products are outpacing standard endpoint protections. Expert Frank Siemons discusses the evolution of these products and how they benefit enterprises.Continue Reading

• How Microsoft's Secure Data Exchange bolsters cloud data security

  Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland looks at the service and how it works for enterprises.Continue Reading

• Project Springfield: How does Microsoft's fuzzing as a service work?

  Microsoft's fuzzing as a service cloud initiative, called Project Springfield, can make a significant difference to software security. Expert Matthew Pascucci explains.Continue Reading

• How should organizations vet a cloud collaboration app?

  A cloud collaboration app can be a useful tool for enterprises, but they should be thoroughly vetted before use. Expert Matthew Pascucci discusses what security features to review.Continue Reading

• A look at the shared responsibility model of cloud providers

  Many cloud providers now offer a shared responsibility model for their customers. Expert Dave Shackleford looks at the major providers' models and what they might be missing.Continue Reading

• How bring your own encryption in the cloud works for enterprises

  Bring your own encryption offerings for the cloud are more common now. Expert Ed Moyle discusses the benefits and drawback of BYOE and what to know before implementation.Continue Reading

• Cloud DDoS protection: What enterprises need to know

  DDoS attacks are a continuing problem, and enterprises should consider using cloud DDoS protection services. Expert Frank Siemons discusses the cloud options.Continue Reading

• What to know about SIEM as a service before deployment

  There's been increased interest in SIEM as a service and enterprises need to get to know the model before using it. Expert Frank Siemons explains what's different about it.Continue Reading

• Lessons learned from the Microsoft Office 365 SAML 2.0 flaw

  The Microsoft Office 365 SAML flaw that allowed attackers to bypass authentication was resolved quickly, but offers enterprises some important lessons. Expert Ed Moyle discusses.Continue Reading

• How a cloud-based HSM can boost enterprise security with enough effort

  There are both security benefits and risks to using a cloud-based HSM in an enterprise. Expert Dave Shackelford discusses the arguments for and against cloud HSMs.Continue Reading

• Picking the best CASB for your enterprise

  Cloud access security brokers, or CASBs, are either in-house network gateways or security-as-a-service cloud offerings that inspect network traffic destined for the cloud. This guide equips security pros with the knowledge they need to buy the best ...Continue Reading

• Why the DROWN vulnerability requires constant vigilance

  The DROWN vulnerability affected hundreds of SaaS applications, and they're not all completely fixed yet. Expert Ed Moyle discusses the SSLv2 vulnerability and how to manage it.Continue Reading

• Cloud data classification services: How they benefit organizations

  Data classification services from CSPs are important for organizations strengthening their cloud security posture. Expert Dave Shackleford explains the perks of these services.Continue Reading

• Using the shared responsibility model to secure your cloud environment

  The shared responsibility model for cloud services puts different sets of security duties on vendors and customers. Learn what to expect when moving services to the cloud.Continue Reading

• A look at the cloud migration challenges enterprises could face

  One of the most common problems facing organizations is dealing with many cloud migration challenges. Expert Dave Shackleford discusses the challenges and how to deal with them.Continue Reading

• How to make sanitizing data in the cloud easier for organizations

  Data sanitization is often required for compliance, but many organizations struggle with it in the cloud. Expert Frank Siemons discusses why and how to make it easier.Continue Reading

• The security risks of URL-shortening services for enterprises

  URL-shortening services have become a security threat to organizations. Expert Dave Shackleford explains why and how to mitigate the risks of shortened URLs.Continue Reading

• How cloud WAF implementations can improve application security

  Having to secure applications that are not locally hosted is possible with a cloud WAF. Expert Matt Pascucci explains how they work, and what enterprises need to understand.Continue Reading