Download and engage with the latest White Papers focused on Information Security strategy, technology & insight. Each White Paper is editorially approved to ensure the research presented is up to date, high quality and relevant to personal development or workplace implementation.

White Paper topics include - Application Security, Biometrics, Business Continuity & Disaster Recovery, BYOD, Cloud, Compliance & Policy, Data Loss, Encyption, Identity & Access Management, Internet & Network Security, IT forensics, Malware & Hardware Security, Public Sector, Wireless & Mobile Security and emerging technologies.

Download Now

IDG Survey: State of IT Cyber Defense Maturity

Download this global survey from over 1500 IT security professionals that sheds light on the state of cyber defense maturity. In addition to affording new incident and violation trends across industry and region, the results yield insights into IT security management capabilities, deficiencies and planned investments. See where your organization fits on the IT cyber defense maturity spectrum compared to your peers.
23 July 2014

Server Data is the Main Target for Advanced Persistent Threats: THE CASE FOR A DATA-CENTRIC SECURITY MODEL

This white paper discusses why the old data security model no longer works, the inherent risks of APTs and why perimeter defenses alone are not sufficient to safeguard organizations against the current generation of security threats.
21 July 2014

Ogren Group Report: Continuous Endpoint Compliance. Integrating Process, Policy and Technology to Preempt Threats and Reduce Costs

Many organizations spend millions on endpoint security tools – such as antivirus, encryption, data loss prevention (DLP), and so on – only to have end users turn off or disable those tools. Even in well-managed enterprises, host-based security tools typically do not work properly on at least 20% of systems.
10 July 2014

Vormetric Insider Threat Report – European Edition (EMEA)

The 2014 Vormetric Insider Threat Report - European Edition represents the result of analysis of interviews with over 500 IT and Security managers in major European enterprises around the question of insider threats.
20 June 2014

SHHHH… It’s SSH: The Keys to the Enterprise Left Under the Doormat (2014 Aberdeen Research Report)

There’s a secret lurking in almost every enterprise: access to the most sensitive data, servers and cloud using SSH is going unchecked. 64% of enterprises surveyed by Aberdeen Group have not established security policies for SSH and don’t have SSH security controls to protect sensitive access.
16 June 2014

McAfee Labs Threat Report- (fourth quarter 2013)

Welcome to the McAfee Labs Threats Report: Fourth Quarter 2013. As we kick off the New Year, we take a fresh approach to our Threats Reports. Beginning with this edition, we present a shorter publication, with “Key Topics” covering top threats or security issues from the quarter. We also focus (on a rotating basis) on threat concerns surrounding the four IT megatrends: mobile, social, cloud, and big data. The report is now visually richer and easier to navigate.
05 June 2014

Top Ten Ways to Defend your Network against the Latest SSL Exploits

Staying on top of the latest web exploits can be a challenge for Network Admins who are worried about simply keeping up with all the day-to-day management tasks required by a complex environment. This whitepaper details many of the most recent popular SSL-related exploits that your network is likely vulnerable to, along with simple steps you can immediately take to protect yourself.
29 May 2014

You’re Already Compromised: Exposing SSH as an Attack Vector

Secure Shell (SSH) keys are an integral part of the digital world. It enables one system to access another remotely in a secure manner, enforcing authentication, authorization, and encryption of communications, Unfortunately, cybercriminals do take advantage of the trust that is established by SSH. Cybercriminals can use improperly secure SSH keys against organizations to gain access to critical systems and intellectual property that could damage a company’s brand and bottom line.
29 May 2014

A Proper Foundation: Extended Validation SSL. A critical model for SSL digital certificates and browser trust

To bolster consumer trust in the foundation of ecommerce, several CAs and browser vendors came together to establish a higher security approach based on an advanced tier of SSL certificate with very high standards for validation and assurance. “Extended Validation” was the final name chosen for the new certificates by the CA/Browser Forum.
27 May 2014

M-Trends: Beyond the Breach

Drawing from hundreds of real-world incident response engagements by Mandiant, a FireEye Company, the 2014 M-Trends Threat Report reveals key insights, statistics and case studies illustrating how the advanced persistent threat (APT) actors have evolved over the last year. According to the report, organizations are finding attackers sooner but are increasingly reliant on 3rd parties to notify them when they are breached. M-Trends provides hard data, vivid examples, and important context that speak to both laypeople and technical pros.
22 May 2014

Seven Common Vulnerabilities: Is your Network at Risk?

The challenge of network security is amplified by the fact that many network admins only think about encryption and their SSL Certificates on an irregular basis. As seen with the Heartbleed bug, this can be detrimental to a company. This whitepaper touches on Heartbleed and some of the most common areas that companies inadvertently leave exposed to attackers.
19 May 2014

Windows Least Privilege Management and Beyond

For Windows environments, it is critical that organizations can delegate administration and establish granular privileges quickly and efficiently to restrict administrators so they only access the servers and resources required to perform their job and only during the approved times to perform specific tasks.
14 May 2014

Protect Your Data in the Cloud

Popular SAAS vendors are improving security features, but their solutions inherently silo data and restrict some of technology management’s ability to control the application. The complexity this creates will only expand as IT departments use more cloud services. Enter a new breed of security vendors that restore an ability to discover, analyze, and control corporate data in the cloud. This research report introduces a three-step approach to manage your firm’s data within the cloud, as well as new vendors and capabilities to consider in a successful cloud data management road map.
09 May 2014

The Forrester Wave™: Privileged Identity Management, Q1 2014 (Get the report worth $2,495 for free!)

The privileged identity management (PIM) market has matured significantly during the past three years, and it continues to play a significant role in protecting an organization's data and in business continuity.
23 April 2014

2014 Symantec Internet Security Report

Today’s threats differ from those that organizations encountered earlier. Understanding the latest threat information is one of the essential keys for protection against evolving cyber-attacks—especially as they increase in number and complexity.
22 April 2014

Strategies for Responding to New SSL Cybersecurity Threats

Global enterprises have a gaping hole in their security strategy for defending against rampant cyber attacks on the trust established by cryptographic keys and digital certificates.
22 April 2014

Magic Quadrant for Endpoint Protection Platforms

Effective endpoint security leads the way for business success, but with more vendors than ever claiming best-in-class status, identifying the solution right for you can be a daunting task.
11 April 2014

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticators benefits security and reduces cost

Identity and authentication management represents the greatest security return on investment an organization can make.
11 April 2014

Cyberthreat Defense 2014 Report for North America& Europe

Know your enemy! Establishing an effective defensive strategy is crucial with today's rapidly evolving cyberthreats. Understanding the cybercriminals' techniques used to perpetrate successful attacks is essential.
20 March 2014

FireEye Advanced Threat Report

This FireEye Advanced Threat Report (ATR) provides a high-level overview of computer network attacks discovered by FireEye in 2013.
20 March 2014

Broken Trust: Exposing the Malicious Use of Keys and Certificates

Published jointly by iSIGHT Partners and Venafi, this whitepaper explores the motivations of attackers, the practices they employ to execute their attacks, and what you can do to keep these criminals out.
06 February 2014

Understand The State Of Data Security And Privacy: 2013 To 2014

This Forrester data-driven report outlines budgeting and spending, technology adoption plans, and other key breach, data protection, and privacy trends in North American and European organizations for 2013 to 2014.
20 January 2014

It’s Cyber Warfare

How UK financial institutions can implement identity-based security to win the war against online attacks.
17 January 2014

Data Security Architecture Overview

The Vormetric Data Security Architecture white paper provides an understanding of the architectural underpinning of Vormetric Data Security Platform, a comprehensive solution for a data-centric security architecture for minimizing the attack surface of sensitive data and to assist in meeting data compliance requirements.  It uses Vormetric Data Firewall™, encryption, access controls and security intelligence across physical, virtual and traditional environments.
13 January 2014

Information Security Industry Predictions for 2014: MSS

Infosecurity asked the industry to share its 2014 trend predictions, and the industry delivered. We have categorised the predictions into five topics and created a news article for each.
20 December 2013

Information Security Industry Predictions for 2014: Government Compliance

Infosecurity asked the industry to share its 2014 trend predictions, and the industry delivered. We have categorised the predictions into five topics and created a news article for each.
19 December 2013

Information Security Industry Predictions for 2014: Malware

Infosecurity asked the industry to share its 2014 trend predictions, and the industry delivered. We have categorised the predictions into five topics and created a news article for each.
19 December 2013

Information Security Industry Predictions for 2014: Cloud

Infosecurity asked the industry to share its 2014 trend predictions, and the industry delivered. We have categorised the predictions into five topics and created a news article for each.
18 December 2013

Data Security in the Cloud

Cloud computing has transformed the way organizations approach IT, enabling them to become more agile, introduce new business models, provide more services, and reduce IT costs. Cloud computing technologies can be implemented in a wide variety of architectures, under different service and deployment models, and can coexist with other technologies and software design approaches.
29 November 2013

Server Data is the Main Target for Advanced Persistent Threats

Cybercrime continues to make headlines but the nature of the attacks is changing. Within a few weeks of each other in early 2013, The New York Times, Apple, Twitter and other high-profile organizations openly admitted to significant data breaches. However, the nature of cyberattacks is changing. Threats have become more frequent and insidious, and the cloud and Big Data have added new risks.
14 November 2013

Five Key Ways to Increase Network Security

Why enterprises need to take a smart approach to DDI (DNS, DHCP, IP Address Management) to protect their infrastructure.
11 November 2013

The 2013 Vormetric Insider Threat Report

While the security community remains fixated on advanced malware, tried-and-true insider threats and related attacks remain a vexing problem for most organizations. In fact, ESG research indicates that more than half (54%) of IT and security professionals believe that insider threats are more difficult to detect/prevent today than they were in 2011.
01 November 2013

Big Data, Big Risks

The cloud computing landscape continues to realize explosive growth. This white paper outlines what IT and security professionals need to know about the significant security risks of big data, including critical security vulnerabilities, risks, and challenges, key business and technical issues such as controls, privacy, and compliance and effective and reliable protection strategies.
07 October 2013

Website Security In Corporate America

We often think of malware as being designed to sit beneath the radar, collecting data in stealth mode, for the purposes of fraud or corporate espionage. Increasingly however, we’re witnessing attacks on corporations designed to cause substantial economic losses via wholesale destruction.
25 September 2013

Analysis of the Global Network Access Control Market

Solve top IT challenges with NAC. Streamline and automate your IT operations today.
25 September 2013

Securing Sensitive Data within Amazon Web Services EC2 and EBS - Challenges and Solutions to Protecting Data within the AWS Cloud

In this white paper, learn about the specific problems around data protection when using servers within Amazon Web Services (AWS) environments.
20 September 2013

Symantec 2013 Internet Security Threat Report

Get an overview and analysis of the year in global threat activity with the Symantec 2013 Internet Security Threat Report.
13 September 2013

The Insider Threat: How Privileged Users Put Critical Data at Risk

With insider-related fraud up 43% in 2012, clearly traditional security approaches are not working. Data loss prevention (DLP) systems, Internet monitoring tools and other controls are failing to stop a growing number of data breaches linked to insiders
09 September 2013

Frost & Sullivan: Analysis of the Global NAC Market

The comprehensive Frost & Sullivan global NAC market analysis highlights drivers, technology trends, competitive landscape and required product competence.
02 August 2013

Your Guide for Migrating from 1024-bit to Stronger SSL Certificate Key Lengths

Managing certificates during a time of key size migration can be difficult. Website or production outages can be costly and have a negative impact to business. This guide aims to help educate and inform users of TLS/SSL certificates about the upcoming change in key lengths and tips on managing their transition to using stronger SSL certificates.
22 July 2013

When ‘Secure Enough’ Isn’t Enough

We’ve all seen the reports about what goes wrong when proper controls are not implemented while storing and transferring data. Large enterprises face messy notifications, customer dissatisfaction and, in many cases large fines. In fact, a data breach in the U.S. comes with an average price tag of $5.5 million, according to a 2011 Ponemon Institute study.
18 July 2013

SSO and Beyond: Why Single Sign-On Solutions are Absolutely Essential, but Rarely Enough

Why single sign-on solutions are absolutely essential, but rarely enough.
11 July 2013

Achieving a Comprehensive Information Security Strategy Using Certificate-based Network Authentication

Certificate-based network authentication can be a powerful first step towards a safer, more agile business. This paper explains how it works and how it compares to other leading identity and access management solutions.
01 July 2013

The New Prescription for Privacy: Understanding and Meeting Security Requirements for Electronic Health Records

Technology continues to make information more readily available to a larger group of people than ever before. Yet even as the latest technological advances bring a greater wealth of opportunities for sharing and distributing knowledge, each advance also increases the risk that sensitive data will land in the wrong hands.
28 June 2013

Infosecurity US 2013 Summer Virtual Conference Keynote Address: Blueprint for the Perfect Attack

Kevin Bocek’s presentation slides from his keynote address - Blueprint for the Perfect Attack – Open doors in your advanced attack strategy?
21 June 2013

Data Security in the Cloud - Protecting Business-Critical Information in Public, Private, and Hybrid Cloud Environments

Maintaining control over the data is paramount to cloud success. In this Whitepaper, learn about Cloud Computing Security Challenges, Techniques for Protecting Data in the Cloud and Strategies for Secure Transition to the Cloud.
19 June 2013

Preventing Data Loss Through Privileged Access Channels

Privileged users and processes have access to the most sensitive data and systems but because their communications are encrypted, they bypass basic security safeguards such as data loss prevention, firewalls and IPS. This latest white paper focuses on how to restore visibility and security to these encrypted pathways in and out of your network.
19 June 2013

Advanced, Targeted Attacks: Close the Open Door on Cryptographic Key and Certificate Threats

Cybercriminals have discovered a new attack vector: Exploiting the trust that keys and certificates establish.
19 June 2013

Gartner Case Study: Securing BYOD with Network Access Control

The new Gartner case study highlights how an organization utilized NAC and mobile device management solutions to establish policies for enabling a BYOD environment with an acceptable level of risk.
01 June 2013

Taking the Sting Out of Java Vulnerabilities

Java vulnerabilities have dominated the security headlines. Some observers now say organizations should simply turn off the ubiquitous software platform.
29 May 2013

Ponemon Institute 2013 Cost of Failed Trust Report: Threats & Attacks

Every enterprise is potentially risking upwards of $400 million from attacks against cryptographic keys and digital certificates—yet few enterprises are managing these critical resources.
10 May 2013

Magic Quadrant for Network Access Control

Read the Gartner report on Network Access Control with ForeScout as a Magic Quadrant Leader. Find out how all the NAC vendors stack up and the importance of Magic Quadrant leadership for your company.
04 April 2013

Third-Party Applications in the Enterprise: Management and Risk Mitigation of Third-Party Applications

Third-party applications, browsers and plugins have become the attack vector of choice for the modern cyber criminal. Computing surveyed over 200 UK business decision makers to understand how they perceived the risks that they faced from third-party applications.
20 March 2013

Demystifying PCI DSS: Expert Tips and Explanation to Help You Gain DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS), with its over 200 requirements, can seem like a daunting set of regulations. Nonetheless, if your organization handles any kind of credit card information, you must be PCI DSS compliant.
19 March 2013

The Cloud Advantage: Five Ways the Cloud Is Better for Business When Disaster Strikes

After Hurricane Sandy struck, companies with well-architected, thoroughly tested, and fully documented disaster recovery (DR) plans and solutions were able to bounce back quickly.
13 March 2013

SSH User Keys and Access Control in PCI-DSS Compliance Environments

This white paper analyses how emerging key management and access control technologies will likely impact PCI compliance mandates and presents SSH’s Universal SSH Key Manager as a solution that can be implemented today to both increase security controls and meet the coming, common sense changes to compliance mandates.
22 February 2013

Global Threat Trends – January 2013

The January 2013 report from ESET covering the top threat trends occurring globally in the past month. Plus a feature article from ESET Senior Research Fellow, David Harley, on how viruses are circulated in email hoaxes.
22 February 2013

Aberdeen - The Impact of Managed File Transfer

Why are so many companies uncomfortable with their ability to manage active business data - and where is this data coming from? Companies are experiencing new challenges from the ever-increasing size, speed and variety of data. Social media has exploded in recent years, but other business issues are contributing to the dilemma.
22 February 2013

Advanced Targeted Attacks: How to protect against the next generation of cyber attacks

The new threat landscape has changed. Next generation firewalls, intrusion prevention systems (IPS), anti-virus and security gateways are not adequately protecting organisations from next generation threats.
18 February 2013

Rule-Driven Profiling – A Next-Generation Approach to Vulnerability Discovery

The sheer magnitude of the enterprise vulnerability problem is daunting. In today’s enterprise-scale networks, scanners may identify tens of thousands or hundreds of thousands of vulnerabilities at once. Review and remediation efforts may take weeks. New vulnerabilities and threats are introduced daily.
08 February 2013

The Endpoint Security Management Buyers Guide

Keeping track of 10,000+ of anything is a management nightmare. With ongoing compliance oversight and evolving security attacks against vulnerable endpoint devices, getting a handle on managing endpoint becomes more important every day.
07 February 2013

Enhancing Security Through a Trust-based Approach

Cyber threats are becoming ever more insidious and affect organizations of all sizes, spanning all industries. Organizations need to take a more proactive stance on security, and focus on only allowing what is good to execute on their networks to create an atmosphere of trust.
05 February 2013

Data Security: Complying With PCI DSS Encryption Rules

Companies must achieve and maintain compliance with PCI DSS, but also manage geographically distributed networks, usually containing both structured and unstructured data. Learn how Vormetric Data Security helps organisations meet PCI DSS compliance demands with a transparent data security approach that requires minimal administrative support and does not undermine performance.
01 February 2013

2013 - State of End Point

We are pleased to present the results of the 2013 State of the Endpoint study sponsored by Lumension® and conducted by Ponemon Institute. Since 2010, we have tracked endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats.
24 January 2013

The Dynamic Nature of Virtualization Security - The need for real-time vulnerability management and risk assessment

The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments.
22 January 2013

Risk Modeling & Attack Simulation for Proactive Cyber Security

Use predictive solutions to stay ahead of cyber security threats using security risk management.
02 January 2013

The CISO’s Guide to Ensuring IT Resiliency in the Face of Change

Without an on-going security testing regiment in place, even the most sophisticated IT defence measures will not guard organizations against crippling attacks, data leaks or internal sabotage.
20 December 2012

Evaluating & Selecting a Secure, Managed File Transfer Solution

Are you considering a secure, managed file transfer solution to address the security of information and data transferred to, from and inside your organization?
31 October 2012

2012 Bit9 Cyber Security Research Report

According to the results of a recent survey conducted by Bit9, European IT managers in France, Germany, Spain and the UK are aware of the changing nature of cyber attacks; how these more advanced attacks target their infrastructure; and what they would like to see as the most effective strategies for protecting their organisations.
09 October 2012


Managing risk within today’s enterprise network environments represents a significant challenge. Enterprises have more IP addresses, servers, mobile phones, partners, applications and data than ever before.
09 October 2012

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services

Securing any device used by mobile workers is a challenge but laptop computers, still the most vulnerable of all endpoint devices, presents the biggest threat to corporate security. Laptops today are far more numerous that other mobile devices and are more tightly integrated into the enterprise infrastructure. They are prime targets for malware attacks.
26 September 2012

2012 Malnet Report

Malnets (malware networks) are extensive infrastructures embedded in the Internet that are designed to deliver mass market attacks to the largest possible audience on a continuous basis. In 2012, Blue Coat expects these infrastructures will be responsible for more than two thirds of all malicious cyber-attacks.
26 September 2012

FireEye Advanced Threat Report 1H 2012

The FireEye® Advanced Threat Report for the first half of 2012 is based on research and trend analysis conducted by the FireEye Malware Intelligence Lab. This report provides an overview of the current threat landscape, evolving advanced malware and advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations’ networks today.
24 September 2012

IT security. Are you in control?

In the real world the security landscape can be a harsh environment. Hackers are using more sophisticated attack methods to penetrate networks and steal company data; social networks are being compromised and used to distribute malware, and instigate phishing attacks; and the proliferation of mobile and cloud applications are opening new vulnerabilities ripe for exploitation.
10 September 2012

Advanced Targeted Attacks: How to Protect Against the Next Generation of Cyber Attacks

Despite spending more than $20 billion annually on IT security, over 95 percent of companies harbor advanced malware within their networks. Learn how to combat the cybercriminals that continue to outsmart older, signature-based security technologies.
22 August 2012

Business-Class File Sharing Best Practices

What happens when employees go around IT and use their own Dropbox-like services, webmail or USB drives to send company information? This behavior presents significant security and compliance risks including: Loss of control over who has access to files and data, lack of visibility and audit trails, risk of data breaches and compliance violations.
20 July 2012

Bringing Your Internet Acceptable Use Policy Up to 2012 Standards

One of the most essential elements of monitoring employees’ online behavior is crafting a strong, updated policy for Internet use.
26 June 2012

Enterprise Information Management Security Options

As organizations increasingly participate in a collaborative economy, sharing documents becomes ever more crucial.
01 June 2012

Virtualization Security Risks: How to Develop Your Strategic Approach Now

Today, what virtualization software can accomplish is nearly limitless. But has your computer security methodology and software kept up?
29 May 2012

Security Policy: Five Keys to User Compliance

Business users are a key part of a company's security, and even the most conscientious employees can introduce serious breaches of security policy.
23 May 2012

2011 DDoS Attacks: Top 10 Trends & Truths

The Internet powers almost every aspect of business operations today, from websites, email and ecommerce payments to behind-the-scenes data exchanges. During a distributed denial of service (DDoS) attack, the entire enterprise is at risk.
16 May 2012

Top 5 Tips For Securing Data In The Modern Organization

Ready your organization for more robust data protection measures by first implementing these five steps to improve data security in a business- and cost-effective manner.
16 May 2012

Managing Information Risk in the Extended Enterprise: Why Corporate Compliance and IT Security Must Join Forces

It’s no secret: end users take huge security risks in order to get their jobs done. One of the biggest sources of information risk companies face is collaboration with externals. Companies can’t operate without sharing sensitive information with strategic partners, regulatory authorities, board members, consultants, acquisition partners, contractors and legions of other individuals outside the corporate network.
01 May 2012

10 Questions to Identify Compliance Risks When Sharing Information

Corporate and regulatory compliance policies have forced companies to ensure that information flows are documented, auditable, and highly secure. Yet in order to conduct their business, companies must share sensitive information outside the firewall, introducing serious potential information risk. How can companies enforce security policy and cost-effectively meet compliance objectives when documents must be shared with partners, investors, board members, bidders and others outside the enterprise?
17 April 2012

FireEye Advanced Threat Report

The FireEye Advanced Threat Report is based on research and trend analysis conducted by the FireEye Malware Intelligence Labs.
11 April 2012

“Your Pad or Mine?” Enabling Secure Personal and Mobile Device Use On Your Network

Many of today’s endpoints are neither known nor protected. According to Gartner, enterprises are only aware of 80 percent of the devices on their network. Those 20 percent of unknown devices are inside the perimeter of the network, are unmanaged and provide users with access.They are small, varied and highly mobile, and they are loaded with their own applications, can act as WAPs, and often contain outdated firmware or are jailbroken.
29 February 2012

CISO Guide to Next Generation Threats

Over 95% of businesses unknowingly host compromised endpoints, despite their use of firewalls, intrusion prevention systems (IPS), antivirus and Web gateways.
20 February 2012

The what, how and why of Role Based Access Control (RBAC)

In the world of identity and access management, Role Based Access Control (RBAC) is gradually becoming a frequently used term. Dictated in part by legislative and regulatory norms, an increasing number of organizations wish to manage and assign all access privileges across the network in a structured way. This is possible through the use of RBAC software. So how can companies achieve an adequate implementation of RBAC across their entire organization?
06 February 2012

2012 State of the Endpoint

The 2012 State of the Endpoint study sponsored by Lumension® and conducted by Ponemon Institute is the third annual study to determine how effective organizations are in the protection of their endpoints and what they perceive are the biggest obstacles to reducing risk.
24 January 2012

Intelligent Layer 7 DoS and Brute Force Protection for Web Applications

Both Denial-of-Service (DoS) and Brute Force Attacks have existed for many years, and many network devices tout the ability to withstand them. However, most of today’s DoS attacks target layer 7 (L7) by overwhelming applications with seemingly valid requests and Brute Force programs can send more than one million attempts per second. This paper will discuss how to intelligently mitigate these types of attacks.
07 November 2011

Enterprise Single Sign On Architecture

This whitepaper outlines the possible benefits that Enterprise SSO and authentication management (smart card-based login) can offer organizations.
24 October 2011

DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks

Domain Name System (DNS) provides one of the most basic but critical functions on the Internet. If DNS isn’t working, then your business likely isn’t either. Secure your business and web presence with Domain Name System Security Extensions (DNSSEC).
02 September 2011

Secure iPhone Access to Corporate Web Applications

The way corporations operate around mobile devices is currently shifting—employees are starting to use their own devices for business purposes, rather than company-owned devices. With no direct control of the endpoints, IT departments have generally had to prohibit this or risk insecure access inside the firewall. But as more mobile devices appear on the corporate network, mobile device management has become a key IT initiative.
02 September 2011

Endpoint Management and Security Buyers Guide

Five factors to look for in endpoint management and security solutions that will help reduce endpoint cost, simplify management and improve overall performance.
16 August 2011

Intelligent Whitelisting: An Introduction to More Effective and Efficient Endpoint Security

The volume and sophistication of malware is skyrocketing, and traditional anti-virus approaches are struggling to keep up. It’s time to rethink how we protect our endpoints. Instead of trying to build a better anti-virus “mousetrap,” without any shift in the underlying management model for vetting change in endpoint environments, security professionals should investigate more innovative approaches to endpoint security that can automate trusted change policies.
16 August 2011

Detect and Survive

The ability to detect complex cases of computer misuse within an organisation, whether perpetrated by outsiders or from within, is vital to the continuing survival of the company. But as computer criminals refine their techniques, so must the detection methods evolve. To enable this, modern-day IT departments need to employ techniques and tools previously only available to forensic investigators within the law enforcement community. Thankfully, those tools are becoming available outside of the justice environment, and are proving highly effective in solving cases that would otherwise have remained impossible to close.
08 August 2011

A value proposition for IT security

IT departments are facing three big issues when it comes to protecting the data created and stored on the systems they manage. First, the value of the data is often only realised when it is legitimately shared in some way; second, that sharing is increasingly taking place across public networks and third, the users doing the sharing are doing so on a growing diversity of devices in locations that are convenient to them.
29 July 2011

Best Practices and Applications of TLS/SSL

TLS (Transport Layer Security), widely known as SSL (Secure Sockets Layer), is the most well known method to secure your web site. But it can also be used for much more. Read the white paper, "Best Practices and Applications of TLS/SSL," to learn how TLS works, best practices for its use and the various applications in which it can secure business computing.
21 July 2011

How to embrace and protect a consumerized workforce

While tools such as Web 2.0 applications, IM, P2P and portable USB media can be great for business innovation and productivity, they can introduce significant risks when not managed properly.
15 July 2011

The Insider Threat

The actions of users who intentionally or accidentally cause damage to an organization is now one of the most complex and difficult problems facing IT security teams. In this short whitepaper, learn: • Important aspects of insider threat • How to reduce the risk of attack • The essential role encryption plays in these attacks
13 June 2011

Managing BitLocker Encryption

Take advantage of BitLocker® for Windows 7® by integrating it with the right data protection management solution to ensure and prove compliance. Download to learn best practices for managing BitLocker, how to easily integrate BitLocker into your security program plus how to reduce key management overhead and reporting.
09 May 2011

Endpoint Security: Winning the Endgame

Sophisticated malware is proliferating, especially at the endpoints that connect your environment to the rest of the world. Here’s what you need to know about protecting your PCs, laptops and other endpoints in the new security arms race.
05 May 2011

Think Your AntiVirus Software Is Working-Think Again

As attacks proliferate, anti-virus software can't keep up. Fortunately, there's a better way.
01 April 2011

Unruly USB Devices Expose Networks to Malware

It's pretty easy for organizations to get so wrapped up about what goes out on USB drives that they forget to protect against what comes in their environments via USB
31 March 2011

Unifying communications to defend against targeted threats

Although most organizations employ email filtering, anti-virus, firewall, and anti-spyware technologies to defend against known threats, far fewer use web or URL filtering appliances to protect themselves against malware picked up on websites. In today’s shifting environment, defending against blended threats that take advantage of multiple attack vectors is imperative.
09 March 2011

Cost-effective email archiving for SMEs

Comprehensive email archiving, at one time, was a luxury that only larger organizations could afford. But the advent of cloud-based storage and services has changed the economics of email archiving.
09 March 2011

Top Five Considerations for Removable Media Security

The rapid growth of removable media has revolutionized the way we store and transport information, encouraging increased productivity - as well as a higher risk for a data breach. Download this whitepaper to learn the top five removable media considerations to better secure these devices and avoid a serious breach.
07 March 2011

Maintaining continuous compliance—a new best practice approach

When trying to achieve continuous compliance with internal policies and external regulations, organizations need to replace traditional processes with a new best practice approach and new innovative technology. This white paper aims to explore these themes to help organisations develop a strategy that will aid them in maintaining continuous compliance.
16 February 2011

Finding Ways to Balance IT Risk and Productivity

While tools such as Web 2.0 applications, IM, P2P and portable USB media can be great for business innovation and productivity, they can introduce significant risks when not managed properly.
31 January 2011

Using the Power of the Cloud to Fight Web Threats

Interrupting information flows, which are increasingly transmitted over the internet, has become the prime focus for today’s financially motivated hackers. With web-based malware threats becoming more complex and sophisticated, trying to counter them with software deployed within an organization is becoming a growing headache.
26 January 2011

FREE Security essentials – Small Business Security Guide

Small businesses can suffer hours of downtime per year for every computer used in their company, whilst the last two years have seen identity and information theft become the top security concern for the majority of business owners.
22 December 2010

Enterprise Authentication: Increasing security without breaking the bank

Enterprise authentication used to be simple: passwords for everyone, expensive tokens for a small number who work remotely. But the world is changing. Experts agree that username/password authentication does not provide enough protection against unauthorized access. CIOs are challenged to increase authentication security while preserving operational and budget efficiency. Organisations need stronger forms of authentication that are easy to use and less costly to purchase, deploy and maintain than traditional “one-size-fits-all” options.
15 November 2010

The in's and out's of content filtering

Dr. Eugene Schultz, Chief Technology Officer, Emagined Security presented at our webinar titled ‘Unifying inbound and outbound content control: Secure your organisation’s web and email traffic’. This is the presentation that he gave.
07 July 2010

Data Protection and Compliance in Complex Environments

Today's businesses are often under the gun to meet certain data protection requirements. Unfortunately, many companies lack a cohesive strategy for assimilating, managing, and protecting that data. New regulatory requirements are often placed upon businesses with stiff penalties for noncompliance, with equally demanding deliverable dates. Global organizations are even more complex due to international laws. In Data Protection and Compliance in Complex Environments: The CSO Executive Series by information security expert and author Kevin Beaver, readers will learn how to clearly classify, protect, and report on critical data that requires the highest due diligence and protection efforts.
16 June 2010

Shopping for a Security File Transfer Solution for Retail

Retailers and merchant service providers are under increasing pressure to adhere to PCI DSS in an effort to avoid costly fines — and the even more detrimental loss of customer confidence that results from data leakage or data breaches.
11 May 2010

Case Study: File Transfer Solution To Protect Law Firm's Confidential Data

USB flash drives, removable disk drives and cell phones are making it easier than ever for employees who need to transfer large files – and harder than ever for companies to monitor and protect sensitive information.
11 May 2010

Cashing in on Banking Security and Compliance

With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions that protect sensitive financial information along with their reputations and industry competitiveness.
10 May 2010

When Web 2.0 Becomes Security Risk 2.0

Hackers are manipulating the trusted nature of Facebook, MySpace and other social networks to launch exploits and spread malware attacks.
08 April 2010

Desktop Software Lockdown: Prevent Targeted Attacks

Preventing the installation and execution of unauthorized software should be a high priority for any IT security conscious organization. Allowing users to install or execute unauthorized software can expose an organization to a variety of security and legal risks, not to mention the burden of increased support costs. This paper will compare and contrast a variety of techniques for detecting and preventing unauthorized code.
07 April 2010

The Essential Series - Security Information Management

Maintaining information security is a multi-faceted operation that is best managed with a single comprehensive strategy rather than mix of tactics based on whatever point solutions are already deployed. Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM.
15 December 2009

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics.
15 December 2009

Jon Ramsey Podcast Transcript

In this podcast transcript, Jon Ramsey, Chief Technology Officer at SecureWorks, addresses an array of security issues currently facing businesses, including security in the cloud, insider attacks, securing mobile devices and how to manage spam and malware.
15 December 2009

Cloud Application Security

Cloud computing promises to deliver IT infrastructure services via the Internet on an “as-needed, pay-per-use” basis. Cloud resources can be provisioned on-the-fly to support specific project needs, or they can be leveraged on a longer-term basis to add capability to an existing IT infrastructure. For some companies, cloud resources even serve as the entire IT infrastructure because of the ease and speed of deployment and cost-effectiveness compared to deploying an in-house infrastructure.
10 December 2009

The Challenges of Automated Application Assessments in a Web 2.0 World

This white paper, written by two security experts from Stach & Liu, Rob Ragan and Vincent Liu, describes the challenges of automated penetration testing or application scanning of Web 2.0 applications.
10 December 2009

Database Security and Compliance - Preparing for 2010 (Annual Study)

This study reveals some eye-opening database security and compliance trends based on research from 175 enterprise organizations.
10 December 2009

10-step Guide to Easy Data Loss Prevention

You know your organisation's data is its lifeblood, yet the protection of IP and sensitive information is all too often inadequate in today's networked world.
13 November 2009

The Latest ‘Blended Threats’

Blended threats are spam stealth attacks - moving undetected through your mail servers and blending in with all the other email - until they strike. They can compromise personal or corporate data, "recruit" computers into a network of bots, or initiate keystroke recording that collects passwords and other information.
13 November 2009

Protecting Your Network Against Web Attacks

The problem of Web-borne threats is not theoretical: millions of users have been impacted and the threat is getting worse. Today, Web threats are more numerous and virulent than those delivered in email, and it is easier to be infected by them.
13 November 2009

Combat Cybercrime, Demonstrate Compliance and Streamline IT Operations

As the first decade of the new century draws to a close, organisations are increasingly being asked to prove that they have achieved compliance - as well as actually complying with - a raft of relevant data and privacy protection.
06 November 2009

Oct. U.K. Threat Report

A new report based, provided by Eset, provides details on the changing threat landscape in the United Kingdom.
06 November 2009

Top 10 Global Threat Trends

This report, provided by Eset, offers an in-depth look at the top 10 malware threats through Sept.
06 November 2009

Validating the Business Benefits of Integrated Systems

IT organisations want to provide high-quality, low-cost technology services to business units as part of their basic mission. However, software complexity, manpower changes, mergers and acquisitions, and changing business requirements have complicated that mission. Trends such as managing mobility, virtualisation adoption, new and increasing compliance and governance requirements, and the need to modernise existing infrastructure add further complication to managing the IT environment.
27 October 2009

FTP: Enemy Within

Industry standards and government regulations such as Sarbanes-Oxley, PCI-DSS, HIPAA, Gramm-Leach-Bliley Act, and FISMA require organizations to constantly strengthen the protection of mission-critical information. With billions of dollars of annual losses attributed to security breaches, corporations are under pressure to eliminate non-secure legacy systems.
27 October 2009

Case Study: Continuous Compliance Across IT Systems

Capital Card Services provides credit card service management to financial and non-financial companies that desire to offer credit products and wish to outsource the necessary back office services.
22 October 2009

Configuration Control Proven Solution with Auditors and IT

More than 250 online sites entrust MarketLive to deliver stellar shopping experiences to their customers, necessitating both safeguards to protect cardholder information and compliance with industry regulations such as the Payment Card Industry’s Data Security Standard (PCI). With an increasing number of retailers facing PCI requirements, MarketLive decided to cre¬ate a strategic market advantage and become PCI compliant themselves.
22 October 2009

Managing the Process of PCI Compliance

Security threats are real-time and continual and changes occur overnight..
22 October 2009

Avoiding 7 Common Mistakes of IT Security Compliance

Compliance is a key driver for deployment of IT security controls, and many organisations are pursuing automation to improve accuracy and lower costs of fulfilling requirements. Automating controls is not just laudable – it’s essential for finding and fixing a myriad of vulnerabilities that enable criminals to breach enterprise IT, disrupt electronic business processes, and steal confidential business and customer data.
21 October 2009

PCi Compliance for Dummies

Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) is mandatory if your company stores, processes, or transmits payment cardholder data. This reference source, provided by Qualys, is all about understanding PCI and how merchants can comply with its requirements.
21 October 2009

Buyer's Guide: Enterprise PBX

Premise-based IP PBXes (Internet Protocol Private Branch eXchanges) are changing how businesses implement and use their voice communications.
21 October 2009

Comparison Guide: IP Phones

Compare side-by-side functionalities of seven leading IP phones.
21 October 2009

Beyond PCI Checklists: Securing Cardholder Data with Enhanced File Integrity Monitoring

How do organisations pass their PCI DSS audits yet still suffer security breaches? Paying attention to PCI DSS checklists only partially secures the cardholder environment.
16 October 2009

ITCi White Paper: Challenges and Opportunities of PCI

Learn how to align PCI compliance with business processes for a more streamlined and reliable IT infrastructure with this whitepaper from the IT Compliance Institute.
16 October 2009

Every Man’s Guide to Combat Threats within Your Organization

With an increasing mobile force using a variety of wireless devices to access the Internet and download applications, confidential information becomes more easily accessible to hackers. This has complicated the job of information security professionals and raised awareness of how vulnerable mobile computing devices can be.
14 October 2009

Log Management - How to Develop the Right Strategy for Business and Compliance

From compliance requirements to data gathering for forensic purposes, companies have opened up the floodgates to log data. Based on audit findings and internal investigations, they have deployed expensive technologies and lots of personnel without a full understanding of what to log and why. Companies and organizations need a log management strategy that combines requirements from auditors with a process for the security team based on risk to gain better visibility into log data.
13 October 2009

Data Loss Prevention (DLP) Technology: Realizing Enhanced Productivity and Timely ROI

The conclusion is quite clear: companies cannot afford data loss, however caused. Prevention becomes a priority in the strategy to data loss. DLP comes down to reducing the risks of information loss by locating and controlling sensitive data.
08 October 2009

Reversing the rise of the surveillance state: 11 Measures to Protect Personal Privacy and Hold Government to Account

At the Infosecurity Virtual Conference 2009, Eleanor Laing, Conservative MP, presented in our session, 'Infosecurity in government: What's going wrong, and how to fix it'. This download is the Conservative policy paper, titled Reversing the rise of the surveillance state.
29 September 2009

Advances in Endpoint Security

The past few years have witnessed several highly publicized cases of security breaches at major corporations. These high-profile incidents have emphasized the need to protect and control sensitive corporate information within the enterprise environment. As more data resides at the endpoint, administrators are being forced to defend a new architecture that has critical corporate resources dispersed around the globe.
01 September 2009

Endpoint Security: A Timely Warning for Today’s Economic Climate

The responses received in a recent IDC survey regarding corporate IT security give rise to serious concerns about the pace at which enterprises are responding (or are able to respond) to the growing security threat to the endpoints of their IT infrastructure. In particular, the responses show that enterprises appear to be falling behind in the following areas: HIPS usage, layered protection, mobility security.
01 September 2009

5 Ways to Reduce IT Audit Tax

Organizations oftentimes spend upwards of 50% more on compliance efforts than necessary. This is due to the inefficient deployment of resources and manpower to satisfy the burgeoning set of internal and external compliance and audit mandates. This whitepaper outlines five ways to streamline compliance efforts and thereby reduce the IT audit tax.
26 August 2009

Web Use and the Risk to Business

White paper reports on new Web threats and what’s being done to defend businesses.
18 August 2009

Image Spam: The Threat Returns

White paper reports on severity of email/web-borne threat and offers solutions for exposing it.
18 August 2009

Reducing Vulnerability to Downtime

White paper reports on technology which complements data resiliency and recovery strategies.
18 August 2009

Continuous Data Protection

White paper offers insight into technologies enabling quick, easy data recovery to any point in time
18 August 2009

Effective Insider Threat Management

White paper offers practical advice to ensure success.
18 August 2009

Cut the Chaos from Firewall Management IDC examines "A Life Cycle Approach for Network Security Management"

IDC examines the challenging process of firewall operations and the growing need for an automated approach to controlling and analyzing network security changes and configuration management processes throughout their entire life cycle.
07 August 2009

Guide to Evaluating Two-Factor Authentication Solutions

Passwords are a known weak link and continue to be exploited at alarming rates, making two-factor authentication mandatory for many organizations. Whether you’re planning to implement two-factor authentication for the first time or are looking to expand or upgrade your current implementation, this whitepaper will help you choose the two-factor solution that is right for your business.
31 July 2009

Understanding the Critical Role of Device Management and Security in Your Business' Mobile Strategy

As businesses embrace mobility, IT professionals are facing new challenges. But gone are the days when stodgy IT departments would fight this business imperative. Most organisations today are simply trying to get smarter about how to manage and secure their increasingly mobile population and distributed assets.
22 July 2009

The Total Cost of Email: Putting a Price Tag on Your Email Environment

You can’t afford to ignore email archiving, security, internal policy or regulatory requirements, but can you afford to keep paying for it as multiple systems on top of your email system?
17 July 2009

Achieving Compliance with GSi Code of Connection (CoCo) with Lumension® Solutions

To develop the necessary trust and confidence within the Public Sector communities and between Government and the citizens, a common approach to risk management and the implementation of anInformation Assurance framework becomes increasingly important.
16 July 2009

Spam; Viruses; Data Loss; Use Policy; Where to begin?

The IT threat landscape is evolving. Organised crime is involved & it’s big business. Criminals are hunting for confidential business data & the techniques they employ are increasingly complex.
01 July 2009

Tokenless Two-Factor Authentication: It Finally Adds Up

For most companies, information security is a top priority. Demand for protecting data and employee confidentiality is continuing to grow, especially in industries that require a regulatory-compliant environment. However, applying user names and passwords for authentication is insufficient.
25 June 2009

New Data Storage Options & Services

The archiving market continues to expand as ‘cool’ vendors enter with new storage options and services that make archiving more cost-effective and ease the migration of older data.
17 June 2009

Preventing Data Breaches in Privileged Accounts Using Access Control

It is critical that organizations are proactive in their approach to mitigating insider threats. Week-after week there are disturbing, déjà vu-like stories of significant data breaches, arrests connected to insider attacks, or investigation reports emphasizing the necessity to control privileged accounts that hold highly sensitive data.
16 June 2009

State of Resilience & Optimization on IBM Power Systems

This report includes the input of over 2,000 companies running AIX and IBM i (i5/OS) environments regarding their data protection, recovery and optimization technologies and strategies.
11 June 2009

Portable Panic: Evolution of USB Insecurity

Once a mere novelty peripheral, USB storage devices are now as common as the mouse and keyboard. Analysts say by 2010 the market will have shipped 2.8 billion USB-enabled devices. Unfortunately, even as USB devices have evolved into useful storage media, they’ve also turned into a security nightmare for organisations.
05 June 2009

Turning the Spotlight on IT’s Dirty Little Secret: Securing the Common Point of Failure in IT Risk Controls

The rise of identity and access management has revolutionized how the enterprise defines a key domain of IT risk control. Access management has become a cornerstone of best practice in IT governance, risk and compliance control — except for the most important access of all, the privileged user for shared administrative accounts, and the embedded application identities found within applications, scripts and application servers.
01 June 2009

Document Security: A Guide to Securing Your Documents

When you talk about document security, there are many different ideas as to what security is actually wanted or needed. But the important question is, “what are you trying to achieve?”
01 June 2009

10 Things You Really Wished You had Known about PDF Security

Is the PDF security software you are looking to purchase really secure? If the PDF security software you are evaluating can be simply broken, then you might as well save your money.
01 June 2009

Outthink the Threat

eBook reports on how data-stealing malware is thwarting enterprise security, and offers solutions to combating these threats.
19 May 2009

Reducing the Cost of Achieving PCI Compliance with Lumension® Compliance and IT Risk Management

This whitepaper will examine PCI DSS and explain how Lumension® Compliance and IT Risk Management can help organizations reduce the cost of addressing compliance by streamlining and automating the IT audit process, unifying control and compliance frameworks, automating assessment and remediation processes, and enabling continuous monitoring of their compliance and IT risk management posture.
15 May 2009

Realising Compliance

White paper addresses new approach to protecting data, assets and IP.
17 April 2009

The Security Implications of Web 2.0

The collaborative benefits of Web 2.0 technologies have fueled rapid growth in online consumer markets and now are being adopted by businesses worldwide. With these technologies come new types of attack vectors.
08 April 2009

The Web Hacking Incidents Database 2008: Annual Report

The much anticipated Breach Security Lab’s Web Hacking Incidents Database (WHID) 2008 Annual Report is ready for download.
07 April 2009

Vulnerability assessment strategies revealed: a primer for novices and further education for experts

Vulnerability assessment is a complex and wide-ranging subject. This timely and informative white paper will help you understand the subject and learn how to cost-effectively implement the IT security strategy within your organisation. Written by Information security industry veteran Bigfix, this paper will be a valuable addition to your educational resources - download it today.
06 April 2009

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×