Infosecurity White Papers
Enterprise Application Security - The 5 Key Benefits of Source Code Analysis
Static Code Analysis is the technique of automatically analyzing the application’s source and binary code to find security vulnerabilities. Two categories exist in this realm: Binary Code Analysis (BCA) and Source Code Analysis (SCA).
The Human Factor: How Attacks Exploit People as the Weakest Link in Security
Get Insight into the ways attackers exploit end-users’ psychology. Learn how attackers exploit end-users have significant security implications for enterprise preparedness and defensive strategies.
Solution Brief: Are You Ready for the PCI DSS v3 Deadlines?
Are you one of those organizations that meet the PCI DSS requirements for keys and certificates using internal scripts or manual processes just in time for your next audit, after countless hours of preparation?
Gartner Paper: Predictive Defense and Real-Time Insight: The Next Step in Advanced Threat Protection
As clearly evidenced by the daily headlines about security breaches, traditional defense tools are failing to protect enterprises from advanced targeted attacks and new sophisticated forms of malware.
Broward College Increases Visibility, Control & Compliance with ForeScout CounterACT
Broward College needed a secure, efficient and flexible way to manage the personal and college-owned devices connecting to its network, spanning four campuses and seven satellite locations.
2014 Global Compliance: The legal obligations for encryption of personal data in the United States, Europe, Asia and Australia
Updated for 2014, this document examines the global legal obligations to encrypt personal data – included both national and industry drivers.
Secure Data Center Architecture for Today's Transformative IT Environment
Learn about Juniper Network's MetaFabric reference architecture to address your cloud, mobility and big data challenges which form part of your business drivers today.
IDG Survey: State of IT Cyber Defense Maturity
Download this global survey from over 1500 IT security professionals that sheds light on the state of cyber defense maturity. In addition to affording new incident and violation trends across industry and region, the results yield insights into IT security management capabilities, deficiencies and planned investments. See where your organization fits on the IT cyber defense maturity spectrum compared to your peers.
Server Data is the Main Target for Advanced Persistent Threats: THE CASE FOR A DATA-CENTRIC SECURITY MODEL
This white paper discusses why the old data security model no longer works, the inherent risks of APTs and why perimeter defenses alone are not sufficient to safeguard organizations against the current generation of security threats.
Ogren Group Report: Continuous Endpoint Compliance. Integrating Process, Policy and Technology to Preempt Threats and Reduce Costs
Many organizations spend millions on endpoint security tools – such as antivirus, encryption, data loss prevention (DLP), and so on – only to have end users turn off or disable those tools. Even in well-managed enterprises, host-based security tools typically do not work properly on at least 20% of systems.
Vormetric Insider Threat Report – European Edition (EMEA)
The 2014 Vormetric Insider Threat Report - European Edition represents the result of analysis of interviews with over 500 IT and Security managers in major European enterprises around the question of insider threats.
SHHHH… It’s SSH: The Keys to the Enterprise Left Under the Doormat (2014 Aberdeen Research Report)
There’s a secret lurking in almost every enterprise: access to the most sensitive data, servers and cloud using SSH is going unchecked. 64% of enterprises surveyed by Aberdeen Group have not established security policies for SSH and don’t have SSH security controls to protect sensitive access.
McAfee Labs Threat Report- (fourth quarter 2013)
Welcome to the McAfee Labs Threats Report: Fourth Quarter 2013. As we kick off the New Year, we take a fresh approach to our Threats Reports. Beginning with this edition, we present a shorter publication, with “Key Topics” covering top threats or security issues from the quarter. We also focus (on a rotating basis) on threat concerns surrounding the four IT megatrends: mobile, social, cloud, and big data. The report is now visually richer and easier to navigate.
You’re Already Compromised: Exposing SSH as an Attack Vector
Secure Shell (SSH) keys are an integral part of the digital world. It enables one system to access another remotely in a secure manner, enforcing authentication, authorization, and encryption of communications, Unfortunately, cybercriminals do take advantage of the trust that is established by SSH. Cybercriminals can use improperly secure SSH keys against organizations to gain access to critical systems and intellectual property that could damage a company’s brand and bottom line.
Top Ten Ways to Defend your Network against the Latest SSL Exploits
Staying on top of the latest web exploits can be a challenge for Network Admins who are worried about simply keeping up with all the day-to-day management tasks required by a complex environment. This whitepaper details many of the most recent popular SSL-related exploits that your network is likely vulnerable to, along with simple steps you can immediately take to protect yourself.
A Proper Foundation: Extended Validation SSL. A critical model for SSL digital certificates and browser trust
To bolster consumer trust in the foundation of ecommerce, several CAs and browser vendors came together to establish a higher security approach based on an advanced tier of SSL certificate with very high standards for validation and assurance. “Extended Validation” was the final name chosen for the new certificates by the CA/Browser Forum.
M-Trends: Beyond the Breach
Drawing from hundreds of real-world incident response engagements by Mandiant, a FireEye Company, the 2014 M-Trends Threat Report reveals key insights, statistics and case studies illustrating how the advanced persistent threat (APT) actors have evolved over the last year. According to the report, organizations are finding attackers sooner but are increasingly reliant on 3rd parties to notify them when they are breached. M-Trends provides hard data, vivid examples, and important context that speak to both laypeople and technical pros.
Seven Common Vulnerabilities: Is your Network at Risk?
The challenge of network security is amplified by the fact that many network admins only think about encryption and their SSL Certificates on an irregular basis. As seen with the Heartbleed bug, this can be detrimental to a company. This whitepaper touches on Heartbleed and some of the most common areas that companies inadvertently leave exposed to attackers.
Windows Least Privilege Management and Beyond
For Windows environments, it is critical that organizations can delegate administration and establish granular privileges quickly and efficiently to restrict administrators so they only access the servers and resources required to perform their job and only during the approved times to perform specific tasks.
Protect Your Data in the Cloud
Popular SAAS vendors are improving security features, but their solutions inherently silo data and restrict some of technology management’s ability to control the application. The complexity this creates will only expand as IT departments use more cloud services. Enter a new breed of security vendors that restore an ability to discover, analyze, and control corporate data in the cloud. This research report introduces a three-step approach to manage your firm’s data within the cloud, as well as new vendors and capabilities to consider in a successful cloud data management road map.
