What's the best way to define a "zero trust" approach to security? And what are the potential benefits? M.K. Palmore of Palo Alto Networks, a former FBI agent, offers insights on making the most of the approach.
Network detection and response, endpoint detection and response, and SIEM are the "visibility triad" of critical data sources for effective threat hunting and incident response, says Matt Cauthorn of Extrahop, who explains why.
Within a month, the U.S. Department of Homeland Security hopes to launch a program to help states protect voter registration databases and systems in advance of the 2020 presidential election. Security experts say that in light of recent ransomware attacks against units of government, the effort is overdue.
The Department of Health and Human Services has issued proposed changes to privacy rules related to the sharing of patient records created by federally assisted substance use disorder treatment programs. Do the proposals go too far, or not far enough?
Apple released a patch on Monday that fixes a bug it accidentally reintroduced in a previous patch update. The flaw allowed iOS enthusiasts to jailbreak their up-to-date devices, but also could have been put to malicious use by hackers.
Newer technologies, such as machine learning, can help mitigate the risk of ever more sophisticated email-based attacks, including phishing, says Dena Bauckman of Zix Corp.
Deception technology, adversary intelligence and early detection can help counter spoofing and phishing attacks, says Sal Stolfo, the founder and CTO of Allure Security.
In light of emerging cyberthreats, including ransomware, organizations must change how they assess their cyber insurance options, says Ken Suh of Beazley.
With new threats targeting the nation's critical infrastructure, partnerships among government and private-sector security professionals are more critical than ever, says Brian Harrell of the new U.S. Cybersecurity and Infrastructure Security Agency.
F. Ward Holloway of Forescout Technologies sorts through what he sees as common misconceptions about the "zero trust" approach to security, including the assumption that it can prove to be too costly and complex to implement.
Healthcare organizations must actively manage their in-house medical internet of things to ensure that they can provide high levels of patient care while minimizing the inevitable risks posed by internet-connected medical devices, says Fortified Health Security's Dan Dodson.
Today's machine-speed attacks require an autonomous machine-speed response to mitigate the risk, says David Masson of Darktrace, who offers strategic insights.
The payment card industry needs to do more to tackle the rising problem of fraud, says information security expert William H. Murray, pointing to the new Apple Card - which lacks the card number printed on it - as an example of how the industry must evolve. But numerous cultural challenges remain, he says.
When crafting an identity and access management strategy, organizations need to balance the need for improved security with giving employees the freedom they need to do their jobs, says John Bennett of LastPass by LogMeIn.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.