loading content...

Application Security

  • Securing Enterprise Applications
  • Secure Agile Development
  • Pragmatic WAF Management: Giving Web Apps a Fighting Chance
  • 2014 Open Source Development and Application Security Survey Analysis
  • Security Analytics with Big Data
  • Defending Against Application Denial of Service Attacks
  • API Gateways: Where Security Enables Innovation
  • Securing Big Data: Recommendations for Securing Hadoop and NoSQL
  • Building a Web Application Security Program

Cloud and Virtualization

  • Pragmatic Security for Cloud and Hybrid Networks
  • The Security Pro’s Guide to Cloud File Storage and Collaboration
  • The Future of Security: The Trends and Technologies Transforming Security
  • What CISOs Need to Know about Cloud Computing
  • A Practical Example of Software Defined Security
  • Defending Cloud Data with Infrastructure Encryption


  • EMV Migration and the Changing Payments Landscape
  • Tokenization vs. Encryption: Options for Compliance
  • Tokenization Guidance
  • Data Encryption 101: A Pragmatic Approach to PCI

Data Security

  • Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications
  • Trends in Data Centric Security White Paper
  • Defending Data on iOS 7
  • Dealing with Database Denial of Service
  • Understanding and Selecting a Key Management Solution
  • Pragmatic Key Management for Data Encryption
  • Understanding and Selecting Data Masking Solutions
  • Implementing and Managing a Data Loss Prevention Solution
  • Understanding and Selecting a Database Security Platform
  • Understanding and Selecting a File Activity Monitoring Solution
  • Database Activity Monitoring: Software vs. Appliance
  • The Securosis 2010 Data Security Survey
  • Understanding and Selecting a DLP Solution
  • Understanding and Selecting a Tokenization Solution
  • Understanding and Selecting a Database Encryption or Tokenization Solution
  • Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0)
  • Database Assessment
  • Selecting a Database Activity Monitoring Solution
  • Report: Content Discovery Whitepaper

Endpoint Security

  • Endpoint Defense: Essential Practices
  • The 2015 Endpoint and Mobile Security Buyer’s Guide
  • Advanced Endpoint and Server Protection
  • Reducing Attack Surface with Application Control
  • The 2014 Endpoint Security Buyer’s Guide
  • The Endpoint Security Management Buyer’s Guide
  • Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks
  • White Paper: Endpoint Security Fundamentals
  • Best Practices for Endpoint DLP

Identity and Access Management

  • Identity and Access Management for Cloud Services

Network Security

  • Network-based Threat Detection
  • Security and Privacy on the Encrypted Network
  • Defending Against Network-based Distributed Denial of Service (DDoS) Attacks
  • Firewall Management Essentials
  • Network-based Malware Detection 2.0: Assessing Scale, Accuracy and Deployment
  • Network-based Threat Intelligence: Searching for the Smoking Gun
  • Defending Against Denial of Service (DoS) Attacks
  • Network-Based Malware Detection: Filling the Gaps of AV
  • Applied Network Security Analysis: Moving from Data to Information
  • Fact-Based Network Security: Metrics and the Pursuit of Prioritization
  • Network Security in the Age of *Any* Computing
  • Understanding and Selecting an Enterprise Firewall

Project Quant

  • Malware Analysis Quant
  • Measuring and Optimizing Database Security Operations (DBQuant)
  • Network Security Ops Quant Metrics Model
  • Network Security Operations Quant Report
  • Project Quant Survey Results and Analysis
  • Project Quant Metrics Model Report

Security Management

  • Applied Threat Intelligence
  • Monitoring the Hybrid Cloud: Evolving to the CloudSOC
  • Leveraging Threat Intelligence in Incident Response/Management
  • Leveraging Threat Intelligence in Security Monitoring
  • Security Management 2.5: Replacing Your SIEM Yet?
  • Eliminate Surprises with Security Assurance and Testing
  • Security Awareness Training Evolution
  • Continuous Security Monitoring
  • Threat Intelligence for Ecosystem Risk Management
  • The CISO’s Guide to Advanced Attackers
  • Building an Early Warning System
  • Implementing and Managing Patch and Configuration Management
  • Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform
  • Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management)
  • Security Management 2.0: Time to Replace Your SIEM?
  • Security Benchmarking: Going Beyond Metrics
  • React Faster and Better: New Approaches for Advanced Incident Response
  • Monitoring up the Stack: Adding Value to SIEM
  • Understanding and Selecting SIEM/Log Management
  • The Business Justification for Data Security

Web and Email Security

  • Quick Wins with Website Protection Services
  • Email-based Threat Intelligence: To Catch a Phish
Featured Article

One of the bigger issues when migrating to the cloud is translating and extending your existing security controls, especially our old friend, network security. While cloud networking may resemble what we are used to, under the covers it behaves, and is managed, very differently. This paper covers the fundamentals and provides practical advice for managing cloud network security, including specifics for major cloud providers.

Over the last few decades we have been refining our approach to network security. Find the boxes, find the wires connecting them, drop a few security boxes between them in the right spots, and move on. Sure, we continue to advance the state of the art in exactly what those security boxes do, and we constantly improve how we design networks and plug everything together, but overall change has been incremental. How we think about network security doesn’t change – just some of the particulars.

  • Application Security

  • Cloud and Virtualization

  • Pragmatic Security for Cloud and Hybrid Networks
  • Compliance

  • EMV Migration and the Changing Payments Landscape
  • Data Security

  • Endpoint Security

  • Identity and Access Management

  • Network Security

  • Network-based Threat Detection
  • Project Quant

  • Security Management

  • Applied Threat Intelligence
  • Web and Email Security