loading content...

Application Security

  • Understanding and Selecting RASP
  • Securing Hadoop: Recommendations for Hadoop Security
  • Building Security Into DevOps
  • Securing Enterprise Applications
  • Secure Agile Development
  • Pragmatic WAF Management: Giving Web Apps a Fighting Chance
  • 2014 Open Source Development and Application Security Survey Analysis
  • Security Analytics with Big Data
  • Defending Against Application Denial of Service Attacks
  • API Gateways: Where Security Enables Innovation
  • Securing Big Data: Recommendations for Securing Hadoop and NoSQL
  • Building a Web Application Security Program

Cloud and Virtualization

  • Building Resilient Cloud Network Architectures
  • Pragmatic Security for Cloud and Hybrid Networks
  • The Security Pro’s Guide to Cloud File Storage and Collaboration
  • The Future of Security: The Trends and Technologies Transforming Security
  • What CISOs Need to Know about Cloud Computing
  • A Practical Example of Software Defined Security
  • Defending Cloud Data with Infrastructure Encryption


  • EMV Migration and the Changing Payments Landscape
  • Tokenization vs. Encryption: Options for Compliance
  • Tokenization Guidance
  • Data Encryption 101: A Pragmatic Approach to PCI

Data Security

  • Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications
  • Trends in Data Centric Security White Paper
  • Defending Data on iOS 7
  • Dealing with Database Denial of Service
  • Understanding and Selecting a Key Management Solution
  • Pragmatic Key Management for Data Encryption
  • Understanding and Selecting Data Masking Solutions
  • Implementing and Managing a Data Loss Prevention Solution
  • Understanding and Selecting a Database Security Platform
  • Understanding and Selecting a File Activity Monitoring Solution
  • Database Activity Monitoring: Software vs. Appliance
  • The Securosis 2010 Data Security Survey
  • Understanding and Selecting a DLP Solution
  • Understanding and Selecting a Tokenization Solution
  • Understanding and Selecting a Database Encryption or Tokenization Solution
  • Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0)
  • Database Assessment
  • Selecting a Database Activity Monitoring Solution
  • Report: Content Discovery Whitepaper

Endpoint Security

  • Endpoint Defense: Essential Practices
  • The 2015 Endpoint and Mobile Security Buyer’s Guide
  • Advanced Endpoint and Server Protection
  • Reducing Attack Surface with Application Control
  • The 2014 Endpoint Security Buyer’s Guide
  • The Endpoint Security Management Buyer’s Guide
  • Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks
  • White Paper: Endpoint Security Fundamentals
  • Best Practices for Endpoint DLP

Identity and Access Management

  • Identity and Access Management for Cloud Services

Network Security

  • Shining a Light on Shadow Devices
  • Building Resilient Cloud Network Architectures
  • Network-based Threat Detection
  • Security and Privacy on the Encrypted Network
  • Defending Against Network-based Distributed Denial of Service (DDoS) Attacks
  • Firewall Management Essentials
  • Network-based Malware Detection 2.0: Assessing Scale, Accuracy and Deployment
  • Network-based Threat Intelligence: Searching for the Smoking Gun
  • Defending Against Denial of Service (DoS) Attacks
  • Network-Based Malware Detection: Filling the Gaps of AV
  • Applied Network Security Analysis: Moving from Data to Information
  • Fact-Based Network Security: Metrics and the Pursuit of Prioritization
  • Network Security in the Age of *Any* Computing
  • Understanding and Selecting an Enterprise Firewall

Project Quant

  • Malware Analysis Quant
  • Measuring and Optimizing Database Security Operations (DBQuant)
  • Network Security Ops Quant Metrics Model
  • Network Security Operations Quant Report
  • Project Quant Survey Results and Analysis
  • Project Quant Metrics Model Report

Security Management

  • Incident Response in the Cloud Age
  • Building a Threat Intelligence Program
  • Building a Vendor (IT) Risk Management Program
  • SIEM Kung Fu
  • Threat Detection Evolution
  • Applied Threat Intelligence
  • Monitoring the Hybrid Cloud: Evolving to the CloudSOC
  • Leveraging Threat Intelligence in Incident Response/Management
  • Leveraging Threat Intelligence in Security Monitoring
  • Security Management 2.5: Replacing Your SIEM Yet?
  • Eliminate Surprises with Security Assurance and Testing
  • Security Awareness Training Evolution
  • Continuous Security Monitoring
  • Threat Intelligence for Ecosystem Risk Management
  • The CISO’s Guide to Advanced Attackers
  • Building an Early Warning System
  • Implementing and Managing Patch and Configuration Management
  • Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform
  • Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management)
  • Security Management 2.0: Time to Replace Your SIEM?
  • Security Benchmarking: Going Beyond Metrics
  • React Faster and Better: New Approaches for Advanced Incident Response
  • Monitoring up the Stack: Adding Value to SIEM
  • Understanding and Selecting SIEM/Log Management
  • The Business Justification for Data Security

Web and Email Security

  • Quick Wins with Website Protection Services
  • Email-based Threat Intelligence: To Catch a Phish
Featured Article

So what is RASP? Runtime Application Self-Protection (RASP) is an application security technology which embeds into an application or application runtime environment, examining requests at the application layer to detect attacks and misuse in real time. RASP functions in the application context, which enables it to monitor security – and apply controls – very precisely. This means better detection because you see what the application is being asked to do, and can also offer better performance, as you only need to check the relevant subset of policies for each request.

  • Application Security

  • Understanding and Selecting RASP
  • Cloud and Virtualization

  • Building Resilient Cloud Network Architectures
  • Compliance

  • Data Security

  • Endpoint Security

  • Identity and Access Management

  • Network Security

  • Shining a Light on Shadow Devices
  • Building Resilient Cloud Network Architectures
  • Project Quant

  • Security Management

  • Incident Response in the Cloud Age
  • Building a Threat Intelligence Program
  • Building a Vendor (IT) Risk Management Program
  • SIEM Kung Fu
  • Web and Email Security