Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Solving Security: Repetition or Redundancy?
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
In 2019, Cryptomining Just Might Have an Even Better Year
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
Stay Ahead of the Curve by Using AI in Compliance
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Embracing DevSecOps: 5 Processes to Improve DevOps Security
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
DIY Botnet Detection: Techniques and Challenges
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
A 'Cloudy' Future for OSSEC
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
Secure the System, Help the User
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
To Mitigate Advanced Threats, Put People Ahead of Tech
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Why Cybersecurity Burnout Is Real (and What to Do About It)
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
Security Analysts Are Only Human
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
9 Years After: From Operation Aurora to Zero Trust
How the first documented nation-state cyberattack is changing security today.
The Anatomy of a Lazy Phish
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
Making the Case for a Cybersecurity Moon Shot
There are severe and unsolved problems in our industry that justify a sustained effort and substantial investment. It's worth picking one.
Security Leaders Are Fallible, Too
Security leaders set the tone for their organizations, and there are many places where the process can go wrong. Second in a six-part series.
Privacy Ops: The New Nexus for CISOs & DPOs
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
White-Hat Bug Bounty Programs Draw Inspiration from the Old West
These programs are now an essential strategy in keeping the digital desperados at bay.
Diversity Is Vital to Advance Security
Meet five female security experts who are helping to propel our industry forward.
How to Create a Dream Team for the New Age of Cybersecurity
When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.
5 Expert Tips for Complying with the New PCI Software Security Framework
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
Lessons Learned from a Hard-Hitting Security Review
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
Cybersecurity and the Human Element: We're All Fallible
We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.
Identifying, Understanding & Combating Insider Threats
Your organization is almost certainly on the lookout for threats from outside the company. But are you ready to address threats from within?
What the Government Shutdown Teaches Us about Cybersecurity
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
A Dog's Life: Dark Reading Caption Contest Winners
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
4 Payment Security Trends for 2019
Visa's chief risk officer anticipates some positive changes ahead.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
When there's a DDoS attack against your voice network, are you ready to fight against it?
4 Practical Questions to Ask Before Investing in AI
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
Mitigating the Security Risks of Cloud-Native Applications
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
Taming the Wild, West World of Security Product Testing
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
IoT Security's Coming of Age Is Overdue
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
KISS, Cyber & the Humble but Nourishing Chickpea
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.
|
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
