Recommended

Protecting endpoints everywhere

Read this ebook and learn how to provide your first and last lines of defense for today’s threats, anywhere users go.

Featured

Whitepapers are partner-offered informational research documents that provide technical and operational data, case studies, and timely views and explanations to help keep your organization safe.


State of Software Security 2017

This report provides a clear picture of the security industry’s software security risk. Download the report to identify trends in vulnerability types, policy compliance, development practices, and more across multiple industries.

Get the Most From Your Software Development Testing Budget

For many organizations, the budgeting process for next fiscal year is underway. While we can't give you more money, we can share this Gartner research report with recommendations for maximizing your spend and increasing impact.

7 Ways to Improve Your Security Incident Response

Traditional ways of managing incident response are no longer scalable and many security teams hit a wall. This paper covers nine ways to get your security incident response program moving towards a sustainable solution.

Gartner: Taking a Pragmatic Approach to Infrastructure Security for Midsize Enterprise

How can IT and security leaders with limited resources combat advanced security threats? Download the full report to get Gartner’s recommendations.

Osterman Research: Best Practices in Dealing with Phishing and Ransomware

DomainTools teamed up with Osterman research to better understand Phishing and Ransomware attacks, and more importantly how to minimize risk against these types of attacks.

Whitepapers

Whitepapers are partner-offered informational research documents that provide technical and operational data, case studies, and timely views and explanations to help keep your organization safe.

2017 Email Fraud Landscape

Email authentication can help mitigate email fraud, but only a tiny percentage of domain owners are taking advantage. This survey provides data on the vulnerability to fraud of the most popular 1 million email domains.

The DMARC Challenge for Federal Agencies

The ValiMail Government Report includes 15 pages of detailed information on the challenges and opportunities federal agencies will face in complying with the DHS directive to implement DMARC.

Gartner: Securing Cloud-based Email

Download this whitepaper to learn how utilizing artificial intelligence and machine learning can provide advanced protection against ransomware, phishing, spear phishing, and other email-borne threats.

SIEM + Threat Intelligence: Quickly Identify the Threats that Matter to You

Download this white paper to learn how security organizations can enhance their SIEM with threat intelligence to gain a fuller understanding of threats, eliminate false positives, and form a proactive, intelligence-driven defense.

6 Easy Ways to Advance Your Cybersecurity Program When You Have a Small Team

Download this white paper to learn six steps you can take to enhance your ability to ingest, store, and prioritize threat data, develop intelligence-driven processes to automate manual tasks, and streamline your work flow.

Maturing a Threat Intelligence Program

Whether you are getting started or seeking to expand a Threat Intelligence program, download this whitepaper to receive a guide to understanding where your organization resides on the path to a mature threat intelligence program.

Smarter = Faster: Security Orchestration with Threat Intelligence

Understand how you can make smarter decisions to move faster — both blocking an adversary and disrupting them altogether — by using orchestration with intelligence.

SANS Institute: A DevSecOps Transformation

Many executives believe the shift to agile business will disrupt their industries, driving the move to Continuous Integration and Deployment. This infographic gives you seven InfoSec imperatives to help your transformation.

The DevSecOps Approach to Securing Your Code and Your Cloud

Having infosec, app dev, and IT ops immersed in all development activities makes it easier to integrate controls into the pipeline without causing delays. This paper walks you through those policies and guideline processes.

Cloud Security Survey: 2017 Results

A yearly survey is conducted with the 350,000+ members of the LinkedIn InfoSec Community on the state of cloud security. This year's results explores many topics, from adoption barriers and benefits to paths to stronger security.

A New Approach for Securing DevOps Environments in the Cloud

Today, high-performing teams deploy IT infrastructures on demand and can make changes in less than an hour. This rapid pace leaves security teams behind, and the massive gap puts companies at risk.

Seven Decision Points When Considering Containers

This paper has identified 7 key decision points that should be considered when choosing to deploy to containers. These 7 decision points can act as guideposts that will help point you in the right direction for using containers.

Preparing for the New OWASP Top 10

Defending against the OWASP Top 10 is one piece of a defense-in-depth strategy that will help you ensure the confidentiality, integrity, andavailability of your apps, your data, and your business.

From DDoS to Digital Point of Sale: Bots Mean Business

As bot technology, machine learning, and AI continue to evolve, so will the threats they pose. Preparing your organization to deal with the impact of bots is essential to developing a sustainable strategy.

Credential Stuffing: A Security Epidemic

By combining user training, strong corporate policies, a robust firewall, and a centralized authentication and authorization gateway, organizations can mitigate today’s increasingly powerful credential stuffing attacks.

The Evolving Role of CISOs and their Importance to the Business

This report presents consolidated global findings to better understand the nature of the CISO role and reveal insights, challenges, and approaches to security strategy in today's global threat landscape.

How Quantum Computing Will Change Browser Encryption

This report highlights the distinction between quantum computing and quantum encryption and identifies the current amount of quantum computing exposure and how it will affect TLS.

Threat Analysis Report: The Hunt for IoT and the Rise of Thingbots

This report focuses on the development of what are now call “thingbots,” botnets built exclusively from IoT devices. These thingbots can launch attacks, host trojans, collect credentials, and will be the host of future darknets.

Using Security Metrics to Drive Action

This eBook explores the importance of actionable security metrics, both for operations and strategy. Gain insight into best practices and lessons learned from infosec leaders, representing diverse industries and perspectives.

Protecting endpoints everywhere

Read this ebook and learn how to provide your first and last lines of defense for today’s threats, anywhere users go.

Veracode Secure Development Survey

Read the survey results here for info on what developers and development teams are saying about their daily challenges and the current state of secure development.

State of Software Security 2017

This report provides a clear picture of the security industry’s software security risk. Download the report to identify trends in vulnerability types, policy compliance, development practices, and more across multiple industries.

So Long, and Thanks for All the Phish

Defending against ransomware is a thankless business, since it generally is identified only after a breach. While phishing continues to be a popular delivery mechanism for ransomware, there are steps you can take today.

Five Steps to Building a Successful Vulnerability Management Program

Download this whitepaper to learn how to align your remediation and response actions with business priorities, reduce conflict between IT groups, and provide reliable information on the security state of your complete environment.

13 Essential Steps to Meeting the Security Challenges of the New EU GDPR

Download this paper to help prepare for compliance with GDPR. Written for infosec leaders, it begins with a brief overview of GDPR, and covers a glossary of key concepts and 13 steps to ensure compliance.

IDC: Leveraging Cloud to Achieve Comprehensive Asset Visibility, Tracking, & Security

Download this IDC Technology Spotlight to examine the evolution of vulnerability management and get an overview of the benefits and challenges of cloud-based security and vulnerability management.

Frost & Sullivan: 2017 Global Continuous Network Security Monitoring

Download this Frost & Sullivan report for their annual recognition of security vendors that are industry leaders in their ability to scout and detect unmet customer needs and proactively address them with disruptive solutions.

Forrester: Vendor Landscape - Vulnerability Management, 2017

Download this Forrester report for an overview of the vulnerability management vendor landscape, as well as inisghts into trends that directly affect and enable your business.

Guide to Antivirus (AV) Replacement: What You Need to Know

Before initiating a change from your current AV solution, read this guide to learn how to plan an AV replacement project and the critical elements to consider.

SANS: Results of the SANS evaluation of the CrowdStrike Falcon platform

You won’t want to miss this report, “A New Era in Endpoint Protection: A SANS Product Review of CrowdStrike Falcon Endpoint Protection,” where SANS reveals the results of their evaluation of the CrowdStrike Falcon® platform.

The Rise of Machine Learning (ML) in Cybersecurity

This white paper explains machine learning (ML) technology — what it is, how it works and why it offers better protection against the sophisticated attacks that bypass standard security measures.

Who Needs Malware? How Adversaries use Fileless Attacks to Evade Your Security

Read this whitepaper for important information to successfully defend against fileless attacks, including the anatomy of an intrusion, how they exploit trusted systems, and what can be done to defend against fileless attacks.

Definitive Guide to Email Security Strategy

Download this guide for a review of email security best practices. You’ll learn how to prevent the top email fraud tactics, including Business Email Compromise techniques, Advanced Malware and Ransomware, and Outbound Phishing.

Getting Started with DMARC

Are you prepared to fight email fraud? Download this guide to getting started with DMARC to learn what DMARC is and how it works, key stats and success stories, and step-by-step implementation instructions.

Endpoint Detection and Response: Automatic Protection Against Advanced Threats

This white paper explains the importance of EDR, and describes how various approaches to EDR differ, providing guidance that can help you choose the product that's right for your organization.

The Five Essential Elements of Next-Generation Endpoint Protection

This whitepaper offers guidance on how to see through the hype and understand the critical must-have elements that meet true next-generation criteria and set a new standard in EPP.

A Deep Dive into Ransomware’s Evolution

This white paper offers in-depth analysis of Ransomware and explains why organizations can’t afford to ignore this increasingly challenging cyber threat.

Carpe Diem: How to Seize the Phish

This white paper covers important information regarding phishing trends, tactics, and strategies that will inform your defense against phishing attacks and teach you how to seize the phish.

The Rise of Threat Hunting and Why it Matters

Learn why threat hunting is an important way to change the way organizations design their cybersecurity operations. This white paper will cover real world examples, successful traits, and how to measure threat hunting maturity.

Why Retailers Are Losing the Fight Against Online Counterfeiting

In this report, security researchers reveal how cybercriminals are exploiting DNS to commit fraud, using cheap domains to lure unsuspecting consumers to buy knock-off luxury goods, as well as how retailers can minimize risk.

2017 Cybersecurity Report Card

Read the results of this survey to understand the current state of maturity of security teams and professionals, and uncover important data surrounding frequency of malicious activity, products leveraged, and impact of automation.

Survey Report: 2017 Threat Monitoring, Detection and Response

Read this report to uncover important data surrounding the top security challenges of 2017, their security business impact, and a cyber attack outlook.

Survey Report: 2017 Threat Hunting Survey

This survey report provides insight into important data surrounding the frequency of threats in 2017, the benefits of threat hunting platforms, and organization's overall confidence in their ability to uncover advanced threats.

Osterman Research: Best Practices in Dealing with Phishing and Ransomware

DomainTools teamed up with Osterman research to better understand Phishing and Ransomware attacks, and more importantly how to minimize risk against these types of attacks.

Introducing Security Champions to the DevSecOps Life Cycle

Developers are familiar with their organization’s software. They also have an understanding of the technical issues and challenges that the organization faces. That’s why you should recruit your developers as Security Champions.

The Developer's Guide to Software Integrity

If software doesn’t function as advertised, users may shop around for a more reliable product. Read this eBook to gain actionable insights enabling to understand how to face these challenges head on while empowering developers.

Stop the Cybersecurity Guessing Game

Too many organizations are not making investment and risk management decisions based on empirical evidence. Download this white paper to find solutions to empower your security team to make purchasing decisions based on facts.

Vendor Risk Management: How To Get Better Visibility

How well do you know your vendors and the risk they pose? The scope of vendors you need to assess is rising constantly. At the same time, there is more scrutiny than ever on data security and privacy.

How to Implement NIST CSF: A 4-Step Journey to Cybersecurity Maturity

NIST CSF can help CISOs understand their organization’s capabilities across the cybersecurity lifecycle. The process is a journey that involves making improvements over time. This whitepaper provides insight into best practices.

4 Critical Elements of a Successful GRC Implementation

This paper will tackle four of the biggest challenges organizations face when trying to implement a GRC platform to help you avoid common pitfalls.

EBooks, editorially produced by SC Media

SC eBooks are independent, editorially driven products, sometimes underwritten by sponsors, that offer in-depth analysis of critical areas of interest to our readers. These comprehensive reports provide insights from industry experts specializing in the various aspects of data security, and hands-on analysis by CISOs of companies addressing these challenges on a daily basis.

Bank Fraud for the Holidays

There was a time when criminals robbed banks because that's where the money was. Today, stealing from banks is more enticing with more than a savings account at stake -- the entire SWIFT system is vulnerable. Check out our report.

GDPR: Conflicted Compliance

GDPR is all about privacy, but some of the EU rules are in conflict with US laws and regulations.

How will this all play out? We provide insights on this conundrum.

AI: Utopia or dystopia?

Today AI is being used to find vulnerabilities in software and systems before the attackers do so, enabling defenders to be proactive in finding zero days and potential Patient 0 victims. We explain how this works.

Beware the Insidious IoT Devices

As security professionals determine how to protect IoT devices, end users still add more vulnerable devices to their networks. When do you draw the line? Listen to some security execs who have and are facing just that decision.

Romancing the Blarney Stone

As identity and access management becomes more sophisticated, companies need to ensure they have both the technology and the staff to make them work. If not, the technologies become solutions without a problem. So what’s next?

Bits in a Box: Containers, a UNIX one-trick pony, make a comeback

The container-vs-virtual machine debate confirms one important sea change for security professionals: containers are back from their UNIX heyday, bringing speed and scalability to cloud-based applications and development.

Managing Threats

As data threats change, CISOs must determine if their company is prepared. This ebook looks at how threat management is changing and why security that worked a few years ago might be insufficient in today’s threat landscape.

Cloud-based Backup: Surviving Ransomware

This SC Media eBook provides practical advice on protecting your network from the next WannaCry-like attack.

Normalizing Behavioral Analytics

Understanding how and why your employees act the way they do can reduce the potential for insider attacks and potential losses. Behavioral analytics helps identify and reduce potential losses. Here’s how it works.

It's Classified

This eBook looks at who determines who classifies the data and who implements the security around classifications.

Threat Intel: Know Your Enemy

This eBook looks at threat intelligence techniques used to detect cyberespionage and provides recommendations on what companies can do immediately to reduce exposure. Threat intelligence can be key to reducing your attack profile.

Predicting the future (ATTACK): Is predictive analytics in your data center's future?

Big Data is everywhere, greatly expanding the potential for predictive analytics. This ebook looks at how predictive analytics works and how machine learning can spot trends long before a human might see a vulnerability.

Defending the elusive Endpoint

How do CISOs defend against endpoint attacks? This ebook looks at capabilities of basic endpoint security, as well as addresses how CISOs can defend against more sophisticated attacks, such as ransomware, spear phishing and APTs.

Snakebit at the GRC Corral

This eBook looks at how managing the three legs of the GRC stool will keep a company from violating regulations while reducing risk and improving security.

SC Media eBook on Incident Response

This eBook looks at the first 9 essential steps you need to take immediately upon finding a breach. Miss one of these steps and you could be looking at long-term problems.

Application security: Applications are the new network-edge device eBook

Cybersecurity pros steeped in endpoint and network security must expand their expertise into applications – and developers need to come to grips with their own security challenges.

SC Media eBook on DDoS

This eBook will look at modern defensive measures organizations can employ to protect themselves from these relatively inexpensive and easily exploitable attacks and new defenses that will be available shortly.

Data loss prevention: Best practices for making attackers’ efforts unproductive.

This eBook looks at today’s best practices for making the attackers’ efforts unproductive.

SC Media eBook on Encryption

With all the current talk about Apple, Safe Harbor and other encryption issues, this eBook will look at the state of encryption and how it has become as much a business issue as it is a security one.

Cyber insurance

Cyber insurance is a volatile industry with lots of confusion about what’s covered and what’s not. A recent Appeals Court case for the 4th District ruled that general business insurance addresses cyber breaches, while some...