InformationWeek: The Business Value of Technology

For most organizations, the imminent danger that advanced persistent threats pose has been relatively low. That’s changing as attackers’ ­target base widens, their knowledge grows and their cyber weapons trickle down to the hacker masses. In this Dark Reading report, we ­examine the current APT landscape and provide recommendations for protecting your organization against this growing concern.

There’s a lot for enterprises to like about the cloud computing model: It offers easy access to shared, elastically allocated computing resources; it creates savings on capital expenditure; and it reduces the running costs of operating a network. But all of this comes at the cost of control, which increases security challenges for IT pros. In this Dark Reading report, we examine the threat that cloud computing really poses, and we offer advice for tightening cloud providers’ — and your own — security ship.

In the increasingly complex world of information security, it's important for security professionals to be able to understand not only how their ­organization's systems and data may be compromised but why. In this Dark Reading report we examine why certain vulnerabilities are exploited, by whom and with what. We also provide recommendations for getting out in front of hackers by using some of the same tools and strategies they do.

Social engineering attacks are getting increasingly sophisticated, but there’s only so much the law and technology can do to protect your organization. In this Dark Reading report, we detail how a social engineering attack is developed and what IT professionals can do to prevent their users from being targets and victims.

Small and midsize businesses have a big security problem: They are vulnerable to the same kinds of attacks as large enterprises, but they often don’t have the same resources for fending off, or recovering from, those attacks. Security ­services can help small and midsize businesses get and stay secure. In this ­report, Dark Reading examines the reasons why MSSPs make sense for SMBs, recommends the six categories of services that every SMB needs, and ­provides tips for evaluating and hiring providers. 

SMBs may not have the IT resources that their bigger peers do, but they do have the same responsibilities when it comes to ­security. Fortunately, SMBs can build a strong security posture using a few key products, many of which are free. In this report, Dark Reading examines the challenges that SMBs face when it comes to security and recommends the five security tools every SMB must have.

Effective enterprise security requires the ability to monitor and compare anomalous behavior over time, connecting the dots among multiple events. Given the sophistication and volume of the attacks seen today, this is no small task. Indeed, it may be bigger than most organizations can handle. Threat ­intelligence tools and services can help organizations collect and make sense of the disparate data that can shine a light on events leading up to an attack. In this report, we look at the types of products available and offer ­recommendations on how to evaluate and select them.

One of the biggest challenges facing IT today is risk assessment, a task that is increasing in importance and complexity as IT systems expand across organizations. Risk measurement and impact assessment are not exact sciences, but there are tools, processes and principles that can be leveraged to ensure that organizations are well-protected and that senior management is well-informed. In this report we recommend tools for evaluating security risks and provide some ideas for effectively putting the resulting data into business context.

Outsourcing enables organizations to concentrate on their core competencies instead of managing IT infrastructure. Generally speaking, IT security processes tend to be a good fit for the outsourcing model, but organizations must be careful not to paint with too broad of an outsourcing brush. For example, while many security processes can be effectively outsourced, those that ­require a high degree of tuning may be better left in-house. And it’s not just what you outsource that needs to be considered, but what third party you ­outsource with. In this report, we examine the security services that lend ­themselves best to the outsourcing model and provide some questions to ask to ensure that your organization’s assets remain safe.

If you think that your organization hasn't been affected by an advanced persistent threat, you probably haven't looked hard enough. Identifying that your organization is under attack is difficult enough; determining the scope of infiltration and damage presents a whole new level of challenge. To effectively protect against APTs, security pros will need to employ an ­arsenal of tools in a coordinated fashion, as well as develop new ­understandings of and approaches to system and data exploits.