loading content...

Application Security

  • Understanding and Selecting RASP
  • Securing Hadoop: Recommendations for Hadoop Security
  • Building Security Into DevOps
  • Securing Enterprise Applications
  • Secure Agile Development
  • Pragmatic WAF Management: Giving Web Apps a Fighting Chance
  • 2014 Open Source Development and Application Security Survey Analysis
  • Security Analytics with Big Data
  • Defending Against Application Denial of Service Attacks
  • API Gateways: Where Security Enables Innovation
  • Securing Big Data: Recommendations for Securing Hadoop and NoSQL
  • Building a Web Application Security Program

Cloud and Virtualization

  • Collected Cloud Security and DevOps Posts
  • Building Resilient Cloud Network Architectures
  • Pragmatic Security for Cloud and Hybrid Networks
  • The Security Pro’s Guide to Cloud File Storage and Collaboration
  • The Future of Security: The Trends and Technologies Transforming Security
  • What CISOs Need to Know about Cloud Computing
  • A Practical Example of Software Defined Security
  • Defending Cloud Data with Infrastructure Encryption


  • EMV Migration and the Changing Payments Landscape
  • Tokenization vs. Encryption: Options for Compliance
  • Tokenization Guidance
  • Data Encryption 101: A Pragmatic Approach to PCI

Data Security

  • Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers, and Applications
  • Trends in Data Centric Security White Paper
  • Defending Data on iOS 7
  • Dealing with Database Denial of Service
  • Understanding and Selecting a Key Management Solution
  • Pragmatic Key Management for Data Encryption
  • Understanding and Selecting Data Masking Solutions
  • Implementing and Managing a Data Loss Prevention Solution
  • Understanding and Selecting a Database Security Platform
  • Understanding and Selecting a File Activity Monitoring Solution
  • Database Activity Monitoring: Software vs. Appliance
  • The Securosis 2010 Data Security Survey
  • Understanding and Selecting a DLP Solution
  • Understanding and Selecting a Tokenization Solution
  • Understanding and Selecting a Database Encryption or Tokenization Solution
  • Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0)
  • Database Assessment
  • Selecting a Database Activity Monitoring Solution
  • Report: Content Discovery Whitepaper

Endpoint Security

  • Endpoint Defense: Essential Practices
  • The 2015 Endpoint and Mobile Security Buyer’s Guide
  • Advanced Endpoint and Server Protection
  • Reducing Attack Surface with Application Control
  • The 2014 Endpoint Security Buyer’s Guide
  • The Endpoint Security Management Buyer’s Guide
  • Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks
  • White Paper: Endpoint Security Fundamentals
  • Best Practices for Endpoint DLP

Identity and Access Management

  • Identity and Access Management for Cloud Services

Network Security

  • Shining a Light on Shadow Devices
  • Building Resilient Cloud Network Architectures
  • Network-based Threat Detection
  • Security and Privacy on the Encrypted Network
  • Defending Against Network-based Distributed Denial of Service (DDoS) Attacks
  • Firewall Management Essentials
  • Network-based Malware Detection 2.0: Assessing Scale, Accuracy and Deployment
  • Network-based Threat Intelligence: Searching for the Smoking Gun
  • Defending Against Denial of Service (DoS) Attacks
  • Network-Based Malware Detection: Filling the Gaps of AV
  • Applied Network Security Analysis: Moving from Data to Information
  • Fact-Based Network Security: Metrics and the Pursuit of Prioritization
  • Network Security in the Age of *Any* Computing
  • Understanding and Selecting an Enterprise Firewall

Project Quant

  • Malware Analysis Quant
  • Measuring and Optimizing Database Security Operations (DBQuant)
  • Network Security Ops Quant Metrics Model
  • Network Security Operations Quant Report
  • Project Quant Survey Results and Analysis
  • Project Quant Metrics Model Report

Security Management

  • Incident Response in the Cloud Age
  • Building a Threat Intelligence Program
  • Building a Vendor (IT) Risk Management Program
  • SIEM Kung Fu
  • Threat Detection Evolution
  • Applied Threat Intelligence
  • Monitoring the Hybrid Cloud: Evolving to the CloudSOC
  • Leveraging Threat Intelligence in Incident Response/Management
  • Leveraging Threat Intelligence in Security Monitoring
  • Security Management 2.5: Replacing Your SIEM Yet?
  • Eliminate Surprises with Security Assurance and Testing
  • Security Awareness Training Evolution
  • Continuous Security Monitoring
  • Threat Intelligence for Ecosystem Risk Management
  • The CISO’s Guide to Advanced Attackers
  • Building an Early Warning System
  • Implementing and Managing Patch and Configuration Management
  • Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform
  • Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management)
  • Security Management 2.0: Time to Replace Your SIEM?
  • Security Benchmarking: Going Beyond Metrics
  • React Faster and Better: New Approaches for Advanced Incident Response
  • Monitoring up the Stack: Adding Value to SIEM
  • Understanding and Selecting SIEM/Log Management
  • The Business Justification for Data Security

Web and Email Security

  • Quick Wins with Website Protection Services
  • Email-based Threat Intelligence: To Catch a Phish
Featured Article

Since we haven’t been able to compile these into a paper, here is a list of links to our latest cloud security and DevOps content.

  • Application Security

  • Understanding and Selecting RASP
  • Cloud and Virtualization

  • Collected Cloud Security and DevOps Posts
  • Compliance

  • Data Security

  • Endpoint Security

  • Identity and Access Management

  • Network Security

  • Shining a Light on Shadow Devices
  • Project Quant

  • Security Management

  • Incident Response in the Cloud Age
  • Building a Threat Intelligence Program
  • Web and Email Security