Security Trends 

Startup Spotlight: Prevoty's Application Security

Despite the growing importance of applications, the application layer is a "black hole" of enterprise security, says company's co-founder.

Google, Facebook and Microsoft on Data Privacy

Data privacy should be integrated at the beginning of product development process, tech titans agree.

IoT 'Security Hopscotch' Is No Game: Chris Roberts

Chris Roberts, in hot water after tweeting about a hack into a plane's WiFi system, describes another theoretical attack, this one against an Internet-connected appliance.

What Bruce Schneier Learned from the Sony Breach

Bruce Schneier provides guidance for organizations in the post-Sony breach world.

Cryptographer Panel Slams Government Key Escrow Idea

Experts on a cryptography panel at the RSA conference reject the idea of the U.S. government holding encryption keys.

Little Change in Security Workforce Challenges, Study Finds

Another big IT security firm finds a shortage of skilled infosec pros, again.

Manual Penetration Testing Still Crucial to Smart App Development

With automated security testing, you do not need manual penetration testing when developing apps, right? Wrong!

10 Trickiest Mobile Security Threats

Mobile apps are popular with knowledge workers and hackers alike. Which 10 mobile threats are the most problematic for security pros?

Mach37 Accelerates Security Startups

'Cyber accelerator' offers $50,000 and lots of training to security startups.

Do Threat Exchanges Work?

Sharing intelligence on security threats is an old idea getting new cred, thanks to Facebook's new Threat Exchange. But how well do such exchanges work?

Will 2015 Be Adobe Flash's Swan Song?

Following more critical zero-day exploits, Adobe's Flash platform's place in the enterprise appears as unsecure as the software itself.

Insecure Mobile Apps a Big Problem

IBM-sponsored research shows mobile app development is flawed. Big Blue now offers a new platform to help.

IBM: Over a Billion Records Leaked in 2014

A surprising 40 percent of attacks in IBM's X-Force report were listed as 'unknown.'

PCI Compliance Still a Challenge: Verizon

Verizon's 2015 PCI compliance report shows increasing point-in-time compliance even as breaches rise.

Startup Spotlight: Gurucul's Risk Analytics

Data breaches occur when identity is compromised or misused, which is why Gurucul focuses on identifying anomalous behavior that can point to identity issues.

Web Application Firewalls: Next Big Thing in Security

Web application firewalls, an especially critical component of enterprise security, are even more effective when combined with other emerging security technologies.

Why All Linux (Security) Bugs Aren't Shallow

With Heartbleed and Shellshock, the open source community realized that Linus' law can be challenged.

Google Blinks on Project Zero Security Disclosure

Common sense prevails as Google relaxes its 90-day disclosure policy for zero-day security vulnerabilities.

Report: PlugX Is RAT of Choice for Nation States

Crowdstrike's Global Threat Intel report details tactics used in nation-state attacks.

Which Cybersecurity Skills Are Hot?

Big data breaches are inspiring employers to pay more for cybersecurity certifications, some experts say.

Cisco Security Report Shows Importance of User Education

Fighting malvertising attacks and other tricky exploits is nearly impossible without user education, notes a Cisco security researcher.

Containerization and the Dawn of Bring Your Own Security

Containerization holds the promise of helping organizations securely move their applications to the cloud.

Startup Spotlight: ThreatStream's Threat Intelligence Platform

Getting customers to share information with each other is a key part of ThreatStream's new spin on threat intelligence, a platform called Optics.

EMV Is No Payment Security Panacea

Implement EMV and you eliminate payment card fraud, right? Wrong.

9 Enterprise Security Trends for 2015

Hackers find new twists for some of their favorite tools, like malware and DDoS, which means organizations need to get even more serious about security in 2015.