Network security
Enterprise cyberdefense strategies must include network security best practices. Get advice on essential network security topics such as remote access, VPNs, zero-trust security, NDR, endpoint management, IoT security, hybrid security, Secure Access Service Edge, mobile security and more.
Top Stories
-
Feature
07 Mar 2024
VPNs persist amid the rise of ZTNA, other VPN alternatives
VPN use continues despite its outdated status in the networking industry. But usage has declined as enterprises make room for remote access alternatives, like ZTNA, SASE and more. Continue Reading
-
Answer
07 Mar 2024
The differences between inbound and outbound firewall rules
Firewalls can support both inbound and outbound firewall rules, but there are important differences between the two. Learn more about each and their uses. Continue Reading
-
News
05 Mar 2024
Critical JetBrains TeamCity vulnerabilities under attack
Exploitation activity has started against two vulnerabilities in JetBrains TeamCity, which has been targeted previously by nation-state threat actors such as Russia's Cozy Bear. Continue Reading
-
News
29 Feb 2024
CISA warns Ivanti ICT ineffective for detecting compromises
CISA observed ongoing exploitation against four Ivanti vulnerabilities and found problems with the vendor's Integrity Checker Tool, which is designed to detect compromises. Continue Reading
-
Definition
27 Feb 2024
OpenSSL
OpenSSL is an open source cryptographic toolkit that facilitates secure communications between endpoints on a network. Continue Reading
-
Tutorial
26 Feb 2024
How to use a jump server to link security zones
Jump servers are a perfect example of less is more. By using these slimmed-down boxes, administrators can connect to multiple resources securely. Continue Reading
-
News
21 Feb 2024
Coalition: Vulnerability scoring systems falling short
Coalition said enterprises faced more substantial fallout from attacks on Citrix Bleed and Progress Software's MoveIt Transfer due to inadequate vulnerability prioritization. Continue Reading
-
Tip
20 Feb 2024
A network compliance checklist for remote work
This network compliance checklist for remote work provides best practices on establishing remote policies and procedures, help desk support and data backup, among other steps. Continue Reading
-
News
15 Feb 2024
Ransomware disrupts utilities, infrastructure in January
Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm. Continue Reading
-
News
15 Feb 2024
Eclypsium: Ivanti firmware has 'plethora' of security issues
In its firmware analysis, Eclypsium found that the Ivanti Pulse Secure appliance used a version of Linux that was more than a decade old and several years past end of life. Continue Reading
-
Tip
14 Feb 2024
What is cybersecurity mesh and how can it help you?
The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
-
Tip
13 Feb 2024
How to conduct a social engineering penetration test
Social engineering attacks are becoming more sophisticated and more damaging. Penetration testing is one of the best ways to learn how to safeguard your systems against attack. Continue Reading
-
News
12 Feb 2024
CISA warns Fortinet zero-day vulnerability under attack
CISA alerted federal agencies that a critical zero-day vulnerability in FortiOS is being actively exploited, though Fortinet has yet to confirm reports. Continue Reading
-
News
08 Feb 2024
NCC Group records the most ransomware victims ever in 2023
Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
-
News
07 Feb 2024
CISA: Volt Typhoon had access to some U.S. targets for 5 years
A joint cybersecurity advisory expanded on the Volt Typhoon threat Wednesday, confirming attackers maintained prolonged persistent access to critical infrastructure targets. Continue Reading
-
Tip
07 Feb 2024
NetSecOps best practices for network engineers
Network engineers increasingly need to align their duties with security, such as implementing continuous monitoring, deploying threat intelligence and collaborating with security. Continue Reading
-
Tip
07 Feb 2024
How ZTNA protects against internal network threats
ZTNA has grown in popularity as a method to enable remote access and mitigate security risks, but businesses can also use ZTNA to protect against internal threats inside a network. Continue Reading
-
Tip
05 Feb 2024
Shadow AI poses new generation of threats to enterprise IT
AI is all the rage -- and so is shadow AI. Learn how unsanctioned use of generative AI tools can open organizations up to significant risks and what to do about it. Continue Reading
-
Definition
02 Feb 2024
communications security (COMSEC)
Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred. Continue Reading
-
News
01 Feb 2024
Critical infrastructure hacks raise alarms on Chinese threats
FBI Director Christopher Wray and CISA Director Jen Easterly warned that China was targeting critical infrastructure for possible destructive attacks in the event of a conflict with the United States. Continue Reading
-
News
01 Feb 2024
CISA deputy director touts progress, anti-ransomware efforts
In this Q&A, CISA Deputy Director Nitin Natarajan shares his thoughts on scaling up to meet high demand, the agency's new initiative to address ransomware and more. Continue Reading
-
News
31 Jan 2024
Ivanti discloses new zero-day flaw, releases delayed patches
While Ivanti customers can start patching two previously disclosed vulnerabilities, they must also address two new flaws for the same product. Continue Reading
-
Tutorial
30 Jan 2024
Why you can benefit from using Always On VPN
The Windows Server feature gives administrators more flexibility to manage clients, while giving users a better overall experience when connecting to enterprise resources. Continue Reading
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
Definition
23 Jan 2024
managed detection and response (MDR)
Managed detection and response (MDR) services are a collection of network-, host- and endpoint-based cybersecurity technologies that a third-party provider manages for a client organization. Continue Reading
-
Definition
23 Jan 2024
BYOD (bring your own device)
BYOD (bring your own device) is a policy that enables employees in an organization to use their personally owned devices for work-related activities. Continue Reading
-
Definition
23 Jan 2024
network slicing
Network slicing is a technique that creates multiple virtual networks on top of a shared physical network to provide greater flexibility in the use and allocation of network resources. Continue Reading
-
News
18 Jan 2024
CISA posts incident response guide for water utilities
In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans. Continue Reading
-
Definition
16 Jan 2024
incident response team
An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Continue Reading
-
Definition
12 Jan 2024
tunneling or port forwarding
Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network. Continue Reading
-
Definition
10 Jan 2024
Wireshark
Wireshark is a widely used network protocol analyzer that lets users capture and view the details of network traffic in real time. It is particularly useful for troubleshooting network issues, analyzing network protocols and ensuring network security. Continue Reading
-
News
09 Jan 2024
Amsterdam arrest leads to Babuk Tortilla ransomware decryptor
A joint effort by Cisco Talos, Avast and Dutch law enforcement results in an all-encompassing Babuk ransomware recovery key and the arrest of a threat actor. Continue Reading
-
Feature
08 Jan 2024
How to become an incident responder: Requirements and more
Incident response is a growth area that provides career advancement options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading
-
Tip
05 Jan 2024
5G security: Everything you should know for a secure network
5G touts better security controls than 4G, including stronger encryption, privacy and authentication. But enterprises need to consider the challenges, too. Continue Reading
-
News
03 Jan 2024
SonicWall acquires Banyan to boost zero-trust, SSE offerings
With its second acquisition in two months, SonicWall aims to help enterprises with growing remote workforces through zero-trust network and security service edge offerings. Continue Reading
-
News
21 Dec 2023
10 of the biggest ransomware attacks in 2023
Ransomware attacks against U.S. organizations hit record levels this year as threat actors stepped up extortion tactics and took shaming victims to new levels. Continue Reading
-
Tip
21 Dec 2023
Best practices for secure network automation workflows
It's not enough to build network automation workflows. It's important to secure those workflows, as well. Access control, encryption and collaboration all play important roles. Continue Reading
-
News
19 Dec 2023
FBI leads Alphv/BlackCat takedown, decrypts victims' data
The latest law enforcement effort to halt the surge of ransomware attacks was successful in disrupting one of the most active ransomware-as-a-service groups. Continue Reading
-
News
14 Dec 2023
Russian APT exploiting JetBrains TeamCity vulnerability
The Russian hackers behind the SolarWinds attacks are the latest nation-state group to exploit a critical TeamCity vulnerability to gain initial access to victims' servers. Continue Reading
-
News
13 Dec 2023
How ransomware gangs are engaging -- and using -- the media
New Sophos research shows that ransomware groups are not only attacking technical systems, but taking advantage of information systems as well to pressure victims into paying. Continue Reading
-
Opinion
12 Dec 2023
Application security consolidation remains nuanced
As web application and API protection converge into cloud-based WAAP, Enterprise Strategy Group research shows enterprise interest, but security concerns remain. Continue Reading
-
Definition
12 Dec 2023
cyber attack
A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. Continue Reading
-
Definition
11 Dec 2023
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP) is a standard that defines how to establish and maintain a network conversation by which applications can exchange data. Continue Reading
-
Definition
07 Dec 2023
advanced persistent threat (APT)
An advanced persistent threat (APT) is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. Continue Reading
-
News
06 Dec 2023
Forescout uncovers 21 Sierra Wireless router vulnerabilities
Forescout is urging enterprises to patch software for affected OT/IoT routers as attackers increasingly target edge devices to gain network access to critical infrastructure. Continue Reading
-
News
05 Dec 2023
Ransomware ramps up against private sector in November
Ransomware disclosures and reports increased again in November, with the most disruptive and dangerous attacks occurring against healthcare organizations. Continue Reading
-
Opinion
04 Dec 2023
5 network security predictions for 2024
Check out network security trends for 2024 from Enterprise Strategy Group, from SaaS security and rising DDoS attacks to network and endpoint convergence. Continue Reading
-
Definition
01 Dec 2023
Mitre ATT&CK framework
The Mitre ATT&CK (pronounced miter attack) framework is a free, globally accessible knowledge base that describes the latest behaviors and tactics of cyber adversaries to help organizations strengthen their cybersecurity strategies. Continue Reading
-
News
30 Nov 2023
Black Basta ransomware payments exceed $100M since 2022
Insurance provider Corvus and blockchain analytics vendor Elliptic partnered to examine how much damage the Black Basta ransomware group has caused in less than two years. Continue Reading
-
News
29 Nov 2023
Okta: Support system breach affected all customers
Okta warned customers that they face an 'increased risk of phishing and social engineering attacks' after new details emerged from a breach that occurred earlier this year. Continue Reading
-
News
28 Nov 2023
Europol, Ukraine police arrest alleged ransomware ringleader
Europol and Ukraine's National Police arrested the alleged leader of a ransomware gang last week, along with four accomplices, dismantling the cybercrime group. Continue Reading
-
Tip
17 Nov 2023
An introduction to IoT penetration testing
IoT systems are complex, and that makes checking for vulnerabilities a challenge. Penetration testing is one way to ensure your IoT architecture is safe from cyber attacks. Continue Reading
-
News
16 Nov 2023
CISA, FBI issue alert for ongoing Scattered Spider activity
The government advisory follows several high-profile attacks attributed to Scattered Spider, which uses advanced social engineering techniques like SIM swapping. Continue Reading
-
Definition
16 Nov 2023
Automated Clearing House fraud (ACH fraud)
ACH fraud is the theft of funds through the U.S. Department of the Treasury's Automated Clearing House financial transaction network. Continue Reading
-
News
15 Nov 2023
LockBit observed exploiting critical 'Citrix Bleed' flaw
The Financial Services Information Sharing and Analysis Center warned that LockBit ransomware actors are exploiting CVE-2023-4966, also known as Citrix Bleed. Continue Reading
-
News
15 Nov 2023
VMware discloses critical, unpatched Cloud Director bug
A manual workaround is currently available for a critical VMware Cloud Director Appliance flaw, tracked as CVE-2023-34060, but no patch is available at press time. Continue Reading
-
Tip
15 Nov 2023
How to protect your organization from IoT malware
IoT devices are attractive targets to attackers, but keeping them secure isn't easy. Still, there are steps to take to minimize risk and protect networks from attacks. Continue Reading
-
Feature
13 Nov 2023
SD-WAN deployments feed SASE network and security convergence
Enterprise Strategy Group's Bob Laliberte discusses the latest findings in his newly released report and why SD-WAN's direct cloud connectivity feeds SASE business initiatives. Continue Reading
-
Definition
09 Nov 2023
crisis communication
Crisis communication is a strategic approach to corresponding with people and organizations during a disruptive event. Continue Reading
-
Tip
07 Nov 2023
Factors to consider when securing industrial IoT networks
Industrial IoT networks differ from enterprise data networks. Keeping them safe requires a security strategy that's specifically crafted for legacy and new devices and sensors. Continue Reading
-
Tip
07 Nov 2023
7 useful hardware pen testing tools
Penetration testers use a variety of hardware to conduct security assessments, including a powerful laptop, Raspberry Pi, Rubber Ducky and more. Continue Reading
-
News
06 Nov 2023
Ransomware continues to rise in October across all sectors
Ransomware disclosures and reports surged last month, leading in some cases to bankruptcy filing, prolonged business disruptions and ambulance diversions for hospitals. Continue Reading
-
News
31 Oct 2023
SEC charges SolarWinds for security failures, fraud
The SEC accused SolarWinds and CISO Timothy Brown of hiding known cybersecurity risks that were further highlighted by the supply chain attack revealed in 2020. Continue Reading
-
News
31 Oct 2023
Dual ransomware attacks on the rise, but causes are unclear
While the FBI warned enterprises of an increase in dual ransomware attacks, infosec experts said there's insufficient data to consider the threat a trend. Continue Reading
-
News
26 Oct 2023
NCC Group details 153% spike in September ransomware attacks
NCC Group analysts warned the significant year-over-year increase will likely continue. Organizations may see 4,000 ransomware attacks by the end of 2023. Continue Reading
-
News
24 Oct 2023
1Password stops attack linked to Okta breach
1Password said a threat actor used a HAR file stolen in the recent Okta breach to access the password manager's Okta tenant, but the activity was detected and blocked. Continue Reading
-
Answer
20 Oct 2023
What to know about UDP vulnerabilities and security
UDP is a simple protocol, but it has inherent vulnerabilities that make it prone to attacks, such as limited packet verification, IP spoofing and DDoS attacks. Continue Reading
-
News
19 Oct 2023
North Korean hackers exploit critical TeamCity vulnerability
While a patch is available, Microsoft and JetBrains confirmed TeamCity users have been compromised in attacks that leverage CVE-2023-42793 as an initial attack vector. Continue Reading
-
Opinion
19 Oct 2023
Cloud-native firewalls are the next step in network security
The network security challenges associated with cloud provider and virtual firewalls are leading to third parties introducing cloud-native firewalls. Continue Reading
-
Definition
18 Oct 2023
antispoofing
Antispoofing is a technique for identifying and dropping packets that have a false source address. Continue Reading
-
Feature
17 Oct 2023
10 cybersecurity experts to follow on social media
Cybersecurity experts provide valuable insights into the security landscape. Follow this curated list of recognized authorities to stay informed and safeguard your digital assets. Continue Reading
-
Podcast
12 Oct 2023
Risk & Repeat: Rapid Reset and the future of DDoS attacks
This podcast episode covers the record-breaking DDoS attack Rapid Reset, why it stands out among other DDoS campaigns and whether it will be widely replicated in the future. Continue Reading
-
News
10 Oct 2023
'Rapid Reset' DDoS attacks exploiting HTTP/2 vulnerability
Cloudflare said the Rapid Reset DDoS attack was three times larger than the attack it had on record. Google similarly called it 'the largest DDoS attack to date.' Continue Reading
-
Feature
10 Oct 2023
Security posture management a huge challenge for IT pros
Enterprise Strategy Group's John Oltsik explains why executing security hygiene and posture management at scale remains an uphill battle for organizations, despite automation. Continue Reading
-
News
06 Oct 2023
MGM faces $100M loss from ransomware attack
MGM's 8-K filing revealed some personal customer data was stolen during the September attack and said the company expects cyber insurance to sufficiently cover the losses. Continue Reading
-
Definition
05 Oct 2023
Microsoft Schannel (Microsoft Secure Channel)
The Microsoft Secure Channel, or Schannel, is a security support package that facilitates the use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption on Windows platforms. Continue Reading
-
Definition
04 Oct 2023
What is ransomware? How it works and how to remove it
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
-
News
03 Oct 2023
Ransomware disrupts hospitality, healthcare in September
Ransomware disclosures and reports last month were headlined by attacks on MGM Resorts and Caesars Entertainment, which proved costly to the Las Vegas hospitality giants. Continue Reading
-
Definition
03 Oct 2023
security posture
Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats. Continue Reading
-
Definition
02 Oct 2023
ISO 31000 Risk Management
The ISO 31000 Risk Management framework is an international standard that provides organizations with guidelines and principles for risk management. Continue Reading
-
Opinion
02 Oct 2023
Transitioning to single-vendor SASE will take time
New Enterprise Strategy Group research reveals enterprises are interested in single-vendor SASE -- but with multiple tools on hand, the transition will take planning and time. Continue Reading
-
Tip
29 Sep 2023
How to use Wireshark to sniff and scan network traffic
Wireshark continues to be a critical tool for security practitioners. Learning how to use it to scan network traffic should be on every security pro's to-do list. Continue Reading
-
News
28 Sep 2023
US, Japan warn China-linked 'BlackTech' targeting routers
CISA said BlackTech has targeted Cisco and other router makers by using a variety of tools and techniques to modify and even replace devices' firmware. Continue Reading
-
News
28 Sep 2023
Cisco patches zero-day vulnerability under attack
Cisco said its Advanced Security Initiatives Group discovered the zero-day flaw while investigating attempted attacks on the vendor's Group Encrypted Transport VPN feature. Continue Reading
-
News
25 Sep 2023
Dallas doles out $8.5M to remediate May ransomware attack
The city of Dallas provided a detailed attack timeline that showed Royal threat actors compromised a service account a month before ransomware was deployed. Continue Reading
-
Tutorial
22 Sep 2023
How to disable removable media access with Group Policy
Removable media can pose serious security problems. But there is a way to control who has access to optical disks and USB drives through Windows' Active Directory. Continue Reading
-
Definition
21 Sep 2023
DNS over HTTPS (DoH)
DNS over HTTPS (DoH) is a relatively new protocol that encrypts domain name system traffic by passing DNS queries through a Hypertext Transfer Protocol Secure encrypted session. Continue Reading
-
News
20 Sep 2023
Okta: Caesars, MGM hacked in social engineering campaign
Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections. Continue Reading
-
News
20 Sep 2023
Cyber insurance report shows surge in ransomware claims
Coalition's H1 2023 report shows ransomware activity increased and severity reached "historic" highs as businesses lost an average of more than $365,000 following an attack. Continue Reading
-
Podcast
19 Sep 2023
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them. Continue Reading
-
News
14 Sep 2023
Caesars Entertainment breached in social engineering attack
Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers. Continue Reading
-
News
14 Sep 2023
Palo Alto Networks: 80% of security exposures exist in cloud
It's no surprise that organizations struggle with cloud security, but a new report reveals an alarming split between cloud and on-premise security exposures. Continue Reading
-
News
13 Sep 2023
Browser companies patch critical zero-day vulnerability
While attack details remain unknown, Chrome, Edge and Firefox users are being urged to update their browsers as an exploit for CVE-2023-4863 lurks in the wild. Continue Reading
-
News
11 Sep 2023
Cisco VPN flaw faces attempted Akira ransomware attacks
Cisco said it became aware of 'attempted exploitation' last month and referenced an Aug. 24 security advisory saying its VPNs were under attack by the Akira ransomware gang. Continue Reading
-
News
07 Sep 2023
How Storm-0558 hackers stole an MSA key from Microsoft
Microsoft detailed a series of errors that led to a consumer account signing key accidentally being included in a crash dump that was later accessed by Storm-0558 actors. Continue Reading
-
News
05 Sep 2023
Ransomware attacks on education sector spike in August
While data breach notifications for MoveIt Transfer customers continued to rise, August also saw ransomware ramp up against schools and universities as classes resumed. Continue Reading
-
News
30 Aug 2023
FBI, Justice Department dismantle Qakbot malware
The FBI operation, one of the largest U.S.-led botnet disruption efforts ever, included international partners such as France, Germany, the Netherlands and the United Kingdom. Continue Reading
-
News
29 Aug 2023
Microsoft Teams attack exposes collab platform security gaps
Criminal and state-sponsored hackers are ramping up cyberattacks on instant messaging platforms and other workplace collaboration tools. Meanwhile, enterprises' readiness lags. Continue Reading
-
News
29 Aug 2023
Mandiant reveals new backdoors used in Barracuda ESG attacks
Further investigations show threat actors were prepared for Barracuda Networks' remediation efforts, including an action notice to replace all compromised devices. Continue Reading
-
News
24 Aug 2023
FBI: Suspected Chinese actors continue Barracuda ESG attacks
The alert comes after Barracuda Networks issued an advisory stating that patches for CVE-2023-2868 were insufficient and all affected ESG devices need to be replaced. Continue Reading
-
News
23 Aug 2023
Sophos: RDP played a part in 95% of attacks in H1 2023
While Sophos observed increasing activity around Active Directory and Remote Desktop Protocol abuse, it recommended simple mitigation steps can limit the attack surface. Continue Reading
-
Definition
23 Aug 2023
network vulnerability scanning
Network vulnerability scanning is the process of inspecting and reporting potential vulnerabilities and security loopholes on a computer, network, web application or other device, including firewalls, switches, routers and wireless access points. Continue Reading