Information Security: Tools, Solutions and Buying Guides
Information security is on top of the priority lists for CIOs, with more cyber attacks and data breaches than ever before and a growing variety of threats. What's more, security breaches aren't just about financial loss anymore; as some of the recent high-profile breaches have demonstrated, an attack can cost the company its reputation and trust, which are much more difficult to recoup.
According to the 2015 Global State of Information Security survey conducted by PwC, the number of security incidents have increased by nearly 50 percent in the last year. And Gartner's research shows that information security spending will grow by over 8 percent in 2015, reaching more than $76 billion. However, increased security budgets don't necessarily translate into better security or even increased security maturity, according to research from Forrester.
As an IT professional, you probably know that the biggest risk to organizations are its insiders -- the employees, consultants, and service providers with access to sensitive information. The incidents involving internal people are also usually more damaging than attacks from the outside. This is why security education and InfoSec best practices are so important to maintaining proactive security.
The reality is that information security is growing in complexity. At the same time, security solutions are becoming more sophisticated and intricate. And while enterprises are getting better at detecting security breaches, most are still struggling to respond to them appropriately and more importantly, prevent them from happening in the first place.
To help IT professionals get a handle on all of the different information security solutions and the latest trends in this space, we've prepared a number of solution guides on different security technologies. Below you'll find information on the latest in enterprise antivirus, wireless security, next-generation firewalls, endpoint protection, identity and access management, cloud security, physical data center security and more.
Next-gen firewalls are quickly replacing traditional firewalls, offering organizations additional features and capabilities, such as application and identity awareness, stateful inspection, an integrated intrusion protection system (IPS), as well as the ability to utilize external intelligence sources. Our NGFW guide covers the features you should be looking for in your next firewall purchase and includes a side by side comparison of the top five next-gen firewalls currently available on the market.
Continue reading: A Guide to Choosing a Next-Generation Firewall Solutions
A Unified Threat Management (UTM) appliance allows you to handle a variety of network security scenarios, offering multiple functions in a single device. A typical UTM will have firewall, remote access and VPN, web access gateway, network intrusion protection functions and more. This guide covers the pros and cons of utilizing a UTM and what features and capabilities you should look for when shopping for one. It also offers a comparison of the top five UTM products available on the market today.
Continue reading: A Guide to Unified Threat Management (UTM) Solutions
See also: Network Security Appliances for SMBs
Virtual Private Networks (VPNs) have been around for years, offering a secure way for employees to access organizations' internal networks. Today enterprise VPN options can be purchased as a standalone product or as part of a larger, comprehensive security suite, which is becoming much more popular.In this guide you'll learn about the different VPN protocols as well as five of the leading enterprise VPN solutions.
Continue reading: A Guide to Enterprise VPN Solutions
Modern organizations are dealing with a growing numbers of endpoints to protect, from PCs, servers and mobile devices, to network connected printers, projectors and a variety of other non-computer devices. In addition, endpoints are typically the most open to successful attacks when compared to other targets. This guide covers key features to look for when evaluating these solutions along with a comparison of the top five endpoint protection products.
Continue reading: A Guide to Choosing an Endpoint Protection Solution
See also: A Guide to Endpoint Management Solutions
Microsoft's Active Directory is a powerful tool for user management in the enterprise, but it's insufficient in several key areas, including policy enforcement, automation, self-service, as well as reporting and auditing. This guide examines some of the main considerations when it comes to identity and access management features that are missing in AD and how organizations can take advantage of these capabilities through third-party IAM tools.
Continue reading: A Guide to Identity and Access Management Solutions
Public Key Infrastructure represents a security approach that utilizes a pair of cryptographic keys (a public key and a private key) and to encrypt and decrypt data and certificates for authentication. Today, PKI can be used to encrypt documents, send authenticated email messages, and authenticate user access using a variety of technologies. This guide offers an introduction to PKI and how to implement the technology in your organization.
Continue reading: Introduction to Public Key Infrastructure (PKI)
InfoSec professionals know that you shouldn't reuse the same login credentials for multiple sites and applications, but with so many places for users to log in, this common best practice often gets omitted. The solution comes in single-sign on (SSO), which enables secure authentication. In this guide you'll learn about the advantages and challenges that come with implementing SSO as well as some single sign-on options for enterprises and SMBs.
Continue reading: Secure Authentication With Single Sign-On (SSO) Solutions
These days, when most people think about information security, they're thinking about cyber attacks and network breaches. However, protecting the data center from physical security breaches is still part of the security discussion. Our guide covers some of the key physical security precautions, authentication levels and physical security tools used to secure today's data centers.
Continue reading: A Guide to Physical Data Center Security Solutions
When it comes to data protection and encryption, an effective encryption key management solution is a crucial component. Every organization utilizing encryption must understand how their encryption keys are generated, changed and destroyed. Protecting the encryption keys is just as important as protecting the data they protect. This guide covers encryption key management options and what to look for in a solution for your business.
Continue reading: How To Select The Right Encryption Key Management Solution
With the proliferation of mobile devices and WiFi networks in the enterprise, wireless security is more important today than ever. This guide covers security authentication and encryption standards to help minimize WiFi risks and protect against data theft over wireless networks. It also outlines the main considerations when it comes to deploying WPA2-Enterprise in your organization.
Continue reading: Wireless Security In The Enterprise: Deploying WPA2-Enterprise
Organizations looking for a secure and reliable way to manage digital documents, can take advantage of digital transaction management (DTM) and electronic signature solutions. Our guide offers an overview of DTM and electronic signature software and the key requirements you should look for when evaluating these solutions. It also includes a side by side comparison of the top five electronic signature solutions along with their key integration features.
Continue reading: A Guide to Choosing Electronic Signature Software
Today's antivirus solutions are evolving to in order to protect enterprise endpoints from ever more sophisticated threats. They're also expanding their protection and management to personally owned devices as bring your own device (BYOD) policies become more commonplace. This guide includes a side by side comparison of the top four enterprise antivirus solutions, outlining each product's key features and licensing scheme.
Organizations that see information security as a priority, but lack the internal resources and expertise to invest in adequate tools, might want to consider cloud-based security solutions. Sometimes referred to as security as a service, these providers offer a range of options and specialized services, including vulnerability scanning and email protection. These two guides dive into cloud security solutions that offer unique advantages to both small organizations as well as larger enterprises.
Want more? Sign up for our weekly email Newsletter to get the next information security-related article right in your inbox. We're working on adding new security guides to our list and updating the existing guides to keep them up-to-date. If there's anything you'd like to see us add to this list, let us know!