This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

DevOpsSec: Securing Software through Continuous Delivery

The following is external content provided as a free resource for blog readers.

How do you build security and compliance into your DevOps platforms and pipelines? With this O’Reilly report, security analysts, security engineers, and pen testers will learn how to leverage the same processes and tools—such as version control, containers, and Continuous Delivery—that DevOps practitioners use to automate software delivery and infrastructure changes. In other words, you’ll understand how to use DevOps to secure DevOps.

Author Jim Bird uses case studies from Etsy, Netflix, and the London Multi-Asset Exchange (LMAX) to illustrate the steps leading organizations have taken to secure their DevOps processes. If you understand application and infrastructure security, and have some familiarity with DevOps and Agile development practices and tools, this report is the ideal place to start.

This report shows you how to:

  • Examine the security and compliance challenges that DevOps poses in your organization
  • Leverage key DevOps practices and workflows to design, build, deploy, and run secure systems
  • Build security as code by mapping security checks and controls into DevOps workflows
  • Take advantage of software component analysis, vulnerability management, and automated software testing tools that dev and ops already use
  • Build compliance into DevOps, and wire compliance policies and checks and auditing into Continuous Delivery

By downloading this free report, you agree to receive regular updates on events, video, books, and learning opportunities from O'Reilly Media. 



Request Free!

2016 Cyberthreat Defense Report

The following is external content provided as a free resource for blog readers.
Based on a rigorous survey of IT security decision makers and practitioners – across not only North America and Europe, but for the first time, in Asia Pacific and Latin America as well – the Cyberthreat Defense Report examines the current and planned deployment of countermeasures against the backdrop of numerous perceptions, such as:
  • The adequacy of existing cybersecurity investments, both overall and within specific domains of IT
  • The likelihood of being compromised by a successful cyberattack
  • The types of cyberthreats that pose the greatest risk to the organization
  • The organizational factors that present the most significant barriers to establishing effective cyberthreat defenses
  • The operational, tactical, and strategic value that individual security technologies provide


Request Free!

Space Weather Outlook July 24, 2016 at 11:42PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #16-30 2016 July 24 at 9:25 p.m. MDT (2016 July 25 0325 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 18-24 R2 (Moderate) radio blackouts were observed on 23 July due to flare activity from Region 2567. R1 (Minor) radio blackouts were observed on 21 and 24 July from Region 2567. G1 (Minor) storm levels were observed on 19-20 and 24 July due to shock enhancements from CMEs that arrived late on 19 July and near midday on 24 July. Outlook For July 25-31 G1 (Minor) storm levels are expected on 29 July due to recurrent CH HSS activity. There is a chance for R1-R2 (Moderate) radio blackouts on 25 July due to the flare potential from Region 2567. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Informe sobre defensa frente a ciberamenazas 2015. Resumen ejecutivo (Un informe de CyberEdge Group)

The following is external content provided as a free resource for blog readers.
El segundo informe anual sobre defensa frente a ciberamenazas de CyberEdge Group proporciona una visión detallada de cómo los profesionales de seguridad informática perciben las amenazas y planean defenderse de ellas. El informe, que se basa en una encuesta realizada en diciembre de 2014 a más de 800 profesionales y responsables de la toma de decisiones de seguridad informática, aporta innumerables datos relevantes de los que los equipos de seguridad informática se pueden valer para descubrir mejor en qué se diferencian sus percepciones, prioridades y estado de seguridad de los de sus homólogos.

Request Free!

Defender as propriedades web mveis ocultas

The following is external content provided as a free resource for blog readers.
NetScaler contribui para esta camada invisível de infra-estrutura para realizar e comunicar, melhorando a segurança, bem como a qualidade do serviço. E através da integração com XenMobile, você pode oferecer um maior apoio e uma melhor experiência para os usuários móveis.

Request Free!

Relatrio de defesa contra ataques cibernticos 2015 - Resumo executivo (Um relatrio do CyberEdge Group)

The following is external content provided as a free resource for blog readers.
O segundo relatório anual de defesa contra ataques cibernéticos do CyberEdge Group oferece uma visão aprofundada sobre como os profissionais de segurança de TI percebem ataques cibernéticos e planejam defender-se deles. Com base em uma pesquisa feita com mais de 800 tomadores de decisões e profissionais de segurança de TI, realizada em dezembro de 2014, o relatório apresenta inúmeras observações que as equipes de segurança de TI podem usar para entender melhor como suas percepções, prioridades e posturas de segurança se comparam às de seus colegas de profissão.

Request Free!

Citrix NetScaler: Una poderosa defensa contra los ataques de denegacin de servicio

The following is external content provided as a free resource for blog readers.
Este white paper analiza el panorama actual de DoS y examina los enfoques comunes para hacer frente a las modernas amenaza DoS. En él se explica cómo el controlador de entrega de aplicaciones Citrix® NetScaler® (ADC) ofrece una robusta pero asequible base para las defensas de DoS de una organización.

Request Free!

Defender las propiedades web de las amenazas modernas con Citrix NetScaler

The following is external content provided as a free resource for blog readers.
Este white paper analiza los retos de la defensa de propiedades web modernas de las amenazas actuales. En él se explica cómo el controlador de entrega de aplicaciones (ADC) Citrix® NetScaler® complementa la protección contra malware avanzado y otros productos de seguridad de alto perfil para proporcionar una solución ideal para defenderse contra las nuevas amenazas y proteger más objetivos.

Request Free!

Top 10 Reasons to Strengthen Information Security with App and Desktop Virtualization

The following is external content provided as a free resource for blog readers.
It will enable organizations to pursue priorities such as mobility, flexwork and consumerization while effectively managing risk.

Request Free!

Experts from B&H Photo and Optiv Reveal their Anti-Bot Strategies

The following is external content provided as a free resource for blog readers.
Today's bots—the ugly ones—go much further than simple web scraping and wreaking havoc on your IT infrastructure and web application security. They can turn legitimate sites into unwitting participants in criminal activities. Winning on today's bot battlefield takes time, expertise, and dedication. The information provided in this paper provides a glimpse into the world of anti-bot strategies and defenses.

Request Free!

Best Practices for Enterprise Security

The following is external content provided as a free resource for blog readers.
How Citrix helps organizations manage risk while empowering business mobility by controlling access to applications and data across any location, network and device.

Request Free!

How to Succeed with your Bug Bounty Program

The following is external content provided as a free resource for blog readers.

Security Teams have launched over 500 bug bounty programs with HackerOne, and each has found a unique path to success based on their individual needs. Yet measurable patterns emerge when we dive into HackerOne’s bug bounty data across these hundreds of programs. For companies new to bug bounty programs, we have collected these insights to help demonstrate the factors that successful programs share. You can expect to find key benchmarks, and a better understanding of the levers that will drive improve in each dimension of a successful program. Not all bug bounty programs are successful in the same way. Different organizational needs and capabilities will shape the specific path to a strong, sustainable bug bounty program, our data show that each success is built on some common pillars.

This eBook is an exploration of those strategies, so that companies can find patterns of success and use those to help improve their own programs. 



Request Free!

Space Weather Outlook July 17, 2016 at 11:31PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #16-29 2016 July 17 at 9:18 p.m. MDT (2016 July 18 0318 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 11-17 G1 (Minor) geomagnetic storm levels were observed on 12 July due to coronal hole high speed stream activity. Outlook For July 18-24 There is a chance for R1-R2 (Minor-Moderate) radio blackouts for the forecast period due to potential significant flare activity from active sunspot Regions 2565 and 2567. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Secure the Data That Powers Your Business

The following is external content provided as a free resource for blog readers.
Escalating threats to sensitive data and growing compliance mandates are driving organizations to rethink their data protection strategies. In light of these requirements, traditional approaches to data protection can't keep up.

For effective data protection, IBM offers organizations data security solutions to meet a wide range of data security and protection requirements – from basic compliance to comprehensive data protection – in a cost-effective, scalable way.

Read this solution brief to discover the newest capabilities in IBM Security Guardium to analyze threats, control and protect sensitive data and adapt to changes to keep up with emerging data security requirements.

Request Free!

Forrester Total Economic Impact (TEI) Study of IBM Security Guardium

The following is external content provided as a free resource for blog readers.
In September 2015, IBM commissioned Forrester Research consulting to conduct a Total Economic Impact (TEI) study to examine the potential return on investment (ROI) that organizations may realize by deploying IBM Security Guardium. The study uncovered that organizations achieve cost and risk reductions while increasing productivity and tactical efficiencies from implementing IBM Security Guardium. Read the study to learn more.

Request Free!

Top Tips for Securing Big Data Environments

The following is external content provided as a free resource for blog readers.
As big data environments ingest more data, organizations will face significant risks and threats to the repositories containing this data. Failure to balance data security and quality reduces confidence in decision making. Read this e-Book for tips on securing big data environments.

Request Free!

Pentesting Using Python

The following is external content provided as a free resource for blog readers.

In simple words, penetration testing is to test the information security measures of a company.

Information security measures entail a company's network, database, website, public-facing servers, security policies, and everything else specified by the client.

In this guide, you’ll learn about penetration testing using Python. You’ll also learn about sniffing using Python script and client-side validation as well as how to bypass client-side validation.



Request Free!

Definitive Guide: Securing the Mobile Enterprise

The following is external content provided as a free resource for blog readers.
IT organizations have their hands full with the increased threats of malware and data leakage that come with a GenMobile workforce. As smart devices and IoT are becoming more and more common in the workplace, the days of relying solely on perimeter firewalls to secure the network are long gone.

Download the Definitive Guide to Securing the Mobile Enterprise to learn how to ease IT headaches and leverage an Adaptive Trust defense to protect your network by:
  • Creating and enforcing policies based on ever-changing context
  • Utilizing secure workflows for onboarding users and their devices
  • Integrating NAC protection with third-party, multi-vendor platforms
  • Enabling enterprise visibility to determine who and what is on your network


Request Free!

Employees at the Frontline in the Battle Against Ransomware

The following is external content provided as a free resource for blog readers.
By many reports, ransomware has been already responsible for causing hundreds of millions of dollars in damages, with no end in sight.

Find out how you can help to combat these attacks by training your employees to create a human firewall in the battle against ransomware.

This white paper answers questions to:
  • Is a ransomware attack presumed to be a data breach?
  • How hackers are tricking your employees with little effort.
  • Can employees be trained to make better security decisions?
  • A checklist for employees to help keep security top of mind.
Download the white paper now!

Request Free!

Space Weather Outlook July 10, 2016 at 11:47PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #16-28 2016 July 10 at 9:34 p.m. MDT (2016 July 11 0334 UTC) **** SPACE WEATHER OUTLOOK **** Summary For July 4-10 Category G1 (Minor) geomagnetic storms were observed on 07-08 Jul due to coronal hole high speed stream effects. Outlook For July 11-17 Category G1 (Minor) geomagnetic storms are expected on 11 Jul due to effects from a positive polarity coronal hole high speed stream. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Cyber Crime and IT Risk

The following is external content provided as a free resource for blog readers.

Learn from some top experts in the industry as they explain major IT and Cyber security issues and ways how to address them.



Request Free!

Exclusive Enterprise Security Kit ($48.99 Value) FREE for a limited time!

The following is external content provided as a free resource for blog readers.
With this kit, you will be able to:
  • Identify the relevant solutions to secure the infrastructure
  • Construct policies that provide flexibility to the users so to ensure productivity
  • Deploy effective defenses against the ever evolving web threats
  • Implement solutions that are compliant to relevant rules and regulations
  • Offer insight to developers who are building new security solutions and products
  • And much more!
Use this knowledge to protect yourself and your business, today!

The following kit contents will help you continue your research on Enterprise Security:

This offer expires on 7/21/16.

Request Free!

Docker Security: Using Containers Safely in Production

The following is external content provided as a free resource for blog readers.

To use Docker safely, in both production and development, you need to be aware of the potential security issues and the major tools and techniques for securing container-based systems. In this O’Reilly report, Adrian Mouat—Chief Scientist at Container Solutions—provides guidance and advice for developing container security policies and procedures.

Mouat addresses threats such as kernel exploits, DoS attacks, container breakouts, and poisoned images throughout the report with solutions that include defense-in-depth (using the analogy of a castle’s layered defenses) and least privilege.

By downloading this free report, you agree to receive regular updates on events, video, books, and learning opportunities from O'Reilly Media. 



Request Free!

Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges (a $48.99 value!)

The following is external content provided as a free resource for blog readers.

Similar to unraveling a math word problem, Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges guides you through a deciphering process that translates each security goal into a set of security variables, substitutes each variable with a specific security technology domain, formulates the equation that is the deployment strategy, then verifies the solution against the original problem by analyzing security incidents and mining hidden breaches, ultimately refines the security formula iteratively in a perpetual cycle. You will learn about:

  • Secure proxies – the necessary extension of the endpoints
  • Application identification and control – visualize the threats
  • Malnets – where is the source of infection and who are the pathogens
  • Identify the security breach – who was the victim and what was the lure
  • Security in Mobile computing – SNAFU

With this book, you will be able to:

  • Identify the relevant solutions to secure the infrastructure
  • Construct policies that provide flexibility to the users so to ensure productivity
  • Deploy effective defenses against the ever evolving web threats
  • Implement solutions that are compliant to relevant rules and regulations
  • Offer insight to developers who are building new security solutions and products


Request Free!

Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges (a $48.99 value!)

The following is external content provided as a free resource for blog readers.

Similar to unraveling a math word problem, Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges guides you through a deciphering process that translates each security goal into a set of security variables, substitutes each variable with a specific security technology domain, formulates the equation that is the deployment strategy, then verifies the solution against the original problem by analyzing security incidents and mining hidden breaches, ultimately refines the security formula iteratively in a perpetual cycle. You will learn about:

  • Secure proxies – the necessary extension of the endpoints
  • Application identification and control – visualize the threats
  • Malnets – where is the source of infection and who are the pathogens
  • Identify the security breach – who was the victim and what was the lure
  • Security in Mobile computing – SNAFU

With this book, you will be able to:

  • Identify the relevant solutions to secure the infrastructure
  • Construct policies that provide flexibility to the users so to ensure productivity
  • Deploy effective defenses against the ever evolving web threats
  • Implement solutions that are compliant to relevant rules and regulations
  • Offer insight to developers who are building new security solutions and products


Request Free!

HackerOne Customer Case Study - Yahoo

The following is external content provided as a free resource for blog readers.

Yahoo uses a HackerOne bug bounty program to find and close security holes for its billion users around the world. This case study dives into exactly how Yahoo uses bug bounties to find vulnerabilities, close them and improve their software development lifecyle.



Request Free!

How to Run a Bug Bounty Program

The following is external content provided as a free resource for blog readers.

Bug Bounty Programs produce results - over 25,000 vulns have been found via HackerOne. Working with Hackers is new to many security teams. This guide for CISOs helps describe how programs with happy hackers operate. 



Request Free!

Space Weather Outlook July 03, 2016 at 11:27PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #16-27 2016 July 3 at 9:13 p.m. MDT (2016 July 4 0313 UTC) **** SPACE WEATHER OUTLOOK **** Summary For June 27-July 3 No space weather storms were observed. Outlook For July 4-10 No space weather storms are expected. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

How to Keep Your Network Safe eKit

The following is external content provided as a free resource for blog readers.
It's a big, bad, scary Internet out there and danger can be found at every turn!

In the eBook “Hacker-Cracker-Attacker: See Your Network Like the Bad Guys Do” we take a look at how hackers, crackers and attackers view your network security. We will look at each of the attack vectors the bad guys can use to take advantage, or even ownership, of a remote machine. We will look at the unpatched, legacy and the misconfigured systems that live on your network every day and how they are at risk.

Also, FREE 30 day trials to GFI LanGuard™ and GFI WebMonitor™ to secure your network if your users are frequently online and you are concerned about security risks.

Request Free!

Health Management Technology

The following is external content provided as a free resource for blog readers.
As the first publication dedicated to the healthcare IT market in 1980, Health Management Technology continues to deliver real-world solutions, news, and product trends, including regulatory compliancy, electronic medical records, wireless systems, revenue management, clinical information systems, data security and storage, scheduling, and more. Subscribers include senior C-suite executives and IT managers in hospitals and healthcare organizations, integrated delivery networks, managed care organizations and health plans, physician's practices, and IPAs. Health Management Technology is a multimedia resource comprised of a monthly print magazine and digital edition, daily e-newsletters, monthly product spotlights, and a comprehensive website.

Request Free!