In Depth

In Depth

Antivirus, firewall and IDS products

• What neurodivergent people really think of working in cyber security

  Many firms are filling cyber security skills gaps by hiring neurodivergent talent – but more support is needed for neurodivergent cyber security professionals, writes autistic tech journalist Nicholas Fearn  Continue Reading

• Is the IT sector beset by fear-mongering?

  The arms race between hackers and security teams has led to a plethora of new technologies, but it can be hard to differentiate between sensible cyber purchases and those that are promoted by exaggerating risk  Continue Reading

• Back on the office network: What are the risks for mobile users?

  Many people are returning to offices and bringing their mobile devices with them. What are the cyber security implications of this?  Continue Reading

• Considerations when deciding on a new SIEM or SOAR tool

  A successful deployment of any security tool very much depends on the maturity of security processes in the organisation  Continue Reading

• Five ways to ensure remote working security and compliance

  A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security  Continue Reading

• The rise and rise of supply chain attacks

  Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains  Continue Reading

• Does email security need a human solution or a tech solution?

  People spend a lot of time using email systems, but many do not realise that this makes them attractive targets for cyber criminals. With education and technology, businesses can tackle this problem head-on  Continue Reading

• How can healthcare organisations fight increased cyber crime in 2021?

  As the Covid-19 pandemic enters what may be its most dangerous phase, we explore how healthcare organisations can ward off cyber threats while preserving their ability to deliver critical care  Continue Reading

• Security Long Reads: Cyber insiders reveal what’s to come in 2021

  In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021  Continue Reading

• Post-pandemic approaches to IAM for cloud security

  Cloud technology may have saved businesses from catastrophe during the pandemic, but it has also introduced additional challenges around identity and access management. Here’s why IAM policies are crucial in the new normal  Continue Reading

• This Christmas, Covid-19 heightens retail security risks for everyone

  Do you think it’s only retailers and consumers who need to consider cyber security when shopping online during the holidays? You’re dead wrong. This year, the Covid-19 pandemic and the shift to remote working has thrown a spanner in the works  Continue Reading

• DDoS mitigation strategies needed to maintain availability during pandemic

  The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations’ perceptions...  Continue Reading

• Intelligent ways to tackle cyber attack

  Artificial intelligence-powered security tools should enable IT security teams to achieve more with less  Continue Reading

• How to apply zero-trust models to container security

  Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them?  Continue Reading

• Coronavirus: How to go back to the office safely and securely

  Security teams should be used to supporting remote workers effectively by now, but what’s going to happen when people start returning to their offices? We look at the risks and how to address them.  Continue Reading

• What are the security priorities for the post-coronavirus world?

  The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising?  Continue Reading

• Why security validation matters

  FireEye’s top executives in Asia-Pacific discuss the benefits of security validation and offer their take on the region’s cyber threat landscape  Continue Reading

• Coronavirus: How to implement safe and secure remote working

  Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves  Continue Reading

• Inside the SOC: the nerve centre of security operations

  Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel  Continue Reading

• Layer your approach to web security

  Combining unified threat management with other security systems and a strategic CISO is essential to defend against threats  Continue Reading

• What are the CDN options for enterprises?

  We look at how content delivery networks can give your organisation’s web presence a literal edge  Continue Reading

• A guide to choosing cloud-based security services

  Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security  Continue Reading

• An insider’s look into the dark web

  A principal research scientist at Sophos offers a glimpse into the abysses of the dark web in a bid to uncover what cyber crooks are up to  Continue Reading

• How UK organisations are leaving themselves open for cyber attack

  UK organisations are leaving themselves wide open to cyber attack despite huge investments in cyber security systems, according to two former hackers now working in cyber defence  Continue Reading

• Breaking the cyber kill chain

  Traditional antivirus is no longer good enough for fileless malware attacks that don’t leave a trace  Continue Reading

• Cost-effective managed IPS for small businesses

  Small businesses typically struggle to afford cyber intrusion prevention systems, but the introduction of a service tailored for this market could change that  Continue Reading

• The true cost of a cyber security breach in Australia

  The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting.  Continue Reading

• Hacktivism: good or evil?

  IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics  Continue Reading

• Top 10 Android security tips

  As Android becomes more prevalent in the enterprise, Computer Weekly gives you 10 top tips for keeping your devices secure  Continue Reading

• How to secure Macs in the enterprise

  Apple computers are becoming increasingly used in the enterprise - we look at how to securely introduce Macs in the corporate network  Continue Reading

• Essar’s WAN encryption strategy to secure data in motion: In focus

  Indian conglomerate Essar puts WAN encryption in place using Cisco’s GET VPN to protect data flows between remote locations. A closer look.  Continue Reading

• Self-encrypting drives: SED the best-kept secret in hard drive encryption security

  The SED solves many common data loss problems and is easy to use and manage with minimal impact on system performance – yet relatively few businesses and governments use SEDs.  Continue Reading

• EDS report on 'dangerous' Chinook software published for the first time

  Computer Weekly is publishing, for the first time, a technical analysis of the software installed on the Chinook Mk2 helicopter, the Chinook model which featured in the RAF's worst peacetime crash.  Continue Reading

• Facing up to security perils of outbound traffic

  What about the threat from within and, more specifically, the security issues that arise from outbound traffic risks?  Continue Reading

• Chinook helicopter disaster - computer software failure or pilot error?

  Chinook helicopter crash: was it computer software failure or a cause we'll never know? This article gives the background to the Chinook helicopter disaster with links to all the relevant articles published by ComputerWeekly and other useful web ...  Continue Reading

• Checklist for purchasing hardware-based encryption

  Encryption appliances sit inline on a network and use specially designed electronics to encrypt data at line speeds, essentially eliminating the performance penalty imposed by encryption software running on a general server. While software-based ...  Continue Reading

• Understanding VoWLAN

  Like VoIP, VoWLAN contributes to cost efficiency. Because calls can be routed over the data network internally or over the Internet externally, mobile telephony costs can be eliminated or decreased significantly. In the long term, VoWLAN deployment ...  Continue Reading

• Experts: IDS is here to stay

  IDS technology has survived predictions that it would be replaced by IPS. One expert says it will remain a separate product while IPS is folded into firewalls.  Continue Reading

• Firewall deployment options increase for enterprises

  With a growing number firewall configuration options, companies need to spend more time and put more effort into determining how to design and deploy firewalls.  Continue Reading

• How to cheat at VoIP Security

  Securing a VoIP infrastructure requires planning, analysis, and detailed knowledge about the specifics of the implementation you choose to use.  Continue Reading

• Does compliance make encryption always necessary?

  Many organisations look to encryption to protect sensitive data. Yet hundreds of millions of people who use the Internet also use encryption, yet most of them don't even know it.  Continue Reading

• Big Microsoft Vista concerns for Big Pharma

  The second installment of an ongoing series examining the challenges of deploying Windows Vista and the considerations that go into the decision to roll out the new OS.  Continue Reading

• Why hacking contests, 'month-of' projects don't help

  Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security.  Continue Reading

• The Art of Software Security Testing

  Identifying software security flaws including the proper methods for examining file formats.  Continue Reading

• Data retrieval strategies: Document management software overview

  The role of document management software in data storage and how it can mitigate risk for the enterprise.  Continue Reading

• When Microsoft Vista and VPNs don't mix

  Papa Gino's is ahead of many companies in deploying Windows Vista, thanks to its involvement in the Microsoft TAP program. But VPN compatibility has been a sticking point.  Continue Reading

• The trouble with Google hacking techniques

  Some IT security professionals say the threat posed by Google hacking techniques is overblown and that companies can easily avoid it with a layered security program. One skeptical expert is Ira Winkler, founder of the Internet Security Advisors ...  Continue Reading

• Will data breach be the end of TJX?

  This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example?  Continue Reading

• Symantec threat report under the microscope

  This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere.  Continue Reading

• RFID dispute: Vendors still hostile toward full disclosure

  Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers.  Continue Reading

• PING with Mark Odiorne

  Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant.  Continue Reading

• Microsoft takes a blogosphere beating over Vista UAC

  This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature.  Continue Reading

• Data breach: If customers don't act, data will remain at risk

  To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses.  Continue Reading

• New security vendors take on sophisticated attackers

  IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities.  Continue Reading

• Quiz: Defending mobile devices from viruses, spyware and malware

  A five-question multiple-choice quiz to test your understanding of the content presented in Defending mobile devices from viruses and malware lesson of SearchSecurity.com's Messaging Security School.  Continue Reading

• TJX breach: There's no excuse to skip data encryption

  Companies complain that database encryption products are too expensive and difficult to manage, but customer loss and breach notification costs outweigh encryption expenses.  Continue Reading

• Security pros glean insight from '06

  Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006.  Continue Reading

• Top Windows server hardening tips of 2006

  Check out the top Windows server hardening tips of 2006 for helpful advice on domain controller penetration testing, security tips for the Windows Server 2003 OS and more.  Continue Reading

• Top client security tips of 2006

  A network user without the proper know-how is a ticking time bomb when it comes to security. Check out our top five client hardening tips of 2006 to get a head start on protecting yourself from potentially dangerous users.  Continue Reading

• Top network security tips of 2006

  The top Windows networking security tips of 2006 cover a range of topics, including network isolation, open source Windows security tools, VPN security and more.  Continue Reading

• Review: Deep Security is a solid IPS

  Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities.  Continue Reading

• Microsoft Vista could improve Internet security

  Two new Microsoft Vista features -- Kernel Patch Protection and User Account Control -- could prove especially useful in preventing serious malware infections.  Continue Reading

• Review: Lancope StealthWatch 5.5 offers more than IDS

  Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition.  Continue Reading

• Infrastructure security: Remote access DMZ

  An excerpt from Chapter 7: Infrastructure security from "How to Cheat at Managing Information Security," by Mark Osborne.  Continue Reading

• Zero-day tracker a hit, but IT shops need better strategy

  This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with.  Continue Reading

• Active Directory security school: Maintenance and testing

  This is lesson three of our Active Directory security school.  Continue Reading

• Active Directory security school: Set up and configuration

  An Active Directory security lesson.  Continue Reading

• Security Blog Log: Sailing a sea of spam

  This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam.  Continue Reading

• Review: Network Intelligence's enVision

  enVision offers excellent value and is highly configurable, though typically that means you have to put a lot into it to get the most out of it.  Continue Reading

• Security Blog Log: Taking Google Code Search for a spin

  This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security.  Continue Reading

• Inside MSRC: Public vulnerability disclosures on the rise

  Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make ...  Continue Reading

• ZERT rekindles third-party patching debate

  This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago.  Continue Reading

• On privacy laws, every state is one of confusion

  It's getting increasingly difficult for US firms to comply with regulations . David A. Meunier feels that it's time to develop safeguards and processes for this ever-changing regulatory environment.  Continue Reading

• Top 5 free Windows security downloads

  The place where you can find free tools that help you crack passwords, remove troublesome spyware and enhance network security. Check out our five most popular tools and find out what you've been missing.  Continue Reading

• Security Blog Log: Word doc scam evades spam filters

  Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches.  Continue Reading

• Wireless network security testing

  Attack your own wireless networks to find vulnerabilities before malicious hackers do.  Continue Reading

• Protecting wireless networks: Step 3

  Security testing expert Kevin Beaver covers the tools and techniques needed to find and exploit insecure wireless networks.  Continue Reading

• Protecting wireless networks: Step 2

  Security testing expert Kevin Beaver covers the tools and techniques you'll need to find and exploit insecure wireless networks.  Continue Reading

• Identity and Access Management Security School

  This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan.  Continue Reading

• Security blog log: Fear and loathing in MS06-040's wake

  This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits.  Continue Reading

• Security event management, no strings attached

  Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options.  Continue Reading

• PING with Heidi Kujawa

  Heidi Kujawa, director of enterprise architecture services for Sony Pictures Entertainment, explains how combatting piracy takes more than just keeping bootleggers out of the theatres  Continue Reading

• Industry chiefs to declare war on for-profit cyber criminals

  IT industry leaders reaffirm the importance of security to a digital economy beset by money-driven cyber criminals.  Continue Reading

• Voicing concerns on Skype

  Skype has blazed a trail in the Voice over IP arena; its popularity hasn’t gone unnoticed by the hacker community however  Continue Reading

• Lost at sea: securing the channel

  As attacks seem to proliferate almost unabated, it’s worrying to think that of the three interested parties in the security technology market — the technology makers, the technology sellers and the technology users—not everyone shares a common view ...  Continue Reading

• five star reception

   Continue Reading

• CBI warns on cybercrime

  A new survey warns that UK e-commerce is being stifled by rising crime and consumer caution about buying goods on the Internet  Continue Reading

• Government picks pathfinder councils

   Continue Reading

• Government makes grants to council IT schemes

   Continue Reading

• Why PKI?

  Public Key Infrastructure could revolutionise the way companies do business online - if only anyone would use it, says Danny...  Continue Reading

• Leaked RAF memo scathing of safety software evaluation

  Computer Weekly's Tony Collins uncovers evidence that the MoD has consistently undermined the authority of its software assessors...  Continue Reading