- Application security introduction
- Data breach and leak prevention
- PC and Mac OS operating system security
- Collaboration app and social networking security
- Virtualization security for security integrators
- Web Server OS and Web Application security
- Cloud computing and SaaS security
- Data encryption implementations
- Open Source Security Software
-
At WPC 2011, content sparse for Microsoft security partners
Microsoft is pushing cloud services during its Worldwide Partner Conference 2011, leaving IT security to its OEMs and expo exhibitors.News | 13 Jul 2011
-
Tackle your client’s security issues with cloud computing in 10 steps
So your client wants to move to the cloud? Your job just got harder. Kevin McDonald lists 10 steps to protect your client (and yourself).Tip
-
Practicing defense-in-depth: Implementing a defense-in-depth strategy
Implementing a defense-in-depth strategy can protect your customers’ Web applications from attack. Take a layered approach with intrusion prevention, encryption and code review.Tip
-
application whitelisting
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.Definition
-
Analysis: Adobe security gets boost from Reader X sandboxing
Adobe's new Reader X uses sandboxing to stop some of the attacks that can be delivered via a PDF. But Reader X will not install automatically; you must proactively install it.Tip
-
Is Forefront Endpoint Protection 2010 a good fit for your customer?
Microsoft FEP 2010 is now available for email filtering and antimalware protection of Windows PCs. It's the right choice in some situations, but consider alternatives too.Article | 04 Jan 2011
-
Visa issues payment application security best practices for integrators, resellers
New guidance helps avoid configuration issues, improve secure software development and help merchants securely install payment system software.Article | 26 Aug 2010
-
Targeted source code reviews reduce software security vulnerabilities
VARs and resellers currently offering software products such as static and dynamic software scan tools can further assist their clients by providing source code review services.Tip
-
SANS: Application threats, website flaws pose biggest security threats
A new report from the SANS Institute calls flaws in client-side applications often the most ignored by IT professionals.Article | 15 Sep 2009
-
Web application firewall market is hot for resellers, service providers
Vendors in the Web application firewall market are beefing up their channel programs, and more security solution providers are either adding WAF as a stand-alone offering or part of an integrated application security practice.Tip
- VIEW MORE ON : Application security introduction
-
Mobile security services: Protecting against mobile security risks
There’s a plethora of mobile security risks, from data loss to malware to unauthorized network access. Calm your clients’ nerves by offering mobile security services.Tip
-
Powerful trio: BitLocker settings plus EFS and NTFS file encryption
Start with BitLocker, then layer on NTFS and EFS, and you’ll have a powerful trio of tools to protect customer data. Phil Cox shows you how.Tip
-
Stable PCI compliance standard to have little effect on opportunities
The PCI DSS will not be changed for the next three years. Will security solution providers see a drop-off in PCI opportunities during this time?News | 14 Mar 2011
-
Security channel tutorials
SearchSecurityChannel.com's tutorials walk readers step by step though the process of selecting and managing security technologies as a service in the channel. These tutorials are full of useful tips and strategies for assessing a customer’s system needs, defining price concerns and identifying critical support issues.Tutorial
-
How to use BitLocker as part of a customer data protection program
BitLocker can be an effective tool in your data protection services. Phil Cox gives specific recommendations for implementing BitLocker to protect your client's data.Tip
-
Implementing data leakage prevention products
Data leakage prevention products can be overwhelming and daunting for businesses. See what companies are doing to help alleviate some of the fears and make the DLP implementation process easier.Tip
-
Building a client-specific plan for social networking security risks
Learn how to create a strategy that addresses social networking security risks. Social network dangers include increased malware, phishing attacks and accidental data leaks. Our expert also looks at Check Point Technologies Inc.'s Application Control Software Blade and social network security tools from Barracuda networks.Tip
-
Websense 'downloadable' DLP may expand data loss prevention market
Some partners see Websense's recent launch of DLP for Download as a way of simplifying a complex technology that midmarket organizations frequently hold back on.Article | 14 Jul 2010
-
Podcast: Network firewall FAQs for resellers
Check out Chris Clements' answers to these common network firewall questions. Learn more about different types of network firewalls, making the business case for network firewalls and targeting the right network firewall features for specific clients.Podcast
-
At WPC 2011, content sparse for Microsoft security partners
Microsoft is pushing cloud services during its Worldwide Partner Conference 2011, leaving IT security to its OEMs and expo exhibitors.News | 13 Jul 2011
-
VDI security advice: Not as safe and easy as it seems
Combining Windows 7 and virtual desktops can improve security, but Brien Posey explains there are still many security issues that must be managed.Tip
-
When to upgrade legacy hardware with unified threat management
The maturation of unified threat management technologies has made many legacy firewalls and software obsolete. Help your customers realize security gains and implement high-performance UTM appliances.Tip
-
An enterprise desktop virtualization deployment strategy for partners
Phil Cox reviews three ways to help customers deploy secure virtual desktopsTip
-
Navigating a few key Windows 7 security updates for customers
Learn about how you can help customers become accustomed to some key Windows 7 security features.Tip
-
Windows 7 security updates and new features
Microsoft's newest version of Windows is expected to be released this year. Windows 7 features several security updates and new features that solution providers should familiarize themselves with prior to the release.Tip
-
Symantec offers endpoint protection management, monitoring services
Symantec responds to pain points of managing endpoint protection with two managed services to help deploy and maintain antivirus, NAC products and endpoint security suites.Article | 23 Jun 2009
-
Channel Checklist: Windows Vista security
While more secure than XP, Windows Vista still has security vulnerabilities. Learn how to address these vulnerabilities by securing Windows Vista upon deployment.Checklist
-
Check up on IT security services for your clients
Use these easy-to-scan checklists to get a valuable overview of key IT security topics in the minimum amount of time.Channel Checklist
-
Hardening Linux as part of your client's network security policy
Even Linux is not immune to security threats, particularly in heterogeneous computing environments, and therefore securing your client's Linux servers and desktops should be an essential part of your client's network security policy. Learn how to use standard Linux security configuration, hardening and standards guidelines as the basis for Linux network security that works for customers using SuSE Linux Enterprise Server 10 or any other combination of Linux servers and desktops.Ask the Expert
- VIEW MORE ON : PC and Mac OS operating system security
-
application whitelisting
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.Definition
-
VDI security advice: Not as safe and easy as it seems
Combining Windows 7 and virtual desktops can improve security, but Brien Posey explains there are still many security issues that must be managed.Tip
-
Customers in no rush to buy virtualization security products, services
More customers are implementing virtualization, but are opportunities increasing around virtualization security products? Observers say not just yet.News | 12 May 2011
-
PCI and virtualization: Enabling VMs with PCI compliance services
The new PCI DSS security standard allows merchants to run a virtualized environment and still be compliant. David Jacobs explains they will need your help with tools and processes.Tip
-
Trend Micro channel targets virtualization of desktop infrastructure
Antimalware vendor Trend Micro recently released OfficeScan 10.5, which features additional security capabilities that target the virtualization desktop infrastructure market. Trend Micro's Tom Miller, executive vice president of sales and marketing for the United States, and Eric Berkman, director of North American value-added resellers, recently spoke with SearchSecurityChannel.com about the growing popularity of VDI and the challenges of securing virtual desktops. Below, they also review some of the perks of their partner program.Interview | 15 Jun 2010
-
An enterprise desktop virtualization deployment strategy for partners
Phil Cox reviews three ways to help customers deploy secure virtual desktopsTip
-
New revenue opportunities for the security channel in 2010
Customers are not necessarily scaling back their security budgets. Kent Knudsen looks at Software as a Service, virtualized data centers and other revenue opportunities for 2010.Tip
-
Security channel in 2010: Top data protection technologies
The interest in data protection continues to grow, and data protection technologies will play a big part in customers' security implementations in 2010. Learn about the key technologies to watch and how your solution provider business can benefit by focusing on data protection.Tip
-
Where do I start in discussing virtual security with my customers?
Learn about the architectural and security ramifications of virtualization and discover how to discuss virtual security with your customers. To ensure virtual security, work with your customers to address policies, procedures and responsibilities across server administration, network and security teams before you start deployments.Ask the Expert
-
Virtual honeypots: Tracking botnets
As a security device, virtual honeypots are as effective as traditional honeypots but easier to build, deploy and maintain. In this book excerpt from Addison-Wesley, you'll learn about the danger of botnets and how honeypots can help you track down and eliminate threats.Book Excerpt
- VIEW MORE ON : Virtualization security for security integrators
-
Practicing defense-in-depth: Implementing a defense-in-depth strategy
Implementing a defense-in-depth strategy can protect your customers’ Web applications from attack. Take a layered approach with intrusion prevention, encryption and code review.Tip
-
Round-up of pen testing tools for penetration testing services
Pen testing tools can be used to detect network and application vulnerabilities. Dave Shackleford lists specific tools for each category of penetration testing.Tip
-
Reviewing applications for security: Code review best practices
Developing secure application code isn’t easy. David Jacobs outlines best practices for keeping customers’ applications secure.Tip
-
proxy hacking
Proxy hacking, also known as proxy hijacking, is an attack technique designed to supplant an authentic Web page in a search engine's index and search results pages. An attacker may use proxy hacking to gain an advantage over a competitor or, ultimately, to redirect users requesting the targeted page to a malicious or fraudulent website.Definition
-
Targeted source code reviews reduce software security vulnerabilities
VARs and resellers currently offering software products such as static and dynamic software scan tools can further assist their clients by providing source code review services.Tip
-
Web application firewall security guide: Stop vulnerabilities, threats
This Web application firewall security mini guide offers a deeper look at how Web application firewalls work, how they can help protect your customers' environments, assist corporations in achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS), and stop a slew of evolving Web application attacks.Learning Guide
-
Social networking security still a gray area for some customers
While there are many companies today that have embraced the use of social networking sites, there are still some that are skeptical. No matter how customers view social networking, there are some inherent security issues that need to be addressed. VARs and solution providers can help educate customers with social networking security.Tip
-
Application security expertise a plus when offering WAF services
Web application firewalls (WAF) are fast becoming a way of life for customers interested in creating effective data protection programs. Security solution providers who specialize in application security are in a good position to help customers with WAFs and WAF services.Article | 02 Nov 2009
-
Web application security best practices: Tips on implementation
The demand for Web application security tools continues to grow, thanks in part to PCI DSS compliance. In this video, learn some Web application security best practices.Video
-
SANS: Application threats, website flaws pose biggest security threats
A new report from the SANS Institute calls flaws in client-side applications often the most ignored by IT professionals.Article | 15 Sep 2009
- VIEW MORE ON : Web Server OS and Web Application security
-
CSP security: Penetration testing public cloud service providers
Pen testing is vital for customers who entrust their applications to a cloud. Dave Shackleford explains how to test public cloud service providers.Tip
-
Deploy network forensics tools and services for incident response
For incident response, solution providers may resell forensics tools or offer forensics as a managed service. Lisa Phifer compares the options.Tip
-
Microsoft: Security issues in cloud computing lead to partner revenue
At WPC 2011, Microsoft revealed how channel partners can cash in on cloud security problems with Redmond’s new modules and value-added services.News | 15 Jul 2011
-
Microsoft cloud partner wins award for access management solution
At WPC 2011, Microsoft recognizes Omada for its access management solution, which works as an add-on to secure Microsoft’s cloud platform.News | 13 Jul 2011
-
The MSP cloud: Running security event management software in a cloud
Considering offering cloud-based SIEM services? This podcast covers the pros and cons of offering managed security event management software services in the cloud.Tip
-
Security integrators and resellers at a crossroads
Security integrators and resellers are feeling more profit margin pressures from direct sales, vendor consolidation and cloud services. Here are 10 things VARs can do to improve their viability.Tip
-
Security in cloud computing: Risks, remedies and priorities
Solution providers face the task of securing cloud computing projects, and they often lack comprehensive work papers to help them along the way. To help you along the way, here's a collection of original SearchSecurityChannel.com content that highlights cloud computing security risks, and how you can find and fix them.Learning Guide
-
Q&A: CloudAudit targets automated risk assessment, management
CloudAudit, launched in January 2010, brings together cloud computing providers, integrators and consultants in an effort to create a common interface and namespace. The volunteer initiative aims to help with an automated risk assessment and audit of software-as-a-service (SaaS), platform-as-a-service (PaaS) or infrastructure-as-a-service (IaaS) environments. Christofer Hoff, who earned a respected reputation as a long-time independent researcher and is now the director of cloud and virtualization systems at Cisco Systems Inc., and a technical advisor and founding member of the Cloud Security Alliance (CSA), spoke to SearchSecurityChannel.com about CloudAudit's mission.Interview | 06 Apr 2010
-
Simplifying cloud computing security audit procedures
As a channel partner, you're in the perfect spot to guide customers through the thicket of cloud services. Beth Cohen points out cloud computing security challenges and the best practices that can address them.Tip
-
Cloud computing certification leads to questions of scope, vendor ties
While some question whether Novell's involvement with the Cloud Security Alliance's new security certification will taint the initiative or limit its scope, most believe it's superior to a SAS 70 audit.Article | 30 Mar 2010
- VIEW MORE ON : Cloud computing and SaaS security
-
Channel executives see need to bolster hospital IT security
Regulations leave hospitals scrambling to strengthen security. Channel executives are helping hospitals implement IAM, DLP and encryption technology -- albeit on a budget.News | 05 Apr 2012
-
Regulatory compliance requirements for security solutions providers
Customers aren’t the only firms that need to comply with regulations. In many cases, solution providers need to be compliant, too.Tip
-
Enterprise encryption strategy: The path to simple data encryption
This primer on enterprise encryption strategy covers use cases for various devices and data types, and offers strategies for simple data encryption.Video
-
Practicing defense-in-depth: Implementing a defense-in-depth strategy
Implementing a defense-in-depth strategy can protect your customers’ Web applications from attack. Take a layered approach with intrusion prevention, encryption and code review.Tip
-
Helping customers comply with data privacy laws by state
Data privacy laws vary by state, yet your client must follow the law of every state in which they have a customer or employee. Richard Mackey explains how to cope with it all.Tip
-
PCI guide: PCI DSS documentation, resources for solution providers
Beyond basic PCI DSS assessments and reporting, solution providers may need to access PCI DSS documents for emerging technologies and other standards, as detailed in this guide.Tip
-
Security product specialization key for Oracle VAR success
Considering adding an Oracle security product to your line card? This article will guide your choice based on your current skill set.Tip
-
data recovery agent (DRA)
A data recovery agent (DRA) is a Microsoft Windows user who has been granted the right to decrypt data that was encrypted by other users. The assignment of DRA rights to an approved individual provides an IT department with a way to unlock encrypted data in case of an emergency.Definition
-
Evaluating options for portable hard drive and USB key encryption
To protect your customers' data on portable media, should you choose a hardware or software encryption solution? Security expert Joel Snyder compares your options.Tip
-
Data encryption methods: Lay out the options for your customer
Rich Mogull of Securosis explains why partners need to live up their name and team up with customers on encryption implemenation and integration.Tip
- VIEW MORE ON : Data encryption implementations
-
Using DMARC to improve DKIM and SPF email antispam effectiveness
DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.Tip
-
Wow your client with a winning penetration testing report
Dave Shackleford lists the pitfalls to avoid and the best steps to take to produce a penetration test report that will wow your clients.Tip
-
Round-up of pen testing tools for penetration testing services
Pen testing tools can be used to detect network and application vulnerabilities. Dave Shackleford lists specific tools for each category of penetration testing.Tip
-
Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities
Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation and configuration to using Nessus with the SANS Top 20 to identify critical vulnerabilities.SearchSecurity Technical
-
Network session data analysis with Snort and Argus
This edition of Snort Report departs from the standard format to introduce Argus, a session data collecting tool that can work alongside Snort. Learn how session data can complement Snort's alert data for network session analysisTip
-
How to use shared object rules in Snort
Service providers can learn how to get shared object rules working on Snort sensors.Tip
-
How can I learn more about Snort?
As an extensible, open source intrusion detection system tool, Snort packs plenty of power. Learn where to find the online resources to help you and your customers get the most out of Snort.FAQ
-
What is the difference between Snort and Bro?
While Bro and Snort and both open source intrusion detection systems, they use different methods to detect intrusions and can complement one another on the network.FAQ
-
Is Snort right for the IDS needs of all clients?
While the Snort IDS may not suit all customers, its unheralded protocol analysis and traffic reconstruction capabilities make it more broadly useful than some might think.FAQ
-
What does the future hold for Snort?
Discover how the new features of Snort 3.0 promise to deliver greater functionality to Snort users and their clients than ever before.FAQ
- VIEW MORE ON : Open Source Security Software