Free Reports

IANS reports deliver actionable content that clients can use immediately.

From our research-driven faculty papers to our detailed Ask-An-Expert summaries and comprehensive event recaps, our focus is on delivering step-by-step recommendations to support making better security and risk-management decisions.

Reports

From Tools to Understanding: Reinventing Security

By Marcus Ranum, IANS Faculty

Executive Summary

Unless you’ve been sleeping under a rock, you will have noticed that the last decade or more of computer security hasn’t accomplished much. Enterprises still get overrun with malware, users click on sketchy attachments, hackers and pen testers walk into networks with apparent ease, and databases leak with distressing regularity. It ought to be apparent that when you’re doing something that doesn’t work, doing it harder isn’t likely to work any better. In security, we’re running flat…

Read Full Report »

Rooting Out Ransomware

By Kevin Beaver, IANS Faculty

Executive Summary

Hiding in everything from email, malicious Office files, website ads and more, ransomware is fast becoming a real threat for many businesses. The good news is that preventing ransomware attacks does not have to be that difficult or expensive. Proven network and security tools, as well as philosophies regarding security, make up the essential elements of a ransomware-free network environment. It’s simply a matter of acknowledging the problem, vowing to do something about it and remaining vigilant moving forward.

Read Full Report »

Getting a Grasp on RASP

By Paul Asadoorian, IANS Faculty

Executive Summary

Runtime Application Self-Protection (RASP) solutions are getting lots of press lately and have grown in adoption, but are they ready for prime time? How effective are they, really, for application security?

Pretty effective, actually. RASP helps organizations implement a defense-in-depth approach to application security. It integrates very tightly into the source code and application server, thwarting attacks and pinpointing the exact location of the vulnerabilities in the source….

Read Full Report »

Identity as a Service: Deciding When It Makes Sense

By Ed Moyle, IANS Faculty

Executive Summary

There are those who say “identity is the new perimeter.” This is an astute observation for two reasons. First and most obviously, the traditional perimeter is eroding and in many respects, identity has taken its place as the de facto control decision point. As services and applications become externalized and new ways of accessing applications become available to users, identity becomes the lynchpin for access. In years past, perimeter controls very much gated access — users who had appropriate…

Read Full Report »

Where Is All the Talent?

By Adam Ely, IANS Faculty

Executive Summary

With security budgets and challenges increasing, every team is looking for the best and brightest information security talent. In fact, Computerworld’s 2016 IT Salary Survey found that more than half the companies surveyed (51.3 percent) expect their security and IT staff headcount to increase in the coming year. Unfortunately, that means the market for talented, experienced security practitioners is highly competitive. The same Computerworld survey also found that 23.2 percent of security professionals say talent shortage is the biggest…

Read Full Report »

How to Think Like an Attacker

By Joff Thyer, IANS Faculty

Executive Summary

Organizations are increasingly finding themselves in a situation where existing information security defense strategies and solutions are failing. Attackers are bypassing defenses by crafting highly targeted attacks and advanced malware to achieve their goals.

This report discusses strategies for refocusing information security priorities and resources to protect the business’ valuable intellectual property. While automation is important, deploying strategies to…

Read Full Report »

Security of Things: Billions of Reasons IoT Matters to You

By Chris Poulin, IANS Faculty

Exectuve Summary

Three simple words compose a tiny acronym that spans all of space and time: Internet of Things (IoT). Sometimes called the Internet of Everything (and also the Internet of Junk), IoT is really an amorphous concept, much like “the cloud,” “big data” and even “mobile” to some extent. And as usual, where marketers see opportunity, security professionals are saddled with the task of identifying threats and protecting against it.

Read Full Report »

Anchor Your Security With a Well-honed SIEM Strategy

Security information and event management (SIEM) systems have been on the scene for more than a decade, and in that time they’ve grown from niche technology to something that approaches a must-have for enterprises serious about their security posture. It’s an impressive evolution for a solution set that was once viewed by many as expensive and redundant, not to mention difficult and time-consuming to implement.

The criticism of early SIEM iterations were not entirely unfair. For much of its nascent period, security managers and incident response teams wondered why they…

Read Full Report »

The ‘New' Security Fundamentals

IANS Expert Tips for Low-Cost, High-Impact Infosec Actions Every Organization Should Take Now

It's among the most frequent — and frustrating — realizations for information security professionals: investing in the latest infosec solution or subscribing to a hot new security service only to find that a few simple process changes would substantially accomplish the same thing at far less cost.

The ninja security tactics described in this guide — a set of reimagined, if not completely "new" security…

Read Full Report »

Who Owns the Risk? Follow the Money

By Stan Dolberg, IANS Chief Research Officer

Examining Organizational Engagement Factor 2: Get the Business to Own Information Security Risk

As IANS explores the CISO Impact Journey with our clients, we continue to investigate the ways CISOs and their teams seek to increase their impact across the 7 Factors of Organizational Engagement.

In this CISO Impact Basics report, we examine Factor 2: Get the Business to Own Information Security Risk.

Read Full Report »

CISO Impact: Lighting the Path to Leadership

By Stan Dolberg, IANS Chief Research Officer

Executive Summary

Information security professionals have relied on IANS for more than 15 years for shoulder-to-shoulder help with burning technical issues. In recent years, IANS has enlarged that scope with intensive research into the leadership challenges confronting CISOs and their teams — research we call CISO Impact™. Our findings clearly show that high-performing teams master both Technical Excellence and proactive Organizational Engagement. In the past 18 months, hundreds of CISOs and their…

Read Full Report »

How to Talk to the Board

By Bruce Bonsall, IANS Faculty

Executive Summary

Communicating risk to the board is more of an art than a science. Board members require concise, accurate information with which to make weighty decisions. They are busy people who need to cut right to the heart of important matters. Thoughtful planning and the careful crafting of one’s message are prerequisites to asking for the board’s time. Whether your time in front of them is to educate the board or provide a status update on security, to ask for funding or explain the implications of a privacy breach, information must be delivered with…

Read Full Report »

Tracking Stolen Data on the Dark Web

By Adam Ely, IANS Faculty

The Challenge: Finding and Removing Stolen Data Before Clients or Media Catch Wind

The security team for a large health insurer wants to start monitoring the web to alert it if/when the company’s sensitive customer data shows up on unapproved sites or the dark web. The issue came to light shortly after an internal incident response (IR) tabletop exercise highlighted this deficiency in its process. The team would like not only to be alerted…

Read Full Report »

Software-Defined Networking: What Security Teams Need to Know Now

By Dave Shackleford, IANS Faculty

Software-Defined Networking – What Is It?

Software-defined networking (SDN) is related to virtualized networking (for example, virtual switches from VMware) in many ways. Conceptually, many struggle to differentiate between the two.

In most cases, virtual networking components are a major part of SDN. However, the true concept of SDN focuses on pulling out the network control aspects…

Read Full Report »

Best Practices in Browser Forensics

By Bill Dean, IANS Faculty

Internet Browser Forensics Provide Crucial Artifacts

Both valid users and attackers use the Internet. Once they’ve compromised a machine, attacker’s activities consist of conducting online fraud, communicating with the needed command and control (C2) systems, downloading malware for pivoting throughout the network and exfiltrating sensitive data. Internet browser artifacts provide crucial evidence while investigating online activity in both civil and criminal matters…

Read Full Report »

Security Awareness: Where Do You Fall on the Maturity Curve?

By Katrina Rodzon, IANS Faculty

Evolving Focus from Compliance to Behavior

Security awareness has gone through a dramatic change in the last five to 10 years, from being a compliance-based industry to gaining a focus on implementing full-scale programs centered on behavior change strategy. With this refocus, many companies now see an increasing need for the ability to evaluate their program’s maturity.

The following model outlines how to evaluate an…

Read Full Report »

A Winning Configuration and Inventory Management Game Plan Stops Attacks in Their Tracks

There’s a lot of doom and gloom in security these days. Reviewing the latest list of data breaches is enough to depress even the most hardened infosec professional, and it’s hard not to feel sometimes that we’re losing ground in the information security battle. A big reason for our angst? Lack of focus on security basics. Too often we get side-tracked by the latest and greatest (and increasingly complicated) security tool or application, only to find ourselves falling further and further behind.

Read Full Report »

Sign up for Updates


We’ll send you short and sweet notifications about our content and events.