by Jason Pappalexis | Dec 6, 2017 | Blog
The only constant in security is change. Over the last few years, we have witnessed a growing consensus among security practitioners that everyone is at risk of a breach, and that it is hard to do security well all the time. At NSS Labs, we spend our days helping...
by Jason Pappalexis | Oct 25, 2017 | Blog
Readers of classic science fiction will likely recognize the reference to Robert Heinlein’s 1950s novel. In this futuristic tale, the characters must use a tunnel between Earth and an unfamiliar (and inhospitable) planet in order to take a survival test. The novel has...
by Jason Pappalexis | Oct 23, 2017 | Blog
The 25 (SMTP), 80 (HTTP), and 443 (HTTPS) ports are widely utilized and form the core of business communication. By design, these ports are open across perimeter firewalls. However, this clear line of sight from the dark alleys of the external world to the safe haven...
by Jason Pappalexis | Oct 16, 2017 | Blog
The volume of log and alert data from just a small number of security products can easily overwhelm a security team—even a well-funded one. “Alert fatigue” is real, and so data consolidation is helpful, not only for timely content consumption, but also to determine...
by Jason Pappalexis | Oct 9, 2017 | Blog
Breach detection systems (BDS) are physical devices, virtual appliances, cloud services, or managed services that utilize both static analysis and behavioral analysis techniques to detect advanced malware, zero-day attacks, and targeted attacks that have bypassed a...
by Jason Pappalexis | Sep 18, 2017 | Blog
Web application firewalls (WAFs) are network security controls that monitor, filter, and control web traffic between clients and web-based applications. Users are learning that even tested web protocols can deliver threats. A traditional firewall blocks or accepts...
by Jason Pappalexis | Sep 5, 2017 | Blog
Advanced endpoint protection (AEP) products are not owned exclusively by vendors incorporated in the last 3 years—the endpoint protection (EPP) market has been around for more than 35 years, and NSS’ first AEP Group Test included products from companies founded as far...
by Jason Pappalexis | Aug 30, 2017 | Blog
There are a significant number of advanced endpoint protection (AEP) products in the market, and their offerings can vary greatly. For this reason, it is in an organization’s best interests to thoroughly understand the technology before beginning the product selection...
by Jason Pappalexis | Aug 7, 2017 | Blog
Advanced endpoint protection (AEP) products are designed to be the next evolution of endpoint security products and are purchased by enterprises to meet modern use case, security effectiveness, and threat visibility needs. Now that we are several years into the...
by Jason Pappalexis | Aug 2, 2017 | Blog
Along with an estimated 15,000 other people, the NSS Labs team spent last week living and breathing Black Hat 2017. This year marked the conference’s 20th anniversary, and for the most part, it was much the same as it has been in previous years: crowded and busy. (And...
by Jason Pappalexis | Dec 14, 2016 | Blog
Advanced endpoint protection (AEP) products are often described as the next step in the evolution of conventional antivirus, but when should organizations seriously consider deploying these products, and in what capacity—as replacements, or as augmentations? In a...
by Jason Pappalexis | Dec 13, 2016 | Blog
Web encryption, i.e., HTTP within TLS/SSL, reduces risk by helping Internet users maintain confidentiality, preserve the integrity of their data, and authenticate securely to remote services, such as banking websites. However, if organizations do not deploy security...
by Jason Pappalexis | Dec 13, 2016 | Blog
UNDERSTAND THE MOTIVATION TO PURCHASE Endpoint protection (EPP) remains a fundamental component of any organization’s security posture. EPP products are valuable to enterprises not only as security controls, but also as tools for visibility into resource consumption,...
by Jason Pappalexis | Oct 24, 2016 | Blog
It has been a busy three years since NSS Labs published its last report on encryption. More than 45% of websites are encrypted today (up from 30% a year ago in October 2015) and encrypted enterprise traffic has reached 40 – 50%, up from 25% – 35% in 2013. This is...
by Jason Pappalexis | Sep 21, 2016 | Blog
The fact that there are large numbers of vulnerabilities and exploits in major operating systems and large applications is no longer something known only by those in the security industry—as seen with the recent Shadow Brokers leak. Additionally, with market for...
