Threat Monitor

Instant messaging can be a conduit through which viruses come in to and sensitive data goes out of the corporate network. Enterprises need a thorough IM policy and the technical measures to back it up, regardless of whether IM is allowed or strictly prohibited. This tip outlines the factors you should consider when writing an IM policy and the technical measures for enforcing it.

Now that networks are fairly well-protected, attackers are targeting application servers. In this tip, security expert Mike Chapple explains how implementing application layer logging is becoming a crucial addition to every organization's security strategy.

Attackers are taking advantage of the emerging widespread deployment of low-cost Voice over IP telephony to launch a new type of attack -- phone phishing. SearchSecurity expert Ed Skoudis says it's a matter of time before phone phishing further evolves into phone spear phishing, putting enterprises at an increased risk. In this tip, Skoudis explains how phone phishing works and how to defend your organization.

By now, you probably know how to prevent SQL injection attacks, but your defense measures may be leaving a door open for attackers to launch blind SQL injections. In this tip, Web application security expert Michael Cobb explains how these SQL injection attacks occur, and offers tactics for protecting your Web applications.

Skype may be free, but it could cost your enterprise its security. This tip outlines the free VoIP solution's security risks and offers tips for keeping Skype off of the network.

Thanks to the Internet's inherent anonymity, widespread reach and disjointed law enforcement status, cybercriminals have a lot to gain -- and enterprises have a lot to lose. In this tip, SearchSecurity expert and malware guru Ed Skoudis describes how organized cybercriminals use extortion and botnets to further their illicit activities, and how enterprises can protect themselves.