|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers.  October 4, 3:41 p.m. PDT Cool tools for hacker trackers If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page. Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots. September 28, 3:00 a.m. PDT WabiSabi Labi aims to be more than an eBay for zero-days WabiSabi Labi, a Swiss startup that caused a stir with the creation of an eBay-like marketplace for software vulnerabilities, plans to offer an intrusion-detection system and will open up its auction site to a wider range of intellectual property, according to a company executive. September 25, 5:03 a.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT Is the US at risk from cyberwarfare? May was not a good month for geeks in Estonia. The tiny Baltic republic weathered a month-long cyberattack that shuttered Internet servers nationwide. At the height of the crisis, people who wanted to use payment cards to buy bread or gas had to wait, as the onslaught crippled Estonia's banks. September 20, 8:54 a.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT AT&T: Network perimeter security should be virtual Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way. September 20, 4:05 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Nokia, Intel beef up new network security appliance Nokia added a new appliance to its network security range that has more processing muscle -- the first product to come out of its collaboration with Intel. September 6, 4:43 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT Germany implements security plan to protect IT infrastructure with The German government has agreed to implement a sweeping set of security measures aimed at protecting critical IT infrastructure in the country. September 5, 9:35 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Researchers: Forensics software can be hacked The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners. July 25, 4:44 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Piecing together IBM's security puzzle IBM owns some of the world's leading IT security talent, products, and services, but executives with the massive company say it will likely never aim to become what people might label as a true "security vendor." July 23, 3:00 a.m. PDT Microsoft.co.uk succumbs to SQL injection attack A hacker successfully attacked a Web page within Microsoft's U.K. domain on Wednesday, resulting in the display of a photograph of a child waving the flag of Saudi Arabia. June 29, 5:24 a.m. PDT Veracode debuts system to test binary code Veracode launched its Software Security Ratings Service on June 25, introducing its new system for use in testing the safety of applications development among enterprise customers and third-party software makers. June 25, 1:25 p.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT Helping retailers wipe ID data issue When data breach investigator Bryan Sartin gets a call to check into an incident involving customer records loss at a retailer, he knows that the situation most likely involves information that has been lifted from a company's point-of-sale systems. June 13, 8:44 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT 3Com offers cheap IPS gateways 3Com is jumping into the unified security business, with branch office and SMB gateways that include enterprise-grade security technology from its TippingPoint subsidiary. May 23, 8:31 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Deepwater churns around unencrypted data The most sensitive and highly classified data communicated over the nation's internal computer networks remains at risk for exposure, according to key witnesses in the government's investigation into the United States Coast Guard's Deepwater procurement program. May 17, 11:33 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Future of NAC pits host against network Makers of network access control technologies find themselves dividing along familiar lines within the world of IT security as some providers evangelize a centralized, network-based approach for enforcing device authentication tools and others claim that NAC should reside on the endpoint. April 24, 7:15 a.m. PDT US Army team wants second chance at hacker contest A team of U.S. Army hackers will attend the Hack In The Box (HITB) Security Conference 2007 in Kuala Lumpur later this year, seeking redemption after falling short at a hacker competition in Dubai earlier this month, the conference organizer said Tuesday. April 24, 4:46 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT Symantec takes initial step into SaaS Symantec took its initial step into the software-as-a-service market on April 17, introducing its maiden set of hosted applications for small and medium-sized businesses. April 17, 4:00 a.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT More security OEM deals to come With enterprises demanding more tightly integrated security products than ever before and pressure increasing on vendors in the space to offer as many tools as possible to win deals, experts say that an increasing number of technology providers will turn to licensing agreements to help increase their marketability. April 12, 3:57 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST TJX stolen data used in Florida crime spree Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies. March 21, 9:25 a.m. PST Crisis management 101 I recently participated in some war-game-style what-if exercises with a small group of IT execs. The goal was to stimulate thinking about how corporations can best prepare for, and respond to, significant business disruptions, whether from terrorism, weather, biological threats, or other unexpected shocks. March 8, 3:00 a.m. PST Danger inside the firewall Between the latest firewall technology and advanced intrusion detection systems, IT professionals are breathing a little easier. This is a big mistake. It may be easier to protect the network from external attack these days, but the greatest security risks still come from inside the DMZ. February 20, 3:00 a.m. PST UK hacker extradition appeal hearing starts Lawyers for a British computer hacker started an appeal in London High Court Tuesday to block their client's extradition to the U.S. February 13, 9:42 a.m. PST NAC smorgasbord: Four ways to police the network In this age of worms, zombies, and botnets, mobile computers themselves are a kind of Trojan horse. Do you know where that computer’s been? No, you really don’t. February 5, 3:00 a.m. PST NAC policy management wags the watchdog The most critical element of a NAC system is the policy management system. As every administrative interface that an administrator must use requires specialized focus and understanding, the ease with which an administrator can launch the policy management system, make the changes desired, view reports, and perform other management tasks is critical. No administrator is likely to have hours to devote to these systems each day, so the simplification and visualization provided by the system should be a primary consideration for shoppers (and a prime opportunity for differentiation among the vendors). February 5, 3:00 a.m. PST Security: A year of reassessment New products and press fascinations come and go (mobile worms, anyone?), but IT security managers will stick with what works -- until it doesn’t. A few years from now, we may look back on 2006 and 2007 as that kind of turning point, when enterprise IT security folks took a good hard look at some of the products that were mainstays of their defensive strategy and asked whether they are pulling their weight. January 1, 3:00 a.m. PST Microsoft: Botnets top cyber-threat If there's one thing that Aaron Kornblum would like to quash, it's the botnet armies. December 27, 1:42 p.m. PST Check Point buys NFR Security for $20M Check Point Software Technologies is making its second acquisition in as many months, scooping up NFR Security for about $20 million. December 19, 7:51 a.m. PST Al-Qaeda threatens cyberattack on U.S. banks The U.S. Computer Emergency Readiness Team (US-CERT) has warned U.S. banks and financial institutions of a threatened cyberattack by the al-Qaeda terrorist organization. December 1, 9:03 a.m. PST Nokia releases Sourcefire-based security appliance Nokia has introduced a security appliance aimed at helping enterprises keep their networks secure, particularly in the face of threats that arise as more employees access corporate data remotely from devices like smartphones and laptops. November 15, 7:44 a.m. PST US government IT leaders feel more secure More than half of IT leaders in the U.S. government are more confident about their agencies' cybersecurity capabilities than they were two years ago, according to a survey released Monday. November 13, 9:11 a.m. PST Hackers break into water system network An infected laptop gave hackers access to computer systems at a Harrisburg, Pennsylvania, water treatment plant earlier this month. November 1, 4:43 a.m. PST German law makes hacking a punishable crime New legislation proposed by the German government aims to make computer hacking a punishable crime. September 21, 8:29 a.m. PDT Juniper, Symantec partner on enterprise security Juniper Networks and Symantec will jointly work on unified threat management (UTM) and intrusion detection and prevention (IDP) products, and in the long term will extend their partnership to antivirus and threat detection. September 12, 7:36 a.m. PDT "Wide open" means extra security There’s a reason nearly every security appliance vendor uses open source tools, and it has little to do with licensing. The vast majority of these devices -- ranging from spam and spyware filters to network scanners to intrusion detection and prevention systems -- are not only built on an open source platform such as Linux or FreeBSD, but they also actively use other open source products to accomplish their given tasks. September 4, 3:00 a.m. PDT Nokia appliances to get a snort of Sourcefire Nokia plans to integrate Sourcefire's intrusion prevention software into its line of network security appliances by year-end. August 29, 5:58 a.m. PDT Lessons from the verticals Every industry presents unique challenges, where IT must marshal more than the usual chunk of resources to solve extreme headaches. That may mean walking out to the edge of grid computing to garner greater compute performance, or it may involve management challenges such as accommodating a mobile workforce or connecting hundreds of far-flung offices. The greater the problem to overcome, the greater the potential to learn from successful solutions. August 21, 3:00 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT Top Layer Mitigator 5500 nails the IPS basics We’ve seen the gambit of intrusion detection and prevention devices on the market, but Top Layer Networks’ Mitigator IPS 5500 is a little different. For one thing, its management interface is downright dull. June 23, 3:00 a.m. PDT Microsoft France site hack leads to security rumors Part of Microsoft's French Web site has been taken offline by hackers, who apparently took advantage of a misconfigured server at the software vendor's Web hosting provider. June 19, 1:36 p.m. PDT Hack Tales: Network auditing on a shoestring What do you do when the auditors are breathing down your neck, wanting to see an exhaustive report on the Windows network security of a 2,000-user network across eight sites? That’s easy. Break out a text editor and start writing some Perl. May 29, 3:00 a.m. PDT Charting startup investment trends Several clear trends emerged as we reviewed hundreds of startups in the course of researching this article. Venture capitalists have poured smart money into a host of enterprise technology areas, but security, virtualization, and -- cutting across tech categories -- open source have been the big winners. May 15, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Update: UK judge approves hacker's extradition to US A British court on Wednesday approved a request by the U.S. for the extradition of an unemployed systems administrator who allegedly caused $700,000 in damage by hacking into U.S. military and government computers. May 10, 6:40 a.m. PDT SANS: Attacks shift to Mac, zero-day The SANS Institute warned of a steep increase in critical security holes in Apple Computer's Mac OS X operating system and in previously undiscovered ("zero day") vulnerabilities in Web browsers. May 1, 2:34 p.m. PDT Collapse of Check Point/Sourcefire deal raises questions Faced with resistance from the U.S. government’s Committee on Foreign Investment in the United States (CFIUS), Israeli software company Check Point Software Technologies put its $225 million offer to purchase IPS (intrusion prevention software) vendor Sourcefire on hold March 23, raising the specter of heightened government oversight of mergers and acquisitions. April 3, 3:00 a.m. PDT Check Point withdraws bid for Sourcefire Check Point Software Technologies, an Internet security company, on Thursday withdrew its application to acquire intrusion-prevention firm Sourcefire amid protests over the deal by some U.S. government offices. March 24, 4:08 a.m. PST Plug-and-play appliances reshape IT landscape Looking for a can’t-miss enterprise trend? I have just one word for you: appliances. During the past year, our Test Center has been inundated with the things. And not just the old standbys like firewalls, switches, and routers. I’m talking appliances that can handle virtually every IT operation: intrusion prevention, intrusion detection, CRM, anti-spam, e-mail security, Web services integration. We’ve even seen a smattering of appliances for Microsoft Exchange that come bundled with managed services (look for our Test Center review in April). March 6, 3:00 a.m. PST UTM appliances whip blended security threats Taking one part stateful inspection firewall, one part intrusion prevention, and equal parts anti-virus, anti-spam, anti-spyware, and content filtering, UTM (Unified Threat Management) appliances blend traditionally separate security services into a single device, providing not only comprehensive protection against Internet-based threats but also streamlined access to policies and reporting. March 6, 3:00 a.m. PST It takes an extraprise to secure your business Back in May, I wrote a column about our country's lack of an overall plan to protect critical infrastructure in case of attack -- telecommunications and fiber in particular. Consider this Part 2. February 21, 3:00 a.m. PST RSA survey shows security confidence low, but people buy anyway U.S. and Western European businesses are seeing their online sales grow, but many of them have questions about the security of their networks, according to a survey released Tuesday by RSA Security Inc. February 14, 1:19 p.m. PST For banks, security compliance goes only MSSP-deep In the financial industry, third parties often guard the vault. For example, MSSPs (managed security services providers), such as the company I work for, deliver vital resources and expertise to many small to midsize banks. These services include firewalls and intrusion management, secure electronic document delivery, and oversight by trained security professionals. Many banks also rely on MSSPs to comply with regulatory mandates. February 14, 3:00 a.m. PST Imperva keeps database activity in check Database vendors may be working feverishly to make their systems impenetrable to outsiders, but that’s only part of the battle. The hardest part of database security is controlling an authorized user’s activity once he’s gained access to the database. This type of access control is quickly becoming a bigger issue for compliance officers, especially with regard to HIPAA. And while the database vendors are merely auditing this activity, they are doing nothing to control it. This is where products like Imperva SecureSphere Database Security Gateway come into the picture. February 13, 3:00 a.m. PST Innovative IPSes resist our attacks See correction at end of article February 10, 3:00 a.m. PST AOL patches serious Winamp bug Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system. January 30, 3:07 p.m. PST Hackers lurk in AMD Web site Users of Advanced Micro Devices Inc.'s (AMD's) microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday. January 30, 12:39 p.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Security vendors looking to define 'rootkit' After being criticized for including rootkit-like cloaking software in its Norton SystemWorks product, security vendor Symantec Corp. is calling for an industrywide effort to define what the term "rootkit" actually means. January 13, 3:33 p.m. PST Update: Symantec, Kaspersky criticized for cloaking software The Windows operating system expert who exposed Sony BMG Music Entertainment use of "rootkit" cloaking techniques last year is now criticizing security vendors Symantec and Kaspersky Lab for shipping software that works in a similar manner. January 13, 4:15 a.m. PST Threat landscape and lapses justify security paranoia Security remained foremost on the minds of IT leadership in 2005, and with good reason. The year saw a Microsoft research project discover the first so-called zero-day exploit; "identity theft," "phishing," and "spyware" became part of the popular lexicon; and the need grew for companies to treat any computer joining the network as hostile until proved secure. It's no wonder IT people at all levels sound paranoid. January 2, 3:00 a.m. PST Rethinking incident response As businesses face increasing regulatory-compliance pressure from Sarbanes-Oxley, HIPAA, and Gramm-Leach-Bliley, many companies are finding themselves deploying intrusion detection systems, log analyzers, and other security tools to assist in finding when an incident has occurred. But when an alarm’s been triggered, every security analyst faces the problem of what to do next. December 12, 3:00 a.m. PST U.S. Air Force's new mission: Fighting in cyberspace The U.S. Air Force's goals now include "fighting" in cyberspace, according to a new mission statement released this week. December 9, 8:29 a.m. PST Controlling the uncontrollable user A large percentage of computer security problems have origins in a common issue: end-users installing or running programs without administrative approval and control. December 9, 3:00 a.m. PST Check Point and Sygate corral end points At their core, Check Point Integrity and Sygate Enterprise Protection are effectively policy-based firewalls. That’s the cake. The icing is their capability to monitor other applications for compliance with configuration requirements and send errant machines to quarantine until they can be updated with the latest anti-virus definitions, Windows patches, or other necessities. December 5, 3:00 a.m. PST > Security |
|
|
||||||||||||||||||
