|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers.  October 4, 3:41 p.m. PDT Cool tools for hacker trackers If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page. Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots. September 28, 3:00 a.m. PDT WabiSabi Labi aims to be more than an eBay for zero-days WabiSabi Labi, a Swiss startup that caused a stir with the creation of an eBay-like marketplace for software vulnerabilities, plans to offer an intrusion-detection system and will open up its auction site to a wider range of intellectual property, according to a company executive. September 25, 5:03 a.m. PDT Security outsourcing on the rise As one of the world's largest outsourcing providers, Wipro Technologies is ramping up its security services business in a big way. September 20, 2:30 p.m. PDT PayPal claims gains against phishers PayPal security chief Michael Barrett isn't ready to claim a victory in the fight against phishing schemes, but he said that his company is slowly turning the tide using a set of new partnerships and technological means. September 20, 4:23 a.m. PDT AT&T: Network perimeter security should be virtual Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way. September 20, 4:05 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Infrastructure threats: Botnets show DoS who's boss Malware-infected botnet PCs have overtaken DoS attacks as the top security issue facing Internet service providers and other Web infrastructure hosting players, according to a new survey of the organizations. September 18, 3:54 a.m. PDT Cisco says acquisitions don't impede best-of-breed Cisco executives speaking at the ongoing Security Standard Conference claim that the networking giant hasn't sapped innovation in the security companies it has acquired in its efforts to add to its own expanse of IT systems-defense products, while some customers clearly feel otherwise. September 10, 4:38 p.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Nokia, Intel beef up new network security appliance Nokia added a new appliance to its network security range that has more processing muscle -- the first product to come out of its collaboration with Intel. September 6, 4:43 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Malicious Web: Not just porn sites The New Zealand Honeynet Project, which produced Capture-HPC (mentioned here last week), also produced an excellent white paper about using Capture-HPC to identify malicious Web servers. On the group's Web site, you'll find that paper, the captured data, and the tools for anyone to inspect and replicate. August 31, 3:00 a.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Making a case for virtual patching The period during which businesses work to install security patches to protect IT systems from attack undeniably remains one of the most vulnerable timeframes for many companies -- but a recently-launched startup selling a virtual patching alternative claims to have found a solution to the problem. August 20, 2:20 p.m. PDT Websense lures Web 2.0 attackers with HoneyJax Websense has developed a threat detection system designed to spot Web 2.0 attacks soon after they are launched. August 6, 4:19 a.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT Researchers: Forensics software can be hacked The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with Isec Partners. July 25, 4:44 a.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Piecing together IBM's security puzzle IBM owns some of the world's leading IT security talent, products, and services, but executives with the massive company say it will likely never aim to become what people might label as a true "security vendor." July 23, 3:00 a.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT HP-SPI deal underscores apps security integration Hewlett Packard's acquisition of Web applications security specialist SPI Dynamics on June 19 illustrates a growing demand among enterprise customers to have vulnerability-scanning tools integrated into their software development platforms. June 19, 12:07 p.m. PDT Homeland Security to detail IT attacks Officials from the U.S. Department of Homeland Security will hold a hearing on Capitol Hill on June 20 to discuss the findings of an investigation into the agency's own problems in battling electronic attacks and IT systems intrusions. June 15, 11:26 a.m. PDT Global co-op feeds FBI's botnet fight Officials with the FBI claim that global law enforcement partnerships are playing a significant role in its ongoing efforts to stomp out botnets and other computer-borne crimes. June 14, 3:09 p.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT App developers finally securing code On Aug. 14, IT security training and research authority SANS Institute will convene its inaugural set of exams for software developers seeking to attain its new secure coding certifications. The rise of such initiatives -- and increasing adoption of source code vulnerability scanning tools among internal software development teams -- are finally making a difference in overall applications security, some end users and industry experts contend. June 6, 4:14 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT 3Com offers cheap IPS gateways 3Com is jumping into the unified security business, with branch office and SMB gateways that include enterprise-grade security technology from its TippingPoint subsidiary. May 23, 8:31 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT Deepwater churns around unencrypted data The most sensitive and highly classified data communicated over the nation's internal computer networks remains at risk for exposure, according to key witnesses in the government's investigation into the United States Coast Guard's Deepwater procurement program. May 17, 11:33 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Future of NAC pits host against network Makers of network access control technologies find themselves dividing along familiar lines within the world of IT security as some providers evangelize a centralized, network-based approach for enforcing device authentication tools and others claim that NAC should reside on the endpoint. April 24, 7:15 a.m. PDT US Army team wants second chance at hacker contest A team of U.S. Army hackers will attend the Hack In The Box (HITB) Security Conference 2007 in Kuala Lumpur later this year, seeking redemption after falling short at a hacker competition in Dubai earlier this month, the conference organizer said Tuesday. April 24, 4:46 a.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT More security OEM deals to come With enterprises demanding more tightly integrated security products than ever before and pressure increasing on vendors in the space to offer as many tools as possible to win deals, experts say that an increasing number of technology providers will turn to licensing agreements to help increase their marketability. April 12, 3:57 p.m. PDT McAfee: Cyber-crime will continue to pay The latest research report from McAfee's Avert Labs paints a frightening picture for enterprise IT administrators and end-users, predicting continued maturation of cyber-crime and the technological means being used to carry out external attacks. April 10, 9:00 p.m. PDT Microsoft patching five flaws, two critical Microsoft announced in its monthly Patch Tuesday preview that it plans next week to release security updates for five individual product vulnerabilities, including two critical issues. April 6, 10:28 a.m. PDT Debate lingers over federal data-handling laws Even as the federal government appears poised to create new consumer data protection laws in 2007, businesses and privacy advocates in the United States remain at odds over the parameters of such legislation and its potential impact. April 3, 6:59 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST TJX stolen data used in Florida crime spree Law enforcement officials in Florida have arrested six individuals suspected of carrying out a fraud scheme built around the misuse of credit card data stolen from retailer TJX Companies. March 21, 9:25 a.m. PST Crisis management 101 I recently participated in some war-game-style what-if exercises with a small group of IT execs. The goal was to stimulate thinking about how corporations can best prepare for, and respond to, significant business disruptions, whether from terrorism, weather, biological threats, or other unexpected shocks. March 8, 3:00 a.m. PST Danger inside the firewall Between the latest firewall technology and advanced intrusion detection systems, IT professionals are breathing a little easier. This is a big mistake. It may be easier to protect the network from external attack these days, but the greatest security risks still come from inside the DMZ. February 20, 3:00 a.m. PST Security: A year of reassessment New products and press fascinations come and go (mobile worms, anyone?), but IT security managers will stick with what works -- until it doesn’t. A few years from now, we may look back on 2006 and 2007 as that kind of turning point, when enterprise IT security folks took a good hard look at some of the products that were mainstays of their defensive strategy and asked whether they are pulling their weight. January 1, 3:00 a.m. PST Microsoft: Botnets top cyber-threat If there's one thing that Aaron Kornblum would like to quash, it's the botnet armies. December 27, 1:42 p.m. PST Al-Qaeda threatens cyberattack on U.S. banks The U.S. Computer Emergency Readiness Team (US-CERT) has warned U.S. banks and financial institutions of a threatened cyberattack by the al-Qaeda terrorist organization. December 1, 9:03 a.m. PST IBM watchdog system scans digital video Early next year, IBM will start selling advanced video surveillance software that can sift through thousands of hours of digital video in a matter of seconds. November 7, 4:31 a.m. PST German law makes hacking a punishable crime New legislation proposed by the German government aims to make computer hacking a punishable crime. September 21, 8:29 a.m. PDT Juniper, Symantec partner on enterprise security Juniper Networks and Symantec will jointly work on unified threat management (UTM) and intrusion detection and prevention (IDP) products, and in the long term will extend their partnership to antivirus and threat detection. September 12, 7:36 a.m. PDT "Wide open" means extra security There’s a reason nearly every security appliance vendor uses open source tools, and it has little to do with licensing. The vast majority of these devices -- ranging from spam and spyware filters to network scanners to intrusion detection and prevention systems -- are not only built on an open source platform such as Linux or FreeBSD, but they also actively use other open source products to accomplish their given tasks. September 4, 3:00 a.m. PDT Betting on authentication If Paul Roberts ever goes to the track, I’m gonna let him place a few bets for me. He has a knack for picking winners. Case in point, a few weeks back, the InfoWorld senior editor suggested the time was right for a story on the enterprise’s need for stronger, brainier authentication to clamp down on fraud. No sooner had he finished writing this week's authentication cover story than EMC announced plans to buy authentication vendor RSA Security. A week later, it was Secure Computing buying CipherTrust (with its e-mail reputation system), while digital identity vendor Entrust snapped up fraud-detection company Business Signatures. The vendors clearly appreciate Roberts’ trend-spotting abilities. July 24, 3:00 a.m. PDT Hack Tales: Network auditing on a shoestring What do you do when the auditors are breathing down your neck, wanting to see an exhaustive report on the Windows network security of a 2,000-user network across eight sites? That’s easy. Break out a text editor and start writing some Perl. May 29, 3:00 a.m. PDT Charting startup investment trends Several clear trends emerged as we reviewed hundreds of startups in the course of researching this article. Venture capitalists have poured smart money into a host of enterprise technology areas, but security, virtualization, and -- cutting across tech categories -- open source have been the big winners. May 15, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Check Point withdraws bid for Sourcefire Check Point Software Technologies, an Internet security company, on Thursday withdrew its application to acquire intrusion-prevention firm Sourcefire amid protests over the deal by some U.S. government offices. March 24, 4:08 a.m. PST Plug-and-play appliances reshape IT landscape Looking for a can’t-miss enterprise trend? I have just one word for you: appliances. During the past year, our Test Center has been inundated with the things. And not just the old standbys like firewalls, switches, and routers. I’m talking appliances that can handle virtually every IT operation: intrusion prevention, intrusion detection, CRM, anti-spam, e-mail security, Web services integration. We’ve even seen a smattering of appliances for Microsoft Exchange that come bundled with managed services (look for our Test Center review in April). March 6, 3:00 a.m. PST RSA survey shows security confidence low, but people buy anyway U.S. and Western European businesses are seeing their online sales grow, but many of them have questions about the security of their networks, according to a survey released Tuesday by RSA Security Inc. February 14, 1:19 p.m. PST ISS announces new security products Internet Security Systems (ISS) announced Tuesday a group of new products aimed at helping network administrators, including a network anomaly detection system. February 14, 8:56 a.m. PST For banks, security compliance goes only MSSP-deep In the financial industry, third parties often guard the vault. For example, MSSPs (managed security services providers), such as the company I work for, deliver vital resources and expertise to many small to midsize banks. These services include firewalls and intrusion management, secure electronic document delivery, and oversight by trained security professionals. Many banks also rely on MSSPs to comply with regulatory mandates. February 14, 3:00 a.m. PST Innovative IPSes resist our attacks See correction at end of article February 10, 3:00 a.m. PST Hackers lurk in AMD Web site Users of Advanced Micro Devices Inc.'s (AMD's) microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday. January 30, 12:39 p.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Threat landscape and lapses justify security paranoia Security remained foremost on the minds of IT leadership in 2005, and with good reason. The year saw a Microsoft research project discover the first so-called zero-day exploit; "identity theft," "phishing," and "spyware" became part of the popular lexicon; and the need grew for companies to treat any computer joining the network as hostile until proved secure. It's no wonder IT people at all levels sound paranoid. January 2, 3:00 a.m. PST Rethinking incident response As businesses face increasing regulatory-compliance pressure from Sarbanes-Oxley, HIPAA, and Gramm-Leach-Bliley, many companies are finding themselves deploying intrusion detection systems, log analyzers, and other security tools to assist in finding when an incident has occurred. But when an alarm’s been triggered, every security analyst faces the problem of what to do next. December 12, 3:00 a.m. PST New dimensions in intrusion defense Sourcefire’s open source IDS engine, Snort, has long been the gold standard of signature-based intrusion detection systems. Snort’s commercial sibling, Sourcefire 3D, takes Snort a step further by adding passive vulnerability assessment and service-anomaly detection to the mix. 3D stands for Discover, Determine, and Defend, referring to Sourcefire 3D’s capability to use knowledge of the services and vulnerabilities that are present in the network in order to defend against attacks intelligently. November 21, 3:00 a.m. PST Sony stops shipping controversial DRM code One day after hackers released malicious software that used controversial Sony BMG Music Entertainment copy-protection software to attack computers, Sony has decided to stop shipping the product, the company said Friday. November 11, 1:15 p.m. PST Data breach bills unlikely to pass before 2006 After a series of data breaches earlier this year, members of the U.S. Congress raged about the irresponsibility of breached companies and introduced a flurry of bills requiring companies to notify affected customers when data is lost. November 11, 11:45 a.m. PST TippingPoint leans into network threats IDS/IPS products have come a long way in a short time, as vendors have been fast to incorporate new detection techniques and bolster defenses to an ever-widening range of threats. TippingPoint is one vendor that has blazed the trail to multipronged protection. August 8, 5:00 a.m. PDT Security vendors respond to heightened concerns Recent security breaches involving universities, credit card processors, and financial institutions are making security a hot topic, and security companies are busy upgrading their product lines -- either by acquiring new product lines or upgrading current products. June 28, 8:38 a.m. PDT Cisco buys Netsift Cisco Systems has agreed to pay $30 million for a year-old startup, Netsift, which develops deep packet processing technology, it said Monday. Netsift's system can be used for detecting network attacks as they happen. June 27, 7:13 a.m. PDT Intrusion Protection Systems get hot Taxed with providing an ever-expanding range of complex security functions, IPS vendors are rising to the challenge, transforming their wares to go beyond simply identifying and stopping attacks based on updated threat profiles. June 13, 5:00 a.m. PDT StealthWatch Xe shines a light on NetFlows Shining a light in the dark often exposes nasty little critters that normally hide from view. Lancope’s newly released StealthWatch Xe IDS appliance can do the same thing for your network. Working in conjunction with network infrastructure products from Cisco Systems, Foundry Networks, Juniper Networks, and others, Xe collects and analyzes NetFlow data to provide a view into strange and threatening traffic running on network segments lacking IDS sensors. We’ve been using Xe to analyze NetFlow data from Cisco Catalyst and Foundry BigIron switches, and we’ve found scary critters of every stripe -- worms, viruses, Trojans, keylogging spyware, you name it. Xe incorporates the same analytical engine deployed in the conventional StealthWatch appliance we tested last summer, but it enlists existing routers and switches to work as its sensors, drawing their NetFlow data from mirrored switch ports. Xe is not the first solution to leverage routers and switches this way, but the passive approach of the StealthWatch engine -- which does most of its analysis without inspecting packet payloads or hindering network traffic -- meshes especially well with spanned traffic monitoring. Current StealthWatch users will be happy to know that the Xe interface closely matches its conventional StealthWatch cousin and seamlessly connects into the StealthWatch Management Console. Whether you use Xe to extend your existing StealthWatch deployment or as a point solution, it will bring powerful threat detection capabilities to opaque segments of your network. In June, Xe will be available as part of StealthWatch System 5.0. System 5.0 will integrate with other network devices to mitigate attacks, detect application traffic that violates network policies, and provide visualizations of worm outbreaks and network flows. -- Victor R. Garza and Doug Dineley June 6, 5:00 a.m. PDT Security in the headlines At a conference last year, I made a potentially disastrous mistake. I walked off with someone else’s laptop bag, leaving my own case -- a black, standard-issue, backpack-style bag -- propped against a chair leg. I noticed the substitution about five minutes later, and returned to the scene of the inadvertent crime on a dead run. (My laptop computer may not contain state secrets or customers’ Social Security numbers, but it holds plenty of confidential information, not to mention virtually everything I’m working on at any given time.) May 16, 5:00 a.m. PDT Investigators link Cisco hack to other activities A theft of computer source code from Cisco Systems, reported a year ago, has led to a wide-ranging investigation of potential criminal activity involving multiple server break-ins in several countries, according to the U.S. Federal Bureau of Investigation (FBI). May 10, 9:44 a.m. PDT Venezuelan arrested for '01 Airforce hacks A popular Venezuelan hacker known as "RaFa" was arrested April 2 and charged with hacking into U.S. Department of Defense (DOD) servers almost four years ago. April 11, 4:08 p.m. PDT InfoWorld CTO 25: Scott Hrastar Even after 17 years in networking, Scott Hrastar, CTO of AirDefense, exuberantly insists, “There’s no other IT discipline with a higher wow factor.” The owner of 13 patents with another 13 pending, Hrastar’s passion of the moment is getting wireless security right. “A wireless security break is equivalent to putting an open Ethernet jack in the parking lot,” he quips. He’s an ardent advocate of the layered approach, a selling point of his AirDefense Enterprise 6.0 -- a self-managing intrusion prevention system powered by behavioral analysis and correlation engines. Heard the stories of coffeehouse patrons duped into signing on to an imposter’s hot spot? Not with Enterprise 6.0, Hrastar asserts. Yet he readily agrees with those who feel we have a long way to go before we can take wireless security for granted. “There’s still the need for monitoring, or you risk someone pushing a hole right through your firewall,” he says. April 11, 5:00 a.m. PDT The consultant's view Steve Manzuik is an independent IT security consultant. March 28, 6:00 a.m. PST The CTO's perspective Kevin Bernstein is CTO of platinum capital group. March 28, 6:00 a.m. PST How to hire an IT security consultant Outsourcing IT security is all the rage these days. It’s cheaper and more efficient, the prevailing theory goes, to farm out functions not directly related to your organization’s core competencies. If you make nickel-plated widgets, for example, your staff must be expert in manufacturing, nickel-plating, and selling widgets, not in keeping 14-year-olds out of your network. March 28, 6:00 a.m. PST NEC developing network security analysis system NEC is developing a network security system that will automatically monitor and analyze the configuration of security tools deployed in a network and suggest changes to fix vulnerabilities and any redundancies that exist between them, the company announced Tuesday. March 23, 5:25 a.m. PST Managing security in a compliance-crazy world The laws seem to be shooting out of Congress like arrows aimed at the hearts and budgets of IT administrators across corporate America. Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, Basel II, and a host of other regulations are pushing IT security management into extremely difficult and potentially expensive territory. March 18, 3:00 p.m. PST Secure architectures Thanks to complex perimeters, sophisticated application-level threats, and regulations that hold CEOs and CIOs accountable for company data, security must now be regarded as more than a bunch of technologies tacked onto the network. “Companies are realizing they must approach security at the enterprise level,” says Rich Caralli, senior member of the technical staff at the CERT Coordination Center’s survivable enterprise management group. “Rather than chasing the latest threat, they’re working on identifying and securing directly the core business processes and information assets essential to the company mission.” March 11, 3:00 p.m. PST Symantec to offer 'holistic' grouping of products after Veritas merger Symantec CEO John Thompson says his company's $13.5 billion acquisition of Veritas Software is moving ahead, with the merged company set to offer enterprises a "holistic" grouping of integrated products to more easily deal with issues of security, data backup, and compliance. March 9, 6:00 a.m. PST Hungarian man charged with hacking Sony Ericsson site Swedish authorities formally charged a 26-year-old Hungarian man with industrial espionage on Tuesday, charging him with hacking into the Sony Ericsson AB and Ericsson AB intranets. March 8, 11:34 a.m. PST Microsoft researchers target worms, buffer overruns REDMOND, WASH. - Researchers at Microsoft showed off some forward-looking technologies on Wednesday, including new ways to protect systems against Internet worms, prevent hacker attacks and measure available bandwidth on home networks. March 3, 4:50 p.m. PST Security moving closer to OS, networks Last week's RSA Conference 2005 demonstrated that security components are moving rapidly to the OS and the network as enterprises reinforce their IT systems against a growing security threat. February 21, 6:00 a.m. PST SecureCore shields server memory Holes left by perimeter security and conventional anti-virus solutions are being filled by host-based IPS solutions, many of which mirror their network-based kin by inserting themselves between the wild outside network and the vulnerable destination. January 21, 3:00 p.m. PST Reeling in the phishers Phishers beware. IT is watching you watching them. The FBI is out to get you jailed, too. January 21, 3:00 p.m. PST DOD cyber sleuths swap secrets in Florida The U.S. Department of Defense (DOD) is making changes to streamline its response to online threats across the various branches of the military, and deal with a steady stream of new online woes, from hacking attempts to child pornography and threats posed by powerful portable storage devices such as iPods, according to senior DOD officials. January 12, 2:10 p.m. PST > Security |
|
|
||||||||||||||||||
