|
|
Free Newsletters
|
|
|
|
|
|
IT trainer offers master's degree for hackers In an effort to produce the next generation of chief security officers and IT systems defense experts, an online training company is offering a new master's degree program in security science. Security vendors bring zombie fighters to life Data leakage prevention might currently be the hottest IT security submarket, but vendors are also tuning up their product offerings to help customers ward off the presence of botnet-infected zombie computers.  October 4, 3:41 p.m. PDT Tech giants chart research goals Power consumption, parallelism, and the rapidly-expanding world of mobile communications are among the leading areas of research and development currently being investigated within some of the IT world's largest companies. September 26, 2:53 p.m. PDT AT&T: Network perimeter security should be virtual Enterprise companies will soon begin offloading many of their network security responsibilities to telecommunications and Internet service providers and save vast amounts of time and money doing so, if AT&T has its way. September 20, 4:05 a.m. PDT Nokia expands enterprise, security offerings Nokia, the world's largest handset maker, is well known for its consumer devices but maintains a range of enterprise products. Mary McDowell is executive vice president and general manager of Nokia's Enterprise Solutions, a division that deals with products from the E Series phones to security appliances to software such as the Intellisync Mobile Suite, designed to manage a fleet of enterprise devices. She spoke with IDG News Service about Nokia's direction in several enterprise areas. The following is an edited transcript. September 19, 7:03 a.m. PDT Fear of insider threats hits home The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk. September 18, 10:42 a.m. PDT Trust key to Internet security A few of my previous columns discussed my vision of creating a more secure Internet. It involved replacing the Internet's default anonymity with pervasive authentication, from the hardware initialization, through the OS and all applications, the user, and ending with a verifiable network stream. It is my strong belief that without a complete overhaul of default authentication, malicious hacking is going to continue indefinitely. September 14, 3:00 a.m. PDT Best of open source in security In areas such as CRM software and portals, open source gained a foothold because users were willing to compromise -- less could be more, because the price was right. In security, open source rushed in because commercial vendors fell down on the job. As security problems in the enterprise outstripped the capabilities of commercial solutions, a number of talented security researchers stepped into the breach via the open source model. September 10, 3:00 a.m. PDT Forrester security show stresses risk management Enterprise security decision makers have long been more likely to be swayed by flashy new technologies than by the notion of comprehensive IT restructuring to protect data and other corporate assets, but the situation is evolving rapidly, according to experts participating in Forrester Research's ongoing Security Forum. September 5, 11:33 a.m. PDT FBI: Enterprises need counterintelligence The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks. September 4, 3:45 p.m. PDT Intel's vPro chips in more security for businesses With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike. August 27, 8:00 a.m. PDT Intel adds desktop NAC to latest chips Intel's move to provide new integration with NAC (network access control) tools in its latest vPro desktop processors could provide interesting opportunities for use with the device authentication systems while further strengthening the technology standards it supports, according to industry watchers. August 27, 8:00 a.m. PDT Clearswift makes a clean sweep of Web threats Mitigating network-borne threats has been an imperative to companies of all sizes and statures. As if malware and viral infestation weren’t enough, today’s corporations must contend with even bigger bugs, including regulatory compliance, information leaks, and intellectual property theft. August 22, 3:00 a.m. PDT SMB technology: Replacing in-house software with applications in the cloud In the near future, there's only one way to go for SMBs when it comes to purchasing business software -- and that's out of house. Whether it's full-on SaaS (software as a service), where users access all facets of the application through a browser, or a hosted product (including hosted Exchange, where only the server component is off-site and users employ a standard desktop client such as Outlook), either model is simply too cost-effective for SMBs to ignore. August 20, 3:00 a.m. PDT Processors: Dividing chips into many virtual cores The current approach taken by x86 CPUs -- to stuff as many processor cores and as much cache memory as will fit on one chip -- will prove impossible to scale beyond a certain point. And adding more, big, hot processor cores may not be the best fit for server roles that call for managing large workloads over long periods of time. August 20, 3:00 a.m. PDT Pundits on parade: What’s next in tech You’ve heard of Christmas in July, that classic advertising gimmick designed to lure shoppers into stores despite the oppressive heat and humidity. We’ll, we’ve got New Year’s in August, which invites you to stay indoors and read “The next big things in IT” -- 15 predictions about the future of technology. August 20, 3:00 a.m. PDT Sourcefire acquires ClamAV open-source anti-malware project Network security specialist Sourcefire announced Friday that it has acquired ClamAV, an open-source gateway anti-malware project whose technologies are used in the products of a number of other vendors. August 17, 8:58 a.m. PDT Novell buys endpoint security firm Senforce Novell announced on Monday that it has acquired Senforce Technologies, a provider of endpoint and network security tools, for an undisclosed sum. August 13, 9:40 a.m. PDT Update: Dateline NBC 'mole' outed, booted at Defcon Dateline NBC Producer Michelle Madigan was publicly outed at the Defcon security conference in Las Vegas Friday after show organizers were tipped off that she was trying to film show attendees with a hidden camera. August 3, 6:00 p.m. PDT Apps security to dominate Black Hat Black Hat kicks off this week in Las Vegas with a big shift in focus from Internet viruses to application security. July 31, 3:00 a.m. PDT McAfee sets Rootkit Detective free On July 26, McAfee will begin offering a new application called Rootkit Detective, designed to detect and remove dangerous rootkit attacks. The software will also help end-users ward off the threats, as well as funnel new intelligence into the company's ongoing research operations. July 25, 1:12 p.m. PDT Organized crime infiltrates financial IT In Martin Scorsese's hit movie "The Departed," actor Matt Damon plays the part of a mole -- someone who helps his connected mob friends stay a step ahead of the cops by becoming one of the very law enforcement officials assigned to stop them. July 23, 11:14 a.m. PDT Piecing together IBM's security puzzle IBM owns some of the world's leading IT security talent, products, and services, but executives with the massive company say it will likely never aim to become what people might label as a true "security vendor." July 23, 3:00 a.m. PDT Microsoft launches OneCare 2.0 beta Microsoft released a beta version of its next-generation Windows Live OneCare 2.0 desktop security and management package on July 11, touting a number of improvements made to the product, including the ability to monitor multiple PCs on a local network. July 11, 3:01 p.m. PDT Cisco pushes IronPort smarts to firewalls Cisco Systems will begin offering IronPort's security filtering tools to its firewall customers after the networking giant's acquisition of the company closes on June 25. June 22, 10:05 a.m. PDT Experts: Botnets add fault tolerance Security experts contend that a growing number of operators of compromised computer networks (or "botnets") are finding new ways to grow their networks and make them immune to potential shutdowns, including sophisticated fault-tolerance planning to help ensure that their networks can't be easily wiped out. June 7, 12:00 a.m. PDT Spammers' use of AI only just begun Though security industry experts were openly referring to the death of spam several years ago, the arrival of image-based attacks has resulted in a stunning renaissance in the volumes of unwanted e-mail reaching end-users' inboxes. May 31, 5:03 p.m. PDT Oakley SureView puts insider threats in context Many content monitoring and filtering and information leak prevention solutions attempt to stop insider threats by reversing the old firewall strategy: They completely block a particular outbound communications channel, such as instant messaging. May 24, 3:00 a.m. PDT Code Green gives red light to data leaks Reports of corporate data leaks, lost laptops, and misplaced backup tapes are so commonplace that many no longer warrant a mention in the press. So common are corporate data leaks of one form or another that only the multimegaton events -- TJX, the Veterans Administration, or DuPont -- get covered. May 24, 3:00 a.m. PDT Companies open wallets for secure data An annual VanDyke Software-sponsored survey of IT network and systems administrators finds that businesses have increased their spending on secure data communications technologies and also have undertaken significant work to improve their internal processes to benefit security. May 22, 11:42 a.m. PDT Microsoft, TCG get closer on NAC The Trusted Computing Group (TCG) is tying its authentication software standard to Microsoft's proprietary network access protection platform -- a move that leaders in the network access control (NAC) segment tout as a major step toward getting products made by different vendors to work together. May 21, 8:20 a.m. PDT IBM pitches risk management strategy IBM unveiled a new IT governance and risk management strategy on May 15 that it will market to enterprise customers as a means to weave together security and compliance projects to ease planning and help drive down related expenses. May 15, 12:42 p.m. PDT Social Security, spyware bills go to House vote The House Energy and Commerce Committee unanimously approved a pair of bills on May 10 that aim to bolster consumers' protection against misuse of their social security numbers and computer-borne spyware. May 11, 11:23 a.m. PDT Symantec pitches rootkit tech as Veritas validation Some industry watchers may still question why Symantec moved to acquire storage software maker Veritas for $10.2 billion in 2004, but the fruits of the companies' combined labors are already proving the deal as a winner, according to executives with the massive security firm. May 9, 4:26 p.m. PDT Infrastructure security powers up He may not have known it at the time, but Lonnie Charles Denison helped prove the need for tighter security at many infrastructure businesses when he launched a multifaceted attack against California Independent System Operator, a quasi-governmental agency responsible for management of the state's power grid. May 9, 4:17 a.m. PDT Document shell code attacks loom large Targeted attacks that utilize vulnerabilities in popular document file formats and execute via hard-to-find shell code are becoming an increasingly popular menace, according to researchers at IBM's Internet Security Systems division. May 2, 12:37 p.m. PDT Making sense of Websense's SurfControl buyout Websense's $400 million buyout offer for rival network filtering specialist SurfControl should help position the two companies for short-term growth and possible acquisition in the future, according to market watchers. May 1, 11:27 a.m. PDT Nokia expands security appliance line Nokia introduced two new network security appliances on April 30, adding high- and low-end models that aim to help companies filter out malware traffic before it penetrates their IT systems. April 30, 2:17 p.m. PDT Large enterprises still serving up spam Well-known enterprise companies are still having their IT systems hijacked by spammers despite investing in many different types of technologies aimed at stopping the problem. April 17, 3:04 p.m. PDT P2P worms get their turn Massive networks of infected computers controlled by attackers worldwide will serve as a powerful engine for the new breed of so-called P2P worm that is currently echoing across cyberspace. April 16, 11:17 a.m. PDT Bottom line impact of data breaches unclear Despite the fact that unwanted exposure of consumer data has become a hot-button issue in the media and among legislators nationwide, experts admit that it remains unclear just how much damage the events will cause to the finances and reputations of companies that experience major incidents. April 13, 3:01 p.m. PDT More security OEM deals to come With enterprises demanding more tightly integrated security products than ever before and pressure increasing on vendors in the space to offer as many tools as possible to win deals, experts say that an increasing number of technology providers will turn to licensing agreements to help increase their marketability. April 12, 3:57 p.m. PDT Microsoft issues emergency Windows patch With attackers finding more ways to exploit a critical flaw in its Windows operating system, Microsoft has published an emergency software patch. April 3, 1:13 p.m. PDT ShmooCon hacker event gets under way The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues. March 23, 2:12 p.m. PST More IT war stories Off the Record, the real-world slice of life that graces the last page of InfoWorld, is one of our most popular columns. I know this from reader surveys and from all the e-mail I receive about it. As reader Roland Sickenberger put it recently, “It’s my favorite part of the magazine, kind of like a ‘Dilbert come to life’ thing.” March 5, 3:00 a.m. PST Women in technology: A call to action A quick scan of almost any IT department -- from the trenches to the corner office -- confirms it: Women who embrace technology as a lifelong career remain a rare breed. To be sure, opportunity for women in technology has advanced in the past few decades, as have education initiatives aimed at leveling the playing field, but for every woman rising to prominence or embarking on a profession in IT, there seems to be another opting out of her career in technology. January 29, 3:03 a.m. PST Back to school: Getting girls into IT Despite the success of various education initiatives in the past several years, there’s little doubt that the shortage of women in technology begins on the playground. As such, many industry leaders and experts believe the long-term solution to the gender imbalance in IT lies in women technologists going back to school -- way back, to high schools and even elementary schools to mentor young girls, who too often give up on math and science at an early age. January 29, 3:02 a.m. PST Activism provides competitive advantage for IT Encountering another woman working in technology was a rare event for me when I started out in IT many years ago. In the years since, women have made significant strides, sometimes against great odds, proving their mettle as both tech execs and engineers. January 29, 3:01 a.m. PST Gender crisis in IT You don’t need a degree in statistics to recognize that IT is a men’s club. Just walk the floor of any tech conference or, in all likelihood, your own office — XY chromosomes everywhere you look. January 29, 3:00 a.m. PST Cisco offers $830 million for IronPort Cisco Systems agreed to buy IronPort Security, a developer of e-mail and Web security products, for $830 million, according to media reports citing Cisco executives. January 4, 4:07 a.m. PST Technology of the Gods January is named after Janus, the two-faced Roman deity of beginnings and endings, who reportedly was able to look both forward and back. So for our Jan. 1 issue, we pay homage to the mythological immortal with our seventh annual Technology of the Year Awards, an analysis of where IT has been and where it’s going in 2007. January 1, 3:00 a.m. PST 2006 Year in Reviews: Security Given a sharp nudge from federal and state mandates, the security focus has shifted from intruders and malware to data protection and the insider threat — and the likes of Vontu, Reconnex, Oakley Networks, and PortAuthority are meeting the challenge. December 18, 3:00 a.m. PST Review of reviews It’s coming up on closing time for 2006. All around us, everyone is going into holiday mode. Not to be curmudgeonly contrarians, InfoWorld will be following suit, taking a one-week break before returning on Jan. 1 with our first print issue of the year. (It’s really only a semi-hiatus; InfoWorld.com will continue to perk over the holidays with a slightly reduced slate of stories.) December 18, 3:00 a.m. PST Nokia releases Sourcefire-based security appliance Nokia has introduced a security appliance aimed at helping enterprises keep their networks secure, particularly in the face of threats that arise as more employees access corporate data remotely from devices like smartphones and laptops. November 15, 7:44 a.m. PST Redefining innovation Innovative ideas are a dime a dozen, according to Jim Andrew, senior partner at big-time consultancy BCG. In fact, at most companies, coming up with great concepts for a product, service, or process isn’t even an issue. But turning those ideas into money … ah, there’s the rub. October 30, 3:00 a.m. PST Mail encryption made easy Basic e-mail encryption between two users isn’t terribly difficult to implement. Free add-ons to the more popular e-mail clients provide for easy encryption and decryption of messages. It’s exponentially more difficult, however, to deploy encryption to hundreds or thousands of clients, which typically involves supplying the software to recipients at the other end of every encrypted connection, coordinating the exchanges of keys, and training users on client-side encryption software. September 7, 3:00 a.m. PDT Exclusive: Trend Micro packs a one-two security punch Protecting your network against viruses and malware requires a two-pronged approach: scan the incoming traffic for hidden viral surprises and keep users from accessing the sites that push problem files. Many of the Web sites that spawn trouble files can be classified as “nonbusiness related” sites. As such, keeping your users from ever “accidentally” visiting them in the first place makes a lot of sense. August 17, 3:00 a.m. PDT InfoWorld CTO 25: Andrew Nash During his 10-year stint at RSA security, Andrew Nash worked hard developing identity and access management technologies, wrote a book on PKI (Public Key Infrastructure), and co-authored several security standards. But one day, in the middle of an RSA presentation, he realized he was “bored to tears” and decided to focus on fresh security challenges better suited to an emerging Web services world. June 5, 3:00 a.m. PDT InfoWorld CTO 25: David Ting Single sign-on, a deceptively simple concept with a long history of failed attempts, may have finally met its match in David Ting. June 5, 3:00 a.m. PDT Determina pre-hacks applications against intruders Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It’s a never-ending battle that favors the hackers. May 15, 3:00 a.m. PDT Tech startups to watch Startups are back! or at least, startup fever is back. Scan the latest numbers from PricewaterhouseCoopers and you won’t find any hockey sticks -- the level of investment in enterprise-related technology startups has actually remained fairly flat, hovering between $1.5 and $2.3 billion per quarter from 2003 through 2005. May 15, 3:00 a.m. PDT ConSentry locks down the network Traditionally, enterprise networks have been built on trust: Anyone connected is assumed to be authorized because they have to be on the premises. But the growing prevalence of wireless networks, remote access, and nonstaff workers have turned networks into easy targets. “The LAN is now the new DMZ,” says Tom Barsi, CEO of ConSentry. May 15, 3:00 a.m. PDT Product Previews Symantec unifies anti-spam and mail security Tightening the integration between brightmail anti-spam and the company’s content security technologies, Symantec Mail Security for SMTP 5.0 — announced last week and due in May — will proactively protect against both inbound and outbound e-mail threats. The product introduces more extensive content filtering capabilities and zero-day virus prevention, and mitigates threats such as phishing and spyware using Sender Policy Framework and Sender ID. Symantec Mail Security for SMTP 5.0, Symantec April 24, 3:00 a.m. PDT Secure remote access to small and branch offices SonicWall made its name in the small office market, and although the company is expanding rapidly into the enterprise, products such as the SSL-VPN 200 show that it hasn’t lost the value touch. SonicWall has positioned this VPN appliance to combine the ease-of-use advantage associated with SSL VPNs with a smaller form factor and an attractive price tag: less than $600 for roughly 10 concurrent SSL VPN tunnels. A bigger sibling, the SSL-VPN 2000, is available for larger networks at about $2,300. April 10, 3:00 a.m. PDT RSA polishes its smart token system Branch offices aren’t always just nests for employees further down the food chain. Sometimes they comprise critical pieces of business infrastructure that are just geographically removed from HQ. Unfortunately, managing high-end authentication becomes troublesome when target nodes are distant from knowledgeable IT staff. April 6, 3:00 a.m. PDT Collapse of Check Point/Sourcefire deal raises questions Faced with resistance from the U.S. government’s Committee on Foreign Investment in the United States (CFIUS), Israeli software company Check Point Software Technologies put its $225 million offer to purchase IPS (intrusion prevention software) vendor Sourcefire on hold March 23, raising the specter of heightened government oversight of mergers and acquisitions. April 3, 3:00 a.m. PDT Product Previews Fujitsu unveils eight-socket server blade Fujitsu last week announced an eight-socket server blade based on dual-core AMD Opteron processors. Taking up a good chunk of a Primergy BX600 chassis -- which otherwise supports as many as 10 two-socket blades or five four-socket blades -- the Primergy BX630 can be installed alongside one or two other blades running AMD Opteron or Intel Xeon processors. The eight-socket BX630 blades will be available in the second quarter of this year, priced at less than $36,000. Windows Server 2003, Red Hat Enterprise Linux, Suse Linux Enterprise Server, and VMware ESX Server operating systems are supported. Primergy BX630, Fujitsu Computer Systems March 20, 3:00 a.m. PST Plug-and-play appliances reshape IT landscape Looking for a can’t-miss enterprise trend? I have just one word for you: appliances. During the past year, our Test Center has been inundated with the things. And not just the old standbys like firewalls, switches, and routers. I’m talking appliances that can handle virtually every IT operation: intrusion prevention, intrusion detection, CRM, anti-spam, e-mail security, Web services integration. We’ve even seen a smattering of appliances for Microsoft Exchange that come bundled with managed services (look for our Test Center review in April). March 6, 3:00 a.m. PST UTM appliances whip blended security threats Taking one part stateful inspection firewall, one part intrusion prevention, and equal parts anti-virus, anti-spam, anti-spyware, and content filtering, UTM (Unified Threat Management) appliances blend traditionally separate security services into a single device, providing not only comprehensive protection against Internet-based threats but also streamlined access to policies and reporting. March 6, 3:00 a.m. PST RSA - FBI director: Cyber threats 'fluid and far-reaching' Hacker hunters need to develop new techniques to take on the latest generation of sophisticated and better-organized cyber criminals. That's what U.S. Federal Bureau of Investigation Director Robert Mueller told attendees of the RSA Conference 2006 in San Jose, California, Wednesday. February 15, 3:45 p.m. PST For banks, security compliance goes only MSSP-deep In the financial industry, third parties often guard the vault. For example, MSSPs (managed security services providers), such as the company I work for, deliver vital resources and expertise to many small to midsize banks. These services include firewalls and intrusion management, secure electronic document delivery, and oversight by trained security professionals. Many banks also rely on MSSPs to comply with regulatory mandates. February 14, 3:00 a.m. PST RSA Conference gets the NAC The vision of a more visibly secure and regulatory-compliant enterprise will be on prominent display this week at the RSA Conference 2006 in San Jose, Calif. In addition to providing a soapbox for high-caliber keynoters including Microsoft’s Bill Gates, Cisco’s John Chambers, and Symantec’s John Thompson, this year’s show will serve as the venue for product announcements ranging from policy enforcement to event management. February 13, 3:00 a.m. PST Imperva keeps database activity in check Database vendors may be working feverishly to make their systems impenetrable to outsiders, but that’s only part of the battle. The hardest part of database security is controlling an authorized user’s activity once he’s gained access to the database. This type of access control is quickly becoming a bigger issue for compliance officers, especially with regard to HIPAA. And while the database vendors are merely auditing this activity, they are doing nothing to control it. This is where products like Imperva SecureSphere Database Security Gateway come into the picture. February 13, 3:00 a.m. PST Aventail and F5 extend their security reach to network access control During the past few years, SSL VPNs have matured from devices offering very basic application support to enterprise-ready security jacks-of-all-trades, capable of handling thousands of users and a wide range of connectivity options. Security features are evolving, with extensive host checking taking place prior to user log-on and adaptive, dynamic security policies being applied accordingly. February 3, 3:00 a.m. PST Startup Mu Security looks to lock down code A Sunnyvale, California, startup backed by US$4 million in venture funding and a team of former Juniper Networks Inc. executives says that it has developed a way to make networking products and applications more secure. Mu Security Inc. says it will soon begin selling a new vulnerability assessment product that lets technology vendors and enterprise developers test their products with known hacker techniques, allowing them to fix bugs before products are put into use. January 27, 11:03 a.m. PST State CIOs need more IT security support from DHS The U.S. Department of Homeland Security (DHS) must improve its support for U.S. state and local governments so they can better protect their IT infrastructures from attackers, two organizations of top IT officials said Wednesday. January 25, 2:57 p.m. PST Threat landscape and lapses justify security paranoia Security remained foremost on the minds of IT leadership in 2005, and with good reason. The year saw a Microsoft research project discover the first so-called zero-day exploit; "identity theft," "phishing," and "spyware" became part of the popular lexicon; and the need grew for companies to treat any computer joining the network as hostile until proved secure. It's no wonder IT people at all levels sound paranoid. January 2, 3:00 a.m. PST Top technologies of the year Welcome to our first issue of the year. For those of you who took a break, re-entry into the heady universe of work may be a bit discombobulating. Fortunately, last Saturday, the world’s ever-considerate timekeepers saw fit to give us an extra sliver of time -- a leap second-- to prep for the new year. And now, with the pop of the cork (or was that the buzz of a pager?), we’re ready to herald 2006, a potential banner year for the enterprise. January 2, 3:00 a.m. PST Tech reviews for the holidays Even IT takes a holiday now and then. Same goes for the InfoWorld staff, which chills out by taking a one-week break following the publication of this, our 51st and final issue of the year. December 19, 3:00 a.m. PST Sonicwall buys two companies to expand SMB line Security appliance maker SonicWall Inc. has acquired data backup technology maker Lasso Logic Inc. and the assets of remote access developer EnKoo Inc., the company said Monday. Financial terms of the deals were not disclosed. November 21, 10:24 a.m. PST McAfee's end-point security beta on the way McAfee Inc. expects to release the first beta version of its McAfee Policy Enforcer software next week. The product will give the company a foothold in an emerging market for products that ensure that "end-point" devices such as desktop and notebook PCs are secured. November 7, 5:21 a.m. PST Microsoft bolsters video content security in Vista Microsoft plans to include new ways to protect video content in the next version of its Windows desktop operating system (OS) in an effort to position the OS as a platform for home digital entertainment systems. August 31, 2:32 p.m. PDT Security vendor, protect thyself A subtle trend has been emerging over the last few years and it doesn’t appear to be abating: The number of insecure computer security products is growing. The very products designed to protect us are often the ones introducing the vulnerabilities. August 26, 4:00 a.m. PDT Exclusive: CoreGuard 3.1 clamps down on server, app security Keeping data safe is starting to sound like a cliché, thanks to vendors who use the catchphrase but don’t effectively address this very real concern. August 15, 5:00 a.m. PDT Cisco gets routed, more Vista names outed Thanks to the dozens of readers who noted that my previous column was lacking in the Trek department. James “Scotty” Doohan was the second crew member to enter the final frontier; DeForest “Bones” Kelley died six years ago. Actually, I was thinking they’d use that slingshot-around-the-sun trick to go backward in time and pick up Bones, along with Shatner’s old hairpieces. No? Then how about this: I forgot. Must have had too much Saurian Brandy. August 5, 5:00 a.m. PDT 64-bit Windows anti-virus not yet mainstream Companies looking to become early adopters of Microsoft’s Windows x64 Edition OSes encountered a reason to postpone the decision: They may find their favorite anti-virus software no longer works on their new desktops. August 1, 5:00 a.m. PDT CA preps all-in-one bundles for SMB security and backup Computer Associates International plans in July to target small businesses with the release five software packages that bundle together security, backup and data migration applications. June 20, 11:41 a.m. PDT Clamp down on security leaks Your organization’s Sarbanes-Oxley audit is scheduled for this summer. Will you be able to show who has access to financial records and what they’re doing with that data? Just as important, can you prove you’re equipped to take immediate action when policy violations occur? June 20, 5:00 a.m. PDT Words of wisdom from the father of DNS When Paul Mockapetris invented DNS back in 1983, the Internet was the sleepy domain of university researchers and the military, hardly the sprawling engine of commerce and communication that it has become. June 6, 5:00 a.m. PDT A whole lot more than a firewall In a landscape already cluttered by secure, managed remote-access solutions, Caymas Systems’ Caymas 525 Identity-Driven Access Gateway further blurs the lines between application firewall, end-point access control, and remote-application portal. April 8, 3:00 p.m. PDT The consultant's view Steve Manzuik is an independent IT security consultant. March 28, 6:00 a.m. PST The CTO's perspective Kevin Bernstein is CTO of platinum capital group. March 28, 6:00 a.m. PST How to hire an IT security consultant Outsourcing IT security is all the rage these days. It’s cheaper and more efficient, the prevailing theory goes, to farm out functions not directly related to your organization’s core competencies. If you make nickel-plated widgets, for example, your staff must be expert in manufacturing, nickel-plating, and selling widgets, not in keeping 14-year-olds out of your network. March 28, 6:00 a.m. PST CipherTrust adds compliance features to IronMail Messaging security vendor CipherTrust on Monday announced Compliance Control, the latest version of its IronMail appliance with enhanced compliance capabilities targeted at customers concerned with recently adopted government regulations. March 14, 10:26 a.m. PST Secure architectures Thanks to complex perimeters, sophisticated application-level threats, and regulations that hold CEOs and CIOs accountable for company data, security must now be regarded as more than a bunch of technologies tacked onto the network. “Companies are realizing they must approach security at the enterprise level,” says Rich Caralli, senior member of the technical staff at the CERT Coordination Center’s survivable enterprise management group. “Rather than chasing the latest threat, they’re working on identifying and securing directly the core business processes and information assets essential to the company mission.” March 11, 3:00 p.m. PST IronPort C60 secures e-mail from all sides E-mail administrators have their hands full these days. They have to protect against spam, phishing, viruses, and address-verification robots while ensuring that content policies are enforced and messages properly encrypted. The IronPort C60 addresses all these issues from a single appliance, combining the power of Symantec Brightmail’s anti-spam engine, Sophos anti-virus technology, and IronPort’s Reputation Filters and reporting tools. March 4, 3:00 p.m. PST Security wares abound at RSA Conference To judge from the number of announcements made at this week's RSA Conference, IT managers may need a defense against security software and hardware salespeople. February 15, 3:50 p.m. PST Toward an end-point security standard VPNs, whether IPSec- or SSL-based, allow remote PCs access to the network. Sometimes these computers are under corporate management, but many times they are not. They are home-office PCs, business partner systems, or public Internet terminals. Any might lack up-to-date anti-virus signatures; indeed, they already may be full of malware. February 4, 3:00 p.m. PST SSL VPNs come of age Traditionally, providing road warriors and business partners with access to back-end servers and resources has meant deploying an IPSec VPN. For site-to-site communication, IPSec remains the only game in town, but for client-to-enterprise links, it is falling out of favor precipitously. The administrative overhead associated with deploying IPSec client software has become overwhelming given the ever increasing number of clients to support. There is also the potential that IPSec tunneling will allow an untrusted device to punch a hole through the firewall -- and directly into the heart of the network. February 4, 3:00 p.m. PST Watchdog systems pack a bite Wireless sensor-based products that monitor homes and alert owners about water leaks or unauthorized intruders, as well as issuing reminders about household chores that need to be done, were displayed last week at the International Consumer Electronics Show (CES) in Las Vegas. January 11, 5:08 p.m. PST > Security |
|
|
||||||||||||||||||
