Application Security
(55)
Risk Management: Bridging Policies and Procedures - Fundamental Security Concepts
[ Source: Global Knowledge ]
October 2008-One thing that security professionals know is that security is about processes, not about the technology. The key to security is to match the technology to the process, but you have to know the process first. Policies and procedures are the requirements, and risk management is the bridge between the two. Collectively, they are the road maps that lead to effective and efficient security designs. This white paper covers the basics of risk management in ....
Protecting Against the New Wave of Malware
[ Source: Sunbelt Software ]
September 2008-Managing threats to the endpoint infrastructure is becoming increasingly difficult for most organizations regardless of their size. Viruses, worms, spyware and other forms of malware are becoming more virulent, their authors are becoming more adept at getting around existing defenses, and the profits generated by malware are funding new and more dangerous threats.
At the same time, many anti-virus, anti-spyware and other anti-malware defenses are not keeping up with the growing threats ....
Trends in Information Security: A CompTIA Analysis of IT Security and the Workforce
[ Source: CompTIA ]
September 2008-As global trends of workforce mobility and decentralization put a greater strain on IT security infrastructure, it is becoming increasingly more complex for corporate IT departments to safeguard information. More than ever before, firms are using diverse devices to exchange information faster and over longer distances, and the growing use of technologies supporting this trend - such as handheld devices or voice over IP – gives rise to new risks. As a result, corporate IT ....
Fast-Start Failover Best Practices: Oracle Data Guard 10g Release 2
[ Source: Oracle ]
January 2008-Fast-Start Failover is an Oracle Data Guard 10g Release 2 feature that mechanically and reliably fails over to an elected, synchronized standby database in the event of loss of the manufacture database, without requiring manual intervention to execute the failover. In addition, following a fast-start failover, the original production database is automatically reconfigured as a new standby database upon reconnection to the configuration. This white paper explains Fast-Start Failover and describes Maximum Availability Architecture (MAA) ....
Vulnerability Management for Dummies
[ Source: Qualys ]
May 2008-As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk.
"Vulnerability Management for Dummies" arms you with the facts and shows you how to implement a successful Vulnerability Management program. Whether your network consists of just a handful of computers or thousands of servers distributed around the world, this book ....
ThinkVantage Security Strategy and Client Security Solution 6.0
[ Source: IBM ]
January 2008-This paper published by IBM describes ThinkVantage security strategy and the roll that Client Security Solution 6.0 plays in that strategy. The ThinkVantage security strategy is to provide a complementary set of security features as value add to ThinkPad notebooks and ThinkCentre desktops. The purpose of this set of security features is to enable customers to implement a layered defense security model on PCs.
The Effectiveness of Security Policies
[ Source: IronPort Systems ]
November 2008-This set of findings from a security study on data leakage revealed that many companies do not have security policies and that security policies that are in place are often ineffective. This analysis provides additional justification for the initial survey findings, which reported that employees around the world are putting corporate and personal data at risk.
The survey included more than 2000 employees and information technology professionals in 10 countries that Cisco selected because ....
Data Backup and Compliance: Three Reasons to Get It Right
[ Source: Remote Backup Systems ]
January 2008-Fortune 500 companies have been vilified for reckless data stewardship and fabrication of financial reports. Corporate America, already under varying degrees of competitive and performance pressure, is now faced with compliance legislation and disclosure requirements that seek to right some of wrongs done to consumers, investors, and employees alike. Access and process controls, internal and third party audits, reporting requirements and penalties for non-compliance are just a few of the areas that will be addressed ....
NAC 2.0: A New Model For a More Secure Future
[ Source: Sophos ]
September 2008-As organizations turn to network access control (NAC) technologies to protect their networks and data, the flaws of earlier versions of NAC are becoming apparent. New pressures from a constantly changing threat environment and an increasingly mobile workforce require a new NAC model that will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop, and security operations. This paper looks at where NAC 1.0 went wrong ....
The Case for Security Information and Event Management (SIEM) in Proactive Network Defense
[ Source: TriGeo Network Security ]
January 2008-It’s widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What’s surprising to many is that this technology can play a significant role in actively defending networks. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide unprecedented network visibility, security and control.
New McAffee New CEO Dave DeWalt's Grand Plan
[ Source: TechWeb TV ]
June 2008-
McAfee's got worries from huge new competitors -- Cisco and Microsoft -- to stock options backdating. Here's how new CEO DeWalt plans to get past those, including a vision for the industry to go from best-of-breed to best-of-suite.
Managing Application Performance by Understanding Applications
[ Source: Shunra ]
April 2008-
IT organizations are considering application delivery from new perspectives due to the automation of key business processes, and the fact that acceptable application performance is continually becoming more difficult. The goals of this white paper are to:
• Identify some of the key issues that make ensuring acceptable application performance so difficult.
• Describe how IT organizations can use WAN emulation tools to improve application performance, plan for change and improve relationships ....
PowerBroker Demo
[ Source: Symark ]
August 2008-
Symark PowerBroker is a policy-driven, root account access control application that provides granular privileged access delegation, detailed logging and reporting, and centralized administration across heterogeneous UNIX and Linux environments. It provides UNIX and Linux security and accountability by enabling system administrators to delegate administrative privileges and authorization without disclosing the root password and to grant selective access to UNIX and Linux-based corporate resources. Administrators can create powerful and granular security policies in PowerBroker to restrict ....
How to Resolve the Challenges of Biometric Technology Integration, Deployment, and Support
[ Source: M2SYS Technology ]
March 2008-
Biometric authentication components are emerging as an essential part of comprehensive business software applications and will play a central role in existing and future applications, networks, and information storage facilities. These biometric components utilize physical traits or behavioral characteristics for reliable identity authentication. Application developers, integrators and software solution providers are challenged with growing demand for biometric security features and functions. With a wide variety of biometric ....
Brief overview of Sentrigo, a database security company.
[ Source: TechWeb TV ]
June 2008-
Nathan Shuchami, CEO of Sentrigo, discusses the company's database security product. After years of shoring up mostly their perimeters, companies are now focusing on securing their data, where criminals are now focusing. Sentrigo offers two tiers of products--one for small and midsize businesses, and the other for enterprises.
A Process-based Approach to Protecting Privileged Accounts
[ Source: Symark ]
August 2008-
This paper discusses best practices for privileged account access management and privileged password management (PPM), and shows how the Symark PowerKeeper appliance creates a “defense in depth” across the IT portfolio. PowerKeeper is a secure, hardened appliance that provides both a mechanism and a “process” to ensure best practices to secure and control access to any accounts deemed “privileged” or sensitive and thus sharply reduce the likelihood of fraud or theft of proprietary data. ....
Magic Quadrant for Application Delivery Controllers
[ Source: Citrix ]
July 2008-
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses of solutions, and provides Magic Quadrant reporting for a quick comparison across all vendors. Learn from Gartner how you can benefit from an all-in-one device that delivers the highest levels of availability, performance and security
Does Size Matter? The security challenge of the SMB
[ Source: McAfee ]
September 2008-
Just because a business is small, doesn’t mean it’s immune to security threats. Security challenges facing Small and Medium Businesses in North America are on the rise. For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. According to a recent survey conducted by McAfee, many small and medium sized businesses felt they ....
The Business Relevance of Security: Challenges & Solutions
[ Source: Cisco Systems ]
July 2008-
Security continues to be an area of growth as risks continue to be on the rise. Attacks are becoming more sophisticated, as botnets, spam and fraud continue to proliferate. Understand the vision and innovations in network security, content security, and application security. And, learn key solutions that address customers' business-relevant security problems such as compliance, data loss prevention, and threat management.
Protecting Against the New Wave of Malware
[ Source: Sunbelt Software ]
September 2008-
Managing threats to the endpoint infrastructure is becoming increasingly difficult for most organizations regardless of their size. Viruses, worms, spyware and other forms of malware are becoming more virulent, their authors are becoming more adept at getting around existing defenses, and the profits generated by malware are funding new and more dangerous threats.
At the same time, many anti-virus, anti-spyware and other anti-malware defenses are not keeping up with the growing threats ....
Data Leakage Worldwide: Top Risks and Mistakes Employees Make
[ Source: IronPort Systems ]
November 2008-
The findings from a global security study on data leakage revealed that the data loss resulting from employee behavior poses a much more extensive threat than many IT professionals believe. Commissioned by Cisco and conducted by U.S.-based market research firm InsightExpress, the study polled more than 2000 employees and information technology professionals in 10 countries. Cisco selected the countries based on their diverse social and business cultures, with the goal of better understanding whether these ....
Taking Role-Based Access Control to the Next Level with Symark PowerBroker
[ Source: Symark ]
October 2008-
One of the most challenging problems in managing large networks is the complexity of security administration. Role-based access control has become the predominant model for advanced access control because it reduces the complexity and cost of security administration for large networked applications.
This white paper examines how and why role-based access control evolved, then explains how Symark PowerBroker can be used to implement privileged role-based access control. The important advantages this approach provides are ....
Risk Management: Bridging Policies and Procedures - Fundamental Security Concepts
[ Source: Global Knowledge ]
October 2008-
One thing that security professionals know is that security is about processes, not about the technology. The key to security is to match the technology to the process, but you have to know the process first. Policies and procedures are the requirements, and risk management is the bridge between the two. Collectively, they are the road maps that lead to effective and efficient security designs. This white paper covers the basics of risk management in ....
Encryption Methods for Protecting Data
[ Source: Bosanova Q3 Storage Security Encryption ]
January 2008-
Encryption is a tool that may be used in a centralized data pool in a tape environment. It is not a panacea; improper implementation and use of data encryption may only provide an illusion of security. Inadequate understanding of encryption applications and data encryption could deter the utilization of other required protection techniques. However, with proper management controls, adequate implementations specifications and applicable usage guidelines, data encryption will not only aid in protection data communications ....
The Benefits of Integrating SIEM, Log Management, and Database Activity Monitoring
[ Source: NitroSecurity ]
September 2008-
When used together, SIEM, Log Management, and Database Monitoring provide signifiant value that is greater than the sum of its parts. The integration of these functions into a common analysis and reporting tool provides greater visibility and insight into all areas of information security, offering better detection and response capabilities.
Achieving Better Information Security with Content-Aware Database Monitoring
[ Source: NitroSecurity ]
September 2008-
Protecting your data is the end goal of most information security efforts. Using a content-aware database monitor, you can build rich logs of database activity, monitor these logs in real time, and provide value-added alerts and reports that can be used for security, compliance or systems management.
NAC 2.0: A New Model For a More Secure Future
[ Source: Sophos ]
September 2008-
As organizations turn to network access control (NAC) technologies to protect their networks and data, the flaws of earlier versions of NAC are becoming apparent. New pressures from a constantly changing threat environment and an increasingly mobile workforce require a new NAC model that will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop, and security operations. This paper looks at where NAC 1.0 went wrong ....
Applications, Virtualization and Devices: Taking Back Control
[ Source: Sophos ]
September 2008-
Employees installing legitimate but unauthorized applications, are a real and growing threat to business security and productivity. Removable storage media and wireless protocols make the challenge of securing data even more complex. This paper explains why control is important and highlights how integrating this functionality into malware protection is the simplest and most cost-effective solution.
Software Assurance Protection: Bridging the Gap in Application Security for Open Source
[ Source: Palamida ]
September 2008-
Software security in general, and application security specifically, is a significant element of compliance with the laws, regulations, and policies that govern most organizations and their proprietary data. Weak software security can represent, for example, a significant control deficiency in terms of compliance with the Sarbanes-Oxley Act, the Payment Card Industry Data Security Standard, among others. Different teams within an organization have responsibilities for ensuring the security of web and ....
Does Size Matter? The security challenge of the SMB
[ Source: McAfee ]
September 2008-
Just because a business is small, doesn’t mean it’s immune to security threats. Security challenges facing Small and Medium Businesses in North America are on the rise. For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation. According to a recent survey conducted by McAfee, many small and medium sized businesses felt they ....