Best Practice Log Management: Correlation is Key [ Source: CorreLog ]
October 2011- Today, collecting email data is a necessity for compliance standards, forensic analysis and managing end-user performance and availability. But making sense of the data is a challenge within itself. Collecting the data is only part of the equation and research and many shops are turning towards correlation which helps bring meaning to the massive amount of data collected. This white paper explains how to establish a systematic approach to identifying relationships (correlating!) between log data ...

Unraveling Web Malware [ Source: FireEye ]
September 2009- There has been a rapid rise in the use of web blended threats to exploit client browsers and operating systems. These can lead to infection by bots which can be controlled remotely. Eleven percent of the world’s computers are enmeshed in at least one botnet and 72% of corporate networks with more than 100 computers have an infection.

Obfuscated code and encrypted exploits are increasing in prevalence. The point of these exploits is to ...

IronPort 2008 Internet Malware Trends Report [ Source: IronPort Systems ]
November 2008- In 2007, Storm burst onto the scene and rapidly spread. A new form of malware that propagated using a combination of email and websites, it proved extraordinarily sophisticated. Storm and newer malware botnets that build on Storm’s strengths continue to affect and threaten Internet communication. To help explain the spread of Storm and current and future threats posed by similar malware, this report offers an examination of Storm and its history.

Secure Desktop Solution: A Modern-Day Marriage of Business Benefit and Risk Reduction [ Source: Novell ]
May 2008- Traditional security is no longer good enough because complexity is increasing significantly. Traditional IT security was formerly provided by firewalls, antivirus solutions, and other security products. Such measures worked fine when security was defined around known threats and well-defined perimeter defenses. Now, a comprehensive security strategy must deal with the increased vulnerability of mobile assets and a threat environment that is smarter and more aggressive, organized, focused, and profit oriented. Download this white paper to ...

The Web Hacking Incidents Database 2008: Annual Report [ Source: Breach Security ]
March 2009- The much anticipated Breach Security Lab’s Web Hacking Incidents Database (WHID) 2008 Annual Report is ready for download. The WHID project is dedicated to maintaining a record of web application-related security incidents. The WHID’s purpose is to serve as a tool for raising awareness of web application security problems and provide information for statistical analysis of web application security incidents. This year the report findings prove that no company or market sector is immune ...

Zero-Day Exploits and APTs: Security Requirements vs. Operational Challenges [ Source: Trusteer ]
May 2013- Enterprises are losing the battle against advanced, information-stealing malware attacks. We continuously discover new application vulnerabilities which are quickly exploited by cybercriminals. Traditional blacklisting solutions don't work, and more advanced whitelisting-solutions are unmanageable. How do you overcome the manageability and operational challenges of advanced malware protection?

In this webinar, guest speaker Rick Holland, senior analyst serving Security & Risk Professionals at Forrester Research, Inc., will discuss the security and operational challenges associated with advanced ...

The 451 Group Impact Report: Skybox Enters Vulnerability Management Space [ Source: Skybox Security ]
April 2013- New vulnerabilities are discovered at a rapid rate, so in order to discover and defend against them, companies conduct vulnerability scanning. However, the frequency and coverage of scans provide increasing challenges for some organizations. Active scanning can be disruptive if conducted excessively, and there are some parts of the network that companies don't feel comfortable scanning at all. In order to address this problem, Skybox Security has introduced what it refers to as its next-generation ...

The State of APT Preparedness [ Source: Lumension ]
March 2013- Many IT security professionals recognize that advanced persistent threats (APTs) pose a growing risk to their organizations. However, recent UBM Tech research discovered that only a few are taking the necessary steps to combat APTs and protect their organizations. In fact, many appear to have a misplaced sense of confidence in their ability to detect these attacks, even though few have developed strategies for dealing with them. This gap is particularly troubling since security experts ...

ESG Technology Brief: Real-Time Risk Management [ Source: McAfee ]
February 2013- Information security based on regulatory compliance stipulations cannot keep up with today's sophisticated and rapidly changing threat landscape. CISOs need to implement a new discipline that ESG calls, "Real-time Risk Management."

Gartner MarketScope for Vulnerability Assessment Report [ Source: McAfee ]
February 2013- Vulnerability assessment vendors compete on management features, configuration assessment, price, reporting and integratin with other security products. Buyers must consider how VA will fit into their overal vulnerability management process when evaluatiing VA products and services.