Five Steps to Achieve Success in your Application Security Program [ Source: IBM ]

May 2013- This white paper provides a general framework your organization can use to create or build upon an application security program. It includes guidelines that can be useful at different stages of your security program's maturity. By addressing key considerations, providing clear and actionable items, and offering real-world examples, these five steps provide an adaptable strategy to help your organization get started and maintain an effective, ongoing application-security strategy.

Protect Your Systems from Stealthy Attacks [ Source: McAfee ]

May 2013- The most menacing type of cyberattack is invisible. Using sophisticated techniques to hide its presence, a stealth attack may operate outside of the OS or move dynamically across endpoints to conceal the attackers' actions. The risk to enterprises is real, with high-profile attacks such as Operation High Roller impacting companies around the globe. Traditional antivirus or intrusion prevention systems are no match for this new breed of attack; instead, enterprises need layered security controls that ...

Just Released! Hope is Not a Strategy [ Source: Neustar ]

April 2013- When DDoS attacks hit, companies go into crisis mode. It's all hands on deck until the danger passes. In February 2013, Neustar surveyed IT professionals across North America to see how companies are managing the crisis and measuring its bottom-line impact. The report compares 2012 results with survey findings from 2011, detailed in last year's Neustar report "When Businesses Go Dark."

Practioners Guide to SOC [ Source: Alienvault ]

April 2013- This guide is intended to provide a technical audience the core information necessary to evaluate the security controls essential to establishing a Security Operation Center (SOC).

The 451 Group Impact Report: Skybox Enters Vulnerability Management Space [ Source: Skybox Security ]

April 2013- New vulnerabilities are discovered at a rapid rate, so in order to discover and defend against them, companies conduct vulnerability scanning. However, the frequency and coverage of scans provide increasing challenges for some organizations. Active scanning can be disruptive if conducted excessively, and there are some parts of the network that companies don't feel comfortable scanning at all. In order to address this problem, Skybox Security has introduced what it refers to as its next-generation ...

The Business Value of Hybrid Cloud -Based Compromise Intelligence Monitoring and Threat Mitigation [ Source: Neustar ]

April 2013- There are now millions of malware variations to defend against and hundreds of perpetrators of DDoS attacks. Given the complex nature of today's threats, enterprises can achieve a strategic advantage by employing a new layer of security that is services based. Cloud-based services are an important aspect of this approach to security and provide always-on monitoring without the added expense of buying and maintaining on-premise equipment. Early detection can help manage breach notification and remediation ...

Realistic Security, Realistically Deployed: Today's Application Control and Whitelisting [ Source: Bit9 ]

April 2013- Historically, IT defense has focused largely on the threat. So-called "blacklist" technologies maintain an inventory of specific attack types, and provide defense against each. Today, the volume, variety and sophistication of attacks highlights the limitations of such approaches, as signature databases approach their upper limits and leave exploitable gaps in defense.

These changes in the threat landscape have led many organizations to consider the alternative to a blacklist approach. In contrast to blacklisting ...

Advanced Protection Against Advanced Threats [ Source: Bit9 ]

April 2013- Security-conscious organizations are increasingly asking themselves the following questions:

Do we know what's running on our machines - right now?
Do we trust it?
How can we stop untrusted software from executing?

If you see yourself in this scenario or have engaged in these types of discussions, download this whitepaper and learn how to use a progressive approach to build trust, monitor activity, tailor protection to your enterprise and ...

The State of APT Preparedness [ Source: Lumension ]

March 2013- Many IT security professionals recognize that advanced persistent threats (APTs) pose a growing risk to their organizations. However, recent UBM Tech research discovered that only a few are taking the necessary steps to combat APTs and protect their organizations. In fact, many appear to have a misplaced sense of confidence in their ability to detect these attacks, even though few have developed strategies for dealing with them. This gap is particularly troubling since security experts ...

Securing Big Data: Recommendations for Hadoop and NoSQL Environments [ Source: Vormetric ]

March 2013- Big Data repositories enable enterprises to use large volumes of varied data to make more rapid decisions, but repositories frequently include sensitive data that must be secured. Most Hadoop and NoSQL environments that manipulate Big Data have little to no integrated security.

This technical paper provides an overview of NoSQL Big Data security issues and includes security recommendations that enterprises should consider when securing Big Data environments.