Just Released! Hope is Not a Strategy [ Source: Neustar ]

April 2013- When DDoS attacks hit, companies go into crisis mode. It's all hands on deck until the danger passes. In February 2013, Neustar surveyed IT professionals across North America to see how companies are managing the crisis and measuring its bottom-line impact. The report compares 2012 results with survey findings from 2011, detailed in last year's Neustar report "When Businesses Go Dark."

The State of APT Preparedness [ Source: Lumension ]

March 2013- Many IT security professionals recognize that advanced persistent threats (APTs) pose a growing risk to their organizations. However, recent UBM Tech research discovered that only a few are taking the necessary steps to combat APTs and protect their organizations. In fact, many appear to have a misplaced sense of confidence in their ability to detect these attacks, even though few have developed strategies for dealing with them. This gap is particularly troubling since security experts ...

ESG Technology Brief: Real-Time Risk Management [ Source: McAfee ]

February 2013- Information security based on regulatory compliance stipulations cannot keep up with today's sophisticated and rapidly changing threat landscape. CISOs need to implement a new discipline that ESG calls, "Real-time Risk Management."

Gartner MarketScope for Vulnerability Assessment Report [ Source: McAfee ]

February 2013- Vulnerability assessment vendors compete on management features, configuration assessment, price, reporting and integratin with other security products. Buyers must consider how VA will fit into their overal vulnerability management process when evaluatiing VA products and services.

Protect Critical Assets with Virtual Patching White Paper [ Source: McAfee ]

February 2013- As long as there is software, there will be software vulnerabilities. And wherever there are vulnerabilities, you will find malware and cybercriminals. This paper will examine that risk and provide a step by step process to protect your companies critical assets.

Using ADC's to Effectively Mitigate DDoS Attacks [ Source: F5 ]

February 2013- Companies are in high alert to fight off Distributed Denial of Services (DDoS) attacks that can halt business and amount to a costly burden on companies and customers. DDoS attacks are increasing in volume, frequency, and sophistication, and they are targeting every level in the data center. Smart organizations are moving to defend not only their network, session, and application layers, but also their business logic and database tiers as well. In defense, today's enterprises ...

The State of DDoS Protection: Organizations Remain Unprepared for DDoS Attacks [ Source: Neustar ]

December 2012- Distributed denial-of-service (DDoS) attacks continue to grow in size, complexity and danger. Witness the recent wave of attacks on major U.S. banks, which knocked websites offline, angered customers and took a grave toll on brand reputations. The lessons of those attacks echo the findings of this report: Previously successful DDoS mitigation solutions no longer work.

UBM Tech conducted research with IT professionals who have suffered DDoS attacks. The drastic changes in attack ...

Dennis Technology Labs - Effectiveness in Virtual Environments [ Source: Symantec ]

October 2012- This report from Dennis Technology Labs compares the effectiveness of anti-malware products designed to run in virtual desktop environments. This test aims to compare the effectiveness of the most recent releases of anti-malware products designed to run in virtual desktop environments.

Achieving Compliance in Digital Investigations [ Source: Guidance Software ]

October 2012- 80% of organizations suffering payment card breaches had not achieved compliance with PCI DSS at the time of the breach. – Verizon 2011 Data Breach Investigation Report

As regulation and litigation increase, internal investigators must support an alphabet soup of compliance obligations: SOX, GLBA, FISMA, HIPAA, PCI DSS, regional privacy laws, and more. Although each regulation is different, these laws share common investigation requirements in three areas: policy, control infrastructure, and incident response.

This ...

Securing the Cloud [ Source: F5 ]

October 2012- Cloud computing has become another key resource for IT deployments, but there is still fear of securing applications and data in the cloud. These concerns include authentication, authorization, accounting (AAA) services; encryption; storage; security breaches; regulatory compliance; location of data and users; and other risks associated with isolating sensitive corporate data. Add to this array of concerns the potential loss of control over your data, and the cloud model starts to get a little scary. ...

SCADA Product Sheet [ Source: Norman ]

July 2012- SCADA (Supervisory Control and Data Acquisition) describes computerized industrial control systems that monitor and control industrial and infrastructure processes. With recent attacks, manufacturers, utilities and industries must now implement solutions to protect their SCADA systems. See the product sheet to learn how the Norman SCADA Protection system protects against cyber-attacks that target critical SCADA systems.

Four Keys to Effective Next-Generation Security [ Source: Sourcefire ]

July 2012- Today's targeted threats are often multi-vectored and exploit unknown vulnerabilities - their sophistication defying typical signature-only based inspection. Whether APTs or client-side threats, they use evasive techniques to penetrate our organizations, often purporting to be or riding on applications and exploiting trust relationships with which we've grown all too comfortable with.

To make matters worse, attackers have realized the inadequacies of traditional signature-based approaches and have accelerated the pace of change and obfuscated ...

Manage Identities and Access for Continuous Compliance and Reduced Risk [ Source: IBM ]

June 2012- Controlling access to data and applications is vital considering escalating security and privacy concerns. Organizations must prove they have strong and consistent access controls. They also want to ensure that decisions made about user entitlements are in line with their business goals and policies. IBM identity and access management (IAM) governance provides the resources to manage business-specific user access requirements with greater accountability and transparency.

Learn more about our policy-driven approach and end-to-end ...