Five Steps to Achieve Success in your Application Security Program [ Source: IBM ]

May 2013- This white paper provides a general framework your organization can use to create or build upon an application security program. It includes guidelines that can be useful at different stages of your security program's maturity. By addressing key considerations, providing clear and actionable items, and offering real-world examples, these five steps provide an adaptable strategy to help your organization get started and maintain an effective, ongoing application-security strategy.

Intelligent Role Management For Improved Security and Compliance [ Source: IBM ]

May 2013- In complex organizations with sprawling role structures, managing user access and entitlements can be overwhelming. As part of an effective strategy for identity and access management governance, role management is a powerful method with which to strengthen and streamline the management process. Although role management solutions may help, many are overly complex and are not suited for business users. To find out how the integrated Role and Policy Modeler component of IBM Security Identity Manager ...

The Evolving Landscape of Desktop Security [ Source: McAfee ]

May 2013- Over the last 20 years, as we have moved towards a knowledge-based economy, the security challenges of maintaining the fidelity of the IT infrastructure have grown dramatically. There has been a massive increase in the number of malware samples encountered by security researchers around the world, from thousands of malware samples in a year to thousands of malware samples per day. On an operational level, endpoint security (desktop/laptops) has grown more complex, and IT security ...

Solving Today's Toughest Mainframe Security Challenges [ Source: IBM ]

April 2013- Today, large enterprises are facing a host of security challenges: a growing regulatory burden, a shrinking pool of qualified mainframe workers, budget pressures and increasingly sophisticated attacks on their IT systems. However, organizations that rely on security automation tools like IBM Security zSecure to secure their mainframe systems find it easier to achieve regulatory compliance, to simplify and consolidate security management to reduce costs, to obtain real-time secure intelligence, and to detect threats and remediate ...

The Forrester Wave: Email Content Security [ Source: McAfee ]

April 2013- In Forrester's 47-criteria evaluation of email content security vendors, it identified the nine most significant vendors in the category and researched, analyzed, and scored them: Barracuda Networks, Cisco, McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave, and Websense.

This report details Forrester's findings about how well each vendor fulfills the criteria and where they stand in relation to each other to help security and risk professionals select the right partner for their email content ...

Email Encryption Made Simple [ Source: McAfee ]

April 2013- This paper discusses three common approaches to email encryption:
• Organization-to-organization encryption, also known as "gateway-to-gateway"
• Secure portal-based encryption, commonly referred to as organization-to-user "pull-based" encryption
• Secure attachment, referred to as organization-to-user "push-based" encryption

All of these options are easy to implement and available using on-premises solutions or through Software-as-a-Service (SaaS). This paper provides an overview of these methods and explains their distinct advantages to help you determine which approach best ...

System Z: Making Great Security Even Better [ Source: IBM ]

April 2013- If your enterprise uses System z already, it's a safe bet that you're already aware of its legendary security. Being the only commercially available server with an EAL 5 rating is just one reason why so many of the world's top banks, retailers and other businesses that conduct high volumes of critical business transactions use System z.

With features such as cryptographic co-processors and integrated Public Key Infrastructure (PKI) support, System z has arguably ...

McAfee Virtual Patching for Databases [ Source: McAfee ]

March 2013- Organizations store their most valuable and sensitive data in their enterprise database, yet a large number of organizations do not engage in the timely installation of vendor patches after those patches have been released by database management system (DBMS) providers, placing that sensitive data at risk. In fact, a 2010 survey by the Independent Oracle Users Group revealed that of the 430 database administrators, consultants, and developers who were surveyed, only 37 percent installed Oracle Critical Patch Updates ...

Why You Need to Consider Cloud-Based Security [ Source: Proofpoint ]

February 2013- Protecting endpoints from various threats is perhaps the single most critical function for any IT department. Given the still voluminous quantity of spam that hits corporate email servers, the growing threat from phishing and advanced persistent threats, and the increasing number of physical platforms and Web-based applications that have access to corporate data resources, protecting these critical resources and platforms should be at the top of virtually IT decision maker's "must-do" list.

Read ...

Rule-Driven Profiling:A Next-Generation Approach to Vulnerability Discovery [ Source: Skybox Security ]

April 2013- Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the focal point for most enterprise vulnerability management programs. Before any action can be taken to assess risks or prioritize vulnerabilities for remediation – you have to know the extent of your vulnerability challenge.

The use of vulnerability scanners as security assessment tools is nearly ubiquitous in large organizations. Regular network scans are recommended by security ...

A New Breed of Information Security Leader: The Hyper-Connected Era and What It Means for CIOs and CISOs [ Source: IBM ]

December 2012- 2011 was the year of the security breach. And while many security organizations remain in crisis response mode, some security leaders have moved to take a more proactive position, taking steps to reduce future risk. These leaders see their organizations as more mature in their security-related capabilities and better prepared to meet new threats. What have they done to create greater confidence? More importantly, can their actions show the way forward for others?

How Does IBM Deliver Cloud Security [ Source: IBM ]

December 2012- Cloud computing is changing the way we use computing and has the potential for significant economic and efficiency benefits. But the speed of adoption depends on how quickly trust in new cloud models can be established. Some of the growing cloud security concerns include: security of highly virtualised environments from targeted threats and attacks, enabling secure collaboration, protection of the data (isolation, sharing) in a rapid provisioning and deprovisioning environment while experiencing the loss of ...