Sort results by: Published date | Company name
Showing items 1-25

Implementing Software-Defined Security with CloudPassage Halo [ Source: CloudPassage ]

March 2015- Software-defined security (SDSec) is an architectural approach to security and compliance that implements controls in a manner that abstracts them from physically-oriented elements such as topology, hardware, or physical location.

This paper summarizes the five architectural principles of SDSec and the ways in which CloudPassage has implemented them by building the Halo SDSec platform for cloud infrastructure.

Who are you trying to protect? [ Source: Gemalto ]

August 2014- If we are to progress towards more secure and convenient authentication solutions, we have to start thinking beyond passwords. Multi-factor solutions that operate independent of passwords, are the future. But not all users are created equal. Some need more stringent forms of authentication than others. So who are you trying to protect?

G2000 Firm Secures Critical Financial Applications and Generates 192% ROI (Forrester) [ Source: Veracode ]

March 2015- Learn how a global firm secured 400 critical applications and generated an ROI of 192% with cloud-based automation and centralization. The firm previously relied on a traditional on-premises scanning tool, but success was limited because specialized expertise was required to tune and interpret results. As a result, the firm's AppSec program only covered a small fraction of the firm's applications. This Forrester case study includes a detailed financial model showing how the firm leveraged centralized ...

Hacking Exposed 7 - Chapter 10: Web and Database Hacking (McGraw-Hill) [ Source: Veracode ]

March 2015- Read this classic reference text to get into the cyberattacker's mind and understand the latest attack vectors and web application threats. The prerequisite for dealing with cybersecurity is knowledge: download this critical chapter to learn about web application vulnerabilities and hacking techniques; freely-available crawling tools; and countermeasures to protect your web application infrastructure.

Secure Agile Development (Securosis) [ Source: Veracode ]

March 2015- This white paper is for security professionals who want to understand how to embed security into the Agile SDLC. It describes Agile development and the issues developers face, so both teams can work together better. Agile frameworks have become the new foundation for code development, and secure development practices, just like every other facet of development, must fit within the Agile framework — not the other way around.

The CISO's Handbook - Presenting to The Board (Forrester) [ Source: Veracode ]

March 2015- This report describes strategies for articulating your risk posture and security strategy to executives so you can position yourself as a key influencer in the boardroom. Written by a CISO, it offers guidance on: answering common questions such as “How secure are we”; describing how your strategy aligns with the goals of the business; and helping the board understand complex security issues.

Federated Identity Service Buyers Guide [ Source: Radiant Logic ]

March 2015- To ensure security these days, the entire diverse and distributed enterprise identity infrastructure must become one secure global service. A federated identity service based on virtualization is the answer for protecting today's increasingly federated environments—and evolving them to meet future demands and opportunities. In this paper, we'll look at how such a service helps you manage all this complexity and see how other solutions stack up.

Four Reasons Not to Nuke an Infected Machine: Reimaging Isnt The Only Option [ Source: ThreatTrack Security ]

March 2015- Many organizations still cling to the rigid practice of reimaging every infected machine. However, the costs of reimaging often outweighs the benefit. Learn why you should adopt an alternative approach to reimaging to remediate threats.

Losing the Battle - The Need for a New Approach to Advanced Protection [ Source: ThreatTrack Security ]

March 2015- This paper outlines the challenges of fighting APTs and outlines a solution purpose-built to find and stop attacks in progress allowing for mitigation before it's too late.

IDC Analyst Connection: The Evolving Threat Landscape [ Source: ThreatTrack Security ]

February 2015- Today's cybercrime environment has evolved from quick smash-and-grab tactics to persistent campaigns involving specialized malware. In response, a new category of security technology aimed at detecting, analyzing and preventing such threats is emerging. ThreatTrack Security discussed this trend with Charles Kolodgy, IDC's Research Vice President for IDC's Security Products Service.

How to Stop Social Media Hacks [ Source: Proofpoint ]

February 2015- A how to guide describing the key steps that organizations should take to prevent their social media accounts from being hacked.

The SAP Security Survival Guide [ Source: Onapsis ]

January 2015- As a CISO, learn which questions to ask in order to uncover security challenges facing your SAP systems.

Analysis of Cybercrime Infrastructure [ Source: Proofpoint ]

January 2015- Proofpoint security researchers have published an analysis that exposes the inner workings of a cybercrime operation targeting online banking credentials for banks in the United States and Europe. This Proofpoint research report provides a detailed and rarely seen inside view of the infrastructure, tools and techniques that enabled this cybercrime group to infect over 500,000 PCs.

Key facts from the Proofpoint analysis:
• Qbot (aka Qakbot) botnet of 500,000 infected systems sniffed “conversations&...

Sleeping Through the Alarm: What Breaches Should be Telling Us, and Why the Message is Missed [ Source: SafeNet ]

January 2015- Security professionals are living in a time of rapid and fundamental change. Computing and delivery models, user platforms and devices, and security threats have changed radically in recent years. However, in many ways, the security technologies and approaches employed by many organizations have remained relatively static, sometimes leading to disastrous results. To gain a picture of how organizations are contending with the changing technology and security landscape, SafeNet undertook an extensive survey.

This ...

Open Source Software -Security Risks and Best Practices [ Source: Rogue Wave Software ]

January 2015- Third-party applications, including open source software (OSS), make up an increasing proportion of enterprise applications. By some estimates, up to 80 percent of the source code in many new commercial applications is open source. It is easy to understand why. OSS allows developers to build applications faster, adding functionality without writing source code from scratch. Open source communities provide new features, shortening time to market and helping organizations gain competitive advantage.

Open source can ...

Defend Against Injection-Based Attacks [ Source: Rogue Wave Software ]

January 2015- We'll explore some of the most common security vulnerabilities currently plaguing the software development industry, and present different ways in which Static Code Analysis, or SCA, can detect them.

In this paper, we'll:
• Provide a detailed description of the weakness
• Show how it presents itself to the end user and the developer
• Explain mitigation strategies to help resolve each issue.

The Business Case for Earlier Software Defect Detection and Compliance [ Source: Rogue Wave Software ]

January 2015- By providing developers with the right tools to detect, understand, and fix problems early, your business can simplify software development, shorten development lifecycles, and improve the quality of software code. The end result is increased innovation, secure applications, and a faster time to market - all at a lower cost. Read this whitepaper to learn more.

Top Security Issues for Embedded Device Software Development [ Source: Rogue Wave Software ]

January 2015- With all the excitement surrounding the Internet of Things (IoT), there is the potential for a gold rush mentality to bring products based on embedded software to market.

Unfortunately, security may suffer. This paper will discuss the top security issues in software development for embedded devices.

Protect Your Applications - and Reputation - with Symantec EV Code Signing [ Source: Symantec ]

January 2015- For years, developers have known that one of the best ways to reassure users is by signing code using a digital signature accessed via a private key issued by a respected certificate authority. But signed code is not invulnerable. Due to lax key security and vetting processes, malware has managed to infiltrate applications with signed code.

Extended Validation (EV) Code Signing Certificates help to halt malware infiltration by requiring a rigorous vetting process ...

Securing the Mobile App Market [ Source: Symantec ]

January 2015- The explosive growth of the mobile apps market presents a tremendous opportunity for software developers and cybercriminals alike. Infected apps are not only a threat to mobile device users, but also to network and platform providers, device manufacturers, and the reputation of the industry as a whole. Fortunately, developers can protect their code - and their customers - with a straightforward and easy-to-manage technology: code signing certificates. This white paper details the rise of mobile ...

Protect Your Brand Against Today's Malware Threats with Code Signing [ Source: Symantec ]

January 2015- The malware threat and resulting lack of confidence on the part of online users puts software developers and other companies that rely on software downloads at risk. Code signing is an industry-recommended and widely-used defense against tampering, corruption, or malware infection in software code, armed with a powerful method to both identify code and assure the identity of the code signer. This white paper discusses the malware threat, the potential impact on your business, and ...

Protecting Android Applications with Secure Code Signing Certificates [ Source: Symantec ]

January 2015- Download Protecting Android Applications with Secure Code Signing Certificates and learn the value of secure code signing practices for building more secure Android apps as well as how these certificates play a key role in helping developers enhance the safety of their applications, their users, and their reputations.

A New Set of Network Security Challenges [ Source: Dell ]

December 2014- This new IDG survey reveals optimism about the ability of next-generation firewalls to help IT balance productivity and security. With two issues becoming increasingly crucial, IT faces conflicting mandates from the business. On one hand, employees demand access from devices beyond the firewall-smartphones, tablets, home PCs and laptops. On the other hand, risk management dictates corporate data must remain protected. The overarching challenge: balance productivity and security. Within that mandate, however, lie several other challenges, ...

Promise Healthcare Case Study [ Source: Dell ]

December 2014- Promise Healthcare needed to improve security and achieve HIPAA compliance. They were in need of a solution that would deliver a deeper level of network protection and security services without compromising network performance. Promise Healthcare replaced its outdated firewalls with Dell SonicWALL NSA 6600 firewalls. The new firewalls provide robust security services that protect its patients, doctors, nurses and staff and comply with all HIPAA regulations. In addition, the implementation of Dell SonicWALL GMS has allowed ...

How to Achieve Intelligence-Driven Threat Detection and Response [ Source: RSA, The Security Division of EMC ]

November 2014- Learn the four key areas that organizations should focus on to achieve intelligence-driven threat detection and response.

Next 25