Case Study: LivePerson Secures Robust Static Code Analysis Security Solution [ Source: Checkmarx ]

April 2013- With more than 1million Lines of Code (LOC), LivePerson, an industry leader and provider of chat-based services, was committed to finding the most commercially available Static Code Analysis Security solution on the market. Due to the size and complexity of the codes written by LivePerson’s 150+ developers, their code analysis requirements were extensive - resulting in the investigation of many Static Code Analysis solutions including open source applications. Download, “Case Study: LivePerson” to gain a ...

Advanced Protection Against Advanced Threats [ Source: Bit9 ]

April 2013- Security-conscious organizations are increasingly asking themselves the following questions:

Do we know what's running on our machines - right now?
Do we trust it?
How can we stop untrusted software from executing?

If you see yourself in this scenario or have engaged in these types of discussions, download this whitepaper and learn how to use a progressive approach to build trust, monitor activity, tailor protection to your enterprise and ...

A Guide to Implementing a Successful SAST Tool and Solving Developer Security Issues [ Source: Checkmarx ]

April 2013- Recognizing security defects early in the development cycle have traditionally posed real challenges for developers as current static analysis tools often generate significant false positive results and other major issues. Next generation tools address these issues by integrating static analysis as part of development teams’ normal ‘design, code, test and analysis’ processes. Download, “A Successful SAST Tool Implementation” to learn how these tools can:

•  Integrate with normal software engineering workflows
•  Accurately report ...

System Z: Making Great Security Even Better [ Source: IBM ]

April 2013- If your enterprise uses System z already, it's a safe bet that you're already aware of its legendary security. Being the only commercially available server with an EAL 5 rating is just one reason why so many of the world's top banks, retailers and other businesses that conduct high volumes of critical business transactions use System z.

With features such as cryptographic co-processors and integrated Public Key Infrastructure (PKI) support, System z has arguably ...

McAfee Virtual Patching for Databases [ Source: McAfee ]

March 2013- Organizations store their most valuable and sensitive data in their enterprise database, yet a large number of organizations do not engage in the timely installation of vendor patches after those patches have been released by database management system (DBMS) providers, placing that sensitive data at risk. In fact, a 2010 survey by the Independent Oracle Users Group revealed that of the 430 database administrators, consultants, and developers who were surveyed, only 37 percent installed Oracle Critical Patch Updates ...

Five Critical Components Of An Information Security Program [ Source: TraceSecurity, Inc ]

February 2013- Current market solutions are built to protect the enterprise and are too resource intensive for most organizations to manage. Learn about five key components that any risk-based information security solution must include to cost effectively and efficiently protect information and meet regulatory requirements - regardless of industry, organization size or security skill set.

Moving Beyond User Names and Passwords: An Overview of Okta's Multifactor Authentication Capability [ Source: Okta ]

February 2013- Typical web applications are protected with single-factor authentication: a user name and password. These credentials, in addition to being difficult to manage, leave sensitive data and applications vulnerable to a variety of common attacks. As enterprises adopt more cloud applications, addressing this threat will become critical. Unlike older on-premises applications, cloud applications are accessible to anyone on the public Internet. Multifactor authentication (MFA) is designed to protect against the range of attacks that rely on ...

ESG Technology Brief: Real-Time Risk Management [ Source: McAfee ]

February 2013- Information security based on regulatory compliance stipulations cannot keep up with today's sophisticated and rapidly changing threat landscape. CISOs need to implement a new discipline that ESG calls, "Real-time Risk Management."

Gartner MarketScope for Vulnerability Assessment Report [ Source: McAfee ]

February 2013- Vulnerability assessment vendors compete on management features, configuration assessment, price, reporting and integratin with other security products. Buyers must consider how VA will fit into their overal vulnerability management process when evaluatiing VA products and services.

Protect Critical Assets with Virtual Patching White Paper [ Source: McAfee ]

February 2013- As long as there is software, there will be software vulnerabilities. And wherever there are vulnerabilities, you will find malware and cybercriminals. This paper will examine that risk and provide a step by step process to protect your companies critical assets.

Solving Substantiation with SAML [ Source: F5 ]

February 2013- Gone are the days when majority of corporate employees worked in the office and were statistically mapped to their applications and resources which all ran behind the firewall. Today, not only are applications running on the LAN/corporate data center and being delivered from cloud-based networks. These cloud resources might not have access to a corporate directory for employee validation. In addition, today's workforce is highly distributed; using a multitude of different access devices, yet ...

The New Application Delivery Firewall Paradigm [ Source: F5 ]

February 2013- The firewall is, and has been, the primary foundation around which conventional network security architectures are built. But the conventional firewall is beginning to show its limitations in detecting and repelling modern attacks. Diverse attacks involving multiple layers of the network stack are causing firewall failures with alarming frequency. As a result, traditional firewall services alone are insufficient for detecting attacks and subsequently preventing business disruption. The new application delivery firewall technology provides enforcement of ...

A New Breed of Information Security Leader: The Hyper-Connected Era and What It Means for CIOs and CISOs [ Source: IBM ]

December 2012- 2011 was the year of the security breach. And while many security organizations remain in crisis response mode, some security leaders have moved to take a more proactive position, taking steps to reduce future risk. These leaders see their organizations as more mature in their security-related capabilities and better prepared to meet new threats. What have they done to create greater confidence? More importantly, can their actions show the way forward for others?