Securing and Controlling Data in the Cloud [ Source: Vormetric ]

March 2013- The Securing and Controlling Data in the Cloud white paper describes the various cloud formations (Private Cloud, Public Cloud, SaaS, PaaS, IaaS), the new security challenges posed by the cloud and solutions that enterprises can bring to bear for securing and controlling sensitive data in cloud environments.

Five Critical Components Of An Information Security Program [ Source: TraceSecurity, Inc ]

February 2013- Current market solutions are built to protect the enterprise and are too resource intensive for most organizations to manage. Learn about five key components that any risk-based information security solution must include to cost effectively and efficiently protect information and meet regulatory requirements - regardless of industry, organization size or security skill set.

When 'Secure Enough' Isn't Enough - Defining the Difference Between Compliance and Protection [ Source: IronKey by Imation ]

February 2013- We've all seen the reports about what goes wrong when proper controls are not implemented while storing and transferring data. Large enterprises face messy notifications, customer dissatisfaction and, in many cases large fines. In fact, a data breach in the U.S. comes with an average price tag of $5.5 million, according to a 2011 Ponemon Institute study.

This paper from Imation Mobile Security explains when compliance alone may not offer the protection enterprises need ...

ESG Technology Brief: Real-Time Risk Management [ Source: McAfee ]

February 2013- Information security based on regulatory compliance stipulations cannot keep up with today's sophisticated and rapidly changing threat landscape. CISOs need to implement a new discipline that ESG calls, "Real-time Risk Management."

Gartner MarketScope for Vulnerability Assessment Report [ Source: McAfee ]

February 2013- Vulnerability assessment vendors compete on management features, configuration assessment, price, reporting and integratin with other security products. Buyers must consider how VA will fit into their overal vulnerability management process when evaluatiing VA products and services.

Protect Critical Assets with Virtual Patching White Paper [ Source: McAfee ]

February 2013- As long as there is software, there will be software vulnerabilities. And wherever there are vulnerabilities, you will find malware and cybercriminals. This paper will examine that risk and provide a step by step process to protect your companies critical assets.

Solving Substantiation with SAML [ Source: F5 ]

February 2013- Gone are the days when majority of corporate employees worked in the office and were statistically mapped to their applications and resources which all ran behind the firewall. Today, not only are applications running on the LAN/corporate data center and being delivered from cloud-based networks. These cloud resources might not have access to a corporate directory for employee validation. In addition, today's workforce is highly distributed; using a multitude of different access devices, yet ...

The New Application Delivery Firewall Paradigm [ Source: F5 ]

February 2013- The firewall is, and has been, the primary foundation around which conventional network security architectures are built. But the conventional firewall is beginning to show its limitations in detecting and repelling modern attacks. Diverse attacks involving multiple layers of the network stack are causing firewall failures with alarming frequency. As a result, traditional firewall services alone are insufficient for detecting attacks and subsequently preventing business disruption. The new application delivery firewall technology provides enforcement of ...

The New Phishing Threat: Phishing Attacks [ Source: Proofpoint ]

February 2013- The threat of email borne attacks is greater than ever with malware volumes increasing drastically. One of the most common, and difficult to detect, email threats comes in the form of phishing and spear-phishing emails.

Historically, phishing attacks targeted end-users with attackers going after credentials to financial accounts. But modern phishing attacks have evolved toward targeting sensitive corporate data as evidenced by the high profile data breaches targeted at diverse organizations including RSA ...

Financial Services, Regulation and the Achilles Heel of Email [ Source: Proofpoint ]

February 2013- Ensuring data privacy in compliance with government regulations and consumer protection laws presents a complex set of challenges for financial firms. Coupled with the rising sophistication in security threats, many industries are under regulatory fire in demonstrating accountability and addressing compliance requirements in accordance with federal and state laws. How an organization is able to store and manage their data, including email, has a high impact on regulatory compliance.

Read this white paper ...

The State of DDoS Protection: Organizations Remain Unprepared for DDoS Attacks [ Source: Neustar ]

December 2012- Distributed denial-of-service (DDoS) attacks continue to grow in size, complexity and danger. Witness the recent wave of attacks on major U.S. banks, which knocked websites offline, angered customers and took a grave toll on brand reputations. The lessons of those attacks echo the findings of this report: Previously successful DDoS mitigation solutions no longer work.

UBM Tech conducted research with IT professionals who have suffered DDoS attacks. The drastic changes in attack ...

Three Steps to Mitigate Mobile Security Risks [ Source: Rapid7 ]

January 2013- Smartphones and tablets are everywhere. Most companies allow employees to use personal mobile devices to access corporate data, but they typically have very little visibility into which employees are accessing corporate data and what kinds of devices they're using. As a result, they are blind to the risks these devices present to their corporate data.

This white paper highlights key mobile security risks and describes how pervasive they are based on data from ...

Why You Need to Consider Privileged Access Management (And What You May Not Know About It That You Should) [ Source: Dell Software ]

November 2012- Access controls that define a specific set of user privileges are well accepted as a security best practice. Why, then, are these same principles so rarely applied to the most sensitive access of all: administrative accounts?

In this ENTERPRISE MANAGEMENT ASSOCIATES® report, you’ll discover common excuses given to justify this oversight. You’ll then see how modern privileged account management solutions provide the control and monitoring capabilities needed to bring privileged access ...