May 2013- The most recent financial institution attacks have been launched via the BroBot/itsoknobroblembro toolkit. This advanced toolkit supports multiple attack methods, including HTTP, HTTPS and DNS.
May 2013- While most enterprise risk managers are accustomed to addressing regulatory compliance, data integrity and data privacy within an IT risk management framework, many have not fully accounted for IT availability as it relates to business continuity. Even risk managers who do consider IT availability may focus only on operational and environmental threats (e.g., human error, fires and floods) while overlooking distributed denial of service (DDoS) attacks, which are one of the leading causes of ...
Given the extraordinary and rapid changes in the DDoS terrain, traditional DDoS
mitigation tactics such as bandwidth overprovisioning, firewalls and intrusion
prevention system (IPS) devices are no longer sufficient to protect an organization's
networks, applications, and services. Verisign has successfully defended its global
DNS infrastructure against DDoS and other attacks for more than 12 years and
has maintained 99.99 percent availability of its critical infrastructure during that
In addition, Verisign has maintained 100 percent availability ...
May 2013- You've found a virus running on your server. You discover logon IDs on your network that don't belong. A hacker has your credit card database. Any one of these is enough for you to hit your panic button and lose it - don't. In this eBook, get the steps you need to take to provide immediate aid to hacked systems, infected workstations, and other IT security disasters. This ultimate first aid kit for system admin ...
May 2013- Though most organizations have invested considerable time and effort in improving their endpoint risk management processes, many of them are ill-equipped to handle the myriad of third-party applications that are increasingly introducing the most risk into today's IT environment. That's because as the typical IT organization has worked on reducing the risk profile of PC and server operating systems, cyber criminals have started to look for greener pastures - namely among third-party applications. This white ...
Conventional information security measures, including anti-virus and next-generation firewalls, aren't enough to protect your organization from today's deluge of sophisticated web threats.
That's just one of the key findings in the "Websense® 2013 Threat Report." Based on data collected by the Websense ThreatSeeker® Network, the world's largest and longest-standing security intelligence network, the Report details how advanced threats are specifically targeting mobile devices and social media, and rendering traditional security solutions ineffective.
The software industry has learned that putting fancy boxes on the network doesn't fix bad software, cloud converts must focus on the risks they bring along with the software they deploy. This paper details risks to software deployed in the cloud and what steps to take to mitigate that risk.
April 2013- When DDoS attacks hit, companies go into crisis mode. It's all hands on deck until the danger passes. In February 2013, Neustar surveyed IT professionals across North America to see how companies are managing the crisis and measuring its bottom-line impact. The report compares 2012 results with survey findings from 2011, detailed in last year's Neustar report "When Businesses Go Dark."
April 2013- New vulnerabilities are discovered at a rapid rate, so in order to discover and defend against them, companies conduct vulnerability scanning. However, the frequency and coverage of scans provide increasing challenges for some organizations. Active scanning can be disruptive if conducted excessively, and there are some parts of the network that companies don't feel comfortable scanning at all. In order to address this problem, Skybox Security has introduced what it refers to as its next-generation ...
March 2013- Many IT security professionals recognize that advanced persistent threats (APTs) pose a growing risk to their organizations. However, recent UBM Tech research discovered that only a few are taking the necessary steps to combat APTs and protect their organizations. In fact, many appear to have a misplaced sense of confidence in their ability to detect these attacks, even though few have developed strategies for dealing with them. This gap is particularly troubling since security experts ...
February 2013- Threats and vulnerabilities are a way of life for IT admins. This paper focuses on how McAfee's Vulnerability Manager and McAfee ePolicy Orchestrator provide IT Admins with powerful and effective tool for identifying and remediating vulnerable systems.
February 2013- Information security based on regulatory compliance stipulations cannot keep up with today's sophisticated and rapidly changing threat landscape. CISOs need to implement a new discipline that ESG calls, "Real-time Risk Management."
February 2013- Taking a risk-based approach to vulnerability lifecycle management is becoming the norm for vulnerability assessment vendors. This paper reports on the findings when testing McAfee's Risk Management solution from a holistic risk management and vulnerability lifecycle management perspective.
February 2013- Vulnerability assessment vendors compete on management features, configuration assessment, price, reporting and integratin with other security products. Buyers must consider how VA will fit into their overal vulnerability management process when evaluatiing VA products and services.
February 2013- Some IT and Security teams wonder if automated vulnerability management is important given the many pressing demands for other IT projects and investments they face. The purpose of this paper is to help these IT and Security professionals evaluate their security posture and risk.
February 2013- As long as there is software, there will be software vulnerabilities. And wherever there are vulnerabilities, you will find malware and cybercriminals. This paper will examine that risk and provide a step by step process to protect your companies critical assets.
February 2013- Up until now, your view of risk while monitoring your network has been incomplete. This white paper discusses a new, innovative approach to protecting your network through a combination of active and passive network discovery and monitoring, in real-time.
February 2013- Companies are in high alert to fight off Distributed Denial of Services (DDoS) attacks that can halt business and amount to a costly burden on companies and customers. DDoS attacks are increasing in volume, frequency, and sophistication, and they are targeting every level in the data center. Smart organizations are moving to defend not only their network, session, and application layers, but also their business logic and database tiers as well. In defense, today's enterprises ...
Survey reveals pitfalls of traditional vulnerability scanners
Learn what IT professionals had to say about vulnerability management programs at their organizations, including how often and what zones they scan, and the challenges they encounter.
The Skybox Security Vulnerability Management Survey 2012, conducted in conjunction with Osterman Research, polled more than 100 IT decision makers including security managers, and network and systems engineers involved in vulnerability management processes.
Among the findings:
October 2012- Symantec Corp. commissioned Tolly to benchmark the performance of its new Symantec Endpoint Protection (SEP) 12.1 within VMware ESXi 5 virtual environments vs. Trend Micro Deep Security 8. Specifically, this testing focused on the system resource requirements of each solution when performing on-demand and on-access scanning, and during distributed virus definition update
October 2012- This report from Dennis Technology Labs compares the effectiveness of anti-malware products designed to run in virtual desktop environments. This test aims to compare the effectiveness of the most recent releases of anti-malware products designed to run in virtual desktop environments.
4 Days, 465 Systems, 3 continents
The Zeus Trojan virus was destructive enough, but the tech media are constantly alerting us to evolving threats to every industry. The good news is that you can transform the way your organization exposes, analyzes, and respond to advanced endpoint threats and errant sensitive data.
Here are seven quick case studies to prove it. Download these real-world examples of how customers in industries such as financial services, hospitality, ...
80% of organizations suffering payment card breaches had not achieved compliance with PCI DSS at the time of the breach. – Verizon 2011 Data Breach Investigation Report
As regulation and litigation increase, internal investigators must support an alphabet soup of compliance obligations: SOX, GLBA, FISMA, HIPAA, PCI DSS, regional privacy laws, and more. Although each regulation is different, these laws share common investigation requirements in three areas: policy, control infrastructure, and incident response.
“The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program… Ultimately, the intruders were able to gain control of a software repository used by the development team.” - New York Times - Cyberattack on Google Said to Hit Password System
While we still use many of the same old names - viruses, Trojans, and worms - today’s malware enables potent multistage ...
October 2012- Cloud computing has become another key resource for IT deployments, but there is still fear of securing applications and data in the cloud. These concerns include authentication, authorization, accounting (AAA) services; encryption; storage; security breaches; regulatory compliance; location of data and users; and other risks associated with isolating sensitive corporate data. Add to this array of concerns the potential loss of control over your data, and the cloud model starts to get a little scary. ...
View All Categories
Business Intelligence : Analytics, Business Process Management, Content management, Dashboards, Data Mining, Data Quality, Databases, Datamarts/Data Warehouses, Information Management, Knowledge Management, Performance Management
Hardware : Blades, Data centers, Desktops/PCs, Grid/Cluster Computing, Handhelds/PDAs, Macintosh, Peripherals, Processors, Supercomputers, Unix/Linux servers, Utility/On-demand Computing, Virtualization Hardware, Windows Servers
Infrastructure : ATM, Ethernet/Gigabit Ethernet, Frame relay, IPv6, Traffic Management, Network/Systems Management, PBXs, Printers, Remote Access, Routers, Switches, UPS, VPNs, WAN Optimization/Acceleration, Wide Area File Services
Internet : B2B, B2C, Browsers, E-Business/E-Commerce, E-retail, Google, Internet Policy, Internet Security, Search, Social Networks, Traffic Reporting/Monitoring, Web 2.0, Web Development, Social Business
Management : Career Development, Executive Insights/Interviews, H-1B, Legal, Outsourcing, Personnel Management, Recruiting, Regulation/Compliance, ROI/TCO, Salary/Compensation, Small-Medium Business, Training, Workplace Trends
Personal Tech : Blackberry, Bluetooth, Bluray, Digital Cameras, Digital Music, Digital Rights Management, Global Positioning Systems, iPhone, iPod, Peripherals, Smartphones, TVs/Home Theater, Virtual worlds
Security : Antivirus, Application Security, Attacks/Breaches, Cyberterror, Encryption, End user/Client Security, Intrusion Prevention, NAC, Perimeter Security, Privacy, Security Administration, Storage Security, Vulnerabilities and Threats
Services : Business Process Outsourcing, Business Services, Disaster Recovery, Hosted Applications, Hosted Storage, Internet/Data Services, Outsourcing, Software as a Service, Systems Integration, Telecom/Voice Services
Software : Integration, Application Optimization, Business Systems Management, CRM, Database Applications, Databases, Development Tools, ERP, Hosted Software/Applications, Linux, Open Source, Operating Systems, Productivity Applications, Server Virtualization, Service Oriented Architecture, Web Services