The 451 Group Impact Report: Skybox Enters Vulnerability Management Space [ Source: Skybox Security ]

April 2013- New vulnerabilities are discovered at a rapid rate, so in order to discover and defend against them, companies conduct vulnerability scanning. However, the frequency and coverage of scans provide increasing challenges for some organizations. Active scanning can be disruptive if conducted excessively, and there are some parts of the network that companies don't feel comfortable scanning at all. In order to address this problem, Skybox Security has introduced what it refers to as its next-generation ...

The Business Value of Hybrid Cloud -Based Compromise Intelligence Monitoring and Threat Mitigation [ Source: Neustar ]

April 2013- There are now millions of malware variations to defend against and hundreds of perpetrators of DDoS attacks. Given the complex nature of today's threats, enterprises can achieve a strategic advantage by employing a new layer of security that is services based. Cloud-based services are an important aspect of this approach to security and provide always-on monitoring without the added expense of buying and maintaining on-premise equipment. Early detection can help manage breach notification and remediation ...

Realistic Security, Realistically Deployed: Today's Application Control and Whitelisting [ Source: Bit9 ]

April 2013- Historically, IT defense has focused largely on the threat. So-called "blacklist" technologies maintain an inventory of specific attack types, and provide defense against each. Today, the volume, variety and sophistication of attacks highlights the limitations of such approaches, as signature databases approach their upper limits and leave exploitable gaps in defense.

These changes in the threat landscape have led many organizations to consider the alternative to a blacklist approach. In contrast to blacklisting ...

Advanced Protection Against Advanced Threats [ Source: Bit9 ]

April 2013- Security-conscious organizations are increasingly asking themselves the following questions:

Do we know what's running on our machines - right now?
Do we trust it?
How can we stop untrusted software from executing?

If you see yourself in this scenario or have engaged in these types of discussions, download this whitepaper and learn how to use a progressive approach to build trust, monitor activity, tailor protection to your enterprise and ...

A Guide to Implementing a Successful SAST Tool and Solving Developer Security Issues [ Source: Checkmarx ]

April 2013- Recognizing security defects early in the development cycle have traditionally posed real challenges for developers as current static analysis tools often generate significant false positive results and other major issues. Next generation tools address these issues by integrating static analysis as part of development teams’ normal ‘design, code, test and analysis’ processes. Download, “A Successful SAST Tool Implementation” to learn how these tools can:

•  Integrate with normal software engineering workflows
•  Accurately report ...

System Z: Making Great Security Even Better [ Source: IBM ]

April 2013- If your enterprise uses System z already, it's a safe bet that you're already aware of its legendary security. Being the only commercially available server with an EAL 5 rating is just one reason why so many of the world's top banks, retailers and other businesses that conduct high volumes of critical business transactions use System z.

With features such as cryptographic co-processors and integrated Public Key Infrastructure (PKI) support, System z has arguably ...

McAfee Virtual Patching for Databases [ Source: McAfee ]

March 2013- Organizations store their most valuable and sensitive data in their enterprise database, yet a large number of organizations do not engage in the timely installation of vendor patches after those patches have been released by database management system (DBMS) providers, placing that sensitive data at risk. In fact, a 2010 survey by the Independent Oracle Users Group revealed that of the 430 database administrators, consultants, and developers who were surveyed, only 37 percent installed Oracle Critical Patch Updates ...

The State of APT Preparedness [ Source: Lumension ]

March 2013- Many IT security professionals recognize that advanced persistent threats (APTs) pose a growing risk to their organizations. However, recent UBM Tech research discovered that only a few are taking the necessary steps to combat APTs and protect their organizations. In fact, many appear to have a misplaced sense of confidence in their ability to detect these attacks, even though few have developed strategies for dealing with them. This gap is particularly troubling since security experts ...

Securing and Controlling Data in the Cloud [ Source: Vormetric ]

March 2013- The Securing and Controlling Data in the Cloud white paper describes the various cloud formations (Private Cloud, Public Cloud, SaaS, PaaS, IaaS), the new security challenges posed by the cloud and solutions that enterprises can bring to bear for securing and controlling sensitive data in cloud environments.

Protecting Sensitive Data In and Around an Oracle Database [ Source: Vormetric ]

March 2013- The Protecting Sensitive Data In and Around an Oracle Database technical white paper provides an overview of the sensitive files in and around the Oracle database that enterprises need to secure in order to achieve optimal database security.

Longline Phishing: The Rise of Email-Borne Threats and the Cloud [ Source: Proofpoint ]

March 2013- The last few years have seen a dramatic increase in the use of email as a vehicle for cyberattacks on organizations and large corporations.

Such attacks have evolved from the simple inclusion of malware as a non-disguised executable file, to more socially engineered "phishing"style attacks, which attempt to persuade the recipient voluntarily provide valid security credentials-often simply by clicking a link that leads to a malicious or fraudulent website. But how can ...

Transforming IT GRC into a Mainstream Business Application [ Source: TraceSecurity, Inc ]

February 2013- Coping with the complexities of IT GRC is a growing market dilemma for small and medium organizations (SMEs) and a new IT GRC prescription is well overdue - one that provides true enterprise-class capabilities, but without the enterprise burden on resources.

This paper explains the SME information security landscape and how to best leverage an integrated, cloud-based approach to adopt an IT GRC strategy that reveals your organization's risk posture, enforces security policies, ...

When 'Secure Enough' Isn't Enough - Defining the Difference Between Compliance and Protection [ Source: IronKey by Imation ]

February 2013- We've all seen the reports about what goes wrong when proper controls are not implemented while storing and transferring data. Large enterprises face messy notifications, customer dissatisfaction and, in many cases large fines. In fact, a data breach in the U.S. comes with an average price tag of $5.5 million, according to a 2011 Ponemon Institute study.

This paper from Imation Mobile Security explains when compliance alone may not offer the protection enterprises need ...