Thursday, August 20, 2009

VMware AppSpeed moves virtualization forward

This is an Ogren Group Impact I wrote a few weeks ago for VMware AppSpeed. The product is a pretty good idea and should do well for VMware's customers.

"VMware is bolstering its vCenter management capability with AppSpeed 1.0 software enabling organizations to confidently control performance as applications transition to a virtualized infrastructure. AppSpeed allows IT organizations to manage memory, network, and system resources for applications across the physical and virtual corporate infrastructure, assuring predictable VM performance under peak workloads. The Ogren Group believes establishing visibility and control of performance as applications become virtualized is a critical capability for organizations advancing their strategy of cost savings and dynamic IT service management through data center virtualization. The introduction of vCenter AppSpeed is an innovative move by VMware, and positions VMware customers to rely more upon ESX virtualization in the data center..."

Wednesday, August 19, 2009

Hacker charges also an indictment onPCI, expert says

Just posted to SearchSecurity ...

"The federal indictment this week of three men for their roles in the largest data security breach in U.S. history also serves as an indictment of sorts against the fraud conducted by PCI – placing the burden of security costs onto retailers and card processors when what is really needed is the payment card industry investing in a secure business process.

A federal grand jury has indicted Albert Gonzalez of Miami and two yet unnamed Russian hackers for their alleged roles in the Heartland Payment Systems Inc. and Hannaford Brothers Co. thefts of 130 million credit and debit card data, plus the 40 million credit cards grabbed from TJX.
SQL Injection still a major problem:
SQL Injection troubles firms, errors lead to breaches: Security experts see the secure software development lifecycle improving, but legacy applications and Web server flaws continue to offer a rich treasure trove for attackers.

Three indicted for Hannaford, Heartland data breaches: A grand jury has charged three men for their role in stealing more than 130 million credit and debit cards from Heartland Payment Systems and several other companies.The indictment makes for good reading, with references to SQL injection, distributed data collection servers, QA against major AV products and temporary messaging accounts to elude detection..."

Webinar coming up - 3 Tactics for Securing Your Website and Driving Trust, Customers and Revenue

I have the pleasure of conducting a VeriSign-sponsored, IT Security-hosted, webinar next Wednesday on web site security. Given the prevalence of web site attacks, this is pretty timely. I hope you can check it out.

3 Tactics for Securing Your Website and Driving Trust, Customers and Revenue

Date: Wednesday, August 26, 2009
Time: 1PM ET / 10AM PT

If your customers visit your website and don’t think it’s secure, they won’t buy from you. Secure your transactions. Join this FREE live webinar to learn 3 ways your company can ensure your website is secure and you can improve transactions with your customers.

Get 3 easy tactics to secure your website now and drive trust, customers and revenue:

• Strategy to drive trust, customers and revenue by securing your website
• What are the costs and risks to online customers and your business
• Why you need to secure your e-commerce site
• 3 easy tactics to secure your website NOW

A Chance to Win

Live attendees will be entered for a chance to win an iPod Nano. One winner will be selected from the audience by random drawing.*

If you’re interested but can’t attend the live event, register today and we will send you a link to the on-demand archive when available.

We look forward to having you join us.
Featured Speakers:

Eric Ogren is the founder and principal analyst of the Ogren Group. Ogren’s background features over 15 years of enterprise security experience, becoming a highly regarded industry analyst. Coverage areas include virtualization security, alignment of security technologies with business requirements, evolution of endpoint security, authenication and user identity protection, application security, managing security in large enterprise environments, and consumer privacy issues. Prior to starting The Ogren Group, Ogren served as security analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. Additional vendor-side experience includes product leadership roles at RSA Security and Digital Equipment. Ogren holds a B.S. degree in mathematics from the University of Massachusetts and an M.S. degree in Computer Science from Boston University.

Ryan White is SSL Product Marketing Manager at VeriSign, Inc. Ryan has been at VeriSign for over 3 years helping to educate businesses about how to protect their site and customers with encryption technology.
Michael Oliver-Goodwin is a Contributing Editor of IT Security. He is a widely published writer and an experienced editor for publications, including PC World, MacWeek and InfoWorld.
*Employees of associated companies are not eligible for drawing. Person must live in the US to be eligible. Winner is chosen at random. Winner will be notified at the conclusion of the live webinar. One prize will be given out per person selected from the drawing.

Thursday, August 13, 2009

Patch management study shows IT taking significant risks

Posted to -

"The latest research around patch management is a good reminder for security teams to move patch diligence up the stack to applications and to resist disabling signature checking for performance in UTMs.

Qualys Inc. presented an update at the recent Black Hat USA 2009 briefings to their Laws of Vulnerabilities research, a timely statistical review in light of the increase in Microsoft Internet Explorer, Microsoft Office, Adobe Reader, and Apple QuickTime application level attacks. The study, first conducted in 2004, is based on years of accumulated vulnerability scanning data of the Qualys installed base..."

Tuesday, August 11, 2009

Microsoft Security Essentials (MSE) shows no vision, expert says

Posted today on

"Microsoft's security program is lost in time.

While it works diligently to bring yesterday's antimalware solution to market with Microsoft Security Essentials (MSE), the company is completely losing the future of security definition to competitors, with recent evidence supplied courtesy of Google's Chrome OS announcement and Check Point's browser sandboxing feature. There are a few points where Microsoft security is losing time." ...