Friday, November 13, 2009

Audit Ready Data Center Webinar with Accelops

AccelOps has a really interesting approach to management of the technical infrastructure for mid-tier organizations. They do a solid innovative job of going a few extra steps to combine, correlate and analyze data - steps that IT does not have to learn to manually perform. The Audit-Ready Data Center is a webinar in conjunction with ISSA where we talk about the needs of meeting requirements for continuous audit that provides a common language for security discussions with other organizations in the company. Hope you can check it out on the 19th.

Tuesday, November 10, 2009

Press Quote: Tufin extends security lifecycle management

Tufin has a nice vision for helping IT manage network access policies - coordinating rules between firewalls, routers, and switches for consistency and security. It is worth checking out, especially if your network has sensitive data (and what network doesn't).

"Firewall Policy Management functions are only part of the solution when controlling access to sensitive zones within the corporate infrastructure." said Eric Ogren, principal analyst of the Ogren Group. "Access policies that are enforced by high speed switches and routers need to cooperate, and be consistent with firewall rules for effective management of a secure network. Tufin’s approach of converging analysis of leading network and security devices can help enterprises control dynamic networks for compliance and security."

How to use Internet security threat reports

A bunch of security threat reports have hit the presses lately. Here are a few thoughts of how IT should use these, as posted in SearchSecurity ...

"The Melissa worm, one of the most prolific email viruses in history, earned its notoriety by forwarding itself to the first 50 people found in a victim's Microsoft Outlook address book. Security researchers celebrated its 10th anniversary earlier this year, and in the decade since Melissa, the world has seen a boom in viruses, Trojans, SQL injection, spam, phishing and drive-by downloads." ...

Friday, November 6, 2009

Security benefits of virtual desktop infrastructures

Newly posted to SearchFinancialSecurity:

"An emerging technology is helping to solve security issues within the financial industry: virtual desktop infrastructures. With a virtual desktop infrastructure, an organization actually executes desktop applications on servers in the data center, relying on remote display protocols to give the user a localized look and feel. The security benefits of VDI in the data center are clear: IT controls software configurations, assuring that users execute software with the latest patches and upgrades ..."

Wednesday, November 4, 2009

Two-factor authentication, constant vigilance foils password theft

The latest on passwords at SearchSecurity"

"The state of the art in static password protection policies has left some specialists questioning the usefulness of current password policies.

It's going to take new measures -- a mixture of technology and policy -- to hold users more accountable while addressing new attack methods and the automated connectivity of Web 2.0 behavior..."