Multiple Perspectives on Security

Security Journal

Subscribe to Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Steve Hamm (@stevehamm31) of BusinessWeek - pictured below -got a big article on #cloudcomputing into last week’s issue.  It rightly points out that cloud computing is the big thing and will keep us busy for the next 10 years.  Unfortunately, a lot of the article is misleading or missing key context. His first example cited is Avon’s use of a smartphone- and PC-accessible system for connecting Avon’s 150,000 “sales leaders” with their reps (sales leaders are the consultants who recruit and run other consultants/reps and get a cut of the “upline” commission).  Nothing in the article explains how this is a “cloud computing” solution.  Remote/mobile accessible applications have been around almost as long as the Internet.  The article doesn’t say, but I suspect that the system serving up all this info is a traditionally developed and deployed one sitting inside the Avo... (more)

Launchpad Europe Warns IT Security Vendors: Do Not Forget Importance of Channel Community in Run-up to RSA

Launchpad's recent IT Security Index revealed true value for IT security professionals of consulting with many different kinds of technical advisors London, UK - 25th Feb 2010 - Launchpad Europe has advised information technology vendors not to forget the importance of the channel community in the run-up to the RSA Conference in San Francisco (1 - 5 March 2010). "End users may be looking for a particular IT vendor's solution, but paradoxically, they often do not want to communicate with the vendor until they are already prepared to buy," said Launchpad Europe's technical director, Mike Burkitt. "End users consult with a broad range of technology influencers these days, including resellers, systems integrators, suppliers and consultants. To succeed, vendors must recognize and understand the complex influences that sway end-users' technology decisions. Nurturing stron... (more)

Invest 15% of Cloud Savings in Security

There is a talk that I've given a few times with very good response - "How Cloud Computing -Improves- Security".  We go in to detail on all the areas where cloud providers have (or should have) gone the extra mile relative to the datacenter a customer runs in-house, and how with a solid partnership with your provider - a cloud can be more secure than what you have in-house.  One of the things we discuss during that talk is how users of cloud need to be prepared to spend more on security and compliance to get the level of comfort and risk management they are used to. The number I like to use is 15% - that for each dollar you save by making a move to cloud computing, you should invest  15 cents to improve security and increase compliance efforts.  The top areas of focus for most should be application security and real-time monitoring efforts.  The security levels tha... (more)

Complex IT Security Risks Can Only Be Treated with Comprehensive Response

This latest BriefingsDirect discussion takes on the rapidly increasing threat that enterprises face from complex IT security breaches. In just the past year, the number of attacks are up, the costs associated with them are higher and more visible, and the risks of not securing systems and processes are therefore much greater. Some people have even called the rate of attacks a pandemic. The path to reducing these risks, even as the threats escalate, is to confront security at the framework and strategic level, and to harness the point solutions approach into a managed and ongoing security enhancement life cycle. As part of the series of recent news announcements from HP, this discussion examines how such a framework process can unfold, from workshops that allow a frank assessment of an organization’s vulnerabilities, to tailored framework-level approaches that can tran... (more)

Who’s Responsible for Protecting Data Stored in the Cloud?

With cloud comes the notion of liberation. Cloud is the natural evolution of the data center. It’s easy to deploy, infinitely scalable, and highly redundant. It is the shiny new component inside the storage controller and is making it possible for an old dog to learn some very impressive new tricks. But with the cloud, comes responsibility. An article recently appeared over at BusinessWeek explaining how many businesses now operate under the assumption that once their data is sent offsite they need not be concerned with protecting it. In a perfect world, this is how it should work. One of the main selling points of outsourcing infrastructure is the idea that there is now one less thing for IT to worry about. However, before any business can trust a third party to protect their invaluable corporate IP, some due diligence must be conducted. The two areas businesses n... (more)

What retailer BCBGMAXAZRIA learned about cloud security, SIEM

The following is an excerpt of the recently released case study on how a major retailer, BCBG, migrated to a cloud security platform and discovered how SIEM and Log Management capabilities enhanced their abilities for enterprise security. For the entire case study, you may download a PDF version here. (direct; no forms to fill out!) There was a time the only security issues retailers needed to be concerned with was theft. Put a guard in the store and a couple of video cameras and prevent as much loss as possible. Those days are long gone. The overall security of a retail organization has grown increasingly complex. The smash and grab has been supplanted by the hack and breach.   A retailer’s IT environment is at as much risk as the product on the retail shelf. Every year hundreds of retailers fall victim to electronic intrusion. Ask Raley’s, Zaxby’... (more)

Lightboard Lessons: DNS Scalability & Security

The Domain Name Service (DNS) is one of the most important components in networking infrastructure, enabling users and services to access applications by translating URLs (names) into IP addresses (numbers). Because every icon and URL and all embedded content on a website requires a DNS lookup, loading complex sites necessitates hundreds of DNS queries. DNS lookups has exploded in recent years with mobile, IoT and the applications to support the growth. It is also a vulnerable target. In my first Lightboard Lesson, I show you how to scale, secure and consolidate your DNS infrastructure. ps Related: The Dangerous Game of DNS The DNS of Things Is 2016 Half Empty or Half Full? ... (more)

Fortinet Discovers Vulnerability in Microsoft Office Web Components

SUNNYVALE, CA -- (Marketwire) -- 07/15/09 -- Fortinet® -- a market-leading network security provider and worldwide leader of unified threat management (UTM) solutions -- today announced that Fortinet Global Security Research Team recently discovered a critical memory corruption vulnerability existing in the ActiveX Controls of Microsoft Office Web Components, which allows a remote attacker to compromise a system through a malicious site. Fortinet customers using the FortiGuard Intrusion Prevention Service (IPS) should be protected against the remote code execution vulnerability. The vulnerability lies in the default ActiveX Control installed by Microsoft Office. The vulnerability works by allowing a remote attacker to successfully craft a malicious HTML content which can then exploit the vulnerability in Internet Explorer, causing memory corruption and resulting in a... (more)

Keynote DeviceAnywhere and Shunra Announce Partnership to Bring Mobile Network Conditions to App Testing

Keynote Systems (Nasdaq:KEYN) subsidiary, Keynote DeviceAnywhere, the global leader in mobile application lifecycle management (mobile ALM), and Shunra Software, the industry-recognized authority in network virtualization and application performance engineering, have jointly announced a partnership for mobile application testing that gives developers the ability to test apps and websites on remotely-accessible devices using real-world mobile network conditions. Users of Keynote DeviceAnywhere and Shunra will now be able to remotely test mobile apps on virtualized 2.5G, 3G, 4G and WiFi networks that precisely emulate real-world bandwidth, latency, jitter and packet loss conditions. This allows mobile app developers to simulate visits to every type of location and test the performance of the app under those different network scenarios. The partnership between Keynot... (more)

CentraComm Growth Continues To Receive National Recognition

FINDLAY, Ohio, Oct. 23, 2012 /PRNewswire/ -- For the sixth consecutive year, CentraComm, a leading managed IT Security and network services company, has been named one of the fastest-growing private companies in the nation. Inc. magazine's Inc. 5000 list highlights America's fastest growing companies. CentraComm has earned a place on the list since its inception in 2007. (Logo: http://photos.prnewswire.com/prnh/20120202/CL46953LOGO ) Moving up over one hundred places to No. 2,785 on this year's list, CentraComm has shown 83 percent revenue growth over the past three years. "Making Inc. magazine's list for six consecutive years encapsulates what makes a company truly great … consistency," said Mark Prevost, Vice President of Sales and Marketing at CentraComm.  "CentraComm's revenue has expanded every year across all our core segments. Existing customers keep increasin... (more)

SecureAuth Delivers More Secure Access to Amazon Web Services

IRVINE, CA -- (Marketwired) -- 02/20/14 -- SecureAuth, a leading provider of 2-Factor Access Control, today announced that its award-winning SecureAuth IdP solution enables enterprises to have more secure, convenient access to Amazon Web Services (AWS) consoles. SecureAuth IdP uses over 20 different authentication methods to validate an identity, pushes the information to the logging database, and then asserts the identity directly to AWS. "Enterprises can now regulate who has access to Amazon Web Services and validate those users' identities," stated Garret Grajek, Chief Technology Officer at SecureAuth. "SecureAuth allows IT to manipulate the authentication workflow at the touch of a button. The end result is fewer usernames and passwords for users to remember, and a more secure enterprise." "The benefit of Amazon's cloud service is there is no cumbersome hardware t... (more)