IT security

Zero-day auction site complicates security efforts, IT pros say

WabiSabiLabi, the eBay-like marketplace for zero-day flaws, will make it tougher for companies to ward off attackers, some IT security professionals say. Continue Reading

By

• Bill Brenner

Oracle plans 46 security updates for database, software

Attackers could tamper with database servers and host operating systems by exploiting flaws across Oracle's product line. Continue Reading

By

• Bill Brenner

CDP platform specifications

Continuous data protection (CDP) products track changes to files and data -- typically in real time -- recording activity and allowing recovery to an extremely granular level. This effectively reduces backup windows and restore points, allowing busy transactional data centers to protect mission-critical applications without significant downtime for backups or restorations. In most cases, CDP is implemented as software running on a server with internal or network storage access. The following product snapshots highlight key specifications for a cross-section of CDP systems/appliances currently available. Continue Reading

Oracle's July 2007 CPU has 45 security fixes

Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases. Continue Reading

By

• Bill Brenner

ISO 27001 could bridge the regulatory divide, expert says

Karen Worstell, former CISO at Microsoft and AT&T Wireless, now on the advisory board of Neupart A/S, explains how ISO 27001 can be used to help companies comply with a variety of regulations and standards Continue Reading

By

• Bill Brenner

Symantec fixes flaws in AntiVirus, Backup Exec

Symantec fixed flaws attackers could exploit in AntiVirus Corporate Edition and Backup Exec to launch malicious code, gain elevated user privileges or cause a denial of service. Continue Reading

By

• Bill Brenner

Antispyware legislation gets tepid reviews

Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem. Continue Reading

By

• Bill Brenner

Web security gateways meet rising malware threats

Web security gateways combine layered defense against the rising tide of Web-based malware with URL filtering and application control. Continue Reading

By

• Neil Roiter, TechTarget

Zero-day auction site highlights ethical debate

A new auction site plans to cash in on flaw research. Executive Editor Dennis Fisher explores if it's a viable business model and if research should be sold to the highest bidder. Continue Reading

United in threat management part three: how scared are you?

Wrapping up his look at unified threat management, Ian Yates wonders if the technique will help you sleep better at night. Continue Reading

By

• Ian Yates

Microsoft July updates for critical Excel, Windows and .NET flaws

Of the six security updates Microsoft released Tuesday, experts expressed the most concern about a critical glitch in the .NET Framework that could leave client machines and Web servers open to attack. Continue Reading

By

• Bill Brenner

Data breaches, compliance drive intellectual property protection

Recent high profile data breaches and compliance pressures are forcing companies to spend more on technology to protect intellectual property, according to a new study. Continue Reading

By

• Robert Westervelt, TechTarget

Google buy shakes up email archiving

Google's acquisition of Postini will boost adoption of Gmail, pushing email archiving players to add support for hosted applications. Continue Reading

By

• Beth Pariseau, Senior News Writer

Microsoft preps six security updates for Windows, Office

Microsoft will release six security updates on Tuesday 10 July to address flaws attackers could exploit to launch malicious code and access sensitive information on victims' machines. Continue Reading

By

• SearchSecurity.com Staff

Security Metrics: Replacing Fear, Uncertainty, and Doubt

In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Continue Reading

Zero-day auction site opened by Swiss lab

Swiss start-up WabiSabiLabi is offering zero-day findings for qualified buyers. The site could fuel new debate over flaw disclosure. Continue Reading

By

• Bill Brenner

Wireless security -- Defending Wi-Fi clients

In this tip, Lisa Phifer examines how host-resident wireless IPS agents can help you safeguard Wi-Fi client devices to ensure strong wireless security. Continue Reading

By

• Lisa Phifer, Core Competence

Cisco users upbeat about security direction

Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing. Continue Reading

By

• Bill Brenner

Data migration product specifications

Part of the Tiered Storage Buying guide focusing on product specifications for data migration tools. Continue Reading

Data storage startups emerge from stealth

Three new storage firms have come out of stealth mode this June. Analysts predict the next new crop of startups will focus on wireless storage, reporting and alternatives to RAID. Continue Reading

By

• Beth Pariseau, Senior News Writer

Are PCI auditors pitching products?

Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice Continue Reading

By

• Robert Westervelt, TechTarget

SearchSecurity.com Blogs

 Continue Reading

CIOs get solutions to meet governance regulations

CIOs facing a rising bills to meet governance, risk and compliance regulations may be able to control their costs better if they turn to new purpose-built software. Continue Reading

Software to help CIOs meet governance regulations

CIOs facing a rising bills to meet governance, risk and compliance regulations may be able to control their costs better if they turn to new purpose-built software. Continue Reading

By

• Ian Grant

Vendors admit more cooperation needed on security

Security leaders from large software vendors pledge to cooperate on embedding more security into their products. Continue Reading

By

• Robert Westervelt, TechTarget

Network security: Overlay versus perimeter security model debated at Catalyst

Traditional network perimeter security -- firewalls, and even network access control -- may soon be pushed out in favour of using VPNs for network security, which could ease the security burden for networking staff, according to Dave Passmore. The Research Director at Burton Group pointed out that there is a growing disagreement about where security controls should reside and how those controls should be implemented. Continue Reading

By

• Amy Kucharik, TechTarget

Corporate Mergers and Acquisitions Security Learning Guide

A panel of experts breaks down M&A security priorities and explains the best ways to manage disparate security staffs, technologies and policies. Continue Reading

Cisco vows to maintain IronPort tech, talent

As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh. Continue Reading

By

• Bill Brenner

Richard Granger's departure may jeopardise NHS IT programme

Richard Granger's departure from Connecting for Health may jeopardise the stability and success of the politically driven NHS National Programme for IT. Continue Reading

By

• Tony Collins

PCI Council hears complaints, suggestions for changes

Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers. Continue Reading

By

• Robert Westervelt, TechTarget

DHS suffered more than 800 cyber attacks in two years

Senior officials at the US Department of Homeland Security have acknowledged hundreds of security lapses but say improvements have been made. Continue Reading

By

• Robert Westervelt, TechTarget

Instant messaging usage increase highlights need for policies

A Burton Group report suggests that all companies should have an IM usage policy, even if they haven't deployed IM yet Continue Reading

By

• Kate Dostart, Associate Editor

Storage Decisions Downloads: Executives' storage guide

Ideas of where firms' storage should be and where it's headed. Also key ways to integrate new technologies, processes and ideas without going over budget. Continue Reading

HP to acquire SPI Dynamics for Web security

HP says it will would bolster Web site assessments and Web application vulnerabilities with its acquisition of Atlanta-based SPI Dynamics Inc. Continue Reading

By

• SearchSecurity.com Staff

Prevent network hacks with secure Web browsing

Hackers can penetrate your network in almost unlimited ways these days, and that includes through your Web browser. Learn how to improve Web browser security and keep these hackers out of your network. Continue Reading

Securing the enterprise VoIP perimeter

How to make VoIP work without sacrificing firewalls or network perimeter security. Continue Reading

By

• Gary Audin, Delphi Inc.

Endpoint fears drive PatchLink-SecureWave merger

Experts say the PatchLink-SecureWave merger makes sense since IT pros want a better way to protect their endpoint devices. But PatchLink's market supremacy is far from assured. Continue Reading

By

• Bill Brenner

Big Microsoft Vista concerns for Big Pharma

The second installment of an ongoing series examining the challenges of deploying Windows Vista and the considerations that go into the decision to roll out the new OS. Continue Reading

By

• Bill Brenner

Will HP do the right thing with SPI Dynamics?

Analysts say HP can dramatically boost its security with the purchase of SPI Dynamics, but some users worry about SPI's technology wilting under the new ownership. Continue Reading

By

• Bill Brenner

Burton Group Catalyst Conference San Francisco 2007

SearchSecurity.com brings you the latest news, interviews, podcasts and more from the Burton Group Catalyst Conference 2007 in San Francisco. Continue Reading

VoIP security testing fundamentals

Testing your VoIP security system against all the threats that exist on the network can be a full time job. This guide documents how a VoIP system can be tested and suggest some of the available tools to use -- with a focus on fuzzing tools and methods. Continue Reading

Is a merger or acquisition in Sourcefire's future?

Sourcefire founder and Chief Technology Officer Martin Roesch, talks about how Sourcefire fits into Security 3.0 theme and how the firm may be involved in a future merger or acquisition. Continue Reading

By

• Bill Brenner

Why hacking contests, 'month-of' projects don't help

Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security. Continue Reading

By

• Bill Brenner

Microsoft patches Windows Vista, IE 7

Microsoft fixed 15 flaws in a variety of products Tuesday, including Windows XP, Vista and Internet Explorer 7. Attackers could exploit the most serious flaws for remote code execution. Continue Reading

By

• Bill Brenner

The Art of Software Security Testing

Identifying software security flaws including the proper methods for examining file formats. Continue Reading

Connecting for Health briefing claims much of NHS NPfIT complete

A confidential Connecting for Health briefing paper for the prime minister has claimed that much of the NHS's £12.4bn National Programme for IT (NPfIT) is complete - although an integrated national care record system has yet to materialise, and software delivered under the scheme has been criticised by some trusts as not yet fit for purpose. Continue Reading

By

• Tony Collins

Data retrieval strategies: Document management software overview

The role of document management software in data storage and how it can mitigate risk for the enterprise. Continue Reading

Serious flaws put Yahoo Messenger users in peril

Attackers could exploit two serious flaws in Yahoo Messenger to run malicious code on targeted machines, vulnerability trackers warned Wednesday. Continue Reading

By

• SearchSecurity.com Staff

Network access controlled via biometrics

Fingerprint readers, a form of biometrics, have been used to protect data and endpoints, but now IT is using the security technology to control network access Continue Reading

By

• Andrew R. Hickey

IBM to acquire Watchfire for risk, compliance

IBM agreed to acquire Waltham, Mass.-based Watchfire Corp. to add Web application and compliance testing tools into Big Blue's Rational development platform. Continue Reading

By

• SearchSecurity.com Staff

Watchfire will help IBM build application security

Analysts have been pushing the Security 3.0 concept this week at Gartner's IT Security Summit, and one analyst says IBM's acquisition of Watchfire illustrates the trend. Continue Reading

By

• Bill Brenner

SMBs sample SaaS via telecoms

Telecom XO Communications has announced a new, SMB-focused partnership with Jamcracker, a wholesaler of SaaS technology. Analysts say more telecoms will try to offer SMBs IT services with such deals. Continue Reading

By

• Shamus McGillicuddy, Enterprise Management Associates

IBM: We're No. 1 in storage hardware

A new combined disk and tape tracker from IDC has IBM trumpeting from the rooftops that it's the market leader. But what's IBM's story when it comes to software? Continue Reading

By

• Beth Pariseau, Senior News Writer

Top spammer indicted on email fraud, identity theft

The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia. Continue Reading

By

• Robert Westervelt, TechTarget

Check Point promises more VoIP security, fewer slowdowns

Check Point's enhanced Open Performance Architecture is designed for deeper security of technologies like VoIP without the network performance problems that often come with it. Continue Reading

By

• Bill Brenner

Springing leaks: Getting smart about data loss prevention

Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined. Continue Reading

By

• Neil Roiter, TechTarget

Google dives into security market

Search engine giant Google has acquired security startup GreenBorder Technologies, making it a bigger player in the wider information security market. Continue Reading

By

• Bill Brenner

HDS adds SAN muscle to archive

Hitachi Data Systems integrates its archive software across its product line and adds important new features, including replication, data deduplication and security. Continue Reading

By

• Jo Maitland, TechTarget

SAN School: Table of contents

What is a storage area network? What are the benefits and pitfalls of installation? How can a SAN fit into your organization? These questions and more are answered SAN School. Continue Reading

By

• SearchStorage.com editors

The man behind the Month of Search Engine Bugs speaks

Ukrainian security researcher Eugene Dokukin, more widely known by his online name MustLive, is about to launch a new "Month-of" flaw disclosure project focusing on search engine bugs, at a time when many security professionals are dismissing such projects as shameless publicity. In an interview conducted by email, he describes his background and motive for the Month of Search Engine Bugs, and why he thinks the naysayers are mistaken. Continue Reading

By

• Bill Brenner

When Microsoft Vista and VPNs don't mix

Papa Gino's is ahead of many companies in deploying Windows Vista, thanks to its involvement in the Microsoft TAP program. But VPN compatibility has been a sticking point. Continue Reading

By

• Bill Brenner

Admins run into trouble with Microsoft updates

A DNS service failure and an ongoing WSUS glitch are among this month's frustrations as IT administrators try to deploy the latest security patches from Microsoft. Continue Reading

By

• Bill Brenner

Network access control learning guide

From PDAs to insecure wireless modems, users have myriad options for connecting to -- and infecting -- the network. Created in partnership with our sister site SearchSecurity.com, this guide offers tips and expert advice on network access control. Learn how unauthorized users gain network access, how to block and secure untrusted endpoints, and get Windows-specific and universal access control policies and procedures. Continue Reading

Microsoft NAP-TNC compatibility won't speed adoption, users say

Users hail the new compatibility of Microsoft NAP and the Trusted Computing Group's TNC architecture. But they say it won't speed up their adoption timetables. Continue Reading

By

• Bill Brenner and Dennis Fisher, SearchSecurity.com Staff

McAfee launches IPS for 10g networks, but is IT ready?

McAfee unveiled a new IPS offering for 10-gigabit Ethernet networks and announced the upgrade and integration of several other products. One analyst offers a mixed assessment. Continue Reading

By

• Bill Brenner

Microsoft fixes Office 2007 patch issues, releases MOICE

The Microsoft Security Response Center acknowledged that some of the company's May 8 security updates didn't make it to machines running Office 2007 on Windows Vista. Continue Reading

By

• Bill Brenner

Sourcefire, Nmap deal to open vulnerability scanning

Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine. Continue Reading

By

• Robert Westervelt, TechTarget

IETF approves new weapon to fight spam, phish

DomainKeys Identified Mail specification (DKIM) gained approval as an official IETF standard. The approval is seen as a major step in the fight against spam and phishing attacks. Continue Reading

By

• Dennis Fisher

Microsoft investigates new Office zero-day flaw

Attackers could exploit a newly-discovered zero-day flaw in Office 2000 to run malicious code on targeted machines, Symantec warned. Continue Reading

By

• Bill Brenner

Microsoft unveils unified communications devices

Microsoft unveils unified communications devices. Continue Reading

By

• Andrew R. Hickey

Cisco warns of new IOS flaws

The new flaws are classified as "low," but if exploited they could result in a sustained DoS condition, Cisco said. Continue Reading

By

• Robert Westervelt and Bill Brenner, SearchSecurity.com Staff

VoIP security fundamentals

VoIP security is a challenge for IT staff because IP telephony brings with it not only the security problems of data networks but also new threats specific to VoIP. In this fundamentals guide, learn about network security threats and emerging IP telephony threats, and how to secure your VoIP systems and endpoints from them. Continue Reading

Screencast: How to configure a UTM device

In this exclusive screencast, expert David Strom demonstrates the configuration options available in SonicWall's unified threat management product. Continue Reading

When signature based antivirus isn't enough

Zero-day exploits, targeted attacks and increasing demands for endpoint application controls are driving the rapid metamorphosis from signature-based antivirus and antispyware to HIPS-based integrated products. Continue Reading

By

• Neil Roiter, TechTarget

Cisco fixes fresh flaws in IOS

Attackers could exploit two flaws in Cisco's IOS to cause a denial of service or tamper with data in a device file system. Continue Reading

By

• SearchSecurity.com Staff

PayPal security measures help stamp out fraud

PayPal's 133 million online customers are the biggest ocean phishers have to plunder. CISO Michael Barrett wants to make it safe to be in the water; and he's not going at it alone. Continue Reading

By

• Michael Mimoso, TechTarget

ISCSI TCP/IP TOE card specifications

Key specifications for a cross-section of popular iSCSI TOE cards. Continue Reading

Symantec fixes flaws in Norton, pcAnywhere

Attackers could exploit flaws in Symantec's Norton AntiVirus and pcAnywhere to launch malicious code or compromise a user's session credentials. Continue Reading

By

• Bill Brenner

Companies plug FTP holes with secure FTP servers

Some companies are investing in secure FTP suites to give employees and business partners the ability to transfer large files such as large documents, audio, video and photos. Continue Reading

By

• Robert Westervelt, TechTarget

The trouble with Google hacking techniques

Some IT security professionals say the threat posed by Google hacking techniques is overblown and that companies can easily avoid it with a layered security program. One skeptical expert is Ira Winkler, founder of the Internet Security Advisors Group (ISAG) and author of such books as "Spies Among Us." In this Q&A, he talks about how Google hacking is not new and why he thinks IT pros who aren't aware of it should go back to security school. Continue Reading

By

• Bill Brenner

Quiz: Preventing data leaks

A six-question multiple-choice quiz to test your understanding of the content presented by expert Richard Bejtlich in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading

Quiz: Enterprise strategies for protecting data at rest

A five-question multiple-choice quiz to test your understanding of the e-discovery content presented by expert Perry Carpenter in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading

Quiz: Demystifying data encryption

A five-question multiple-choice quiz to test your understanding of the data encryption content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading

Microsoft users sticking with third-party security vendors

IT pros are pleased with Microsoft's security advances, including those found in Forefront. But don't expect them to drop their third-party security vendors. Continue Reading

By

• Bill Brenner

Microsoft to release DNS patch Tuesday

In addition to a fix for the DNS Server Service flaw, Microsoft plans to patch critical flaws in Windows, Office, Exchange, CAPICOM and BizTalk. Continue Reading

By

• Bill Brenner

IM slang glossary

 Continue Reading

By

• Jessica L. Dempsey, Assistant Editor

New image spam sneaks into inboxes

Researchers at Secure Computing Corp. have discovered a new form of image spam that is sneaking into corporate systems and clogging inboxes. Continue Reading

By

• Robert Westervelt, TechTarget

Websense to acquire SurfControl

Websense says its planned $400 million acquisition of SurfControl will allow it to better compete in the global security market. Continue Reading

By

• Bill Brenner

Scaling storage networks demands careful consideration

In the Fibre Channel world, scaling often means adding more and faster switch ports to extend the fabric's bandwidth and connectivity. But IP storage (mainly iSCSI) is a growing area of SAN expansion, using ubiquitous Ethernet network technology to pass storage data between storage devices. This requires the use of IP switches and routers, and can involve the deployment of iSCSI TOE host adapters to offload iSCSI traffic from the local server's CPU. This Buying Guide is intended to help clarify the principle considerations involved scaling storage networks and each chapter offers a set of buying points and product specifications that can help readers identify prospective new scaling products. Continue Reading

Storage consolidation: WAN acceleration and WAFS technology overview

One important avenue of storage consolidation is the consolidation of remote office storage; this is where WAN acceleration and WAFS technology comes into play. Continue Reading

IP storage switch and router specifications

Key specifications for a cross section of popular IP storage switch and router products. Continue Reading

Apple fixes 25 Mac OS X flaws

Attackers could exploit about two dozen flaws in Mac OS X to cause a denial of service, bypass security restrictions, disclose sensitive data and run malicious code. Continue Reading

By

• SearchSecurity.com Staff

Weekly compilation of storage news:Dell LTO-4 drive, new Sun array

Dell is first out of the gate with the new LTO-4 drive, which offers native encryption; Sun unveils new array and deepens its relationship with FalconStor. Continue Reading

By

• SearchStorage.com Staff

Disaster Recovery Planning Podcasts

DR expert Jon Toigo explains how the new realities of business make DR planning an essential element of daily IT process, procedure, product development and procurement. Continue Reading

By

• Jon Toigo

SNW: Users wary of outsourcing backup

Symantec unveiled plans for outsourced, online data backup services this week, but users at Storage Networking World are more cautious than ever about letting go of their data. Continue Reading

By

• Jo Maitland, TechTarget

Storage consolidation: Disks and disk subsystems overview

Any storage consolidation effort must involve a serious consideration of disk subsystems and the specific disk types that those systems will contain Continue Reading

DNS worm strikes at Microsoft flaw

A new worm called Rinbot.BC exploits the Microsoft DNS flaw by installing an IRC bot on infected machines and scanning for other vulnerable servers. Continue Reading

By

• Dennis Fisher

Inside MSRC: Windows Vista security update explained

Microsoft's Christopher Budd details the first Windows Vista security updates. Continue Reading

By

• Christopher Budd, security program manager for the Microsoft Security Response Center (MSRC)

Malware outbreak 'largest in almost a year'

Security firm Postini and the SANS Internet Storm Center said they are tracking a significant malware outbreak. Postini calls it the biggest email attack in almost a year. Continue Reading

By

• Bill Brenner

Microsoft investigates DNS server flaw

Attackers could exploit a DNS flaw in Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued. Continue Reading

By

• SearchSecurity.com Staff