Blog Posts Tagged with "Remediation"
Tackling Modern Malware
August 15, 2012 Added by:Simon Heron
With conventional antivirus products, their signature bases are never completely up to date. When a new infection emerges, it simply roams freely across all endpoints. Conversely, WSA leverages behavioural monitoring to pick up infections when it isn’t sure whether a file is malicious or not...
Comments (0)
Five Reasons Why You Need an Application Security Program
June 28, 2012 Added by:Fergal Glynn
Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...
Comments (0)
Are Enterprises Really Hacking the Hackers?
June 27, 2012 Added by:Rafal Los
Active defense is using technology which can confuse an attacker, mislead them into spending time on worthless parts of an application, or slowing the response rate of the network or application down. That's active defense. Striking back involves actually going on the offensive, which is likely highly illegal...
Comments (1)
Vulnerabilities: Context Matters
May 13, 2012 Added by:Jack Daniel
You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...
Comments (0)
Checking Your System for the DNS Changer Malware
April 23, 2012 Added by:Headlines
The deadline for for systems infected with the DNS Changer malware is fast approaching. Failure to rid a device of the malware prior to the July 9 deadline could result in loss of Internet connectivity. To see if your system is infected, simply visit the following website...
Comments (0)
We Need Better Defensive Tools
April 02, 2012 Added by:Gabriel Bassett
Marketers, Google, Facebook, can piece information together to identify you even when you don't say who you are. Banks, online video games, and major web services can degrade service based on perceived threats. It's time for infosec to build such tools to execute a better defense...
Comments (0)
Metrics, KPIs and Making Business Sense of Infosec
March 27, 2012 Added by:Rafal Los
Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...
Comments (0)
Vulnerability Remediation: No More Traffic Signals
March 22, 2012 Added by:Ed Bellis
When you dig into the issue of prioritization it can be complex. Adding to the complexity, factors are often different from organization to organization. I am all for breaking things down to their simplest parts by obfuscating the complex factors, not by eliminating them...
Comments (2)
Quantifying Risk Reduction with an Unknown Denominator
March 07, 2012 Added by:Rafal Los
The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...
Comments (0)
Straight Talk about Compliance from a Security Viewpoint
February 09, 2012 Added by:Rafal Los
Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...
Comments (0)
Achieving Network Security
February 07, 2012 Added by:Kevin Somppi
Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...
Comments (0)
Four Reasons to Use a Vulnerability Scanner
February 01, 2012 Added by:Dan Dieterle
A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use scanners to hunt for ways to compromise your systems...
Comments (0)
Enterprise Information Security Resolutions for 2012
December 18, 2011 Added by:Robb Reck
Successful information security is about making progress. It’s not reasonable or sustainable to expect all risks to be remediated as soon as they are discovered. Instead, my goal for 2012 will be to establish a positive trend, working toward improving security consistently...
Comments (0)
Common Errors in Firewall Configurations
December 06, 2011 Added by:Christopher Rodgers
With the "ANY" port accessible vulnerability, clear text protocols could be used when both a secure and less secure clear text service are running on the same system, and vulnerabilities found for specific services such as SMB could be launched against vulnerable machines...
Comments (0)
Ineffective CISOs Foster Shady Vendor Practices
November 23, 2011 Added by:Boris Sverdlik
The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...
Comments (0)
Decrypting QSA Qualifications in a Diluted Market Place
November 21, 2011 Added by:Andrew Weidenhamer
One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider