Blog Posts Tagged with "Remediation"


Tackling Modern Malware

August 15, 2012 Added by:Simon Heron

With conventional antivirus products, their signature bases are never completely up to date. When a new infection emerges, it simply roams freely across all endpoints. Conversely, WSA leverages behavioural monitoring to pick up infections when it isn’t sure whether a file is malicious or not...

Comments  (0)


Five Reasons Why You Need an Application Security Program

June 28, 2012 Added by:Fergal Glynn

Many organizations looking at application security for the first time struggle with why they should take a programmatic approach to tackling application security. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it...

Comments  (0)


Are Enterprises Really Hacking the Hackers?

June 27, 2012 Added by:Rafal Los

Active defense is using technology which can confuse an attacker, mislead them into spending time on worthless parts of an application, or slowing the response rate of the network or application down. That's active defense. Striking back involves actually going on the offensive, which is likely highly illegal...

Comments  (1)


Vulnerabilities: Context Matters

May 13, 2012 Added by:Jack Daniel

You do need to assess how the vulnerability is exposed, what mitigations are in place or even possible, how hard the threat may be to execute against your situation, and whether there is a graceful failure mode if the opportunity turns out to be inopportune...

Comments  (0)


Checking Your System for the DNS Changer Malware

April 23, 2012 Added by:Headlines

The deadline for for systems infected with the DNS Changer malware is fast approaching. Failure to rid a device of the malware prior to the July 9 deadline could result in loss of Internet connectivity. To see if your system is infected, simply visit the following website...

Comments  (0)


We Need Better Defensive Tools

April 02, 2012 Added by:Gabriel Bassett

Marketers, Google, Facebook, can piece information together to identify you even when you don't say who you are. Banks, online video games, and major web services can degrade service based on perceived threats. It's time for infosec to build such tools to execute a better defense...

Comments  (0)


Metrics, KPIs and Making Business Sense of Infosec

March 27, 2012 Added by:Rafal Los

Does a 10% increase in IT Security spending really make us 10% safer? I refuse to buy-in to the saying that security is either avoiding cost, or a cost center and nothing more. This is simply untrue in my experiences. Good security is good for business, pure and simple...

Comments  (0)


Vulnerability Remediation: No More Traffic Signals

March 22, 2012 Added by:Ed Bellis

When you dig into the issue of prioritization it can be complex. Adding to the complexity, factors are often different from organization to organization. I am all for breaking things down to their simplest parts by obfuscating the complex factors, not by eliminating them...

Comments  (2)


Quantifying Risk Reduction with an Unknown Denominator

March 07, 2012 Added by:Rafal Los

The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...

Comments  (0)


Straight Talk about Compliance from a Security Viewpoint

February 09, 2012 Added by:Rafal Los

Odds are, you can usually close out multiple compliance requirements across multiple requirements regulations by doing something singular in a security program. Performing software security audits during various phases of your SDLC solves many compliance requirements...

Comments  (0)


Achieving Network Security

February 07, 2012 Added by:Kevin Somppi

Today's networks are complex, with most organizations supporting various server, operating system and Web platforms. This requires an accurate, comprehensive, and up-to-date way to identify the latest system vulnerabilities and configuration errors...

Comments  (0)


Four Reasons to Use a Vulnerability Scanner

February 01, 2012 Added by:Dan Dieterle

A vulnerability scanner is a tool that can automatically scan your network and the systems connected to it, examining each one for vulnerabilities that could be exploited. Malicious users frequently use scanners to hunt for ways to compromise your systems...

Comments  (0)


Enterprise Information Security Resolutions for 2012

December 18, 2011 Added by:Robb Reck

Successful information security is about making progress. It’s not reasonable or sustainable to expect all risks to be remediated as soon as they are discovered. Instead, my goal for 2012 will be to establish a positive trend, working toward improving security consistently...

Comments  (0)


Common Errors in Firewall Configurations

December 06, 2011 Added by:Christopher Rodgers

With the "ANY" port accessible vulnerability, clear text protocols could be used when both a secure and less secure clear text service are running on the same system, and vulnerabilities found for specific services such as SMB could be launched against vulnerable machines...

Comments  (0)


Ineffective CISOs Foster Shady Vendor Practices

November 23, 2011 Added by:Boris Sverdlik

The question remains how much faith is too much to put in the hands of your vendors? Without a thorough analysis of the inner workings of your organization, it is impossible for any external entity to make recommendations on where your reactionary dollars are best spent...

Comments  (0)


Decrypting QSA Qualifications in a Diluted Market Place

November 21, 2011 Added by:Andrew Weidenhamer

One of the biggest challenges is how to determine which 3rd party QSA company to use. With 120+ QSA companies certified to perform On-Site Assessments in the USA, there is not an easy answer, unless of course price is the only consideration. Unfortunately, sometimes this is the case...

Comments  (0)

Page « < 1 - 2 > »