Emerging cyberthreats for 2009

11/17/08

Remember the days when script kiddies wrote amateurish virus code and sent it into the wild just to see how far it could go? Those days are long gone. Today's Internet security threats are all about malware and botnets that help organized criminals make money. By some estimates, the cybercrime economy is larger than the economies of small countries. The Georgia Tech Information Security Center, a leading academic research center focused on information security, has just released its report on emerging cyberthreats for 2009. Read it and get ready to do battle.

New approach to a network-based data privacy application

11/10/08

At SAP's big technical conference back in October, SAP and Cisco announced what they call a "composite application" for data privacy. I'd call it a pretty interesting way to bring the technologies of the two enterprise companies together to enforce data privacy policies and minimize the risk of data breaches. If you have SAP-based applications in your organization, you need to read about this new approach to data protection.

Reduce data breach risks with secure USB flash drives

11/03/08

What would happen if one of your coworkers lost a USB flash drive containing extremely sensitive customer information? Would it cause panic because of the potential for data exposure and massive fines and costs for restitution? Or would you relax knowing that the data is encrypted, the flash drive is password-protected, and you have the ability to terminate the drive if it's ever used again? If it's the former case, read on to see how to move from "panicked" to "relaxed."

Co-location data centers: It's about the uptime

10/27/08

As the expense of building and operating an in-house data center climbs, it makes more sense than ever to consider co-locating business applications to an outsourced data center. This article outlines the benefits, including reliability/uptime, security, cost management, business continuity, and more.

Control Compliance Suite takes control of IT-GRC

10/20/08

Over the past several years, numerous vendors have gotten into the IT Governance, Risk Management and Compliance (IT-GRC) space. They've been driven there by customers who are seeking automation to help them achieve, sustain and prove compliance with regulations such as Sarbanes-Oxley, HIPAA, PCI and others. The best IT-GRC products are those that holistically look at an organization - not just IT automated controls. Symantec's latest release of Control Compliance Suite has entered the elite status of a corporate platform for IT-GRC.

Flood experience led to better disaster planning ahead of Hurricane Ike

10/13/08

After flooding from Tropical Storm Allison knocked NetIQ's data center out of commission for a week in 2001, the company developed a better disaster recovery/business continuity plan. This September, Hurricane Ike forced the plan into action. Read on to see how the company fared when Ike's winds and water slammed southeast Texas with a devastating blow.

Barbarians at the gate? Not with this Web gateway

10/06/08

Want to stop malware from entering your organization? That's easy! Unplug your network from the Internet. Gartner says the Internet and Internet applications are now the primary source of malware infections. If unplugging from the Internet isn't practical for you, then consider installing a secure Web gateway to defend your enterprise Web perimeter. John Boline from Hagerman & Company did just that, and the results have been - in his words - "quite impressive."

How data forensics help root out certification cheaters

09/29/08

There's nothing quite like stirring the pot of controversy. Last month, my Cache Advance column addressed the issue of cheating on certification exams. Specifically, I said that using "study aids" (i.e., stolen exams) that come from braindump Web sites could put a certification candidate at risk of being accused of cheating. The column was intended to inform people that many certifying agencies are now using data forensics to analyze test responses and look for extremely unusual behavior. As it turns out, people who use braindump materials often fall into this category. The ultimate penalty for cheating could be loss of certification with negative employment consequences.

Hurricane Ike and the Electronic Divide

09/22/08

For years we have been hearing about the Digital Divide - the chasm created when one portion of the world's population has full access to the broad range of knowledge posted to the Internet, and the rest of the population does not. This week, courtesy of Hurricane Ike, I am learning about another kind of divide. Call it the Electronic Divide, if you like. It's the difference between having, and not having, access to the utilities we all take for granted: electricity, water, phone, and even Internet. This Electronic Divide is putting a lot of people in very unfamiliar territory.

Find value in the computers that have reached end of life

09/15/08

Computers don't last forever, but they can last longer than the typical three to five year lifespan that most companies give them. What can you do with old computers that are still somewhat serviceable? TechTurn can rebuild them and return value to your company.

Get full ITIL v3 ITSM functionality over the Web

09/08/08

Imagine getting the full functionality of recommended ITIL v3 applications like configuration management, service desk, CMDB and so on without installing any software in your data center. Service-now.com has a complete suite of ITIL applications that are all delivered as a service over the web. The company is gaining lots of converts from big monolithic enterprise ITSM applications.

'It's the data, stupid' so you'd better vote to protect it

09/01/08

"It's the data, stupid." OK, the phrase is not quite catchy enough to become a must-have bumper sticker, but it's a mantra for every organization with sensitive information. Today's article looks at two enterprise security platforms designed to protect corporate data. Guardium focuses on securing the data and actions involving databases, and Symantec's Vontu platform provides data loss prevention on the network, at the endpoint, and in storage devices.

Best practices for securing telecommuters' PCs

08/25/08

Is the exorbitant price of gasoline leading to an increase in telecommuting at your company? This will have a dramatic impact on IT as more people drag their laptops home or boot up the home PC to access office applications. Managing a PC that's not continuously connected to the corporate network can be a challenge. Follow these guidelines to make sure all the bases are covered.

Endpoint virtualization is all coming together at Symantec

08/18/08

Following a series of technology acquisitions, Symantec has built a strategy to deliver endpoint virtualization. Applications and information can be streamed on-demand to almost any kind of endpoint to improve the end user experience while also providing better management and security of what matters most - your information.

TriCipher offers strong authentication as a service

08/11/08

TriCipher has long been known for its strong layered approach to user authentication. Many businesses such as financial institutions have implemented a TriCipher solution to authenticate customers accessing their accounts over the Internet. Until now, a TriCipher security implementation meant installing an ID Vault appliance within the business' infrastructure. Now the vendor is delivering the power of its authentication solutions to a broader range of businesses by delivering them as a service called myOneLogin.

A big SIEM solution designed for small companies

08/04/08

In this day and age of escalating complexity of IT solutions and skyrocketing tech support costs, it's unusual to find a vendor that truly caters to the needs of small and midsized companies. But George Krupica, Director of Information Technology for Main Street Bank of Wheeling, West Virginia, has met the IT vendor of his dreams.

Web governance monitors Web sites for trouble signs

07/28/08

Over the years, your company's Web site has gotten larger and more complex. Depending on the size of your organization, the site might have hundreds if not thousands of individual pages comprising the whole web site. At the same time, public-facing Web sites are coming under an increasing amount of scrutiny, including online legislation and regulations as well as brand guidelines. New "Web governance" services monitor your Web site for site quality, accessibility, privacy assurance and other important attributes.

Low cost data protection in a virtual environment

07/21/08

Data management VAR Champion Solutions Group is getting more bang for its customers' bucks by using Acronis True Image Virtual Edition for data backup and recovery. The flat fee software license covers an unlimited number of virtual machines on a single physical server, lowering the cost of data protection.

States require a license to conduct data forensics

07/14/08

To prepare for your job as a computer technologist, you've gotten your college degree and earned your technical IT certifications. But do you have your private investigator (PI) license in hand? If you live or conduct work in Texas or a handful of other states, you may need one if you plan to retrieve forensics data from a computer, analyze it and provide a report to a customer.

Products to help detect insider threats

07/07/08

One of CERT's 13 best practices for preventing and detecting insider threats recommends that you should "log, monitor, and audit employee online actions." Last week we looked at some of the operational challenges of implementing this best practice. This week we look at three log-management products that are well suited to detecting insider threats as they are emerging.

Using log event management to combat insider threats

06/30/08

Previously we wrote about CERT and the "13 best practices for preventing and detecting insider threats." Now we'll dig deeper into best practice No. 5: "Log, monitor, and audit employee online actions," and we'll look at the operational challenges you might face when implementing this best practice.

Free accessibility training for Web developers with a heart

06/23/08

The Accessibility Internet Rally (AIR) program provides free accessibility training to Web developers who volunteer one day of their time to develop a Web site for a nonprofit organization. What better way to learn the new Web Content Accessibility Guidelines 2.0 standards and techniques for accessible Web sites?

Trusteer protects transactions from desktop to Web site

06/16/08

With malware infecting nearly 50% of all PCs, the thought of conducting sensitive transactions over the Web is frightening. Even antivirus and antispyware vendors say it's impossible to prevent attacks from phishing, pharming, man-in-the-middle, keystroke logging, and other means. Going online to pay bills or make a purchase means a person could be giving away his user ID, password or account information without even knowing it. Now, Trusteer offers a unique solution to protect transactions between the desktop and a specific Web site. ING Direct is one of the first banks to make the solution available to its customers.

What the consumerization of IT means to you

06/09/08

It's called the consumerization of IT - using consumer-oriented devices and applications for business use. Google apps, iPhones, LinkedIn, Gmail, AIM, Facebook, and so on. Like it or not, they're here and they're not going to go away. Should you ban them? Embrace them? Close your eyes and ignore them? Experts weigh in on the topic.

13 best practices for preventing and detecting insider threats

06/02/08

When you think of IT security, you probably think of keeping the bad guys out of your IT systems. But what if the "bad guy" is fully authorized to use those IT systems? Insider threats are real and not so uncommon. That's why the CERT Coordination Center offers a report called Commonsense Guide to Prevention and Detection of Insider Threats. There's plenty you can do to lessen your risk of harm perpetrated by a trusted insider.

More

Linda Musthaler is a principal analyst with Essential Solutions Corporation.