Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices.
via 1-in-4 worms spread through infected USB devices.
Tenable developed the Passive Vulnerability Scanner PVS to complement its other market leading active network scanner, Nessus. Where Nessus allows organizations to audit networks for known vulnerabilities, conduct full patch and configuration and compliance audits at a point in time, Tenable’s PVS allows organizations to continuously monitor the same network by analyzing network traffic 24×7 and provide real-time updates to Tenable’s SecurityCenter on new devices, applications running on those devices and known vulnerabilities associated with those devices.
f you think meeting security audits is tough, try passing one if you've got your data in a cloud, Interop attendees were told today
via Interop: Cloud security raises concerns for auditors.
Cloud computing lacks standards about data handling and security practices, and even whether a vendor has an obligation to tell users whether their data is in the U.S. or not. And the industry is only beginning to sort out these issues through groups, such as the year-old Cloud Security Alliance.
via Frustrations with cloud computing mount.
Every network has high-risk users. Typically, these users have broad access to the IT infrastructure and a high degree of technical knowledge. They might be internal or outsourced IT personnel, contractors, vendors or remote application developers. They know a lot about the IT systems and how they operate and might even possess “the keys to the kingdom” because they administer servers, networks, applications or databases. In fact, I might have just described … you.
via How to manage the risk of your high-risk users – Network World.
Microsoft wants to speed adoption of its security development lifecycle (SDL), starting with the release of a free SDL Process Template that is integrated with the Visual Studio Team System. The company also announced additions to its SDL Pro Network and updates to the SDL process.
via Microsoft Brings Secure Development Help to Application Developers for Free.
For security professionals, two free risk-management guides out this week provide directions on how to establish corporate security metrics, as well as tips on organizing risk-assessment and presenting findings.
The Center for Internet Security’s “Security Metrics 1.0″ is a pithy compilation of 20 “metrics definitions” covering six areas: incident management; vulnerability management; patch management; application security; configuration management; and financial metrics. The 83-page paper shoots for a mathematical approach that lets an organization build a scorecard for each category to assess and chart progress—or decline—in each of the six security-management areas.
via ‘Security Metrics’ and risk-assessment guides out this week – Network World.
After many months of work, we finally published the much-awaited content security Waves. On the Forrester SRM website, under the content security tab, you will be able to find three Wave documents: Email Filtering Wave, Web Filtering Wave, and Content Security Suites Wave.
We included ten vendors for all three Waves, Cisco Systems, Google, Marshal8e6, McAfee, Symantec/MessageLabs, Microsoft, McAfee/Secure Computing, Symantec, Trend Micro, and Websense. The intent of the Waves is to evaluate vendors who provide filtering functionality for multiple communication protocols (e.g., email, Web, and IM). Consequently, we did not include some of the pure-play vendors, such as Blue Coat Systems (for Web filtering) and Proofpoint (for email filtering), in the evaluations.
The evaluation of email filtering vendors revealed a mature market, characterized by strong appliance vendors with upstart cloud providers poised to win market shares. More specifically, we found that Symantec, Cisco Systems, and McAfee/Secure Computing lead the field because of their strong functionality and focused strategies. Google, Microsoft, Symantec/MessageLabs, and Websense are close behind with innovative cloud-based offerings. Trend Micro, Marshal8e6, and McAfee trail the field (see Figure1).
The evaluation of Web filtering market indicated a less than mature market, with
Websense and McAfee/Secure Computing lead the pack. Trend Micro, Cisco Systems, Symantec/MessageLabs, and McAfee are Strong Performers but fall short in certain areas of technology. Google, Marshal8e6, Microsoft, and Symantec lack either strong capability or cohesive vision, and trail the field (see Figure 2)
As the content security market continues to evolve, Forrester sees a growing market demand for consolidated content security suites rather than point products. In the third Wave, we evaluated content security suite offerings. The evaluation uncovered a budding market where only a small number of vendors reported adequate suite functionality. More specifically, we found that Websense leads the market because of its wide functionality and suite-oriented strategy. Symantec, McAfee/Secure Computing, and Trend Micro all have a clear strategy for product suites but are a notch down from Websense. Cisco, Symantec/MessageLabs, and Microsoft fall short in offering broad suite functionality. Google, McAfee, and Marshal8e6 trail the field for lacking either suite focus or comprehensive capabilities (see Figure 3).
To see the detailed evaluation criteria and vendor scores, please refer to the actual Wave documents: Email Filtering, Web Filtering, and Content Security Suites.
via The Forrester Blog For Security & Risk Professionals.
