May 2009 20 5 Issue of SCMagazine

May 2009 20 5 Issue of SCMagazine

May 2009


Infrastructure security: Power to the people

Congress needs to do what's necessary to help NERC call electric power officers to task and get the power systems they own and operate secured ...

Threat of the month

2 minutes on

Software bug researchers hunt green

Some researchers believe they are getting the shaft from software developers who don't pay the flaw finders.


SME security: SME mindset must change

For SMEs, handling security issues is far from straightforward, says David Kelleher, communications and research analyst, GFI Software.

Virtual security: Fuel the virtual organization

Corporations need better tools for securing the network from within and controlling employees, contractors and guests., says Jeff Prince chairman and CTO, ConSentry Networks.

CSO's desk

Goodbye to security by obscurity

The harsh reality is that many companies are unaware of the nature and extent of unauthorized information that is leaving their environment both electronically and ...


SC Magazine CSO of the year

The Washington Post Co.'s Stacey Halota blends technical savvy with business acumen, Illena Armstrong reports.

Data leakage prevention: Reducing risk

Even with a sour economy, the data leakage prevention market is projected to grow by 50 to 75 percent this year, reports Brian Hook.

SME security: Sizable differences

Whether you are a mom-and-pop shop or a global corporation, protecting data is a concern, reports Angela Moscaritolo.

Product Reviews

Application Security DbProtect

Application Security’s DbProtect is an enterprise-class database security, risk and compliance suite. It combines discovery, vulnerability scanning, real-time activity monitoring, auditing and intrusion detection to ...

Auditor Assuria

The Assuria Auditor is a security and compliance scanner for enterprise servers.

Core Security Technologies Core Impact Pro 8

One of our favorite tools is back this year and it’s better than ever. Core Impact Pro 8 is the ultimate tool in vulnerability assessment ...

Cenzic Hailstorm ARC

Cenzic Hailstorm ARC is a web application vulnerability scanner. This product can scan websites and web applications in the enterprise to see how vulnerable they ...

eEye Digital Security Retina

Retina Network Security Scanner provides multi-platform vulnerability management.

GFI LANguard

GFI LANguard provides a vulnerability assessment engine able to discover more than 15,000 vulnerabilities, including Microsoft missing patches in various languages.

McAfee Vulnerability Manager

The McAfee Vulnerability Manager is a full-featured, comprehensive network vulnerability scanner and network auditing tool.

netVigilance SecureScout NX

The netVigilance SecureScout NX is a network vulnerability scanning tool that at first glance looks like a scanning tool from times past.

N-Stalker Web Application Security Scanner

The N-Stalker Web Application Security Scanner assesses a web application against a wide range of vulnerabilities, including the application layer and infrastructure layer.

Ounce Labs Ounce 6

Ounce 6 provides static source code security analysis. It will analyze any application written in C/C++, Java/JSP, .NET (C#, VB .NET, ASP.NET), Classic ASP (VBScript, ...

Saint Saint Suite

The SAINT scanner and penetration testing software is just what it says it is.

Sunbelt Software Network Security Inspector

The Network Security Inspector from Sunbelt Software is a network vulnerability scanner using a database of over 4,000 ranked multiplatform vulnerabilities.

Paraben Device Seizure

The variety of mobile devices we use grows almost daily. Paraben’s Device Seizure provides a quick and easy way to obtain evidence from a wide ...

Technology Pathways ProDiscover IR v5.5

A previous favorite returns once again in the over-the-network forensics category.

Cyber Security Technologies OnLine Digital Forensic Suite

The Online Digital Forensic Suite (OnlineDFS) provides a centralized method for investigators to collect a wide variety of data from a suspect machine over the ...

HBGary Responder Field Edition

This product is valuable to both incident response as well as forensics on obstinate malware, with several features particularly useful for each.


Where a normal search engine would let you search the web, Splunk is advertised as a software solution that indexes and searches all information in ...

Prism Microsystems EventTracker

EventTracker is a robust security information and event log management (SIEM) tool that has a lot of useful features.

LogLogic MX 2010

The MX 2010 provides a wide range of features. Aside from the expected log aggregating, LogLogic also provides very intuitive ways to manage a network.

LogRhythm LR-1000-XM

The LogRhythm LR-1000-XM system is a power log aggregation tool available in hardware and software platforms, although the appliance is the most common deployment and ...

Mandiant Intelligent Response v1.2

Mandiant Intelligent Response (MIR) is a bit of an odd duck and a most welcome one for incident responders and investigators.

First Look

Another unified security gateway? Not quite.

Unified security gateway is a term we are hearing with increasing frequency. Some products that have traditionally referred to themselves as UTMs – unified threat ...

Last Word

Addressing cyber complexity: An operational fraud program

As cyberterrorist exploits evolve, fraudulent schemes become more complex, says Rich Baich, principal, and William Anderson II, manager, security & privacy group, Deloitte & Touche.



We're always happy to hear from you, our readers. Please send your comments, praise or criticisms to We reserve the right to edit letters.


Sign up to our newsletters