October 2013 Issue of SCMagazine

October 2013 Issue of SCMagazine

This month’s issue includes features on how targeted cyber attacks can compromise medical devices and the growing scourge of the insider threat.


Encryption and explication

Still more revelations about National Security Agency (NSA) operations and practices that intrude on U.S. citizens' privacy and seemingly make a mockery of Constitutional rights ...


News briefs: The latest on major DDoS and phishing attacks, and more

This month's new briefs include insight on the PCI Security Standards Council, DDoS attacks aimed at financial institutions, and more.

Company news: New hires at Narus, Zscaler, and more

This month's company news features new hires at Narus, Zscaler, and the Advanced Cyber Security Center, as well as new funding secured by HyTrust.

Threat of the month

Threat of the month: Java exploits

October's threat of the month allows for remote code execution vulnerabilities to affect Java prior to version 7 Update 25.

2 minutes on

Are SMBs blindly spending on security solutions?

As the threat landscape continually evolves, security professionals at SMBs are up to the challenge, but more often than not may be blindly spending when ...

Skills in Demand

Skills in demand: Security analytics specialists

As organizations collect increasing amounts of data related to security and IT risk, the demand for security analytics specialists is high.

Me and my job

Me and my job: Gregory Gong, managing partner, Wall Street IT Management

This month we asked Gregory Gong, managing partner, Wall Street IT Management, about his job.


Debate: The Computer Fraud and Abuse Act is out of date

In this month's debate, experts discuss whether the Computer Fraud and Abuse Act is out of date, and if punishments are disproportionate to offenses.


Survival in the shadows

Targeted malware attacks are growing in number, sophistication and severity in the potential damage they can inflict on victims.

Appreciate your log data

By mining log data and managing it proactively - instead of ignoring it until something goes wrong - organizations can mitigate risk, ensure service availability ...

CSO's desk

Toeing the line...across sectors

A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.


Case study: Class cloud - Rochester School Department and Dell

A school district in New Hampshire needed to enable its students and faculty to use mobile devices wirelessly, while retaining security and performance control over ...

Keeping every body safe: Medical devices

Criminals leverage medical devices for targeted attacks, says Dale Nordenberg of the Medical Device Innovation, Safety and Security Consortium. Karen Epper Hoffman reports.

Full-court press: The defensive approach to security

With the barrage of attacks only growing, today's enterprise must face reality with a variety of defenses, reports James Hale.

Danger within: The inside threat

Every business faces the possibility of external attacks, but another potential threat is on the premises, reports Dan Raywood.

Safe passage: Software development

Obstacles still remain before companies can safeguard assets in the cloud, but software advances are helping, reports David Cotriss.

Product opener

Access control has many dimensions

This month we will look into three more. Identity management and network access control (NAC) are fairly obvious, while data leakage prevention (DLP) is, perhaps, ...

Group Test 1

Avatier Identity Management Suite (AIMS) v9

AIMS provides a complete set of identity management (IdM), network access control (NAC) and data leakage prevention (DLP) features.

Bradford Networks Network Sentry v6.1

Network Sentry monitors edge connections to a network and provisions the appropriate level of network access based on role-based security policies.

Centrify Suite 2013.2 Platinum Edition

By leveraging an existing infrastructure enterprise, Centrify Suite 2013.2 Platinum Edition provides central control and securing and auditing of user access through cross-platform systems, mobile ...

Code Green Networks TrueDLP v8.1

TrueDLP is delivered via Code Green Networks’ Content Inspection (CI) Appliances.

Fischer International Identity Fischer Identity v5.2

The Fischer International Identity solution is a set of high-availability Java applications for SaaS (software-as-a-service) and on-premise, running on open source or commercial off-the-shelf (COTS) ...

ForeScout CounterACT v7.0

ForeScout CounterACT offers an enterprise-class NAC platform that assures network access based on real-time endpoint classification configuration assessment, user and endpoint compliance policy and automated ...

Hitachi ID Management Suite v8.2.1

The Hitachi ID Management Suite v8.2.1 contains several identity management components that are well integrated to form a fairly comprehensive suite.

Lieberman Software Enterprise Random Password Manager v4.83.6

The Enterprise Random Password Manager (ERPM) from Lieberman Software is more than just a random password generator.

NetIQ Identity Manager v4.0.2

Identity Manager from NetIQ provides tools for managing the entire user identity lifecycle – from on-boarding through deletion and everything in-between.

Pleasant Solutions Pleasant Password Server v4.1.7

The Pleasant Password Server from Pleasant Solutions provides a way to add central management capabilities to the KeePass Password Safe, a free, open source password ...

StillSecure Safe Access v6.1

Safe Access from StillSecure is a feature-rich network access control appliance that can detect and monitor many types of endpoints throughout the network and ensure ...

First Look

EndaceProbe: High-speed packet recording for security monitoring

The EndaceProbe is a purpose-built enterprise-grade tool.

Last Word

One cloud does not fit all

Cloud providers must be evaluated before moving operations, says the DTCC's Mark Clancy.


Sign up to our newsletters