September 2011 Issue of SCMagazine
Transparency after a breach does more than save face.
FBI nabs PayPal hackers, report from Black Hat, announcements from Facebook and Cloud Security Alliance, plus more
Company news: Malwarebytes acquired hpHosts, Good Technology named Nicko van Someren CTO, and other news
This month's personnel announcements, launches and merger and acquisition activity.
Threat of the month
Perimeter exploit exposure
2 minutes on
Spam levels dropped last year by nearly a third, but owing to new strategies spammers are making more money than ever before.
Cybercriminal activity across the globe, plus a roundup of security-related news.
Skills in Demand
Organizations are building their technical assurance teams.
Me and my job
Advancing companies' awareness of cyber risks and effective, enterprise-wide approaches to managing these risks.
Two security experts duke it out over whether organizations should invest in user awareness training.
Suddenly, corporations can no longer ignore next-generation smartphones and tablets.
Stuxnet demonstrated that even isolated physical networks could be hacked.
We need to do a far better job of demonstrating that the infrastructure and services we are putting into the cloud are superior to what ...
A Maryland real estate company streamlined its operations by moving email and other operations to the cloud, But that wasn't the only benefit: The migration ...
Following a major breach this year, Lockheed Martin CISO Chandra McMahon explains how a quick and calculated reaction helped stave off a disaster. What are ...
Today's flurry of cybercrimes rely on an array of motivations, techniques and technologies, making the job of an investigator to track down the offender that ...
A sound approach to identification and authentication is an elementary building block to security policy within most any organization, but management of these disciplines face ...
The perimeter is a distant memory of what it once was, considering the influx of third-party workers combined with new technologies, such as cloud and ...
This month we explore tools to help us wrangle our users and separate them from the herd of bad guys trying to enter our enterprise ...
Group Test 1
Veri-NAC is a hardware appliance solution that controls access to the network for any device that may be seeking an IP address.
ForeScout CounterACT is a hardware appliance which works out-of-band on the network to control access for endpoint devices.
McAfee’s NAC solution is actually three components that work together: McAfee NAC Appliance, NAC software and NAC module for Network Security Platform.
Sophos NAC Advanced is a software NAC solution typically deployed on dedicated Windows 2003/2008 environments using Microsoft SQL 2005/2008.
Trustwave NAC is a hardware solution comprised of a management console and sensors, which are deployed throughout the network for distributed capabilities.
Group Test 2
The Avatier Identity Management Suite is a solid, full-scale, user lifecycle management tool.
The Centrify Suite provides administrators a way to integrate UNIX, Linux and Mac OS X users into the already existing Active Directory structure for seamless ...
Unify from Ensim provides a full-scale user provisioning and account management platform that can plug into several user platforms throughout the enterprise for easy centralized ...
Access Management is a piece of Evidian’s larger Identity and Access Management Suite.
Fischer Identity is an all-in-one user account provisioning and management tool that can plug into almost any authentication platform throughout the enterprise.
The Identity Manager from Hitachi ID Systems is part of the Hitachi ID Management Suite.
Novell Identity Manager by NetIQ provides comprehensive account management across enterprise systems, including physical, virtual and cloud-based environments.
Quest One Identity provides administrators with a way to manage and unify accounts throughout the enterprise.
Tools designed particularly for network forensics have some important capabilities not shared by tools whose job is solely to alert on a policy violation.
The time is ripe for open dialogue around teaching trust, says RSA Conference's Hugh Thompson.