Non-Profits

Scaled down, armored up: Small and midsized business protection

By

For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.

MS-ISAC unveils new cyber command center

By

A cybersecurity operations center has launched as part of the Multi-State Information Sharing and Analysis Center (MS-ISAC), a nonprofit whose mission is to facilitate threat collaboration among state and local governments. The new center will conduct real-time networking monitoring, allowing for the round-the-clock release of threat warnings and vulnerability information, as well as general outreach and education. The goal is to "provide direct managed and monitored security services to a greater number of" state, local, territorial and tribal governments, according to a news release issued last week. - DK

Nonprofit releases new security guidance

By

The Information Systems Audit and Control Association (ISACA), a nonprofit association of information security, assurance and IT governance professionals, on Wednesday issued a new guidance document outlining a business model for information security. The document is the result of two years of research and expert review and is intended to provide a blueprint to align security projects with business strategy, said Rolf von Roessing, international vice president of ISACA. The technology-neutral model addresses various aspects of IT and privacy and is applicable across industries, countries and regulatory and legal systems. ISACA members can receive the full document for free and nonmembers can receive an introductory guide at no cost. — AM

Judgment against Spamhaus sees major reduction

By

A U.S. District Court judge has slashed the amount of damages being awarded to a former marketing services firm that claimed it was defamed and lost customers when an anti-spam organization listed the company has a purveyor of unwanted email. e360 originally won an $11.7 million judgment against U.K.-based Spamhaus. After failing to initially even recognize the case, Spamhaus appealed, and a judge ruled that the case required a further look. Last week, Judge Charles Kocoras of the Eastern District of Illinois reduced the award to $27,000. Spamhaus operates a blocklist to which many internet service providers subscribe. — DK

New fraud service serves as repository for stolen data

By

Microsoft has joined forces with the National Cyber Forensics Training Alliance (NCFTA) to launch a portal designed to immediately alert companies if credentials or credit card numbers belonging to their customers or employees have been discovered online.

Group urges Congress to pass privacy laws

By

Lawmakers expect to consider privacy laws when they return from summer recess.

Malicous attacks increase

By

The number of breaches caused by insider malfeasance or hacker attacks is creeping upward, according to the nonprofit Identity Theft Resource Center. The organization said Tuesday that 18.5 percent of 250 breaches reported to the center so far this year were related to insider theft, compared to 15 percent last year and six percent in 2007. Similarly, the number of incidents caused by hackers rose to 18 percent this year, compared to 12 percent in 2008 and 14 percent in 2007. Combined, the two categories represent a 10 percent hike over last year. - DK

Survey finds hiring hurdles

By

Despite there being a surplus of available security professionals due to the down economy, 80 percent of hiring managers are having a tough time finding the right person, said a survey released Wednesday by accreditation provider (ISC)2. Respondents blamed the difficulty on a lack of desired skills, lack of available recruits within a certain area and salary demands that could not be met due to tight budgets. But the survey also found that 62 percent of respondents don't expect future budget cuts this year. — DK

Nonprofit releases security configuration standards for iPhone

By

Organizations issuing iPhones to their employers can now apply security configuration best practices, which were introduced this week by the Center for Internet Security.

Cloud security group launches

By

The nonprofit Cloud Security Alliance, aimed at promoting best practices for securing cloud computing infrastructures, has launched. The group, to be officially announced later this month at the RSA Conference in San Francisco, plans to then unveil its first white paper, which will offer advice for cloud computing users and providers. The organization is made up of experts in the areas of governance, law, network and application security, audit, storage, cryptography, virtualization, risk management, among others. — DK

WIPO: Cybersquatting hits record, agency fears worse to come

By

Already at a record high, the number of cybersquatting cases is expected to get a lot worse when ICANN introduces new domain name extensions later this year.

IT-GRC: Agiliance

IT-GRC: Agiliance

By

And so we reach the end of this year's batch of innovators. But, as we look at this subcategory, we find that it wraps the whole shebang into a neat package, defining what needs to be done to secure the enterprise (and prove it) and why.

Policy management: LanDesk (Avocent)

Policy management: LanDesk (Avocent)

By

All of us old-timers remember LanDesk from its days as part of Intel. It always was a solid suite of products. Now that it is part of Avocent, its promise as a hybrid of network and security policy management is being realized. The notion of managing the desktop and evolving that into security policy management makes a lot of sense.

Content management: Finjan

Content management: Finjan

By

The views of the visionary I spoke with from this veteran anti-malware company took the conversation in directions I had not expected. He started out by asking, "Why, if I have done everything I can to secure my enterprise, is my data still being compromised?"

Data leakage/extrusion prevention: Trend Micro

Data leakage/extrusion prevention: Trend Micro

By

I don't recall the first time I heard the term "extrusion prevention system." It was, I think, an effort on the part of some marketer to tie the notion of preventing data from unauthorized exit (extrusion) from the enterprise to the notion of unauthorized entry (intrusion). Very clever.

Encryption: PGP

Encryption: PGP

By

No matter how much things change, they stay the same. As I have pointed out, there have been massive changes in security drivers over the past 12 months. The changes have generated a new set of challenges, but, even though our encryption innovator has done a first-rate job of addressing them over the past year, the new issues are generating a sort of déjà vu picture of the encryption market.

Email security: Tumbleweed Communications (Axway)

Email security: Tumbleweed Communications (Axway)

By

The big question I had for Tumbleweed was, "What is email security?" Over the past two years, as we have passed products through SC Labs, I have noticed that the vendor public relations folks who we talk to seem to have a hard time differentiating between the many aspects of threats associated with email.

Wireless Security: AirMagnet

Wireless Security: AirMagnet

By

Wireless, is it? Everything is going wireless - well almost everything. That, in itself, poses a challenge for a wireless security company, such as this innovator. It also offers big opportunities and AirMagnet has identified and addressed them.

IPS: Top Layer Security

IPS: Top Layer Security

By

If you thought the UTM market was crowded, take a look at the intrusion prevention systems (IPS) market. We bluntly asked our innovator in this product space why they thought that they were innovators in such a commoditized market. The answer was immediate and unambiguous: "When a product category becomes mainstream, there are big opportunities, but you must innovate to take advantage of them."

UTM: Global DataGuard

UTM: Global DataGuard

By

Sometimes a different approach is needed. The notion of the UTM was developed from the need to consolidate point solutions. There are a lot of problems, of course. They cost more to buy and manage, they use more power and they need a sophisticated staff to manage them.

Forensic tools: Mandiant

Forensic tools: Mandiant

By

Sometimes you run across a company that just deserves to be selected as an innova­tor. You look them over and won­der why you didn't pick up on them before. Mandiant is one of those companies. There is a reason, of course. Mandiant started as a services company providing forensics, litigation support and incident response. So if you were in the product purchasing mood, you would not have run across these folks.

SIEM: ArcSight

SIEM: ArcSight

By

ArcSight gets a lot of play among security experts in the security event management (SEM)/security information manager (SIM) game.

Threat analysis: NitroSecurity

Threat analysis: NitroSecurity

By

How do you differentiate a product that keeps getting mixed up with a commod­itized market, but really doesn't belong there? What differentiators do you look for that can keep you from being included in a herd where you don't belong?

Penetration testing: Core Security

Penetration testing: Core Security

By

I just love these folks. Take the best open source pen testing tool you can think of, put it on steroids, give it a user interface that makes it simple and fast to pen test in a production environ­ment without losing the granularity of manual testing if you need it, and you have Core Impact. Well, almost. Every year I say that I am going to find a better tool, and I actually do comb the market -- unsuccessfully.

Vulnerability analysis: Mu Dynamics

Vulnerability analysis: Mu Dynamics

By

When your price starts at $50,000 and you are unique in your marketplace, you'd better have a good product. For Mu Dynamics, that is just where the story starts. When I first met the Mu folks, they were Mu Security. A new name later, they still are the innovators they were a couple of years ago. My conversation with a Mu visionary was an eye-opener.

Access magagement: AppGate Network Security

Access magagement: AppGate Network Security

By

This Swedish company will, I predict, set the benchmark here in the United States for how access to applications should be controlled. AppGate has helped shape the direction of network infrastructure security in Europe for some years, and now this innovator is bringing its unique thoughts to the States.

Multifactor authentication:TriCipher

Multifactor authentication:TriCipher

By

What sets these guys apart from the multifactor herd? In a word, vision. From the start, TriCipher has had the vision of evolving into a full identity management provider. That is a pretty heady ambition for a developer of multifactor authentication tools. So how does this innovator plan to make the trip from providing a piece of the puzzle to offering the whole thing, already assembled, framed and hung on the wall?

Identity management: Fischer International

Identity management: Fischer International

By

Start with the recognition that identity management is just too hard to do, cre­ate a solution for that problem and then morph it into a successful service and you have the recipe for a real innovator.

Credential management: Passlogix

Credential management: Passlogix

By

Here is another vendor that we see a lot of in our labs. Passlogix knows who it is and concentrates on doing what it does as well as it can be done. And what they do is credential management.

NAC: Bradford Networks

NAC: Bradford Networks

By

Bradford Networks is no stranger to these pages. An innovator from last year, Bradford has been reviewed a num­ber of times over the years, always doing well. This year we asked them how well their crystal ball last year worked as 2008 unfolded.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US