Deception and the art of cyber security

To thrwart web attackers, organizations must think like a criminal and turn to tricks that will stop attackers in their tracks -- or even make them believe that they are succeeding.

Forensic incident response to the fore

We've recently been witnessing tremendous change in perspective when it comes to IT security and the shroud of embarrassment associated with breaches has been lifting.

The blueprint for secure BYOD

Bring-your-own-device (BYOD) quickly made the jump from industry trend to business imperative, and organizations are now feeling the pressure to open their networks to employee-owned devices.

Building your security policy

LANDesk's Devin Anderson offers five vital strategies you need to know to fend off attacks and safeguard your organization.

Risk: Security's new compliance

Increased threat levels will lead to a budget realignment toward security.

Security vendors can no longer ignore patch management

While AV software derails a lot of potentially harmful attacks, it is only one component of a comprehensive security solution.

Lessons on insider threats

Every company in every part of the world is subject to some level of insider threat.

Best practices to secure the mobile enterprise

The threats associated with mobile devices can come in many forms, so there are a number of best practices one can put in place to thwart potentially disastrous consequences.

A closer look at two of today's top security threats

Hackers and computer criminals have shown an ongoing ability to stay one step ahead of the security professional, but there are strategies and tools to help thwart their efforts.

Solving the hardest problems in enterprise data security

Companies targeted by APT will need to upgrade their defenses strategy to include multiple, integrated layers of extremely sensitive anomaly detection and mitigation.

Bridging the cloud security gap

Cloud platforms' high level of security allows enterprises to focus on the finer points of data security.

Best practices for securing your virtualized data center

The virtual environment is very different from the "physical" data center where networks, servers and applications can be easily secured and monitored.

Offering security services benefits cloud deployments

Nobody would leave their car unlocked in a public parking why is it so many are leaving the servers unlocked in the cloud?

Evolution of online attacks mirrors the history of advertising

Similarities continue as we see more targeted, personalized attacks

The SC Awards Blog opens, and our Social Media Awards are ready for nominations

Welcome to the SC Awards Finalist Blog, where the contenders for an SC Magazine U.S. 2012 Award will offer advice on how to defend against modern-day threats.

2011 SC Social Media Awards: Finalists named

Cast your ballots today for the most influential security pros on the social web.

Cloud computing brings a chance of showers

Monitoring those with access to virtual machines running in the cloud is an important step to successful deployment.

Overcoming the next generation of threat vectors

Businesses need a holistic and integrated approach to security that focuses on moving from threat detection to prevention

Protecting the network from inside the firewall

Today's security appliances do a great job patrolling the network perimeter, but what do you do when the threat is coming from inside the building?

Ready for 2011? Five questions for CISOs

Welcome to the SC Awards Blog

Stop by to gain the latest insight on what your peers are doing to succeed in today's security landscape. Also, nominations are now open for our 2011 SC Magazine Social Media Awards.

Firewall revolution or evolution?

Firewalls are again becoming talk of the town. There are an enormous amount of opinions including claims of a recent firewall revolution that have been proposed to completely change the firewall landscape. I will be the first to admit that the features and capabilities offered in today's firewall products are not the same as was offered in their original incarnation. But then again, traffic patterns and applications are not the same as they were when firewalls first hit the market.

How IT can win the security battle

Why intrusion prevention systems fail to protect web applications

There is overwhelming evidence in reports such as the SANS Top Cyber Security Risks and the Verizon Data Breach Investigation Report that web applications are the Achilles' heel of most networks and criminals know it. In order to protect web applications, the network security paradigm has to shift from "Keep People Out" to "What Are They Doing?" and the IT infrastructure spending needs to follow suit.

Is increased government regulation the answer to increased privacy protection?

Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.

Security vision for the smarter planet

Over a year ago, IBM began a global conversation about how the planet is becoming smarter with an increasingly instrumented, interconnected and intelligent infrastructure. There is an explosive growth of data that is collected about virtually every aspect of our lives that we can connect and share across billions of devices with built-in intelligence. Our ability to use this data to visualize, control and automate what happens in our environment influences every aspect of our lives from financial transactions, to healthcare, retail, transportation, communications, government and utilities.

ITIL + IT-GRC = mass * velocity

In the world of acronyms, information technologists seem to lag behind only government agencies in their ability to create jargon and abbreviations of cryptic concepts. IT-GRC is one member of the IT lingo club. The Information Technology Infrastructure Library, or ITIL, is a fellow acronym gaining more acceptance and popularity within the IT industry. ITIL provides a common framework to formalize a service-oriented management approach within IT and improve interaction between IT and the business.

2010 SC Awards Announces New Blogger Award Categories - Nominate Today!

With the SC Magazine Awards Blog, we're attempting to add thought-provoking subject matter from industry leaders on a wide variety of topics and issues facing the security industry today. Hopefully, these blog posts are providing you additional value and insight into the state of the industry and a forward-looking forum on the challenges we are likely to see in the future.

Finding solutions for the problem of consumerization.

Consumerization is the use of consumer targeted technology in the work environment. While it may not yet have reached fever pitch, there is a steady and growing awareness of the risks of a new trend in business computing: consumerization.

Change is constant - so is compliance

Organizations must reconsider how they respond to compliance requirements.

Peeling the onion layer on the web security inertia

Organizations must overcome the "myths" and "inhibitors" around securing web applications.

The Achilles Heel in IT security

Deploying an effective endpoint security strategy is essential in a business environment with growing numbers of telecommuters.

Preparing for the unknown unknowns

Let's face it: Breaches are going to happen. As a result, detection and incident response may actually be more important than prevention.

Why we need hackers

The stigma attached to the term "hacker" needs to be dropped if computer security advancements are to be made.

Visibility, speed, efficiency and the new dynamics of IT security

Gaining visibility and eliminating latencies while maintaining effective systems and security management can help close off the possibility of a devastating data breach.

How remote access can bridge the gap

Whether it's a bridge closure or a catastrophic flu outbreak, remote access capabilities can help businesses stay afloat during difficult times.

Welcome to the 2010 SC Awards blog

Each year, SC Magazine celebrates the best and brightest leaders of the IT Security industry with the SC Awards. Award finalists have been recognized by the security community for the work they do every day in the trenches to help fight the battle for a more secure enterprise.

Deconstructing the latest security threat

Michael F. Angelo, chief security architect, NetIQ

It's clear that what we've been doing to ensure security has yet to bear its full fruit...

Recession busting: Using logs to beef up IT security

Pat Sueltz, CEO of LogLogic

As the recession continues, cybercrime and data breaches are on the rise—particularly from disgruntled, laid-off employees. According to a...

The groove theory, part 2: The essence of the GRC groove

Steve Schlarman, IT GRC product ,anager, Archer Technologies

In a previous blog entry, I explored, through an admittedly strange analogy, the connection of GRC...

Secure your company in a down economy

David Ting, CTO, Imprivata

With the story of the laid-off Fannie Mae employee trying to destroy company servers still fresh in our minds, I...

2009: The year for virtual security

Tom Ashoff, vice president of engineering, Sourcefire
2007 was a breakout year for virtualization, when companies discovered the economic and organizational benefits in building...

Best practices for preventing insider threats in a down economy

Hugh Njemanze, CISSP, founder, CTO and executive vice president of research and development, ArcSight

IT administrators, network managers and just about everyone else in...

Why investigation management is ready for prime time

Tom Spadafore, CEO, VANTOS

More than ever, businesses around the globe are experiencing a rising volume of insider and outsider fraud and misconduct. Some...

Should the federal government go open source?

Recently, a group of open-source executives wrote an open letter to President Obama, requesting that he "make the use of open source software a...

The security-business disconnect

Kent Anderson, CISM, managing director, Encurve, LLC and member of ISACA’s Security Management Committee

In a recent ISACA survey on the top business and...

The Groove Theory Part 1: Defining GRC? Fogetaboutit!

Steve Schlarman, IT GRC product manager, Archer Technologies

Rocco Prestia, the bass player for the funk band Tower of Power, was once asked to...

Protect your business reputation

Stephen Pao, vice president of product management, Barracuda Networks

Nearly 75 percent of internet vulnerabilities occur at the application layer, and for most companies...

Thoughts on Cloud Computing and SaaS

Sam Masiello, VP of information technology, MX Logic 

Frequently when there is a new, hot buzzword, developers and organizations that want to be on...

Securing disruptive technology with proven best practices

Michael F. Angelo, chief security architect, NetIQ

Success in today’s world is often predicated on the ability to improve/expand/grow business with the adoption of...

Gone is the era of yes/no questions

Ian Amit, director of security research, Aladdin Knowledge Systems

It used to be easy to be in the security industry. All you had to...

Navigating New Data Security Mandates

Malte Pollmann, chief product officer, Utimaco

Following the 2007 data breach at retailer TJX , the recent breach at Heartland Payment Systems, and a...

Security budgets

Caleb Sima, CTO, Applications Security Center (and former co-founder and CTO of SPI Dynamics)

All organizations are affected by the economy’s ups and downs,...

Next generation access management

Amit Jasuja, VP Product Development, Oracle

In the first incarnation of access management solutions, we put up walls around the perimeter and allowed people...

GRC: In 2009 it’s less about compliance and more about risk

Sara Gates, chief strategy officer, Agiliance

In the wake of 2008’s historic crash of Wall Street and unprecedented economic woes, the New Year brings...

The age of heuristics

Anton Zajac, CEO, ESET, LLC

The security threats we face today are rapidly increasing in volume and complexity. The lone attacker is the exception...

No phishing allowed

Chen Arbel, vice president of strategic development, Aladdin Knowledge Systems

Strong authentication protects online banks and enterprises from identity theft and other data attacks

There is nothing technically wrong with PCI

Ron Gula, CEO and co-founder, Tenable Network Security

During the past year, there have been several high-profile companies that have suffered data breaches who...

Q&A with Bobby Dominguez

Bobby Dominguez, director, Security & Compliance, Catalina Marketing Corporation

1. What has been the biggest change in security that you’ve seen in the last...

The SC Magazine Awards Blog

Awards season is upon us! I’d like to welcome all our readers back to the SC Magazine Awards Blog, which is now live again as...

RSA wrapup: The good and the creepy

Deb Radcliff filed this RSA wrapup.

Everyone’s always asking those of us from the trade press about trends we see at RSA.

Some will tell you RSA...

From RSA: Press locked out of Al Gore's keynote

The press has been locked out of RSA's Friday keynote by Al Gore, and the registrar says it was at Mr. Gore's request. That's gonna...

Mapping IT security to the business and the business to IT Security

Patrick J Conte, CEO, Agiliance

The need to map security to the business has been an ongoing topic of conversation for quite some...

Targeted trojans proliferating

Mark Sunner, chief security analyst, MessageLabs --
As categories of malware go, targeted trojans occupy the sharp end of malicious activity.

The mainstream viruses...

Notes from a security roundtable

Chris Wysopal, CTO and co-founder, Veracode --
I recently led a roundtable event in New York and Washington, D.C., entitled “5 Trends Shaping Software Security.”...

The Access Lifeline

Kurt Roemer, chief security strategist, Citrix --
SSL/VPN continues to be the technology lifeline of remote workers who require access to rich applications and data...

Live hash "recipe"

Chet Hosmer, chief scientist, WetStone Tecnologies, Inc. --
Autonomous hashing and live discovery technologies are advancing rapidly and provide value and expediency for forensic investigators....

Internet climate control?

Scott Chasin, chief technology officer, MX Logic --

For years now we have faced the deluge of spam and other digital pollutants clogging...

Monitor the “high-hanging fruit”

Hugh Njemanze, founder and CTO, ArcSight --

Traditional security monitoring strategies have focused on the “low-hanging fruit” of the perimeter.


DAM: Heart of security

Ron Ben-Natan, CTO, Guardium --
The most valuable resource managed by IT is an organization’s data, and data security has become the number one issue...

Web 2.0: A "Perfect Storm?”

Roger Thornton, Founder/CTO, Fortify Software --
Web 2.0 technologies are spawning an explosive growth in client-side processing (Ajax/Flex), distribution of executable content (JSON), and the...

Web 2.0 needs Security 2.0

Tom Kendra, Group President, Symantec Corp. --
While increased internet connectivity has fundamentally changed the way we do business, it also has introduced new security...

Shedding light on the shadow economy

Maksym Schipka, Senior Architect, MessageLabs --

I have been spending a lot of time recently exploring the criminal underworld. The shadow internet economy is...


Sign up to our newsletters