April 2014 Issue of SCMagazine

April 2014 Issue of SCMagazine

This month's issue includes our cover story on the next steps in authentication, plus features on botnets, a mobile case study and our annual "Global Data Breach" survey to give insight on the state of information security.


Can good come from bad news?

Despite the bullishness around information security planning and budgeting seen in the results of our survey, we're still seeing breaches like those experienced by Target


Company news: McAfee's new CTO and Bit9's recent merger

This month's company news features a new CTO at McAfee, Bit9 merging with Carbon Black, and a partnership between Qualys and AlgoSec.

News briefs: Revelations at RSA Conference, zero-day fixes and more security news

This month's news briefs includ revelations at the RSA Conference 2014 in San Francisco, new malware, zero-day fixes and more security news.

Debate: Should Edward Snowden be granted amnesty?

In this month's debate, experts discuss whether whistleblower Edward Snowden should be granted amnesty.

Threat of the month

Threat of the month: Linksys router zero-day

This month's vulnerability is currently being exploited by a worm known as "TheMoon."

2 minutes on

Privacy: Who cares?

Following the recent headline-making breaches at Target and Neiman Marcus, as well as the secrets exposed by Edward Snowden, the question is: Who cares?

Skills in Demand

Skills in demand: Cloud security architects

Organizations are in search of qualified cloud security architects to assist with migrating the business to the cloud.

Me and my job

Me and my job: James Hill senior security architect, Consolidated Data Services

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.


Data archiving benefits

Many CIOs are still unsure what role governance should play in their data archiving strategy.

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and ...

The more things change...

SIEMs today are powerful beasts and they are necessary - if not always sufficient - for the protection of your enterprise.

CSO's desk

Strengthen links in the supply chain

Watching highly publicized supply-chain disasters unfold, we shake our heads in disbelief - but what supply chain risks are you taking today that would be ...


The zombie's bite: Avoiding a botnet

Some advice from pros for keeping your infrastructure out of the snares of a botnet. Alan Earls reports.

Million-dollar password: New authentication strategies

"Smart identification" is just one strategy seeking to replace passwords, says Google's Eric Sachs. Karen Epper Hoffman reports.

Network Rx: Health care security

With the addition of 15,000 mobile devices accessing its network, a medical center found assurance - and met compliance mandates, reports Greg Masters.

Bad reputation: Annual guarding against a data breach survey

Will recent high-profile cyber attacks spur stronger security and improved risk management? The consensus from our data breach survey indicates: Yes, reports Teri Robinson.

Know your friends: Partnering with the right allies

Choosing the right allies to ensure security requirements is a challenge for businesses both large and small, reports James Hale.

Group Test 1

AlienVault Unified Security Management v4.4

AlienVault’s Unified Security Management product is an excellent introductory SIEM appliance.

BlackStratus LOG Storm v4.3.0.86

LOG Storm from BlackStratus combines log management and correlation systems with real-time monitoring and an integrated incident response system all on one easy-to-deploy and use ...

CorreLog Server v5.4.0

System administrators looking to extend their logging capabilities, or security professionals needing to gain deeper insights into their computing environments, might start their search with ...

EiQ Networks SecureVue v3.6.6

SecureVue from EiQ Networks provides log gathering, correlation and analysis services for numerous operating systems, network and security devices, combining these services into a solid ...

EventTracker Enterprise v7.5

This feature-rich tool is designed to meet the needs of organizations of all sizes. It hits all the marks for an enterprise SIEM.

HP ArcSight ESM v6.5c

HP’s ArcSight ESM is a mature product that collects events from virtually any source.

LogRhythm v6.2

Combining SIEM, log management, file integrity monitoring and analytics with powerful forensic tools, LogRhythm v6.2 offers security professionals a powerful monitoring and auditing platform to ...

McAfee Enterprise Security Manager v9.3.2

Enterprise Security Manager from McAfee is a truly enterprise-grade SIEM. Able to process thousands of events per second and store billions of events and flows, ...

NetIQ Sentinel v7.1

NetIQ’s SIEM helps to quickly identify and respond to threats and to simplify management and compliance reporting. It delivers scalable log collection, aggregation, correlation, and ...

SolarWinds Log & Event Manager v5.7

The SolarWinds Log & Event Manager (LEM) offers a quality set of log management, event correlation, search and reporting facilities.

First Look

Covering all the SAP bases

X1 is an agentless SAP auditing tool that is able to map out entire SAP landscapes and display any insecure configurations on the individual elements ...

Last Word

Changing the business culture

Recent breaches prompt a new emphasis on education and corporate culture, says Allegis Capital's Bob Ackerman.