February 2013 Issue of SCMagazine

February 2013 Issue of SCMagazine


Of crime and punishment

I was dismayed and disturbed by the suicide of Aaron Swartz, which only added to well-rooted revulsion for the relentlessness of legal actions against him.


News briefs: The latest breaches, malware and hacktivist activities

This month's news briefs include bits on Android, spammers, breach penalties, crime networks, hacktivism and more.

Company news: Big additions to teams at Lancope, SafeNet, and more

The latest personnel announcements and M&A activity from the likes of Lancope, SafeNet, BeyondTrust, Blue Coat Systems and more.

Threat of the month

Threat of the month: IE exploits

IE exploits, a zero-day vulnerability that affects various Internet Explorer versions, are February's "Threat of the month."

2 minutes on

A new cottage industry: Cyber security lobbying

Over the next two years, cyber security will join the shortlist of hot-button agenda items set for debate and discussion in Congress.

Skills in Demand

Skills in demand: Automation systems professionals

The increase of systems automation and monitoring within manufacturing companies has led to increased demand for certified automation systems professionals.

Me and my job

Me and my job: Mike Lang, University of Connecticut

This month's "Me and my job" features the University of Connecticut's senior network technician, Mike Lang.


Debate: Hacktivist group Anonymous will take a backseat to extremist groups in 2013

This month's debate covers Hacktivist group Anonymous. Will they take a backseat to more extremist groups in 2013?


Big Data can fight malware

The ever-changing nature of malware generates anomalous network behavior that can be detected by leveraging large corpuses of data collected from multiple observation points.

Are you ready for BYOD 2.0?

This phenomenon sees applications designed for consumers - such as Dropbox, Skype, Google Apps, WordPress, GoToMyPC - finding their way into the corporate tool box.

The cloud will shake markets

The data center business model must evolve with cloud's demands, says NJVC's Kevin Jackson.

CSO's desk

Applying NAC to mobile

A more substantial enterprise mobility framework can be conceived with a combination of NAC, MDM and MAM based on organizational requirements.


Give and go: New Orleans Hornets and Array Networks

The NBA's New Orleans Hornets needed to provide its off-the-court, but highly mobile staff with a secure method for communicating. It found an enterprise remote ...

Battle lines drawn: Nation-state threats

The United States has established itself as a major force in a new era of combat, but what repercussions do state-sponsored actions in cyber space ...

Push comes to shove

PayPal's Andy Steingruebl knows security is not an insular task. By looking outside of its own walls, the company has taken the fight to the ...

Global situation: Guarding against a data breach

Results from our sixth-annual data breach survey are out next month, but here's a sampling of what's to come from our study of budgets, hiring ...

Delayed reaction

Despite the ubiquity of the Trusted Platform Module, holdups exist and adoption remains slow. Among them are issues with interoperability, considering Apple, Google and Microsoft ...

Product opener

A continuing evolution in vulnerability assessment

The two big areas of growth in this year's vulnerability assessment products were cloud-based assessments and increased automation and templates.

Group Test 1

BeyondTrust Retina CS

The Retina CS from BeyondTrust offers up quite a few strong features for vulnerability management throughout the enterprise.

Core Impact Professional

We found this version of Core Impact Professional to contain more automation, more wizards and more options than previous versions we have tested.

Critical Watch FusionVM

FusionVM from Critical Watch offers both vulnerability management and configuration policy auditing in either a physical or virtual appliance or as a full, cloud-based SaaS ...

GFI LanGuard 2012

This product brings together vulnerability scanning, remediation and patch management, and network and software auditing all under one easy-to-use product.

netVigilance Internal Scan - Cloud

Internal Scan - Cloud edition from netVigilance offers a full cloud-based vulnerability scanning engine that can scan both internal and external systems for vulnerabilities and ...

QualysGuard Vulnerability Management v7.6

The QualysGuard Vulnerability Management (VM) solution provides automated auditing and vulnerability management for small to large enterprises.

Rapid7 Nexpose v5.5

Nexpose assists clients through the entire vulnerability management lifecycle – from discovery, vulnerability detection, risk classification, impact analysis, reporting, vulnerability verification and risk mitigation.

SAINTmanager/SAINTscanner/SAINTexploit v7.14

From the same graphical user interface, SAINT provides an integrated solution for vulnerability scanning, configuration compliance testing, penetration testing, canned reporting and custom report creation.

Secunia VIM v4.0

The Secunia VIM is a real-time vulnerability intelligence and management tool, providing organizations with the necessary information required to analyze vulnerabilities in their IT infrastructure, ...

Tenable SecurityCenter Continuous View v4.6

Tenable SecurityCenter Continuous View (SC-CV) provides real-time vulnerability management, capturing security and compliance risks introduced by mobile, cloud and virtual infrastructure.

ZOHO ManageEngine Security Manager Plus v5.5 (Build 5506)

Security Manager Plus (Professional Edition) is a network security scanner that proactively reports on network vulnerabilities and helps to remediate them and ensure compliance.

First Look

An IPS on steroids: MetaFlows Security System

The secret behind the MetaFlows Security System (MSS) is that it really is a hybrid application.

Last Word

Sharing is caring: Take advantage of ISAC

Security pros should be less secretive, says New York City CISO Dan Srebnick.