November 2007 18 11 Issue of SCMagazine

November 2007 18 11 Issue of SCMagazine

SC Magazine - November 2007


Presidential candidates must fight cyberattacks

When the likes of Barack Obama and Mitt Romney announced their intentions to run for president back in February, it seemed a bit too early ...



Is continuous testing of applications more vital than testing at the initial code level?

News briefs

Clothing retailer Gap Inc. revealed that a laptop containing the Social Security numbers of 800,000 job applicants was stolen from a third-party vendor. The laptop ...

2 minutes on

2 minutes on...ethical hacker kits on sale

The "ethical hacker toolkits" recently posted for sale on eBay appear to point to a dangerous trend: selling these types of tools — used primarily ...

Me and my job

Me and my job

Rick Lawhorn, principle, information security and compliance, Dataline, tells us what he likes about his job.


Identity theft after death

Recent reports indicate that identity thieves are reaching out beyond the grave and stealing the identity of the newly departed.

Burying heads in the sand on data breaches

Deloitte Touche Tohmatsu's recently released security survey revealed that 37 percent of the top 100 global financial services organizations don't have a security strategy, and ...

CSO's desk

Merging security and privacy roles

The responsibilities of the chief security officer keep growing. Years ago, personnel in the position fulfilled a very technical role and didn't have to really ...


Government vertical: Meeting today's mandates

The government vertical presents special challenges to IT security vendors, but all agree it is a growing market, reports Greg Masters.

Government vertical: Is FISMA working?

Despite the progress made since FISMA implementation, government agencies have a lot of work ahead, says Deb Radcliff.

Special section: IT security and government

All levels of government face critical issues in securing their data - whether shared via the web or through email, USB sticks or IM.

How one retailer fights insider theft with fingerprint readers

As biometric technologies gain further acceptance, one retailer fights insider theft with fingerprint readers, reports Jim Carr.

Are VoIP systems prepared for attacks?

Many businesses are finding VoIP to be worth the money, but are their systems prepared for attacks? Frank Washkuch investigates.

Virtualization - savings not without threats

Karl Hart is one ISO who sees organizations saving big bucks by virtualizing their data centers, but risks loom, reports Dan Kaplan.

Product section: Data leakage prevention and firewalls

Data in, data out - it all needs protecting. This month we are concentrating on the data that should not enter your network and the ...

Product Reviews

Clearwell Intelligence Platform v 2.0

eDiscovery made easier, cheaper and faster


A good all-around product with a large feature set. The unit can be a bit of a challenge for organizations that do not need all ...

Secure Computing Corporation Sidewinder 7.0

A complete enterprise firewall loaded with more features than most organizations will ever need.

Stonesoft StoneGate FW-5000

A firewall for the largest enterprises with a price point and a feature set that keeps the unit out of small-to-medium sized enterprises.

SonicWALL PRO 4100

A good product with a large number of features and an easy-to-use interface.

BigFix DLP 1.1

For its ease of use and deployment, good pricing and comprehensive protection, we award the BigFix DLP our Best Buy.

Tablus Content Alarm NW, v5.0

This product works best with its companion desktop version, but if you archive a lot of sensitive data (law offices, medical officers, intellectual property, etc.), ...

Tumbleweed Communications MailGate, v3.5

Use this tool alongside other tools that handle leakage vectors other than email.

Oakley Networks SureView, v5.0

if you need very strong data leakage protections with powerful forensics, this is the product for you. For its unique approach to forensics, we designate ...

Dolphin Technology PuriFile, v3.1.3

Use this in its automatic inspection mode with an email extrusion prevention system for pretty complete extrusion coverage.

Nowell Group SpyForce-Al, v2.0

We don't recommend this as your only extrusion prevention tool. Used along with one of the other tools reviewed here, however, it can be a ...

Code Green Networks Content Inspection Appliance

If you have a small-to-medium-sized enterprise and want to manage data leakage through the network, this is a good product for you.

McAfee Data Loss Prevention Appliance

An excellent product with a lot of capability if you can afford it. Best for larger implementations, especially as part of an overall McAfee implementation.

Intelligent Wave CWAT, v3.1a

For mid-sized organizations (up to 12,000 users), this is about as good as it gets feature-wise.

Last Word

How corporate security guys in the trenches made my DefCon visit a success

Now that DefCon 15 has passed, I'm feeling the need to have a really good reason to dredge up people's happy, but increasingly distant memories ...