November 2012 Issue of SCMagazine

November 2012 Issue of SCMagazine

November 2012


When less isn't more

Among the some 400 attendees at last month's SC Congress New York, fears bandied about crossed various spectrums.


Company news: ISSA elects a new president

Personnel announcements, acquisitions and other news from Information Systems Security Association, Tenable Network Security, PhishMe, eIQnetworks, McAfee and several other companies.

Threat of the month

IE exploits are the "Threat of the Month"

The "Threat of the Month" in our November issue are IE exploits.

2 minutes on

The resurgence of security IPOs

Sixty percent of the venture-backed IPOs issued in the third quarter of this year are IT related.

Me and my job

Me and my job: Grant Babb, Intel IT

A Q&A with Grant Babb, proactive investigations program manager for Intel IT.


Debate: A White House order on cyber security

Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.


The good, bad and ugly

While some instances of Stuxnet and Duqu found their way into seemingly unplanned locations, the majority of occurrences were localized to targeted systems.

No more trusted endpoints

The theater of risk has changed from network service-based attacks to attacks against the endpoint.

CSO's desk

Building a trustworthy mobility program

As device adoption continues to grow, the importance of implementing a secure enterprise mobility program cannot be understated.


The high-tech hydra: BYOD

No a business' size, employees are yearning to connect their personal devices to the corporate network. But fear not: Solutions and best practices are starting ...

Storms ahead: Insiders and the cloud

Most organizations cite trust issues as their primary reason for deciding against outsourcing their computing resources and data assets. So just what are cloud providers ...

Employee benefits: Stemming the insider threat

External adversaries, such as nation-state attackers or criminals after credit card data, may get all the attention, but insiders pose a signfiicant threat. Can the ...

IPS grows up

The intrusion prevention system is a mainstay of any organization's perimeter-focused security infrastructure, but its days may be numbered as a standalone technology. Yet, its ...

Waking the sleeping giant: Critical infrastructure

For the last several years, security experts have been stressing the vulnerability of industrial control systems. Now, with attacks like Stuxnet proof of the risk, ...

Product opener

Product opener: It's all about the data

The old notions of defense-in-depth are being challenged, and architectures tend to have what appear to be single points of failure or compromise.

Group Test 1

Application Security DbProtect

Focusing solely on database security, DbProtect from Application Security is an affordable database security product which, given the right environment, could be very beneficial to ...

Barracuda Networks – Barracuda Web Application Firewall 460

The Barracuda Web Application Firewall provides affordable security without skimping on features or breaking the bank.

Bayshore Networks SingleKey

SingleKey from Bayshore Networks is a full-featured application firewall that provides solid protection from malicious attacks to enterprise applications.

F5 Networks BIG-IP Application Security Manager

The BIG-IP Application Security Manager (ASM) functions as an application firewall, protecting web applications and services with a powerful policy engine.

Fortinet FortiDB-400c

Given the importance of the data contained within any corporation’s databases, the task of keeping that data safe should be a top priority for any ...

Imperva SecureSphere Business Security Suite

With what may just be the Cadillac of application and database security products, Imperva makes its appearance to help hold attackers at bay.

McAfee Database Activity Monitoring

Database Activity Monitoring from McAfee provides both threat protection as well as database auditing for compliance needs

First Look

Classy classification

TMC enforces classification and does all of those things that are anticipated by appropriate regulatory requirements.

Last Word

Take to the offense with intel

Though standards lack, sharing threat data is vital, says EMC's Christopher Harrington.