This month, we have juxtaposed two of the foundations of information security: data protection and vulnerability assessment. On the protection side, we look at some of the key products in the area of whole disk encryption. The last time we performed these tests, many of the products we examined were immature and, in some cases, dangerous. They could not be removed without destroying critical data and, occasionally, they caused laptops without enough resources to fail. While we saw fewer products overall, the ones we tested were more mature.
Whole disk encryption is most often used on laptops. The PCs used to be a bit wimpy compared to their desktop counterparts, but no more. Many organizations issue laptops as dual-purpose desktop/laptop computers and they tend to have decent size storage and memory specs. This has had a positive effect on the efficacy of whole disk encryption since the resources now are available to take advantage of the features these products provide.
Reviewer Justin Peltier puts several whole disk encryption products through their paces and you'll be pleased at what he found, I'm sure.
Lab manager Mike Stephenson rang out several shining lights in the vulnerability assessment/penetration testing category. We almost didn't do this one this year because we thought, "How much can these products change in a year?" Well, I'm glad we did because the answer to that question is "lots!"
Chief among the improvements in this category were greatly improved documentation, larger numbers of exploits and vulnerabilities, increased use of the CVE, and hybridization of vulnerability assessment and penetration testing. The trend toward providing tools designed for production testing is improving this year, as well with useful dashboards and easy configuration.
We also began to see a new breed of product start to emerge called security risk management (SRM). We derailed those because it was immediately obvious that this is a product type looking for an as yet non-existent group. In fact, we derailed them right into our new First Look column, and I will be looking at the first one in this issue.
This was a great start to the new year and I trust that this month's information will be useful to you. Feel free to drop me an email at firstname.lastname@example.org and tell me what worked for you or didn't. Your suggestions always are welcome.
Click here for SC Magazine's Whole Disk Encryption 2007 group test.
Click here for SC Magazine's Vulnerability Assessment 2007 group test.
— Peter Stephenson, Technology Editor