Antivirus, firewall and IDS products

Firewall deployment options increase for enterprises

With a growing number firewall configuration options, companies need to spend more time and put more effort into determining how to design and deploy firewalls. Continue Reading

By

• Paul Korzeniowski

Novell to acquire Senforce for endpoint security

Novell is acquiring Senforce, an early network access control supplier, to integrate its endpoint security features and develop an endpoint management suite. Continue Reading

By

• Robert Westervelt, TechTarget

Apple iPhone to provoke complex mobile attacks, expert warns

Mikko Hypponen, director of antivirus research at F-Secure, said he expects mobile malware attacks to escalate thanks to interest in Apple's iPhone. Continue Reading

By

• Bill Brenner

VoIP vulnerability threatens data

VoIP vulnerabilities have now reached a level of sophistication that allows hackers to steal, view or delete data. Continue Reading

By

• Andrew R. Hickey, News Editor

Immunity releases new exploit-writing tool

Pen testing company says its Debugger tool offers researchers a new way to write exploits, analyse malware and reverse engineer binary files. Continue Reading

By

• Bill Brenner

Wi-Fi simplicity edging out Wi-Fi security

Experts say the standards are available to lock down Wi-Fi, but many network and security managers are taking an easier approach. Continue Reading

By

• Eric Parizo, Senior Analyst

EMC's RSA to acquire Tablus for data loss prevention

RSA, the security division of EMC Corp., said it planned to acquire Tablus, a maker of sensitive data scanning and classification tools and data protection software. Continue Reading

By

• Dennis Fisher

How to cheat at VoIP Security

Securing a VoIP infrastructure requires planning, analysis, and detailed knowledge about the specifics of the implementation you choose to use. Continue Reading

Subpar security compromises compliance

Pressure to keep trading applications available has nudged security to the back of the development line. Continue Reading

Does compliance make encryption always necessary?

Many organisations look to encryption to protect sensitive data. Yet hundreds of millions of people who use the Internet also use encryption, yet most of them don't even know it. Continue Reading

Researchers wrangle petabytes of data storage with NAS, tape

Scientists at Cern's LHC say dozens of petabytes require custom-built NAS systems and data migration software, but commercial tape drives are mostly up to snuff. Continue Reading

By

• Beth Pariseau, Senior News Writer

Discovery of malware cesspool triggers attack fears

Trend Micro researchers say a malware-infested Web server in Russia, linked to several Italian Web sites, could lead to a large-scale attack. Continue Reading

By

• SearchSecurity.com Staff

Apple releases fixes for Mac OS X, iPhone vulnerabilities

Apple Computer has released software patches fixing critical vulnerabilities in Mac OS X and its newly released iPhone. Continue Reading

By

• Edmund X. DeJesus, Contributor

Cisco knocks out Avaya as IP PBX heavyweight

IP PBX adoption is rising as Cisco and Avaya square off for market dominance. Continue Reading

By

• Andrew R. Hickey

Most antispam technologies get failing grade

An independent study finds that many enterprises are not satisfied with traditional antispam technologies. Continue Reading

By

• Robert Westervelt, TechTarget

Apple iPhone crack discovered by security researchers

Researchers have found a way to take complete control of the Apple iPhone by sending a user to a malicious Web site. Continue Reading

By

• Dennis Fisher

PCI compliance costs often underestimated, study finds

Companies are moving forward with PCI DSS projects, but many are underestimating the costs associated with compliance. Continue Reading

By

• Robert Westervelt, TechTarget

Core Security CEO to step down

Paul Paget, the CEO of penetration testing software vendor Core Security Technologies said he is better-suited for start-ups Continue Reading

By

• Dennis Fisher

Black Hat Las Vegas 2007: Special news coverage

SearchSecurity.com covers all the controversy at this year's show with news, features, podcasts, interviews, exploits and more direct from Las Vegas. Continue Reading

For Boeing, data security, network access still hazy

Boeing is trying to reshape its network security architecture to better protect sensitive systems from threats without degrading employee productivity. Continue Reading

By

• Robert Westervelt, TechTarget

CDP platform purchase considerations

Busy IT organizations are employing continuous data protection (CDP) technologies to guard data on the fly, essentially eliminating the backup window and allowing granular file and system restoration -- sometimes down to the individual disk write operation. Several CDP appliances are available, but many are implemented in software, and all require careful consideration before purchase. This article focuses on the specific purchase considerations for CDP products. Continue Reading

Oracle's July 2007 CPU has 45 security fixes

Oracle stuffed 45 security updates into its July 2007 CPU, fixing flaws across its product line attackers could exploit remotely to compromise corporate databases. Continue Reading

By

• Bill Brenner

Symantec fixes flaws in AntiVirus, Backup Exec

Symantec fixed flaws attackers could exploit in AntiVirus Corporate Edition and Backup Exec to launch malicious code, gain elevated user privileges or cause a denial of service. Continue Reading

By

• Bill Brenner

Antispyware legislation gets tepid reviews

Congress is debating three different bills that would punish spyware pushers, but some IT professionals have their doubts about legislation as a solution to the problem. Continue Reading

By

• Bill Brenner

Web security gateways meet rising malware threats

Web security gateways combine layered defense against the rising tide of Web-based malware with URL filtering and application control. Continue Reading

By

• Neil Roiter, TechTarget

Security Metrics: Replacing Fear, Uncertainty, and Doubt

In this chapter excerpt from "Security Metrics: Replacing Fear, Uncertainty and Doubt," author Andrew Jaquith reveals ways to present security data in a clean and elegant manner. Continue Reading

Zero-day auction site opened by Swiss lab

Swiss start-up WabiSabiLabi is offering zero-day findings for qualified buyers. The site could fuel new debate over flaw disclosure. Continue Reading

By

• Bill Brenner

Cisco users upbeat about security direction

Cisco customers say the vendor's security strategy is headed in the right direction, which is why they believe the networking giant's IronPort integration will be smooth sailing. Continue Reading

By

• Bill Brenner

Are PCI auditors pitching products?

Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice Continue Reading

By

• Robert Westervelt, TechTarget

SearchSecurity.com Blogs

 Continue Reading

Vendors admit more cooperation needed on security

Security leaders from large software vendors pledge to cooperate on embedding more security into their products. Continue Reading

By

• Robert Westervelt, TechTarget

Cisco vows to maintain IronPort tech, talent

As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh. Continue Reading

By

• Bill Brenner

PCI Council hears complaints, suggestions for changes

Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers. Continue Reading

By

• Robert Westervelt, TechTarget

Endpoint fears drive PatchLink-SecureWave merger

Experts say the PatchLink-SecureWave merger makes sense since IT pros want a better way to protect their endpoint devices. But PatchLink's market supremacy is far from assured. Continue Reading

By

• Bill Brenner

Big Microsoft Vista concerns for Big Pharma

The second installment of an ongoing series examining the challenges of deploying Windows Vista and the considerations that go into the decision to roll out the new OS. Continue Reading

By

• Bill Brenner

VoIP security testing fundamentals

Testing your VoIP security system against all the threats that exist on the network can be a full time job. This guide documents how a VoIP system can be tested and suggest some of the available tools to use -- with a focus on fuzzing tools and methods. Continue Reading

Why hacking contests, 'month-of' projects don't help

Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security. Continue Reading

By

• Bill Brenner

The Art of Software Security Testing

Identifying software security flaws including the proper methods for examining file formats. Continue Reading

Connecting for Health briefing claims much of NHS NPfIT complete

A confidential Connecting for Health briefing paper for the prime minister has claimed that much of the NHS's £12.4bn National Programme for IT (NPfIT) is complete - although an integrated national care record system has yet to materialise, and software delivered under the scheme has been criticised by some trusts as not yet fit for purpose. Continue Reading

By

• Tony Collins

Data retrieval strategies: Document management software overview

The role of document management software in data storage and how it can mitigate risk for the enterprise. Continue Reading

Top spammer indicted on email fraud, identity theft

The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia. Continue Reading

By

• Robert Westervelt, TechTarget

Check Point promises more VoIP security, fewer slowdowns

Check Point's enhanced Open Performance Architecture is designed for deeper security of technologies like VoIP without the network performance problems that often come with it. Continue Reading

By

• Bill Brenner

Springing leaks: Getting smart about data loss prevention

Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined. Continue Reading

By

• Neil Roiter, TechTarget

HDS adds SAN muscle to archive

Hitachi Data Systems integrates its archive software across its product line and adds important new features, including replication, data deduplication and security. Continue Reading

By

• Jo Maitland, TechTarget

When Microsoft Vista and VPNs don't mix

Papa Gino's is ahead of many companies in deploying Windows Vista, thanks to its involvement in the Microsoft TAP program. But VPN compatibility has been a sticking point. Continue Reading

By

• Bill Brenner

Microsoft NAP-TNC compatibility won't speed adoption, users say

Users hail the new compatibility of Microsoft NAP and the Trusted Computing Group's TNC architecture. But they say it won't speed up their adoption timetables. Continue Reading

By

• Bill Brenner and Dennis Fisher, SearchSecurity.com Staff

Sourcefire, Nmap deal to open vulnerability scanning

Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine. Continue Reading

By

• Robert Westervelt, TechTarget

IETF approves new weapon to fight spam, phish

DomainKeys Identified Mail specification (DKIM) gained approval as an official IETF standard. The approval is seen as a major step in the fight against spam and phishing attacks. Continue Reading

By

• Dennis Fisher

VoIP security fundamentals

VoIP security is a challenge for IT staff because IP telephony brings with it not only the security problems of data networks but also new threats specific to VoIP. In this fundamentals guide, learn about network security threats and emerging IP telephony threats, and how to secure your VoIP systems and endpoints from them. Continue Reading

When signature based antivirus isn't enough

Zero-day exploits, targeted attacks and increasing demands for endpoint application controls are driving the rapid metamorphosis from signature-based antivirus and antispyware to HIPS-based integrated products. Continue Reading

By

• Neil Roiter, TechTarget

Symantec fixes flaws in Norton, pcAnywhere

Attackers could exploit flaws in Symantec's Norton AntiVirus and pcAnywhere to launch malicious code or compromise a user's session credentials. Continue Reading

By

• Bill Brenner

The trouble with Google hacking techniques

Some IT security professionals say the threat posed by Google hacking techniques is overblown and that companies can easily avoid it with a layered security program. One skeptical expert is Ira Winkler, founder of the Internet Security Advisors Group (ISAG) and author of such books as "Spies Among Us." In this Q&A, he talks about how Google hacking is not new and why he thinks IT pros who aren't aware of it should go back to security school. Continue Reading

By

• Bill Brenner

Quiz: Enterprise strategies for protecting data at rest

A five-question multiple-choice quiz to test your understanding of the e-discovery content presented by expert Perry Carpenter in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading

Quiz: Demystifying data encryption

A five-question multiple-choice quiz to test your understanding of the data encryption content presented by expert Tom Bowers in this lesson of SearchSecurity.com's Data Protection Security School. Continue Reading

Microsoft users sticking with third-party security vendors

IT pros are pleased with Microsoft's security advances, including those found in Forefront. But don't expect them to drop their third-party security vendors. Continue Reading

By

• Bill Brenner

New image spam sneaks into inboxes

Researchers at Secure Computing Corp. have discovered a new form of image spam that is sneaking into corporate systems and clogging inboxes. Continue Reading

By

• Robert Westervelt, TechTarget

Websense to acquire SurfControl

Websense says its planned $400 million acquisition of SurfControl will allow it to better compete in the global security market. Continue Reading

By

• Bill Brenner

Apple fixes 25 Mac OS X flaws

Attackers could exploit about two dozen flaws in Mac OS X to cause a denial of service, bypass security restrictions, disclose sensitive data and run malicious code. Continue Reading

By

• SearchSecurity.com Staff

Malware outbreak 'largest in almost a year'

Security firm Postini and the SANS Internet Storm Center said they are tracking a significant malware outbreak. Postini calls it the biggest email attack in almost a year. Continue Reading

By

• Bill Brenner

Microsoft investigates DNS server flaw

Attackers could exploit a DNS flaw in Microsoft Windows 2000 Server and Windows Server 2003 and run malicious code on the system. A workaround is suggested until a patch is issued. Continue Reading

By

• SearchSecurity.com Staff

Microsoft DNS server flaw called dangerous

UPDATE: Microsoft said Sunday that attacks are still limited, but a proof of concept code to exploit the vulnerability is publicly available. Continue Reading

By

• Robert Westervelt, TechTarget

Spam campaign uses Storm-like attack technique

Spammers used an attack technique much like last January's "Storm" assault to dupe people into downloading malware over the weekend. This time, they used fake WWIII headlines. Continue Reading

By

• Bill Brenner

Symantec fixes 'high-risk' flaw in Enterprise Security Manager

Attackers could hijack machines from remote locations by exploiting a flaw in Symantec Enterprise Security Manager (ESM). Kaspersky Lab users also have a flaw to deal with. Continue Reading

By

• Bill Brenner

Data security breach at UCSF may have exposed thousands

The University of California at San Francisco (UCSF) acknowledged Wednesday that a security hole in a computer server may have exposed 46,000 people to potential identity fraud. Continue Reading

By

• Bill Brenner

Microsoft releases patch for Windows ANI flaw

Security companies are seeing massive attacks against the Windows ANI zero-day flaw, prompting Microsoft to rush out a fix a week before Patch Tuesday. Continue Reading

By

• Bill Brenner

Will data breach be the end of TJX?

This week in Security Blog Log: Industry experts say companies can learn from a data breach and even prosper from it. But is TJX following the right example? Continue Reading

By

• Senior News Writer Bill Brenner

Symantec threat report under the microscope

This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading

Hackers broaden reach of cross-site scripting attacks

An explosion of AJAX-based applications has increased the damage that cross-site scripting (XSS) attacks can inflict on machines. A new tool uses XSS flaws to create a botnet. Continue Reading

By

• Dennis Fisher

NAC panel says technology may not add up

A panel discussing the potential of using network access control (NAC) says the technology may not be worth the price of deploying and maintaining it. Continue Reading

By

• Robert Westervelt, TechTarget

Symantec: Data thieves thrive on zero-day flaws

According to Symantec's threat report for the second half of 2006, attackers exploited misplaced USB drives and zero-day flaws to steal vast amounts of data. Expect more of the same in 2007. Continue Reading

By

• Bill Brenner

Hacker techniques use Google to unearth sensitive data

Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns. Continue Reading

By

• Bill Brenner

Review: eGuardPost a B+ overall

eGuardPost is a well-designed and highly capable product that meets an important need. It has strong security and great forensics capabilities. Continue Reading

By

• Steven Weil, Point B

Expert: NAC not a network security cure-all

According to an expert at Black Hat DC, NAC success demands careful planning and a good understanding of the company network; otherwise, implementations can quickly go awry. Continue Reading

By

• Robert Westervelt, TechTarget

Police force secures data with biometrics

Humberside Police has issued biometric USB drives among staff to maintain data security. Continue Reading

By

• John-Paul Kamath

PING with Mark Odiorne

Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading

RFID cloning presentation moves forward despite legal threats

Chris Paget, director of research and development at IOActive spoke mainly about the science behind RFID tags and readers and the inherent security issues of the technology. Continue Reading

By

• Dennis Fisher

RFID dispute: Vendors still hostile toward full disclosure

Many vendors still believe that security by obscurity is still the best policy and make it a priority to silence vulnerability researchers. Continue Reading

McAfee fixes flaw in Mac antivirus software

Attackers could exploit the hole in McAfee's Virex 7.7 antivirus program for Mac OS X to bypass the malware scanner, but a fix is available. Continue Reading

By

• SearchSecurity.com Staff

Wireless security: IT pros warily watching mobile phone threats

Security experts have warned repeatedly that mobile phone attacks will grow as the devices become more sophisticated. IT administrators are starting to believe them. Continue Reading

By

• Bill Brenner

Storm rages again: Self-morphing Trojan uses blogs to spread rootkits

A new variant of the Storm Trojan that changes with each download is infecting blog sites with malicious URLs, intercepting traffic when visitors try to post comments. Continue Reading

By

• Bill Brenner

PatchLink acquires STAT Guardian tool

PatchLink says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp. Continue Reading

By

• Bill Brenner

Microsoft takes a blogosphere beating over Vista UAC

This week in Security Blog Log: Industry experts take Microsoft to task over a "very severe hole" in the design of Vista's User Account Controls (UAC) feature. Continue Reading

Cisco warns of IP phone flaws

Attackers could circumvent security restrictions by exploiting flaws in certain Cisco IP phones, the networking giant warned Wednesday. Continue Reading

By

• Bill Brenner

Data breach: If customers don't act, data will remain at risk

To make enterprises take data security seriously, customers must take control of their personally identifiable information and stop handing it out to businesses. Continue Reading

Mobile carriers admit to malware attacks

Eighty-three percent of mobile operators surveyed by McAfee Inc. say they've suffered malware infections, but two competing security vendors say the overall threat is still small. Continue Reading

By

• Bill Brenner

Cybersecurity czar signals government cooperation at RSA Conference

Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Continue Reading

By

• Marcia Savage, Features Editor, Information Security Magazine

Cisco VoIP managment guide: Required management tasks

Comprehensive VoIP management includes the basic network management tasks, but also includes monitoring services such as dial tone delivery, call success rates, telephony delays and impairments, as well as call quality. VoIP telephony management is categorized here. Continue Reading

Roundup: Vista security, breakability touted at RSA Conference

At RSA Conference 2007, Microsoft extolled the security virtues of its new operating system, but others weren't afraid to demonstrate how Vista security is lacking. Continue Reading

By

• SearchSecurity.com Staff

EMC plans array-based encryption via PowerPath

EMC's next security move will be array-based encryption through PowerPath by 2008, according to internal documents obtained by SearchStorage. Continue Reading

By

• Beth Pariseau, Senior News Writer

Symantec chief: Consumer confidence in data protection is key to online growth

In his keynote at RSA Conference 2007, Symantec CEO John W. Thompson said Big Yellow is ready for the shifting dynamics in the information security market, and implied that Microsoft's growing presence in security is a conflict of interest for its customers. Continue Reading

By

• Rob Westervelt, News Editor

Coviello: In 3 years, no more stand-alone security

RSA President Art Coviello says today's patchwork of monolithic security devices will disappear in the next three years as security is integrated into the larger IT infrastructure. Continue Reading

By

• Bill Brenner

Vista exploitable, researcher says

Marc Maiffret, CTO and chief hacking officer of eEye Digital Security, said he has found a way to elevate system privileges by exploiting a flaw in Windows Vista. Continue Reading

By

• Bill Brenner

CISOs mastering 'softer' skills

Why CISOs can no longer rely on technology skills alone and what businesses are looking for when recruiting their next information security leader. Continue Reading

By

• Amber Plante, Assistant Managing Editor, Information Security magazine

Email security buying decisions

Email security can be a daunting task for SMBs -- how do you go about finding the right product? This tip delves into three approaches to email security and the products available. Continue Reading

By

• Joel Dubin, CISSP, Contributor

Dozens of Web sites spread malicious Trojan

Update: The same malicious JavaScript keylogger that compromised the Dolphin Stadium Web site last week was found over the weekend on dozens of other high-profile Web sites. Continue Reading

By

• Eric Parizo, Senior Analyst

Intrusion detection systems are alive and kicking

IPS hasn't overtaken intrusion detection systems just yet. Senior News Writer Bill Brenner reveals what customers want when they're shopping for IDS products. Continue Reading

By

• Bill Brenner

New security vendors take on sophisticated attackers

IT Security vendors are developing technologies that show promise in preventing unknown attacks and protecting machines with zero-day vulnerabilities. Continue Reading

Symantec unveils 'universal ID system'

Symantec said the goal is to create a universally accepted identity system across all Web sites -- from online financial institutions to retailers -- for millions of consumers. Continue Reading

By

• SearchSecurity.com Staff

Using IAM tools to improve compliance

Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: they can help with your compliance woes. Continue Reading

Entrust to sell cheaper hardware tokens

Security vendor Entrust Inc. will enter the hardware token market selling a $5 one-time password device. Experts say the move could reduce prices across the industry. Continue Reading

By

• Robert Westervelt, TechTarget