Although it claims it is not a security vulnerability, Microsoft has released another of its frequent security advisories, this time to alert users to a flaw in Windows Firewall that would prevent IT administrators from seeing open ports on XP and Server 2003 servers.
Most businesses have tackled viruses, hammering best practices into their users and implementing anti-virus software. However, these same enterprises and their users still don’t realize spyware’s potential damage, according to a session at a recent SHARE user conference in Boston.
Cloakware has expanded language support for its Cloakware Security Suite to include C, C++ and Java, extending the range of code that can be protected from reverse engineering when the software is stored on a disk, and against tampering when the software is stored on disk or running in memory.
Sales associates at Gordmans, an apparel and home fashions retailer, found they were spending more time waiting for inventory data than they were spending on customers.
A service-oriented architecture (SOA) takes the discrete business functions in enterprise applications and organizes them into interoperable services—which is one of the most effective ways to share and consume information with partners. But managing and exposing these services creates some big security risks; keeping the bad guys from connecting to those services is tricky.
Arbor Networks is introducing an anomaly detection and internal intrusion prevention system that traces inappropriate behavior back to users—down to their names.
“Viruses are bad and worms are worse, but these broad types of attacks just aren't having the same negative financial impact on the enterprise as the growing number of targeted attacks against the application layer," says John Pescatore, an analyst at Gartner.
Application security must be the top priority for developers and business throughout the product development lifecycle. That was the gist of Symantec’s recent Webcast, “Securing the Development Phase of the Application Development Lifecycle.”
With internal auditors breathing down their necks over compliance and security issues, many large companies are eager for help organizing IT operations infrastructure. That helps explain the mushrooming popularity of the Information Technology Infrastructure Library.
Much discussion about IT security centers around the idea that developers should build secure applications. It makes sense; more than ever, attackers are targeting vulnerabilities in the application layer. But in an increasingly service-oriented world, in which monolithic applications are being broken down into smaller pieces for reuse, is it practical to expect developers to code security into individual Web services?
Hardware-based two-factor authentication has been around for about two decades, but interest in sign-on solutions that require something you know (your password) and something you have (a hardware token) has recently gotten some serious gotten mass-market attention.
Exploited software flaws cost the U.S. financial services industry more than $3 billion per year, according to the National Institute of Standards & Technology.
Data security is a matter of good architecture, and XML doesn’t
do anything to aggravate security problems.
The World Wide Web Consortium recently approved XML Key Management System 2.0, adding public key management to the W3C XML Security Framework.
Trend Micro is delivering an upgraded version of its InterScan Web Security Suite that the company says will stave off viruses and other Internet threats that continually target enterprises.
The good thing about Web services is that they expose interfaces, streamline connections
and accelerate business processes. The bad thing about Web services is that they
expose interfaces, streamline connections and accelerate business processes.
Few software companies have beat the security-begins-in-the-application-development-process drum louder than automated software testing solutions vendor Parasoft Corporation. “Prevent errors as you write the code,” is the company mantra (if not exactly its slogan). The advent of service-oriented architectures that support wide-scale use of Web services makes that message even more urgent, says Wayne Ariola, Parasoft’s VP of corporate development.
In 2002, when IPLocks was founded, the enterprise database security conversation was all about perimeters and encryption, and the company’s products reflected that focus. But the conversation has taken a turn in recent years. Organizations are concerned about internal intrusions, the misuse of sensitive information by trading partners and sustaining regulatory compliance. IPLocks has responded to that shift with a broader approach, says CTO Adrian Lane, which it calls information risk management.
Why do so many application development organizations push security to the back of the bus? One reason, says Gartner analyst Ray Wagner, is that security requires a level of expertise most developers don't have.
SIMs collect raw data from security-related software and systems, correlate it, aggregate it and then present it in a way that makes it actionable.