Arbor Networks is introducing an anomaly detection and internal intrusion prevention system that traces inappropriate behavior back to users—down to their names.
“Viruses are bad and worms are worse, but these broad types of attacks just aren't having the same negative financial impact on the enterprise as the growing number of targeted attacks against the application layer," says John Pescatore, an analyst at Gartner.
Application security must be the top priority for developers and business throughout the product development lifecycle. That was the gist of Symantec’s recent Webcast, “Securing the Development Phase of the Application Development Lifecycle.”
Much discussion about IT security centers around the idea that developers should build secure applications. It makes sense; more than ever, attackers are targeting vulnerabilities in the application layer. But in an increasingly service-oriented world, in which monolithic applications are being broken down into smaller pieces for reuse, is it practical to expect developers to code security into individual Web services?
With internal auditors breathing down their necks over compliance and security issues, many large companies are eager for help organizing IT operations infrastructure. That helps explain the mushrooming popularity of the Information Technology Infrastructure Library.
Hardware-based two-factor authentication has been around for about two decades, but interest in sign-on solutions that require something you know (your password) and something you have (a hardware token) has recently gotten some serious gotten mass-market attention.
Exploited software flaws cost the U.S. financial services industry more than $3 billion per year, according to the National Institute of Standards & Technology.
Data security is a matter of good architecture, and XML doesn’t
do anything to aggravate security problems.
The World Wide Web Consortium recently approved XML Key Management System 2.0, adding public key management to the W3C XML Security Framework.
Trend Micro is delivering an upgraded version of its InterScan Web Security Suite that the company says will stave off viruses and other Internet threats that continually target enterprises.
The good thing about Web services is that they expose interfaces, streamline connections
and accelerate business processes. The bad thing about Web services is that they
expose interfaces, streamline connections and accelerate business processes.
Few software companies have beat the security-begins-in-the-application-development-process drum louder than automated software testing solutions vendor Parasoft Corporation. “Prevent errors as you write the code,” is the company mantra (if not exactly its slogan). The advent of service-oriented architectures that support wide-scale use of Web services makes that message even more urgent, says Wayne Ariola, Parasoft’s VP of corporate development.
In 2002, when IPLocks was founded, the enterprise database security conversation was all about perimeters and encryption, and the company’s products reflected that focus. But the conversation has taken a turn in recent years. Organizations are concerned about internal intrusions, the misuse of sensitive information by trading partners and sustaining regulatory compliance. IPLocks has responded to that shift with a broader approach, says CTO Adrian Lane, which it calls information risk management.
Why do so many application development organizations push security to the back of the bus? One reason, says Gartner analyst Ray Wagner, is that security requires a level of expertise most developers don't have.
When Iron Mountain lost 40 backup tapes containing personal information about 600,000 current and former employees of Time Warner earlier this year, it grabbed headlines, but it wasn't such big news. The Time Warner incident came just weeks after Bank of America reported losing backup tapes containing financial information about more than 1.2 million federal employees, including 60 U.S. senators. And a month before that, Ameritrade acknowledged losing backup tapes containing information about 200,000 clients.
SIMs collect raw data from security-related software and systems, correlate it, aggregate it and then present it in a way that makes it actionable.
IBM recently introduced software it says will allow companies to share and compare information, while protecting private and sensitive personal information.
Between 30 to 60 percent of the security budget increases in the last two years can be tied directly to compliance, according to analysts at Nemertes Research.
In a bid to help SMBs address IT security, reliance and compliance needs, IBM recently announced a new suite of Express hardware, software and services.
E-mail encryption is now one of the fastest-growing categories in the e-mail security market, concludes a recent study by Osterman Research, and it’s likely to grow by more than 100 percent over the next 12 months. One of the key drivers of this warp-speed growth spurt, the analysts found, is corporate anxiety about regulatory compliance.