Items Tagged with "vendors"
April 29, 2012 Added by:Marc Quibell
What are the risks of MSSPs managing the detection and analysis of network activity data for your company? There are some events that, if detected early, may avert lawsuits, data breaches and other embarrassing or career-ending moments for a company...
April 27, 2012 Added by:Joe Weiss
The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...
April 24, 2012 Added by:Fergal Glynn
We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...
April 24, 2012 Added by:Richard Stiennon
At long last the much hyped Palo Alto Networks (PAN) has filed its S-1 in preparation for an IPO. Now that we have some visibility into PAN’s real finances it is time to address some of their claims, and perhaps throw cold water on the exuberance being expressed in some circles...
April 23, 2012 Added by:Ben Rothke
Not a day goes by without yet another spate of privacy and security issues. Threats to the security, privacy and personal information continue to increase in scope and complexity. To maintain competitive edge, vendors and service providers are scrambling to keep up...
April 17, 2012 Added by:Infosec Island Admin
The players mime their passion plays to obtain the almighty dollar and make their daily bread. Grimy hands slither over every inch of the client while pouring soothing words, cooing in their ear about how their solutions will cure ills and make them more virile than the next guy...
April 17, 2012 Added by:Alexander Rothacker
Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...
April 16, 2012 Added by:Jeffrey Carr
Either China is the greatest and dumbest adversary we've ever had, or the real dummies are those in infosec who can't be bothered to question the obvious when doing incident response, or who choose to cater to the rising tide of Sinophobia in the U.S. in order to boost their sale...
April 12, 2012 Added by:Headlines
"Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user whose machine is infected... visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system..."
April 12, 2012 Added by:Brent Huston
Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...
April 10, 2012 Added by:PCI Guru
The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...
April 05, 2012
Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...
April 05, 2012 Added by:Brent Huston
Smaller organizations need to leverage simple, effective and scalable solutions to achieve success. They simply won’t have the manpower to manage overwhelming alerts, too many log entries or some of the other basic mechanisms of infosec...
April 04, 2012 Added by:Wendy Nather
Sectors in security are blurring and merging, companies are building out portfolios, and everyone's adding discrete functionality from different categories. Static and dynamic analysis aren't separate revenue streams for some vendors, and it'll just get more muddled...
March 30, 2012 Added by:Richard Stiennon
Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?
March 29, 2012 Added by:Ben Kepes
We need to ensure that legislation and regulations for cloud services truly reflect the realities of the cloudy world we live in and do not allow for a shotgun approach to compliance that primarily meets the needs of just one powerful interest group...