Education

Netbook comes with factory-sealed malware

Chuck Miller May 20, 2009

In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.
 

Study: Majority of adolescents online have tried hacking

Greg Masters May 15, 2009

A new study from Panda Security found that 67 percent of teenagers surveyed admitted to having tried to hack into friends' instant messaging or social network accounts.
 

UC Berkeley suffers breach

Dan Kaplan May 08, 2009

Hackers breached a server in the health services center at the University of California, Berkeley, and accessed the personal data of more than 160,000 people, the college announced Friday. The stored database records included Social Security numbers and health insurance and other medical information. The intruders, believed to be based overseas, burrowed their way in through a public website. The breach, which began in October and continued through April, affected former Berkeley students and possibly their spouses or parents if they were linked to insurance coverage. — DK
 

Researchers hijack control of Torpig botnet

Chuck Miller May 05, 2009

A group of researchers at the University of California, Santa Barbara, have infiltrated the Torpig botnet, which was found to be in control of hundreds of thousands of computers that were volunteering gigabytes of sensitive information.
 

Children's online safety initiative announced

Angela Moscaritolo April 20, 2009

A new program is encouraging information security experts to educate school children about how to protect themselves online.
 

How the recession is affecting IT spending

Angela Moscaritolo April 20, 2009

Despite the financial crisis, companies are still putting forth money for IT security efforts while overall IT spending is less of a priority, according to a new survey conducted by strategy and business advisory firm MetroSITE Group, and Pacific Crest Securities, a technology investment bank.
 

DHS, Microsoft, others release Top 25 programming blunders

Angela Moscaritolo January 12, 2009

Members of more than 30 U.S. and international cybersecurity organizations enumerated their "Top 25 Most Dangerous Programming Errors."
 

Data breaches rose dramatically during 2008

Chuck Miller January 06, 2009

Breaches continue to plague organizations, despite more widespread education on safe information handling, as well as new laws and regulations, according to a nonprofit.
 

VeriSign switches to new hash function to secure SSL certs

Angela Moscaritolo January 05, 2009

The news comes after a serious weakness was revealed last week in the MD5 cryptographic hash function.
 

MD5 insecurity affects all internet users

Angela Moscaritolo December 31, 2008

Certification Authorities that have not moved to a more secure cryptographic hash function than MD5 have come under fire in the security world.
 

Hackers find hole to create rogue digital certificates

Angela Moscaritolo December 30, 2008

Research presented at the 25th Chaos Communication Congress in Berlin demonstrated how an attacker could impersonate any website, including those secured by the HTTPS protocol.
 

Fending off network attacks

Greg Masters December 23, 2008

With attackers shifting their focus to applications, the IT team at University of Miami, Miller School of Medicine, decided it was time to upgrade the school's intrusion prevention solution, reports Greg Masters.
 

IT-GRC: Agiliance

Peter Stephenson December 03, 2008

And so we reach the end of this year's batch of innovators. But, as we look at this subcategory, we find that it wraps the whole shebang into a neat package, defining what needs to be done to secure the enterprise (and prove it) and why.
 

Policy management: LanDesk (Avocent)

Peter Stephenson December 03, 2008

All of us old-timers remember LanDesk from its days as part of Intel. It always was a solid suite of products. Now that it is part of Avocent, its promise as a hybrid of network and security policy management is being realized. The notion of managing the desktop and evolving that into security policy management makes a lot of sense.
 

Content management: Finjan

Peter Stephenson December 03, 2008

The views of the visionary I spoke with from this veteran anti-malware company took the conversation in directions I had not expected. He started out by asking, "Why, if I have done everything I can to secure my enterprise, is my data still being compromised?"
 

Data leakage/extrusion prevention: Trend Micro

Peter Stephenson December 03, 2008

I don't recall the first time I heard the term "extrusion prevention system." It was, I think, an effort on the part of some marketer to tie the notion of preventing data from unauthorized exit (extrusion) from the enterprise to the notion of unauthorized entry (intrusion). Very clever.
 

Encryption: PGP

Peter Stephenson December 03, 2008

No matter how much things change, they stay the same. As I have pointed out, there have been massive changes in security drivers over the past 12 months. The changes have generated a new set of challenges, but, even though our encryption innovator has done a first-rate job of addressing them over the past year, the new issues are generating a sort of déjà vu picture of the encryption market.
 

Email security: Tumbleweed Communications (Axway)

Peter Stephenson December 03, 2008

The big question I had for Tumbleweed was, "What is email security?" Over the past two years, as we have passed products through SC Labs, I have noticed that the vendor public relations folks who we talk to seem to have a hard time differentiating between the many aspects of threats associated with email.
 

Wireless Security: AirMagnet

Peter Stephenson December 03, 2008

Wireless, is it? Everything is going wireless - well almost everything. That, in itself, poses a challenge for a wireless security company, such as this innovator. It also offers big opportunities and AirMagnet has identified and addressed them.
 

IPS: Top Layer Security

Peter Stephenson December 03, 2008

If you thought the UTM market was crowded, take a look at the intrusion prevention systems (IPS) market. We bluntly asked our innovator in this product space why they thought that they were innovators in such a commoditized market. The answer was immediate and unambiguous: "When a product category becomes mainstream, there are big opportunities, but you must innovate to take advantage of them."
 

UTM: Global DataGuard

Peter Stephenson December 03, 2008

Sometimes a different approach is needed. The notion of the UTM was developed from the need to consolidate point solutions. There are a lot of problems, of course. They cost more to buy and manage, they use more power and they need a sophisticated staff to manage them.
 

Forensic tools: Mandiant

Peter Stephenson December 03, 2008

Sometimes you run across a company that just deserves to be selected as an innova­tor. You look them over and won­der why you didn't pick up on them before. Mandiant is one of those companies. There is a reason, of course. Mandiant started as a services company providing forensics, litigation support and incident response. So if you were in the product purchasing mood, you would not have run across these folks.
 

SIEM: ArcSight

Peter Stephenson December 03, 2008

ArcSight gets a lot of play among security experts in the security event management (SEM)/security information manager (SIM) game.
 

Threat analysis: NitroSecurity

Peter Stephenson December 03, 2008

How do you differentiate a product that keeps getting mixed up with a commod­itized market, but really doesn't belong there? What differentiators do you look for that can keep you from being included in a herd where you don't belong?
 

Penetration testing: Core Security

Peter Stephenson December 03, 2008

I just love these folks. Take the best open source pen testing tool you can think of, put it on steroids, give it a user interface that makes it simple and fast to pen test in a production environ­ment without losing the granularity of manual testing if you need it, and you have Core Impact. Well, almost. Every year I say that I am going to find a better tool, and I actually do comb the market -- unsuccessfully.
 

Vulnerability analysis: Mu Dynamics

Peter Stephenson December 03, 2008

When your price starts at $50,000 and you are unique in your marketplace, you'd better have a good product. For Mu Dynamics, that is just where the story starts. When I first met the Mu folks, they were Mu Security. A new name later, they still are the innovators they were a couple of years ago. My conversation with a Mu visionary was an eye-opener.
 

Access magagement: AppGate Network Security

Peter Stephenson December 02, 2008

This Swedish company will, I predict, set the benchmark here in the United States for how access to applications should be controlled. AppGate has helped shape the direction of network infrastructure security in Europe for some years, and now this innovator is bringing its unique thoughts to the States.
 

Multifactor authentication:TriCipher

Peter Stephenson December 02, 2008

What sets these guys apart from the multifactor herd? In a word, vision. From the start, TriCipher has had the vision of evolving into a full identity management provider. That is a pretty heady ambition for a developer of multifactor authentication tools. So how does this innovator plan to make the trip from providing a piece of the puzzle to offering the whole thing, already assembled, framed and hung on the wall?
 

Identity management: Fischer International

Peter Stephenson December 02, 2008

Start with the recognition that identity management is just too hard to do, cre­ate a solution for that problem and then morph it into a successful service and you have the recipe for a real innovator.
 

Credential management: Passlogix

Peter Stephenson December 02, 2008

Here is another vendor that we see a lot of in our labs. Passlogix knows who it is and concentrates on doing what it does as well as it can be done. And what they do is credential management.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Spyware Anti Virus Apple Threats Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Data Loss Prevention Endpoint Protection Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Mobile Endpoint Security Privacy Privacy Regulation Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws