by Neil MacDonald | March 31, 2009 | 21 Comments
You know the saying “everything old is new again”? That’s exactly comes to mind when I listen to some of the hype around whitelisting and the use of a ‘positive model’ for information security. The Application Control vendors would have you believe that application whitelisting is the latest (and only) answer to the increasing ineffectiveness [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Tags: Beyond Anti-Virus, Endpoint Protection Platform, Whitelisting
by Neil MacDonald | March 28, 2009 | 1 Comment
In this tough economic environment, we are always on the lookout for opportunities to do more with less. In my last post, I pointed you to two free tools to help locate rogue SharePoint sites. Keeping with the theme, here’s some free tools for virtualization security. There are multiple security issues that need to at [...]
Category: Virtualization Security Tags: Reducing Cost, Virtualization Security, VMware
by Neil MacDonald | March 24, 2009 | 10 Comments
You can’t secure what you don’t know about and can’t see. We estimate that 30% of SharePoint servers are deployed outside the management of the IT department. It’s not SharePoint’s fault. It is a popular software solution precisely because it enables users to share information in the way that works best for them. In many [...]
Category: SharePoint Security Tags: Application Security, Best Practices, SharePoint Security
by Neil MacDonald | March 20, 2009 | 3 Comments
Here’s another interesting data table out of the latest IBM ISS X-Force security report: This table shows the Operating Systems with the most security vulnerabilities in 2008. Compared to any single version of any other OS, Apple OS X takes the top spot. I am bound to get some comments saying that I am claiming [...]
Category: Application Security Tags: Application Security
by Neil MacDonald | March 18, 2009 | Comments Off
What seems like a yes or no question is not quite so straightforward. There are at least 5 levels to this discussion. 1. Secure coding. Yup. No doubt, Microsoft should produce secure code. We should demand this from all of our software providers. 2. Security functionality in the platform at no cost. Yup. Absolutely. We [...]
Comments Off
Category: Microsoft Security Tags: Microsoft
by Neil MacDonald | March 16, 2009 | 5 Comments
Take a look at this graph from the latest IBM ISS X-Force labs latest malware report and guess what it shows: We are all familiar with the explosion in malware and variants that fundamentally challenges our signature-based protection model (like endpoint antivirus). It has a growth trajectory much like the one above. Nope, that’s not [...]
Category: Application Security Tags: Application Security, application security testing tools
by Neil MacDonald | March 13, 2009 | Comments Off
Stage 1: Virtualization Denial – Here, the vendor hasn’t yet acknowledged the need for virtualization security solutions. Worse, they deny that customers actually need this. Typically, the vendor is afraid of cannibalizing their existing physical environment-based revenue streams. You can tell when security vendors are in denial if you go to their website, search on [...]
Comments Off
Category: Virtualization Security Tags: Maturity Models, Virtualization Security, VMsafe, VMware
by Neil MacDonald | March 12, 2009 | 2 Comments
In my discussions with clients on how to securely implement SharePoint, I’ve seen two major reoccurring issues: 1. Many of the operations and security professionals I talk with about how to securely deploy solutions like SharePoint are very good at protecting discrete things – servers, desktops, hubs, switches, routers, ports and protocols. Even when we [...]
Category: Information Security SharePoint Security Tags: Information Security, SharePoint Security
by Neil MacDonald | March 9, 2009 | 2 Comments
In previous posts, I discussed how security controls need to be virtualized to support the next-generation highly virtualized data center. I have also talked about how most of these virtualized security controls are delivered as “virtual appliances” – essentially a VM containing a preinstalled application service that you download and run on your virtual server [...]
Category: Virtualization Security Tags: Hyper-V, Virtual Appliances, Virtualization, Virtualization Security, VMware
by Neil MacDonald | March 7, 2009 | 12 Comments
One of the areas I research is application security – not only how to develop applications that are more secure, but also how applications should be architected to consume security services. The former is increasingly important as the bad guys move “up the stack” to target applications and information. Secure application development is a priority [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Maturity Models
