Neil MacDonald

A member of the Gartner Blog Network

Archives for May, 2009


We Are Toast (II)

by Neil MacDonald  |  May 19, 2009  |  Comments Off

In a previous post, I discussed IBM’s latest X-Force malware report that showed a significant increase in disclosed web application vulnerabilities (one of those curves that is heading geometrically upwards). Here’s similarly sobering chart from the latest Symantec Internet Threat Report: In 2008, 63 percent of identified vulnerabilities affected Web applications. This is an increase [...]

Comments Off

Category: Application Security     Tags: ,

Stop Paying for Anti-Spyware

by Neil MacDonald  |  May 18, 2009  |  1 Comment

I had a conversation with a client last week where their incumbent antivirus provider was trying to charge them separately for antispyware capabilities in addition to their antivirus solution. Sigh. I thought we put this issue to rest years ago. In 2005, I wrote ”How to Get Free Anti-spyware (or Antivirus) Protection” so I was [...]

1 Comment »

Category: Beyond Anti-Virus Endpoint Protection Platform     Tags: , ,

Save a Million Dollars

by Neil MacDonald  |  May 13, 2009  |  Comments Off

Seriously. Rather than pay for an expensive custom support agreement for NT v4 or (soon) Windows 2000, why not just keep these older systems around? Ditto for OSs from other vendors that are (or will soon be) “out of support”. Are these systems vulnerable? Probably. But this is a fallacious argument. Even our supported systems [...]

Comments Off

Category: Information Security     Tags:

Security No-Brainer #5: Security and Management Tools Need to Work Off of the Enterprise Network

by Neil MacDonald  |  May 11, 2009  |  Comments Off

In my last post, I talked about several impending inflection points for information security. One of them was: More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on) This brings me to my fifth security [...]

Comments Off

Category: Endpoint Protection Platform Next-generation Security Infrastructure     Tags: ,

Are You Ready for These Security Inflection Points?

by Neil MacDonald  |  May 7, 2009  |  3 Comments

As I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for. Are you ready for the point where: More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about [...]

3 Comments »

Category: Next-generation Security Infrastructure     Tags:

A Refreshing CIO Perspective on Information Security

by Neil MacDonald  |  May 4, 2009  |  Comments Off

I’m here at the Midsize Enterprise Summit in Miami, Florida and I had the opportunity to sit down and discuss security issues with several CIOs this afternoon. One of the CIOs had a number of questions on SharePoint security. They described the grass roots adoption of the technology in their organization as “phenomenal” (consistent with [...]

Comments Off

Category: SharePoint Security     Tags: , ,

Security No-Brainer #4: EV-Certificates for ISVs

by Neil MacDonald  |  May 1, 2009  |  2 Comments

Let me summarize my security no-brainers to date: The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds from ISVs. The second was in reference to the use of whitelisting in the hypervisor/VMM (especially the “parent” or Dom0 partition) layer to prevent the [...]

2 Comments »

Category: Application Security Beyond Anti-Virus     Tags: , ,