by Neil MacDonald | May 19, 2009 | Comments Off
In a previous post, I discussed IBM’s latest X-Force malware report that showed a significant increase in disclosed web application vulnerabilities (one of those curves that is heading geometrically upwards). Here’s similarly sobering chart from the latest Symantec Internet Threat Report: In 2008, 63 percent of identified vulnerabilities affected Web applications. This is an increase [...]
Comments Off
Category: Application Security Tags: Application Security, Best Practices
by Neil MacDonald | May 18, 2009 | 1 Comment
I had a conversation with a client last week where their incumbent antivirus provider was trying to charge them separately for antispyware capabilities in addition to their antivirus solution. Sigh. I thought we put this issue to rest years ago. In 2005, I wrote ”How to Get Free Anti-spyware (or Antivirus) Protection” so I was [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Tags: Endpoint Protection Platform, Reducing Complexity, Reducing Cost
by Neil MacDonald | May 13, 2009 | Comments Off
Seriously. Rather than pay for an expensive custom support agreement for NT v4 or (soon) Windows 2000, why not just keep these older systems around? Ditto for OSs from other vendors that are (or will soon be) “out of support”. Are these systems vulnerable? Probably. But this is a fallacious argument. Even our supported systems [...]
Comments Off
Category: Information Security Tags: Reducing Cost
by Neil MacDonald | May 11, 2009 | Comments Off
In my last post, I talked about several impending inflection points for information security. One of them was: More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on) This brings me to my fifth security [...]
Comments Off
Category: Endpoint Protection Platform Next-generation Security Infrastructure Tags: Endpoint Protection Platform, Security No-Brainer
by Neil MacDonald | May 7, 2009 | 3 Comments
As I discuss IT security strategies and future architectures with clients, there are several inflection points that I don’t think many organizations are prepared for. Are you ready for the point where: More non-employees access our systems and information than actual employees (To be clear – I’m not talking about consumer-facing websites, I’m talking about [...]
Category: Next-generation Security Infrastructure Tags:
by Neil MacDonald | May 4, 2009 | Comments Off
I’m here at the Midsize Enterprise Summit in Miami, Florida and I had the opportunity to sit down and discuss security issues with several CIOs this afternoon. One of the CIOs had a number of questions on SharePoint security. They described the grass roots adoption of the technology in their organization as “phenomenal” (consistent with [...]
Comments Off
Category: SharePoint Security Tags: Best Practices, SharePoint, SharePoint Security
by Neil MacDonald | May 1, 2009 | 2 Comments
Let me summarize my security no-brainers to date: The first was in reference to a global, industry-wide effort to create a shareable, standards-based application whitelist database built directly from feeds from ISVs. The second was in reference to the use of whitelisting in the hypervisor/VMM (especially the “parent” or Dom0 partition) layer to prevent the [...]
Category: Application Security Beyond Anti-Virus Tags: Application Security, Security No-Brainer, Whitelisting
