Neil MacDonald

A member of the Gartner Blog Network

Archives for August, 2009


Moore’s Law Enables Virtualized Security

by Neil MacDonald  |  August 28, 2009  |  Comments Off

As security controls are virtualized (e.g. firewalls, IPS, web application firewalls and so on), one of the more significant concerns is performance and throughput. I remember a demonstration about a year ago where an IPS running in a VM virtual appliance easily consumed 2 out of 8 cores in a multicore system. A 25% overhead […]

Comments Off

Category: Next-generation Data Center Next-generation Security Infrastructure Virtualization Security     Tags: , ,

Are Web Application Security Testing Tools a Waste of Time and Money?

by Neil MacDonald  |  August 25, 2009  |  15 Comments

My previous post on the value of linking web application vulnerability scanning tools with web application firewalls generated a lot of discussion. Take a look through the post and the lengthy comment string. Let me state up front that I firmly believe we should change our development processes (and developer culture) to produce more secure […]

15 Comments »

Category: Application Security     Tags: ,

For Static Application Security Testing, Frameworks Matter

by Neil MacDonald  |  August 21, 2009  |  Comments Off

All static application security testing (SAST) tools work in basically the same way – they generate an intermediate representation (model) of the application that they then analyze for conditions indicative of security vulnerability. For clients, our in depth research on the SAST tool vendors is in this research note. However, just because a SAST vendor […]

Comments Off

Category: Application Security     Tags: ,

Security No-Brainer #9: Application Vulnerability Scanners Should Communicate with Application Firewalls

by Neil MacDonald  |  August 19, 2009  |  27 Comments

If a web application security testing tool tells me I have a vulnerability in an application, what do I do? “Fix it” is the right answer, but not always so easy if my development organization is backlogged or, worse, I don’t have access to the source code. Another answer is to shield the application from […]

27 Comments »

Category: Application Security Next-generation Security Infrastructure     Tags: , ,

Security Thought for Tuesday: DRM and DLP are not Separate Problems

by Neil MacDonald  |  August 18, 2009  |  8 Comments

Digital Rights Management (DRM – alternatively Information Rights Management [IRM]) and Data Loss Prevention (DLP) are typically thought of as separate problems with different vendors and solutions targeting each. The market may have evolved this way, but that’s not the way it has to be. The need to place and enforce DRM policies on information […]

8 Comments »

Category: Information Security Next-generation Security Infrastructure     Tags: ,

Security No-Brainer #8: Run Users As Standard User

by Neil MacDonald  |  August 13, 2009  |  3 Comments

Mostly for legacy reasons, many of us continue to run users with administrative privileges on their Windows workstations. Running as standard user reduces exposure to malware by preventing users from updating protected parts of the file system and registry or accessing sensitive Windows operations. An analysis by BeyondTrust showed that 92% of the critical Windows […]

3 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform     Tags: , , ,

Security Thought for Tuesday: Cloud Computing Should be a More Secure Model

by Neil MacDonald  |  August 11, 2009  |  9 Comments

A computing paradigm based on the exchange and execution of arbitrary code is inherently risky.Yet, that’s pretty much the foundation of what we do today with personal computers. Consider that this model is the primary reason we pay billions of dollars to AV vendors to scan our machines for known malicious executable code. Consider that […]

9 Comments »

Category: Application Security Beyond Anti-Virus Cloud Information Security     Tags: ,

Don’t Underestimate Microsoft

by Neil MacDonald  |  August 7, 2009  |  4 Comments

After the latest financial results were announced by Microsoft (including the first year over year revenue decline in its history), I heard an increase in the comments from press and some analysts along the lines of ‘Microsoft has hit its peak’. Don’t underestimate Microsoft. Microsoft is at its best when it is threatened. Time and […]

4 Comments »

Category: General Technology     Tags:

Another Excellent Application Security Maturity Model

by Neil MacDonald  |  August 4, 2009  |  3 Comments

As I talked about in this post, I am a proponent of maturity models in general as they help organizations understand that there is a progression of capabilities as organization become more proficient in a discipline (in this case application security/assurance). Maturity models help people understand that changing people and processes takes time, its never […]

3 Comments »

Category: Application Security     Tags: , ,