by Neil MacDonald | January 29, 2010 | 4 Comments
Get off of Internet Explore version 6. Now. IE6 has become an anchor (and a security risk). For Gartner clients, we’ve been advising this since October 2006. In blogging, I’ve said it here and most recently, here again. However, in reality, the move is easier said than done. Here’s what I said in this research [...]
Category: Beyond Anti-Virus Microsoft Security Tags: Best Practices, Microsoft, Microsoft Security, Windows
by Neil MacDonald | January 27, 2010 | 5 Comments
One of my frequent blog posting topics is virtualization security. Virtualization isn’t inherently insecure, but in many cases, it is being deployed insecurely. The latter is a result of the relative immaturity of our tools, processes, staff and service providers. Also, in many cases, information security isn’t proactively involved in the virtualization planning. Survey data [...]
Category: Next-generation Data Center Virtualization Security Tags: Best Practices, Next-generation Data Center, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | January 21, 2010 | 13 Comments
In my previous post, I discussed three lessons from the recent breaches of Google’s infrastructure as the result of attacks on unknown vulnerabilities in Internet Explorer where no patch was available. I need to break one out explicitly that falls under the broader category of host-based intrusion prevention: Application Control/whitelisting. I am convinced that whitelisting [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Next-generation Security Infrastructure Tags: Best Practices, Beyond Anti-Virus, Endpoint Protection Platform, Microsoft, Microsoft Security, Whitelisting, Windows
by Neil MacDonald | January 18, 2010 | 6 Comments
We’ve got a team of analysts working on a broader event research note that will be published shortly. What I wanted to discuss here is “so what do I do if my organization is using IE?”. Longer term, there are three key takeaways from the recent events: Lesson #1 – Run more users as standard [...]
Category: Application Security Endpoint Protection Platform Microsoft Security Tags: Best Practices, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Microsoft, Microsoft Security, Security No-Brainer, Windows
by Neil MacDonald | January 14, 2010 | 6 Comments
I’ve written before about OWASP and the guidance they provide to organizations looking to improve application security. One of the best practices for improving application security is to ensure that any code we produce or procure is more secure right from the beginning. Many of the clients I talk with are highly focused on the [...]
Category: Application Security Information Security Tags: Application Security, Best Practices, Information Security, Security No-Brainer
by Neil MacDonald | January 11, 2010 | 3 Comments
As I discuss multiple security alternatives for enterprise desktops with clients, one of the options that must be discussed is the use of server-based computing and terminal services also referred to by vendors as “presentation virtualization”. One of the questions that comes up is “are terminal services really a form of virtualization, or are vendors [...]
Category: Beyond Anti-Virus Virtualization Security Tags: Adaptive Security Infrastucture, Endpoint Protection Platform, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | January 8, 2010 | 4 Comments
Over the holiday break, I watched an excellent presentation on PBS titled “What Darwin Never Knew” During the 2 hour show, it stuck me that all of the diversity — from the simple to the complex — of life on earth is expressed with DNA using only four types of molecules called bases – abbreviated [...]
Category: General Technology Information Security Tags: Information Security, Reducing Complexity
by Neil MacDonald | January 7, 2010 | Comments Off
I saw this article yesterday on Cisco’s acquisition of Rohati. Gartner’s full analysis will be out shortly, but here are my thoughts. I believe this further confirms what I’ve already stated: Identity-awareness should be a feature, not a product. We don’t need to buy yet another box to add identity-awareness to our networks – it [...]
Comments Off
Category: Next-generation Data Center Next-generation Security Infrastructure Virtualization Security Tags: Adaptive Security Infrastucture, Next-generation Data Center, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | January 4, 2010 | 3 Comments
Food for thought to kick off 2010. The convergence of these trends (listed in my opinion of the order of impact) will radically reshape the future of information security – both the vendor landscape and how we architect and manage information security internally: Convergence onto Security Platforms: The movement of related security controls into “security [...]
Category: Endpoint Protection Platform Information Security Next-generation Security Infrastructure SharePoint Security Virtualization Security Tags: Adaptive Security Infrastucture, Cloud Security, Endpoint Protection Platform, Information Security, Next-generation Security Infrastructure, SharePoint Security, Virtualization Security
