Archives for March, 2011
by Neil MacDonald | March 22, 2011 | Comments Off
I’ve spent the past day and a half attending Microsoft’s Management Summit in Las Vegas. From my perspective the announcement that will affect the most enterprises from a security perspective was a change in licensing related to Forefront. Some history — in 2010, Microsoft reorganized the Server and Tools Business Unit placing the Forefront Endpoint [...]
Category: Cloud Cloud Security Endpoint Protection Platform Microsoft Microsoft Security Next-generation Data Center Virtualization Virtualization Security Tags: Cloud Security, Endpoint Protection Platform, Hyper-V, Microsoft, Microsoft Security, Next-generation Data Center, Virtualization, Virtualization Security, Windows
by Neil MacDonald | March 15, 2011 | Comments Off
The conventional wisdom is that a user who is configured with “standard user” privileges (the least possible in Windows 7) cannot install software (or malware for that matter). This is incorrect. Software that writes to the user’s data directory, and that doesn’t write to protected portions of the registry, can install correctly as a standard [...]
Category: Endpoint Protection Platform Microsoft Security Windows 7 Tags: Best Practices, Defense-in-Depth, Endpoint Protection Platform, Lockdown, Microsoft Security, Reducing Cost, Whitelisting, Windows
by Neil MacDonald | March 11, 2011 | Comments Off
Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had gotten into the Google application store. The latter was particularly serious as it involved a privilege escalation attack that broke out of the Android sandbox. [...]
Category: Application Security Beyond Anti-Virus Endpoint Protection Platform Tags: Apple, Application Security, application security testing tools, Best Practices, Beyond Anti-Virus, Endpoint Protection Platform, Whitelisting
by Neil MacDonald | March 11, 2011 | Comments Off
Google’s Android has made the news a couple of times already in 2011: Here, with a credit card snooping exploit proof of concept and most recently, with malware that had gotten into the Google application store. The latter was particularly serious as it involved a privilege escalation attack that broke out of the Android sandbox. [...]
Category: Virtualization Security Tags:
by Neil MacDonald | March 9, 2011 | 3 Comments
The cloud isn’t one thing, so securing the Cloud won’t be one thing either. The industry has settled on a layered framework for understanding, comparing and selecting cloud-based services. Gartner’s model has these high-level layers (with subcategories in each layer): Infrastructure as a Service (compute, storage, etc) Platform as a Service (middleware-like services such as [...]
Category: Cloud Cloud Security Virtualization Virtualization Security Tags: Cloud Security, Defense-in-Depth, Next-generation Data Center, Virtual Appliances, Virtualization Security
by Neil MacDonald | March 9, 2011 | Comments Off
Sitting here in the airport getting ready to fly back home, it occurred to me that all of these hyped technologies have had a critical shift in mindset over the past several years. Each of these technologies was originally touted with their ability to block and control “bad things” from happening. With NAC, this entailed [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Security Intelligence Tags: Beyond Anti-Virus, Endpoint Protection Platform, Information Security, Next-generation Security Infrastructure, Whitelisting
by Neil MacDonald | March 7, 2011 | 4 Comments
I was performing some background research on the number and severity of vulnerabilities produced by Apple, Microsoft and other vendors when I ran across something quite interesting. (BTW – I was researching the issue addressed in this research note for clients — whether or not antimalware software is recommended for enterprise Apple Macintosh endpoints.) Microsoft, like [...]
Category: Application Security Information Security Microsoft Security Windows 7 Tags: Apple, Application Security, application security testing tools, Browser Security, Microsoft, Windows
by Neil MacDonald | March 4, 2011 | Comments Off
I’ve had several calls recently where clients are looking to switch their endpoint protection platform vendor from one provider to another because they’ve gotten infected and they believe that switching vendors will provide them better protection. The scenario is usually goes something like this: they are using vendor X, got infected, scanned the machine with [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Information Security Tags: Best Practices, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform, Information Security
by Neil MacDonald | March 3, 2011 | Comments Off
I’ve talked about this issue in past blogs, but I have an increasing number of clients asking me whether or not antimalware protection is needed on Apple Macintosh computers. More and more, organizations are putting Macs on the list of approved devices so a deeper look into this question is warranted. I’ve provided detailed guidance [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Endpoint Protection Platform
by Neil MacDonald | March 1, 2011 | 1 Comment
As I walked the exhibit hall floor at RSA, I couldn’t help but notice the large numbers of vendors talking about the need for improved detection capabilities and security intelligence that provides actionable insight as to what is going on in our IT infrastructure. Complete protection requires both prevention and detection capabilities. I’ve blogged about [...]
Category: Beyond Anti-Virus Endpoint Protection Platform Security Intelligence Tags: Adaptive Security Infrastucture, Defense-in-Depth, Endpoint Protection Platform, Next-generation Security Infrastructure, Reducing Cost
