Neil MacDonald

In my previous post, I stated this:
One important note: Because many of the more popular security features such as BitLocker, BitLocker To Go, AppLocker, DirectAccess and so on require EA/SA, the cost of EA/SA must be factored into any cost-benefit analysis of migration. If you don’t already have EA/SA, this can be a significant expense.
Since [...]

[Read more →]

I haven’t posted in a while – I was preparing for and attending Gartner’s US Fall Symposium conference in Orlando which wrapped up yesterday. Coincidentally, yesterday was also the official launch of Windows 7.
As I talked about here, there are things that organizations can do today to improve the security of their endpoints that don’t [...]

[Read more →]

Symantec recently announced the latest release of its consumer protection technology which includes a new malware technology code-named “Quorum”. Essentially the technology uses visibility (or lack thereof) of behavior of executable code across a community to aid in the determination if a given piece of code is “good” or “bad”. We are working on our [...]

[Read more →]

When someone talks undertaking a “Data Loss Prevention” (DLP) initiative, they are usually talking about deploying a product from one of the DLP vendors such as McAfee, Symantec, EMC/RSA and so on. Much like I talked about in this post on application security, a product cannot solve what first and foremost is a process problem. [...]

[Read more →]

In my previous post, I talked about the need to encrypt all desktop and server direct attached storage for protection of the data over the lifecycle of the machine, including retirement. In this post, I made this statement in passing:
Most of us know by now that encryption of mobile laptops should be considered mandatory.

The same [...]

[Read more →]

Most of us know by now that encryption of mobile laptops should be considered mandatory. However, encryption of the direct attached storage used in fixed desktops and servers hasn’t been a priority because of their relative lack of mobility.
However, this overlooks the significant issue of data leakage when devices are retired. This point was [...]

[Read more →]

I saw today on this website that Microsoft has released the beta offering of its free consumer-oriented antivirus/antispyware protection solution called Microsoft Security Essentials (MSE – previously code-named “Morro”). The offering is available to the first 75,000 visitors to the site starting today. Gartner’s full analysis and advice for clients will be available shortly, but [...]

[Read more →]

I had a conversation with a client last week where their incumbent antivirus provider was trying to charge them separately for antispyware capabilities in addition to their antivirus solution.
Sigh. I thought we put this issue to rest years ago.
In 2005, I wrote ”How to Get Free Anti-spyware (or Antivirus) Protection” so I was a [...]

[Read more →]

In my last post, I talked about several impending inflection points for information security.
One of them was:
More than half of our employees spend the majority of their working hours connected to networks we don’t own and don’t control (airports, hotels, home, wireless, 3G and so on)

This brings me to my fifth security no-brainer (for [...]

[Read more →]

You know the saying “everything old is new again”? That’s exactly comes to mind when I listen to some of the hype around whitelisting and the use of a ‘positive model’ for information security.
The Application Control vendors would have you believe that application whitelisting is the latest (and only) answer to the increasing ineffectiveness of [...]

[Read more →]