Gartner Blog Network

Posts from Date:   2009-3

Will Whitelisting Eliminate the need for AntiVirus?

by Neil MacDonald  |  March 31, 2009

You know the saying “everything old is new again”? That’s exactly comes to mind when I listen to some of the hype around whitelisting and the use of a ‘positive model’ for information security. The Application Control vendors would have you believe that application whitelisting is the latest (and only) answer to the increasing ineffectiveness […]

Read more »

Free Virtualization Security Stuff

by Neil MacDonald  |  March 28, 2009

In this tough economic environment, we are always on the lookout for opportunities to do more with less. In my last post, I pointed you to two free tools to help locate rogue SharePoint sites. Keeping with the theme, here’s some free tools for virtualization security. There are multiple security issues that need to at […]

Read more »

The Phantom Security Menace: Rogue SharePoint Sites

by Neil MacDonald  |  March 24, 2009

You can’t secure what you don’t know about and can’t see. We estimate that 30% of SharePoint servers are deployed outside the management of the IT department. It’s not SharePoint’s fault. It is a popular software solution precisely because it enables users to share information in the way that works best for them. In many […]

Read more »

Even Cool Products Need to be Written Securely

by Neil MacDonald  |  March 20, 2009

Here’s another interesting data table out of the latest IBM ISS X-Force security report: This table shows the Operating Systems with the most security vulnerabilities in 2008. Compared to any single version of any other OS, Apple OS X takes the top spot. I am bound to get some comments saying that I am claiming […]

Read more »

Should Microsoft be in the Security Business?

by Neil MacDonald  |  March 18, 2009

What seems like a yes or no question is not quite so straightforward. There are at least 5 levels to this discussion. 1. Secure coding. Yup. No doubt, Microsoft should produce secure code. We should demand this from all of our software providers. 2. Security functionality in the platform at no cost. Yup. Absolutely. We […]

Read more »

We Are Toast

by Neil MacDonald  |  March 16, 2009

Take a look at this graph from the latest IBM ISS X-Force labs latest malware report and guess what it shows: We are all familiar with the explosion in malware and variants that fundamentally challenges our signature-based protection model (like endpoint antivirus). It has a growth trajectory much like the one above. Nope, that’s not […]

Read more »

The Five Stages of Virtualization Security Vendor Maturity

by Neil MacDonald  |  March 13, 2009

Stage 1: Virtualization Denial – Here, the vendor hasn’t yet acknowledged the need for virtualization security solutions. Worse, they deny that customers actually need this. Typically, the vendor is afraid of cannibalizing their existing physical environment-based revenue streams. You can tell when security vendors are in denial if you go to their website, search on […]

Read more »

Does Securing Information Require a Different Mindset?

by Neil MacDonald  |  March 12, 2009

In my discussions with clients on how to securely implement SharePoint, I’ve seen two major reoccurring issues: 1. Many of the operations and security professionals I talk with about how to securely deploy solutions like SharePoint are very good at protecting discrete things – servers, desktops, hubs, switches, routers, ports and protocols. Even when we […]

Read more »

Virtual Appliances are Real

by Neil MacDonald  |  March 9, 2009

In previous posts, I discussed how security controls need to be virtualized to support the next-generation highly virtualized data center. I have also talked about how most of these virtualized security controls are delivered as “virtual appliances” – essentially a VM containing a preinstalled application service that you download and run on your virtual server […]

Read more »

Application Security: A Tool Cannot Solve What Fundamentally is a Process Problem

by Neil MacDonald  |  March 7, 2009

One of the areas I research is application security – not only how to develop applications that are more secure, but also how applications should be architected to consume security services. The former is increasingly important as the bad guys move “up the stack” to target applications and information. Secure application development is a priority […]

Read more »