Cyber Security Institute

Tuesday, October 19, 2010

Web Host 1&1 Launches Server Management App for iPhone, iPad

Web host 1&1 Internet ( has launched a new, free iPhone app to manage 1&1 Dynamic Cloud Servers remotely at any time or location.  According to 1&1’s Tuesday announcement, the 1&1 Dynamic Cloud Server app is now available free of charge from the Apple AppStore.  Suitable for both private customers and businesses, the 1&1 Dynamic Cloud Server package can be of particular benefit to those that has fluctuating server requirements, as well as for start-up enterprises that cannot easily predict the future performance of their projects.


Monday, October 18, 2010

Cloud computing: how to navigate the legal and contractual pitfalls

With all of the hype about cloud computing, you’d think it is a novel concept that will revolutionise the IT industry.  They were not initially called ‘cloud computing’—but ASP or Application Service Provider contracts, or hosted or managed service arrangements, to name a few aliases.  The reason cloud computing is making a lot of noise these days is because the benefits that it can now bring are more tangible than a decade ago, with improvements in internet speeds, IT infrastructure and the increase in the number of service providers in the industry.  The advantages of cloud include: scalability; cost control; opex versus capex advantages through reduced upfront payments; quicker IT deployment and better technology refresh; ‘greener’ IT solutions by avoiding over-provisioning of IT kit and centralising IT infrastructures within the cloud.


Four Big Trends Changing Computing, Gartner Says

Cloud computing, social computing, context-aware computing, and pattern-based strategy are the four big trends that will alter IT in the next few years, according to Peter Sondergaard, SVP of Research for Gartner.  Opening Gartner Symposium, one of the biggest annual gatherings of IT professionals, Sondergaard and other Gartner analysts expounded on the topic of “new realities, rules, and opportunities” that they say are transforming the technology and practice of IT.  While none of these trends is particularly new, taken together, they do have the potential of really changing IT.


CA Technologies Revamps Cloud Automation Suite

CA Technologies revamped and relaunched its CA Automation Suite for virtualized dynamic cloud computing environments, CA said Oct. 18.  The new CA Automation Suite features two new products and enhancements to four other products, including The CA Server Automation, CA Virtual Automation, CA Client Automation and CA Workload Automation.  CA realigned the automation suite with its overall cloud portfolio of products that automate, integrate and standardize the provisioning and nagement of physical, virtual and cloud resources, CA said.  The revamp will make the product line more visible to customers, said Ryan Shopp, senior director of product marketing of the Virtualization and Automation group at CA Technologies.  The refreshed automation suite is more business service-centric, so that IT managers can look at the application and know what it does and who it’s for, according to Shopp.


Entry level SIEM and log management solution introduced by LogLogic, as LogRhythm introduces virtual

LogLogic has announced the release of an entry-level security information event management (SIEM) and log management product.  According to LogLogic, it comes standard with support for over 340 systems and device types, and support for countless others, with the addition of LogLogic 5’s ‘Log Labels’ feature.  With support for VMware ESX, Microsoft Hyper-V and Citrix XenServer, LogRhythm said that the solution allows customers to run its platform on a virtual machine, deploy it in its familiar appliance form factor and implement mixed mode environments to meet data centre and remote site requirements.


Friday, October 15, 2010

Citrix looks to build bridges in the cloud

One of the issues currently holding back the adoption of cloud computing is the difficulty of moving data between different services.  The problem stems from the fact that cloud providers and virtualisation companies work with their own competing proprietary technology stacks, meaning tasks such as moving data held by a cloud computing vendor to an internal private cloud can be a tricky affair.  Virtualisation company Citrix is attempting to tackle this problem with its OpenCloud technology, unveiled at its Synergy user and partner conference in Berlin recently.


Thursday, October 14, 2010

Security’s Risk And Change Management Tools: Drawing A Picture Of Security Posture

It’s a question that business executives love to ask—and IT people hate to answer. “What’s our security status?”  It’s a question that business executives love to ask—and IT people hate to answer.  If you’ve been around IT security for more than a week, then you know there’s no definitive, empirical way to answer that question.  Recently, however, some large enterprises have been getting a little closer to providing some metrics for security posture, using an emerging class of products that is coming into its own.  The technology category—championed by vendors with names such as AlgoSec, RedSeal, Skybox, and Tufin—has been variously referred to as “security risk management,” “security life cycle management,” “firewall configuration management,” and “security posture management” (SPOM), among other names.


Wednesday, October 13, 2010

New Malware Wants Your Life, Not Your Passwords

A research paper published this week should serve as a wake-up call to those who are particularly fond of social networking sites and therefore make ideal candidates for a new breed of malware that in practice resembles something close to a black-market customer relationship management (CRM) system in reverse.  Titled “Stealing Reality,” the paper was written and researched by academics and communications experts at MIT, Ben Gurion University and Deutsche Telekom Laboratories and uses complex mathematical formulas to demonstrate just how effective a stealth malware attack targeting Internet users’ behavior and communication patterns could be if practitioners were—- or already are—- willing to be patient and unobtrusive.


Best Practices For Oracle And Database Patching

As Oracle prepares to dump a passel of 81 security fixes on its user base—including seven critical patch updates (CPUs) for its database product—many database administrators are preparing to patch their Oracle database platforms accordingly.  According to a recent survey of its members, only 37 percent of organizations patch their systems within the same three-month cycle that CPUs are released. Approximately 28 percent either take a year or more to patch, have never applied a CPU, or don’t know how long it takes them to patch their databases.


Tuesday, October 12, 2010

LogLogic Releases Industry’s First Full Service Virtual SIEM Appliance

LogLogic, the leading independent SIEM and IT data management provider, today announced the release of the industry’s first full-service virtual SIEM solution.  Leveraging the recently released LogLogic 5 software, LogLogic’s MX Virtual delivers all the functionality of LogLogic’s hardware-based appliances via VMware technology, enabling companies to improve business operations, enhance security and meet strict compliance mandates.


Symantec adds service-level templates to Storage Foundation

Symantec Corp. today announced Veritas Operations Manager 3.1 and Veritas Storage Foundation High Availability 5.1, the company’s next generation family of storage management software.  Symantec said it has added “storage templates” or service levels that allow administrators to automate the type of storage—based on performance and protection level—allocated to applications.  Symantec has defined three templates of storage: Gold, Silver and Bronze, each of which is used to determine the type of disk, RAID level and whether storage is allocated through thin provisioning or through more typical common over-allocation methods.  For example, if an administrator sets a policy that all e-mail that does not contain company sensitive financial information is to receive Bronze-level storage, it might be stored on serial ATA (SATA) drives on a network-attached storage (NAS) system with RAID 6 protection.


Interest Growing in Private Cloud Computing

Merrill Lynch says the public and private cloud infrastructure will be a $160 billion market by 2011.  While there’s still plenty of room for growth among enterprises for straight ahead, consolidation-oriented server virtualization projects, many organizations are looking to take their virtualization deployments to the next level.  By shaping their data centers into elastic and self-service platforms akin to those built by large cloud computing outfits such as and


Monday, October 11, 2010

Six Tips For Application Security Monitoring Success

Many organizations are using advanced log management and security information and event management (SIEM) systems in response to tightening security compliance standards, such as PCI DSS, so now could be the perfect time for forward-thinking businesses to consider pushing monitoring up the stack—into the application layer.  With these SIEM and log management systems in place, organizations now have the ecosystem necessary to process all of the data coming from disparate applications into something meaningful for the security team.


Most large companies hit by hack attacks, survey shows

That’s what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.  The Sixth Annual Enterprise IT Security Survey, released Monday, found that 67% of large companies with 5,000 or more employees reported one successful intrusion or more this year, compared with 41% in 2009.  For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.


Sunday, October 10, 2010

Global Critical Infrastructure Increasingly Being Penetrated By Cyber Crooks

A new study called ‘Symantec 2010 Critical Infrastructure Protection Study has been conducted by the security firm Symantec that shows how frequent criminals do that.  According to Mark Bregman, Chief Technology Officer at Symantec, half of the organizations surveyed stated that they had experienced politically provoked attacks in the past, as reported by investors on October 6, 2010.  Only one third of the respondents were found to be extremely ready against such risks.