Category: Trends

Customers want to have a smaller set of vendors accountable if their technology fails to keep information secure and in compliance with regulations–and large systems and storage companies have the financial clout to act as consolidators. “They have the ability to do the potential M&A (mergers and acquisition) deals in cash, or are large enough to do them with stock, or a combination of both,” MacLeod said.

Prior to their acquisition announcements, ISS and RSA Security, for example, had long been rumored to be potential buyout candidates. Other names analysts point to on a short list of potential targets include Trend Micro, Check Point Software Technologies, McAfee and Secure Computing.

“On one side, you have companies like Cisco (Systems) and Microsoft that will discount the price they charge for security, and on the other side, you have the best-of-breed (niche security) companies,” Kuper said.

Buyers don’t want the consumer side, so maybe it could take the consumer piece private and sell the enterprise business,” said one security analyst, who requested anonymity.

http://news.com.com/Security+firms+jump+in+the+acquisition+pool/2100-7350_3-6121403.html?tag=nefd.lede

“Organisations and the individuals they employ have to take mobile security seriously while still ensuring that they can take advantage of the benefits,” said the report.

However, the study concluded that if security is managed properly, the risks are acceptable given the possible gains for a company.

http://www.vnunet.com/vnunet/news/2165203/managers-snub-mobile-security

They are no longer just executed by hackers for hobby or cybervandilism, but by professionals with a targeted aim at one person, one company or one industry,” said Amrit Williams, research director at Gartner. “For example, we have recently seen several companies hiring private investigators to spy on their competitors.”

Gartner said that social engineering and viruses will remain an everyday nuisance for chief information security officers through 2009.

Gartner urged organisations to incorporate penetration testing into vulnerability management processes and investigate more-aggressive intrusion detection and protection approaches that move beyond threat-signature-based approaches.

It also advised companies to evaluate managed security services when internal capabilities are not available or sufficient for advanced security activities.

Identity theft refers to the theft of an individual’s personal or financial information for the purpose of stealing money or committing other types of crimes. This continues to be a disruption as it can be used to send confidential information to unauthorised persons without the knowledge or consent of an e-mail user.

Gartner advised organisations to ask their existing desktop security vendor to provide an integrated anti-spyware solution.

They should also use their gateway and network security devices to provide anti-spyware capabilities in the network, a strategy that has proved effective in the fight against viruses and spam.

Defence against social engineering relies on deploying consistent security policies and practices that include; educational and clear reporting programmes as well as appropriate technology management. For example, to minimise the risk of sending confidential corporate documents or trade secrets to inappropriate recipients, organisations should use content monitoring and filtering tools.

More than 1,900 information technologies and trends across more than 75 industries, technology markets, and topics are evaluated by more than 300 Gartner analysts in the most comprehensive assessment of technology maturity in the IT industry. It highlights the progression of an emerging technology from market over enthusiasm through a period of disillusionment to an eventual understanding of the technology’s relevance and role in a market or domain.

http://www.gartner.com/it/page.jsp?id=496247

http://www.securityfocus.com/brief/299?ref=rss

“We’ve seen criminals hack into hospital systems just to get the Social Security numbers of the newborns. There’s no one, obvious group of organizations that hackers are targeting.”

There are still plenty of independent hackers out on the Web — just look at the recent Black Hat and Defcon conferences — who might sell vulnerabilities or stolen data by putting them up for auction.

Worms and viruses invented by independent hackers still make up a huge portion of the damage done to corporations each year, Pierson notes.

But the visibility of these individuals and their exploits sometimes belies the growing, but largely unpublicized threat from organized criminals who buy data from hackers or insiders and sometimes contract with them to collect data from a specific corporation, experts agree.

Pierson gives the example of stolen customer credit card data, which is sometimes handled by multiple individuals in a joint effort. While credit card information might be collected through the collaboration of phishers and spammers, that data might then be passed to “cashers” who forge credit cards that use the numbers. Then those cards will be passed out to a network of “mules” who use the cards for small purchases — the kind that might not be immediately detected by the victim — and thrown away. Then the syndicate of players might sell the account information to another buyer, just as the parts of a stolen car might be resold. A similar sort of “syndicate” might be formed to fence stolen business secrets or customer lists to competitors, or to other nations or terrorist groups, he says.

External hackers may be paid off; insiders may be disciplined or dismissed; and in some cases, the crime is never detected. Although there are cases in which external hackers break into an enterprise they find attractive, most targeted attacks involve some help from an insider, experts say.

http://www.darkreading.com/document.asp?doc_id=103198&WT.svl=news2_1

Auditing woes mostly stem from improperly securing user machines and servers, according to the council’s findings. “The problems being flagged in audits are in user and access controls on PCs and laptops, audit reporting and problems in configuration change management,” Hurley says.

Those with poor audits are spending 43 percent of their IT budget on security equipment and software for IT compliance and those with successful audits, 52 percent. “They are taking money out of labor and putting it into automating the processes” such as measurement and monitoring IT compliance across the board, Hurley says.

“The organizations [surveyed] doing continuous monitoring had the least number of audit deficiencies.”

Meanwhile, security firms that perform vulnerability assessments and penetration testing say regulatory compliance is driving much of their business today. Steve Stasiukonis, vice president and founder of Secure Network Technologies, says regulatory compliance pressures from SOX and HIPAA, for instance, are one of the main reasons his clients hire him.

http://www.darkreading.com/document.asp?doc_id=103041&WT.svl=news2_5