This prediction is part of Gartner’s 10 key predictions that showcase the trends and events that will change the nature of business and IT in 2007 and beyond.
http://www.it-observer.com/news/7010/gartner_75_networks_have_undetected_malware/
Author: admini
Visa U.S.A. adds financial incentives, fines to PCI program
Visa’s new Visa PCI Compliance Acceleration Program is designed to spur entities that are covered by PCI rules to comply in a speedy fashion, said Jennifer Fischer, a director at Visa U.S.A. “This program is part of our larger strategy for protecting cardholder data and to ensure that we are doing everything we can to protect it from compromise,” she said.
It targets the financial institutions responsible for the largest 1,200 merchants — known in PCI-speak as Level 1 and Level 2 merchants — which together account for about two-thirds of Visa’s total transaction volumes, she said.
Though nearly 18 months have passed since PCI rules went into full effect, only 36% of Tier 1 merchants and 15% of Tier 2 merchants are currently compliant with the requirements, according to Visa.
As part of the compliance validation process, merchants will need to show that they have purged all magnetic stripe data, Card Verification Value data and PIN data from their point-of-sale (POS) and other systems, Fischer said.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9006100&source=NLT_AM&nlid=1
Rustock Trojan A Model For Future Threats
Rustock, like other recent in-the-news exploits such as “Stration,” is designed to send spam from hijacked computers.
Rustock hooks into the Windows 32-bit kernel, and patches several APIs (Applications Programming Interfaces) to hide the new registry keys and files it installs.
Polymorphic exploits, which first appeared in 1990, are rarely seen today, Martin says, but Rustock has revived the practice as another defensive strategy against security software, which uses pattern detection and threat-specific signatures to sniff out malware.
http://www.informationweek.com/showArticle.jhtml;jsessionid=3SBBS032AKJBOQSNDLRSKH0CJUNN2JVN?articleID=196603916
EMC Boosts Security Level of Network Analysis Software
This new support gives users two layers of security, providing full encryption of packets as well as full encryption and authentication for polling and discovery.
With IP Tagging, users can better handle overlapping IP addresses in both IP and MPLS environments, company officials said.
“The EMC Smarts architecture allows us to integrate all of our siloed management systems, including in-house-developed systems, into one correlation console,” said John Premus, Chief Technology Officer JRI America in a statement.
“Of all the solutions tested, we found that only EMC Smarts software provides the levels of business logic necessary, without forcing us to write complex rules to capture every possible scenario,” Premus said.
Further upgrades include enriched support for key management environments like MPLS, and wider integration with system and application instrumentation solutions.
http://www.eweek.com/article2/0,1895,2072196,00.asp?kc=EWSTEEMNL121406EOAD
2007 To See More RFID Adoption, Continuing Need For Training
Sommer said he doesn’t believe there is a “magic number” for calculating when the cost of RFID technology will be low enough to trigger widespread adoption. “We’ve seen where the tag itself, the semiconductor with the antenna, has gotten down to the 10- to 17-cent level,” he said during a recent interview, adding that the prices vary depending on how companies deploy the technology.
Eventually, when RFID is used in personal items such as clothing, retailers are likely to use technology that allows consumers to have the tags “killed” at checkout counters.
First, companies must train or hire people who have mastered the technology. “Few people understand how to tag goods to make sure they’re readable and how to configure readers in order to make sure they work,” Sommer said.
http://www.informationweek.com/news/showArticle.jhtml;jsessionid=GQ2KNKRGEDPBYQSNDLRSKHSCJUNN2JVN?articleID=196603236
Blurring the Line Between SOC & NOC
The medical center’s intrusion prevention system (IPS), Web filtering tools, and other security and networking tools, for instance, are already converging, Khousnoudinov says. But that doesn’t mean the NOC and SOC will completely merge.
In fact, security analysts say you need a healthy separation between some duties, especially where security policy implementation and auditing is concerned.
Even Boston Medical, which is ahead of most organizations with its fusion of NOC and SOC duties, still keeps policy and auditing as well as its Windows Active Directory security separate from the overall NOC operation, according to Khousnoudinov. That prevents conflicts of interest or other related problems when, say, security must investigate internal access of the company’s resources, says Nicolett. “The security group in charge of investigations might [have to work on something] that involves privileged users,” he says.
The first place the NOC and SOC are converging is in event monitoring. “But control over what’s monitored and drilling down on this needs to be retained by the security staff,” Nicolett says. So start looking at your redundant call center or trouble-ticket systems, for instance, says Rob Enderle, principal analyst with the Enderle Group.
http://www.darkreading.com/document.asp?doc_id=112583&WT.svl=news1_2