Security News Curated from across the world
In a separate interview with Techworld, Eckelberry said that as far as he was aware the only other anti-malware products to have tried file emulation in anger were Microsoft and BitDefender.
Vipre Enterprise also boasts of its anti-rootkit protection – the program runs a special module called ‘firstscan in advance of Windows loading – and advanced kernel monitoring.
http://www.pcworld.com/businesscenter/article/158996/sunbelt_pioneers_new_antivirus_technology.html
Over the last five years, Tenable has continued to add additional capability to this widely used and cost effective tool.
Nessus’ capabilities have been extended to conduct agent-less patch audits, system configuration analysis against industry best practices, auditing of applications such as web servers and anti-virus installations and being able to audit hard drives for personally identifiable information (such as credit card numbers and social security numbers), copy written content, and other financial or confidential information.
The ability to perform a full security audit of the underlying operating system as well as the SQL database configuration can ensure that applications have taken every measure to prevent data loss from SQL injection attacks, direct attacks on the database and inadvertent internal access to sensitive data.
“Most organizations practice some sort of defense in depth to keep from being the next high-profile data loss headline,” says Ron Gula, CEO of Tenable Network Security.
The new capability of Nessus includes support for auditing Oracle, MS SQL, MySQL and many others, as well as SQL audit polices based on the Center for Internet Security and the Defense Information Systems Agency “STIGs.”
http://www.marketwatch.com/news/story/tenable-releases-database-auditing-capability/story.aspx?guid=%7B62074F33%2D6313%2D481C%2DB19D%2DB86B8748D3F6%7D&dist=msr_2
Developed in cooperation with PriceWaterhouseCoopers, the Brabeion content will be added to Archer’s GRC product line and significantly expand Archer’s content offerings to now include more than 130 technical compliance baselines and controls.
This acquisition also gives Archer immediate access to a diversified, blue chip customer base including 12 of the Forbes 350 and 15 Fortune 1000 clients.
As part of our future growth strategy, Archer will actively and selectively seek additional strategic partnerships and acquisitions that enable customers to implement a best-in-class GRC program,” said Jon Darbyshire, Archer President and CEO. “The timing for this deal is perfect. This location offers a strategic hub for Archer’s professional services, client support, business development and sales teams with closer proximity to 40 percent of Archer’s customer base. Most importantly, we are confident they will realize the value that Archer brings to their expanding GRC initiatives outside of IT.”
http://pr-usa.net/index.php?option=com_content&task=view&id=165031&Itemid=96
The VIBES prototype protects Web surfers from downloading malware and having sensitive data stolen, all behind the scenes. For instance, when a user wants to open or execute files downloaded from the Internet the system copies the file to a “Playground” virtual machine and executes it there.
Pasqua said he could not speculate on when it might end up as a product.
Symantec also showed off a service called GoEverywhere, an online workspace for accessing Web applications from any Internet-connected device. GoEverywhere, a project that will be in beta testing in a week or two, is designed as a subscription-based hosted service that offers a secure entry point with single sign on to any application on the Web, said Don Kleinschnitz, vice president and general manager of GoEverywhere.
http://news.cnet.com/8301-1009_3-10142893-83.html
This means that the OS was designed and certified to defend against well-funded and sophisticated attackers,” says David Chandler, CEO of Integrity Global Security, the new Green Hills subsidiary.
Integrity-178 B meets the rigorous Common Criteria Separation Kernel Protection Profile (SKPP) standard, which guarantees that malicious code can’t corrupt or harm any other application running on the system.
“I’m delighted that they have accomplished this,” said Stephen Hanna, co-chair of the Trusted Computing group and distinguished engineer with Juniper Networks, during his keynote at the CSI 2008 conference in National Harbor, Md., Tuesday.
http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212100421
This means that the OS was designed and certified to defend against well-funded and sophisticated attackers,” says David Chandler, CEO of Integrity Global Security, the new Green Hills subsidiary.
Integrity-178 B meets the rigorous Common Criteria Separation Kernel Protection Profile (SKPP) standard, which guarantees that malicious code can’t corrupt or harm any other application running on the system.
“I’m delighted that they have accomplished this,” said Stephen Hanna, co-chair of the Trusted Computing group and distinguished engineer with Juniper Networks, during his keynote at the CSI 2008 conference in National Harbor, Md., Tuesday.
http://www.darkreading.com/security/app-security/showArticle.jhtml?articleID=212100421