CyberSecurity Institute – Page 128 – Security News Curated from across the world

Product Watch: NitroSecurity Integrates Log Management With SIEM

Posted on January 14, 2010December 30, 2021 by admini

The tools also work with NitroSecurity’s database application monitoring and IPS tools: “We work at Layer 7, so if someone tries to get into the database who shouldn’t,” the security team is alerted, says Jerry Skurla, executive vice president of marketing for NitroSecurity.

Eric Knapp, vice president of technology marketing for NitroSecurity, says SIEM and log management integration has been slow to emerge because of the heavy volume of logs.

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=222300869&subSection=Security+administration/management

IDC Expects A/P Security and Vulnerability Management Market to Achieve Largest Growth in 2010 as Or

Posted on January 13, 2010December 30, 2021 by admini

The security landscape has been seeing new threats growing explosively in number and complexity – attacks that exploit the vulnerabilities of applications, insider sabotages, identity fraud and unauthorized access to corporate systems and networks.

Companies are required to align with international regulations, standards and best practices when collaborating with business partners around the world.

Many of these companies have turned to SVM products to establish a security management framework for various compliance requirements such as policy compliance, log archiving and auditing,” said Judy Wu, Research Manager for IDC Asia/Pacific Security Research.

At the same time, previous purchase and deployment of security products over the years have increased management and integration complexity.

The SVM segment is a key growth area across Asia/Pacific as companies turn to SVM’s capabilities – such as patch management, policy enforcement and security incident analysis and management – to reduce complexity and increase management efficiency.

Compared with the first half of 2008, there was a minor decline in 1H09 for security spending due to the global recession which reared its ugly head at the end of 2008.

We expect companies to continue to find ways and leverage new security technologies such as policy and IT compliance suites, as well as vulnerability assessment and risk management products to increase management efficiency.

http://www.idc.com/getdoc.jsp?pid=23571113&containerId=prHK22160710

Virtualization security remains a work in progress

Posted on January 11, 2010December 30, 2021 by admini

One development that occurred this year is the release of VMware’s security APIs. After talking up the idea since February 2008, VMware in April 2009 finally released its VMsafe APIs intended to help security vendors build products to work with its platform.

“We’re not using the VMware APIs today due to performance,” says Richard Park, senior product manager at Sourcefire, which in early December shipped its first virtualized sensor and management console for VMware ESX and vSphere4. Sourcefire’s traditional physical appliances are network sensors that can do both intrusion-detection monitoring and intrusion-prevention blocking. But at this point, the Virtual 3D Sensor and Virtual Defense Center will only provide monitoring visibility into VMware’s ESX hosts, not blocking of attacks.

At the Gartner ITExpo in October, Gartner Vice President Neil MacDonald publicly excoriated some security vendors for not moving more rapidly to come up with software-based virtual appliances, insinuating they would rather stick to their old ways of selling expensive hardware boxes. Enterprise customers are rapidly virtualizing their IT environments and often unwittingly creating less-secure results even as they reap the many benefits of virtualization, MacDonald says. Roping off virtualized servers with virtual LANs alone — a common practice — “is not sufficient for security separation,” MacDonald says. MacDonald says virtualization is causing some “business-model disruption” in security and praised the efforts of some vendors, including Trend Micro, to leap in with new offerings to take on the virtualization challenge.

Trend Micro’s Core Protection for Virtual Machines, antimalware software that was designed for use with VMware, was released in the third quarter. According to Bill McGee, senior director of product marketing at Trend Micro, both products make some use of tools in VMsafe. VMware has been among the most aggressive of the virtualization software vendors to open up their technology to optimize security functions, he says, while so far the actions of Citrix and Microsoft seem “more limited” in this area.

For its part, VMware says it’s glad to see a number of vendors, including Altor Networks, Reflex, ISS IBM and Trend Micro, adopting the VMsafe technology.

According to Forrester Research, adding hypervisor technology (Citrix Xen, VMware vSphere and Microsoft Hyper-V) “does add some marginal risk to IT environments, because it layers additional software on top of existing operating systems.

According to Jacquith, one disappointment remains VMware’s Live Migration feature for configuring VMs so that they automatically migrate from one farm host to another, for purposes of fault tolerance and business continuity.

http://www.computerworld.com.au/article/330761/virtualization_security_remains_work_progress/?fp=16&fpid=1

Airport breaches on the rise nationwide

Posted on January 10, 2010December 30, 2021 by admini

Statistics from the 2009 fiscal year weren’t included because the GAO released its report just after that fiscal year ended.

“While some breaches may represent dry runs by terrorists or others to test security or criminal incidents involving airport workers, most are accidental,” the report said.

Joe Terrell, TSA’s federal security director at Pittsburgh International Airport, said through a spokeswoman no breaches occurred at the Findlay airport since he assumed his post in August 2005.

In that incident, a woman squeezed through a 1-foot gap between a checkpoint metal detector and an X-ray machine and continued to the airside terminal, where she boarded a flight to Houston. She got by because the nearest TSA screener — overseeing two checkpoint lines — was dealing with another woman who tried the same stunt.

In its report, the GAO said airports have several secure areas with varying levels of security. They include baggage loading areas, exterior areas near terminals and what the TSA calls air operations areas, including the airfield; areas near parked aircraft; and air cargo and aircraft maintenance facilities, the report said.

Pittsburgh International Airport is situated on more than 9,000 largely wooded acres, making it one of the largest airports in the country by area — and an attractive hunting ground for overzealous hunters. Hunters who go over or under the perimeter fence surrounding the airport’s 9,000 acres would have to go beyond a second fence around the air operating area to breach security, he said.

Davis also attributed the jump in breaches nationally to heightened awareness or enforcement triggered by high-profile breaches elsewhere; management changes; and increased, random government inspections of airport security.

http://www.pittsburghlive.com/x/pittsburghtrib/news/cityregion/s_661513.html

CSI Computer Crime and Security Survey Shows Poor Security Awareness Training in Public and Private

Posted on January 8, 2010December 30, 2021 by admini

The institute asked respondents to rate how satisfied they were with their technologies on a scale of 1 to 5. All technologies fell within the 3.0 to 3.6 range, which isn’t bad, but the tools that scored the lowest in that zone were the ones that are supposed to indicate how secure an organization is at any given moment. “They weren’t wildly happy with anything nor, on the other hand, were they wildly unhappy with anything, but it sort of indicates to me that there’s an acceptance of the tools we have,” said Robert Richardson, CSI’s director. The tools mentioned in the survey overview included log management tools, data leak prevention, content monitoring and intrusion detection tools.

A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.

Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well.

Government agencies constituted more than 13 percent of survey participants, comprising people from federal, local, military and law enforcement jurisdictions.

Richardson thought the results were telling, but he wondered about the experiences of those who didn’t respond.

http://www.govtech.com/gt/736410?topic=117671

Log Management Appliance facilitates regulatory compliance [and chain of custody]

Posted on January 7, 2010December 30, 2021 by admini

By adding support for digital signing and encryption, netForensics has employed the strongest security measures currently available to safeguard sensitive log data.

The nFX Cinxi One family of appliances processes the industry’s highest volume of events per second (EPS).

“With nFX Cinxi One, organizations operating on tight budgets no longer have to choose between a log management solution that demonstrates that proper security measures were in place after an attack and proactive threat management capabilities that would prevent an attack in the first place,” said Tracy Hulver, Vice President of Product Management and Marketing, netForensics.

http://news.thomasnet.com/fullstory/570881