Recent articles by Joel Snyder
December 19, 2011
If you're tempted to think of Cisco's Unified Computing System (UCS) as just another blade server — don't. In fact, if you just want a bunch of blades for your computer room, don't call Cisco — Dell, HP, and IBM all offer simpler and more cost-effective options.
December 19, 2011
As with any server product, there are lots of ways to configure UCS, including different levels of CPU, memory and storage. Cisco has a 29-page document to help you get it right, and 29 pages are not overkill. To get an idea of what this might cost, we configured two separate systems: one with 40 dual-socket blades, and another with 80 of the same blades.
September 26, 2011
If there's gold in log files, Splunk, Inc's Splunk Enterprise will help you to find it. Splunk bridges the gap between simple log management and security information and event management (SIEM) products from vendors such as ArcSight, RSA, Q1 Labs, and Symantec.
August 22, 2011
Palo Alto Networks has injected excitement and innovation into the firewall market with its "next-generation" appliances that combine traditional firewalls, threat mitigation technologies such as anti-malware and intrusion prevention, and the new magic dust of application identification.
August 22, 2011
If there is a simple way to describe the difference between a next-generation firewall and a traditional firewall, it is "more detailed controls." In firewall terms, people talk about "widening the 5-tuple."
June 20, 2011
We all worry that there's some lurking security problem in our servers. We do what we can, patching, following best practices, keeping up-to-date with training and news. But wouldn't it be great to have an automated tool to check our work? That's the promise of vulnerability analyzers: products that detect problems in configuration, applications, and patches.
June 20, 2011
Compliance is a natural extension of a vulnerability analysis tool. Normal vulnerability scanning includes searching for unpatched systems, unprotected directories, and other errors in configuration.
June 20, 2011
Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP. That's just normal vulnerability scanning, and depending on your Web applications and Web server settings may turn out a lot of false positives. But actually finding an exploitable script on a Web site requires a more intense search, coming in from the outside, and a more specialized type of scanner.
June 20, 2011
We developed a test methodology and evaluation criteria in six main areas, including results reporting, product controls and manageability, scan results, vulnerability workflow features, interoperability, and updates and protocol support.
June 20, 2011
We tested FusionVM in its software-as-a-service configuration, giving us a portal-based vulnerability analyzer with off-site and on-site scanner capability. (Critical Watch offers other packagings which are entirely on-site if needed.)
The Connected Enterprise
