Server Psychic? No, just SIEM savvy

02/04/10

Ascent Media Group has deployed an enterprise SIEM system that provides deep insight to what's happening on its network that spans 60 semi-independent companies and 40 locations around the world. A single console in California provides alerts on problems that are happening half a world away.

Consolidate your security services infrastructure onto one scalable virtual platform

01/29/10

In the server consolidation wave, one area that is ripe for consolidation is security services. Today's security service infrastructure is primarily built on appliances, which have a way of proliferating like bunnies. What if you could take 800 Cisco firewalls and their incumbent networking infrastructure and collapse them down to one highly scalable virtual security platform? No problem. Read on to learn how.

Does the Microsoft and HP integration strategy signal a new business model?

01/22/10

"Some assembly required." It's not just the fine print on children's bicycles and dollhouses that dads encounter on Christmas Eve. That phrase also applies to the new data center, with virtualized servers and applications, and management tools to monitor and control how things work. There's lots of integration work to be done to get everything to work together. Now Microsoft and HP say they are going to lessen your integration burden by doing some of the work for you. Is this level of cooperation the future of the IT industry?

Save money by mobilizing unified communications

01/15/10

Still looking for ways to cut costs? Consider mobilizing your unified communications. You can save considerable money on cellular communication plans while also making employees more productive.

Improving network access security for unmanaged devices

01/07/10

Unmanaged devices such as smartphones and guest users' laptops can be a real problem on any network. Experts from Avenda Systems provide best practice tips on how to balance network access security with the need for productivity.

Managed security service packs a lot of protection into one box

01/04/10

Many small and midsize companies don't have the means to provide adequate and broad network security measures in-house. Yet these companies experience the same threats from the Internet as large companies with specialized security experts. A managed security service can provide strong security measures that are always current and that address a wide range of threats.

Recovery of stolen laptop leads to arrest of murder suspect

12/21/09

This is a pretty amazing story about a stolen laptop and how it led to the arrest of a dangerous criminal accused of drive-by shootings and a possible murder. If it weren't for the proactive approach taken by an IT professional, this guy might still be on the loose, committing more crimes and causing more havoc in his community.

Cost-effective data encryption in the cloud

12/11/09

It's certainly a good practice to encrypt sensitive data that is stored or used on PCs, thumb drives and other portable devices. Some companies fear the cost and complexity of data encryption. Now a cloud-based service makes it easy and very cost effective to implement encryption as a means to secure sensitive data.

Standards for protecting personal information

12/04/09

The state of Massachusetts has published its standards for the protection of personal information of residents of that particular commonwealth, with a compliance deadline of March 1, 2010. This is a good starting point for any organization that is serious about protecting individuals' sensitive data, regardless of where they live.

Is certification valuable, or not? We have the definitive answer

11/25/09

Are IT certifications still relevant today, or are they not worth the time, effort and money? This debate has raged for years. Now, an in-depth three-year IDC study provides real data that shows the relationship between training, certification and the functional performance of teams of IT professionals.

Access control strategies for PCI and other security operations

11/20/09

Innovations in the access control solutions market have made it easier to align security and compliance objectives with business imperatives. Industry expert Cheryl Traverse talks about how next-generation access control solutions address very explicit requirements in the PCI DSS.

Healthy ways to spend $40 billion

11/13/09

The U.S. federal government has $40 billion set aside for healthcare IT. Much of that is earmarked for electronic medical records, but experts say there are other pressing needs that would improve healthcare. Unified communications and telepresence are two of the technology solutions on many hospitals' wish lists.

The Four Rs of sustainable IT: refurbish, reuse, recycle, ROI

11/06/09

Do you have obsolete and unused computer equipment sitting around the office? Cha-ching! Those old clunkers can be good for cash if you refurbish, reuse and recycle them the right way.

Lost: A $49,000 laptop computer

10/30/09

According to Ponemon Institute, the average cost of a lost or stolen laptop PC is more than $49,000. Most of this cost is due to the exposure of sensitive data. The sooner you discover the PC is missing and take action to disable access to the data, the less expensive the experience of the loss is.

Data masking secures sensitive data in non-production environments

10/23/09

Sensitive data is a part of every large organization's normal business practice. Allowing sensitive data from production applications to be copied and used for development and testing environments increases the potential for theft, loss or exposure -- thus increasing the organization's risk. Data masking is emerging as a best practice for obfuscating real data so it can be safely used in non-production environments. This helps organizations meet compliance requirements for PCI, HIPAA, GLBA and other data privacy regulations.

How to protect a database from the inside out

10/16/09

Your databases contain your company's most sensitive information -- credit card numbers, bank records, customer account information, financial records and so on. Chances are your database security is based on building a secure perimeter around the database, but this still leaves the data at risk. Sentrigo puts a sensor on your database to detect each illicit activity so you can detect, alert and prevent data breaches. This sensor helps protect databases from the inside out.

Engineers fix the shortcomings of the traditional firewall

10/09/09

Do you find yourself putting a Band-Aid solution on a legacy firewall, such as strapping on an intrusion-prevention system here or antivirus software there? If the firewall is a security device, why should we have to surround it with other security devices to help it do its job? A group of security engineers addressed those shortcomings with a new kind of firewall built from the ground up.

Survey: Mainframe managers discuss their priorities

10/02/09

In a 2009 survey, 1,546 IT managers who are responsible for mainframe operations revealed their top management priorities. Read on for some best practices for addressing those needs.

A security evangelist shares his best practices

09/25/09

Anyone who has the word “evangelist” in his business title must really love his job. This week, John Linkous, Security and Compliance Evangelist at eIQnetworks shares his best practices for information security.

Best practices and automation for data privacy

09/18/09

Your organization probably pays attention to data security, ensuring that sensitive data doesn't leak out or get into the wrong hands. But what about data privacy? How can you ensure that your organization is adequately protecting an individual's right to control the way you use his personal data? Now there's a tool to help automate privacy compliance as part of your overall corporate GRC program.

Top 5 best practices for firewall administrators

09/11/09

Summer vacation is over and the busy holiday season is just a few months away -- not just for you, but for hackers as well. They plan to take advantage of your time off and the relaxed holiday atmosphere at Christmas and New Year's. Michael Hamelin, chief security architect at Tufin Technologies, says don't let your guard down. He provides his top 5 best practices for managing your firewall.

Has your sensitive data leaked into the wild?

09/03/09

Most organizations have data security policies designed to keep sensitive information from becoming publicly available. Still, you’d be surprised at the kind of information that makes its way out into the open, either accidentally or intentionally. Financial records, customer account information, product plans and roadmaps. Do you know what information your company is exposing? New “data leak detection” (not prevention) technology from Exobox Technologies can tell you what is in the public eye, and where it is.

BMC's CTO gives advice on cloud management

08/27/09

Everyone's talking about putting their application "in the cloud" these days. Cloud computing might be the next evolution for enterprise applications, but BMC Software's CTO advises IT organizations to consider how their application can be managed once in the cloud.

More tips on detecting botnet infestation

08/19/09

As a follow-up to last week's article on detecting the presence of a botnet on your network, I have more advice from experts in this arena. IBM's Internet Security Systems X-Force gives specific examples of botnet activity to watch for on your network.

Detecting "bot rot" using log management or SIEM

08/07/09

There are many kinds of tools that can help detect the presence of a bot. Log management and SIEM tools are helpful in detecting the communication that is a hallmark of a botnet. Experts provide their advice on how to use such tools to determine if a bot is at work on your network.

More

Linda Musthaler is a principal analyst with Essential Solutions Corporation.