O24 - One Step Ahead

O24int blog has moved!

o24int — Sat, 23 May 2009 06:41:17 +0000

Click here for the new address : http://www.o24int.com/blog/

Social network sites are security threat, says survey

o24int — Fri, 22 May 2009 06:26:44 +0000

Web 2.0 technologies, such as Facebook, MySpace and Twitter, are a major security concern for businesses, according to research by Deloitte.

A survey of 200 technology, media and telecommunications firms shows 83% view the exploitation of vulnerabilities in Web 2.0 as a significant threat .

“In some cases, employees unintentionally release sensitive information without realising the consequences,” said James Alexander, partner in Deloitte’s Security and Privacy Team.

10 cloud computing companies to watch

o24int — Fri, 22 May 2009 06:03:13 +0000

Cloud computing is spreading through the IT world like wildfire, with innovative start-ups and established vendors alike clamoring for customer attention.

Generally speaking, cloud providers fall into three categories: software-as-a-service providers; infrastructure-as-a-service vendors that offer Web-based access to storage and computing power; and platform-as-a-service vendors that give developers the tools to build and host Web applications. Here are 10 cloud companies that are worth watching.

Read full story

Security management, compliance and the cloud

o24int — Fri, 22 May 2009 05:59:56 +0000

Forrester Research analyzes the past, present and future of security information vendors and products.

Security information management (SIM) technologies experienced a pretty rocky ride since emerging earlier this decade, industry watchers says, and the ride isn’t over yet for those ready to adapt to customers’ changing needs.

According to Forrester Research, SIM technology drew in enterprise security managers looking to reduce the noise among multiple security devices distributed in large environments, but lost some ground when IDS and IPS technology gained intelligence. SIM products initially used data aggregation and event correlation features similar to those of network management software and applied them to event logs generated from security devices such as firewalls, proxy servers, IDS and IPS devices, and antivirus software. SIM products also normalized data — that is, they translated Cisco and Check Point Software alerts, for example, into a common format so the data could be correlated with one system. Like network management software, SIM tools generally consist of server software, agents installed either on servers or security devices, and a central management console.

Read full story

Network security threats solved by risk management: John Pironti explains

o24int — Thu, 21 May 2009 06:06:41 +0000

Network security threats abound, and news of data breaches are constantly made public. Are information security professionals doing something wrong? Where are enterprises most vulnerable? And what can network pros do to keep a company more secure? in order to solve security issues, we need to think of information security as risk management, says Interop IT security track chair John Pironti, who is president of IP Architects, LLC. Here’s why:

Read full story

Cloud computing forecast: Some risk ahead

o24int — Thu, 21 May 2009 06:02:13 +0000

Cloud computing is generating a flurry of interest as new services enter the market. Right now, cloud computing is fine for smaller companies seeking cheap computing capacity on a retail basis, but to find its place in large enterprise IT operations, it will have to meet tough requirements for governance, risk and compliance (GRC).

Read full story

Enterprises Still Struggling To Get Results From SIEM, Log Management

o24int — Thu, 21 May 2009 05:52:26 +0000

Most survey respondents still haven’t achieved quantifiable benefits, study says

Can you tell if your security information and event management (SIEM) or log management tools are really saving your company money or making it more secure? If you can’t, you’re not alone.

According to a study published today by Aberdeen Grouponly about 20 percent of SIEM users can point to definite gains from using the tools, as measured by reductions in security incidents, audit deficiencies, or operational costs.

“The majority of respondents have not yet achieved those quantifiable benefits, and in some cases are seeing increases in audit deficiencies, security incidents. and operational costs associated with security management,” said Aberdeen in a press release.

Read full story

Web 2.0 Conquers The Workplace, But Many Security Departments Aren’t Ready

o24int — Thu, 21 May 2009 05:49:54 +0000

Many enterprises are lacking key tools for protecting Web 2.0 data, study says

Enterprises are allowing increasingly wider use of Web 2.0 technologies in the workplace for both business and personal use, but many are not ready to secure those applications, according to a study released Wednesday.

According to “Web 2.0 At Work,” a study conducted by research firm Dynamic Markets and commissioned by Web security vendor Websense, some 95 percent of companies currently let their employees access some Web 2.0 applications — including Webmail, mashups, and wikis — and 62 percent of IT managers believe that Web 2.0 is necessary to their businesses. IT executives are feeling pressure from all levels of the organization to expand support for Web 2.0 technologies across the enterprise, the study says.

Read full story

Tippett: Use Application Logs To Catch Data Breaches

o24int — Thu, 21 May 2009 05:47:27 +0000

At CSI/SX, Verizon Business’ Peter Tippett talks trends and lessons learned in data breaches

Given the nature of data breaches today, organizations are better off saving money and doing “lightweight” security testing across more of their infrastructure than conducting deep assessments across a few systems, Peter Tippett, vice president of innovation and technology for Verizon Business, told attendees at the Computer Security Institute (CSI) Security Exchange conference here this week.

Read full story

Web attack that poisons Google results gets worse

o24int — Thu, 21 May 2009 05:39:53 +0000

A new attack that peppers Google search results with malicious links is spreading quickly, the U.S. Computer Emergency Readiness Team warned on Monday.

The attack, which has intensified in recent days, can be found on several thousand legitimate Web sites, according to security experts. It targets known flaws in Adobe’s software and uses them to install a malicious program on victims’ machines, CERT said.

Continue reading the article …