Search results for: zero trust

Application control with Faronics Anti-Executable

Faronics released a new version of Faronics Anti-Executable, an application control tool that ensures endpoint security by only permitting approved executables to run on a workstation or server. The new release simplifies application control in the face of increasing attacks via social networking websites, and comes as part of the company’s ongoing commitment to providing the most comprehensive layered security suite on the market. Faronics Anti-Executable allows only approved applications to install and execute by … More

Week in review: Targeted attacks exploiting Windows flaw, massive Utah data breach and Flashback malware fallout

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Smart meters vulnerable to false data injection False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection. Poor internal security processes spell disaster Poor internal security management processes present more risk than malicious threats. More than 50 percent of an AlgoSec survey respondents incurred a system … More

On-demand cloud identity management

Ping Identity unveiled PingOne, a multiplexed identity switch in the cloud. One connection to PingOne provides businesses the convenience of Tier 1 Single Sign-On (SSO) access to all of their cloud applications and gives IT one place to centralize control and automate identity management. One connection to PingOne equips cloud application providers to offer Tier 1 SSO to all of their customers. For security conscious businesses, Tier 1 requires exclusively standards-based, federated SSO protocols such … More

Protection against malicious URLs and attachments

Invincea announced the availability of a greatly expanded product suite to address emerging vectors of attacks against users. Building off of its approach to breach prevention which focuses on seamless delivery of untrusted content in secure virtual environments, Invincea now provides its commercial and government clients with the capability to capture and contain the primary attack vehicles used in spear phishing, poisoned search results, and user-initiated infections. As a result, even the most well-crafted phishing … More

Virtualized security routers for cloud security

Halon Security announced a next-generation firewall and security router as a virtual appliance named Virtual Security Router (VSR). VSR is a complete security package for virtual infrastructure and can be easily integrated by using APIs. Features: Virtual (VSR), software and hardware (HSR): The platform is anyway available as ready-to-use hardware appliances, virtual machine images ideal for intra-VM security, and raw disk images which you can write to for example USB sticks which will boot your … More

Endpoint security through whitelisting

The latest release of McAfee Application Control is integrated with McAfee Global Threat Intelligence to show the file reputation of every file in the enterprise. This feature coupled with whitelisting and memory protection makes it an ideal solution for blocking advanced persistent threats and zero-day attacks. The solution is centrally managed by McAfee ePolicy Orchestrator software and uses a dynamic trust model which reduces costs by eliminating expensive manual support requirements. McAfee Application Control is … More

Tips to manage top IT trends

ISACA shared recommendations today for managing three of the trends widely cited to dominate the IT landscape in 2012: Big Data, the consumerisation of information technology (BYOD) and the growing dominance of mobile devices. Big Data: Coaxing order out of chaos “Big Data” describes not only the extremely large volumes of data being collected by enterprises in an increasingly connected world, but also their diverse sources, including social networks, sensor networks, customer chat sessions and … More

Expect an escalation in targeted attacks

Organizations and Internet users can expect an escalation in targeted attacks, growing social media threats and an increase in mobile malware, according to the M86 Security. “In 2011, we saw targeted attacks grow considerably more complex and damaging, impacting high-profile organizations which thrust the issue into the mainstream,” says Bradley Anstis, Vice President of Technical Strategy, M86 Security. “One of the most troubling trends is the rapid progression of mobile malware. Due to the ubiquity … More

New fuzzing platform from Codenomicon

Codenomicon released Defensics X, the latest version of their security and robustness testing software. The update introduces better coverage through infinite test case generation and usability enhancements on the user interface. Improved interoperability checks quickly adapt the tests to any test environment. Finally, new reporting functionality makes it faster to resolve all the discovered zero-day vulnerabilities. Unknown zero-day vulnerabilities are problems that hide in software exposing them to zero-day attacks. Resolving them is the highest … More

Week in review: Study of hacker forums, creating effective CAPTCHAs, and trust relocated for yet another CA

Here’s an overview of some of last week’s most interesting news, podcasts, reviews and articles: Irresponsible IT disposal methods Although data security is the primary concern when decommissioning IT equipment, only 61 per cent of companies currently data wipe all of their redundant computers. A study of hacker forums Recently Imperva released a report analyzing the content and activities of an online hacker forum with nearly 220,000 registered members. In this podcast, Rob Rachwald, the … More

Duqu installer exploits zero-day bug in Windows kernel

An installer for the Duqu Trojan has been discovered by CrySys, the Hungarian firm that initially discovered the threat, and the file has shed some light onto how the threat managed to find its way to the targeted computers. According to Symantec, the installer file is a MS Word document that takes advantage of a Windows zero-day kernel bug to execute the code that installs the main Duqu binaries – as shown by a helpful … More

NAC system PacketFence 3.0 released

PacketFence is a fully supported, trusted, free and open source network access control (NAC) system. Boasting a feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks – from small to very large heterogeneous networks. PacketFence is an unobtrusive solution that works with equipment from many … More