Welcome Guest. | Log In | Register | Membership Benefits

All News

Five Tactical Security Metrics To Watch February 10, 2012
Wondering how secure the corporate network is? Here's five operational security metrics that can help. First of a two part series

FBI Seeks 'Automated Search And Scrape' Of Social Networks January 30, 2012
Agency issues RFI for technology to quickly find and surface 'events' via search of social networks, news sites

Do You Need A Security Operations Center? January 28, 2012
When a company starts to worry about losing data to attack, it could be time to create a simple SOC. The most important steps to evaluating the need for an effective operations center.

IP D-Day: Major Providers, Vendors To Go IPv6 June 6 January 24, 2012
IPv6 implementations 'scrutinized' for security issues so no panic necessary, experts say amid concerns of as-yet undiscovered bugs

'Anonymous' Back With A Vengeance: Downs DoJ, MPAA, RIAA, Universal Music Websites January 19, 2012
White House also being targeted as federal anti-piracy moves fuel widespread online attacks

Five Principles To Improve Your Security Monitoring January 13, 2012
Companies should expect to be compromised. So how should firms better monitor their security to detect attackers?

Financial Companies Sharing Information About Security January 13, 2012
Concerns about cyberthreats drive competing institutions to pool information, report says

Sandia Labs Offers Online DNSSEC Tool January 12, 2012
New free visualization tool helps government agencies, businesses in their DNSSEC implementations

Study: Most Federal Agencies Uncertain About Meeting FISMA Security Monitoring Deadlines December 14, 2011
Only 22 percent of federal IT people say their agencies have deployed continuous monitoring technology; ability to meet FISMA deadlines in doubt

Survey: Half Of Firewall Rules Improperly Configured November 15, 2011
Firewall administration, auditing still mostly a manual process, leading to errors and breach risks

Security Still An Afterthought, Study Says November 04, 2011
Despite widespread threats and breaches, most enterprises still ignore security issues when building new apps, Ernst & Young survey says

Tech Insight: The Smart Way To Gather Security Intelligence October 21, 2011
Proper logging and correlation, reporting, alerting are key to catching badness

Many Security Pros In The Dark About Their Own Environments, Study Says October 13, 2011
Do you know how many Internet-facing servers you have? Many IT pros don't know the answer -- nor the answers to many other basic security questions, according to a new RedSeal survey

APT Shaping SIEM October 03, 2011
Traditional security information and event management tools can't catch an advanced persistent threat attacker

SIEM Users Seek To Drill Deeper Into Security Data, Study Says August 15, 2011
Security monitoring, data warehousing, and business intelligence are on integration path, according to Forrester Research report

High-Profile Hacks Prompt High-Powered Hires June 23, 2011
From rock-star CSOs to hot-shot junior incident response specialists

IT Pros Lose Sleep Over Spyware, Not APT June 21, 2011
eEye survey finds most IT admins, managers and C-level executives consider Stuxnet, Operation Aurora, and other high-profile targeted threats 'minor' concerns

Enterprises Seek Best Practices For Storing -- And Finding -- Security Event Logs June 15, 2011
Security event logs can be the solution to a security threat or audit. But how should you store them? Here are some answers

SIEM Meets Business Intelligence May 31, 2011
Getting the most out of security data makes shift to BI a natural one for some organizations, security experts say

The Inconvenient Truth About Breaches May 25, 2011
Assume you've been attacked and line up the tools and information to predict, detect, and respond to it, new Dark Reading Analytics Alert says

Organizational Rivalries, Bureaucracy Big Impediment To Monitoring May 17, 2011
Sometimes politics can deter even the best security deployments

Majority Of Websites Fail To Deploy Online Trust Measures May 17, 2011
Social media, ecommerce, financial services ahead of federal agencies in protecting consumers online, Online Trust Alliance report says

Can Companies Share Security Data? New Report Says Yes May 07, 2011
Emerging standards, industry initiatives could enable enterprises to share security data

Log Management Spurs Data Collection Debate May 03, 2011
First you have to know what to collect before you can analyze all of the data you gather

Enterprises Logging Security Data, But Still Struggle To Use It April 27, 2011
Seventh annual SANS log management survey shows IT security log data still tough to find and correlate

Continuous Monitoring Still A Long Way Off For The Feds April 20, 2011
Deadline for FISMA compliance reporting via automated tool has past, and few agencies are using it

Verizon Data Breach Report: Bad Guys Target Low-Hanging Fruit April 19, 2011
New Verizon Business report says ybercriminals steering away from big caches of data, using simpler tactics to crack smaller enterprises

Tech Insight: Updating Your Security Toolbox April 15, 2011
As threats change, so do the tools for diagnosing and analyzing new threats. Here's a look at some open source applications that every security department should have

IT Security Salaries Stay Flat Despite Wave Of Attacks April 14, 2011
InformationWeek salary survey shows median base salary for IT security pros during the past 12 months mostly stayed the same or dipped slightly-- but they still make more than their IT counterparts

WordPress Reports Multiserver Breach April 13, 2011
"We presume our source code was exposed and copied," says popular Web hosting organization WordPress

Utilities Still Struggling With IT Security Issues, Study Says April 06, 2011
Three-quarters of energy firms have experienced a IT security breach in the last year; 69 percent expect more to come, Ponemon and Q1 Labs study says

RSA Breach A Lesson In Detection And Mitigation April 05, 2011
Today's monitoring and SIEM tools must evolve with better blocking capabilities, security analyst says

EMC Acquires New Monitoring Capabilities Through Purchase Of NetWitness April 04, 2011
EMC buys NetWitness; RSA security unit will integrate NetWitness tools into its monitoring offerings

Searching For Security's Yardstick March 30, 2011
Most security organizations still don’t have clear metrics for measuring their performance – or their enterprises’ security posture

'Silos' Of Security Processes Still Not Integrated, Study Says March 30, 2011
Key IT security processes such as log management, compliance reporting, real-time monitoring, forensic investigation, and incident response still not coordinated, according to SenSage study

SecurID Breach Warning Signs In The Audit Logs March 29, 2011
SANS Internet Storm Center on what to look out for in your ACE server logs to prepare for the worst in the aftermath of the RSA SecurID breach

SIEM Market To Double By 2015, Report Says March 21, 2011
As threats become more serious, demand for security information and event management (SIEM) will grow, Frost & Sullivan says

Secure Development Means Building In Monitoring March 15, 2011
But baking in monitoring and audit capabilities takes a back seat to application development priorities

Getting The Most Out Of Your SIEM System March 10, 2011
SIEM tools promise much, but are often disappointing. Here are some tips for making them work

Under Growing Pressure, Security Pros May Be Ready To Crack, Study Says February 23, 2011
Faced with securing personal devices and a growing base of threats, security pros feel overwhelmed, (ISC)2 survey reports

Practitioners Detail Evolution Of SIEM Deployments February 18, 2011
Most companies progress through three stages, though many get stuck at the very beginning, they said

McAfee, Wind River Team To Build Security Protection For Embedded, Mobile Devices February 17, 2011
New line of products will build ePolicy Orchestrator (ePO) security management agent, whitelisting, network access control, DLP, and host intrusion prevention into embedded device software

New Group Seeks Dialogue On Security Data Sharing, Mining February 15, 2011
Open Security Intelligence community champions methods for harvesting, mining security information

Mozilla Working On Making Its Applications 'Attack-Aware' February 03, 2011
Application would sniff out malicious user activity

SenSage Opens Security Data To Off-The-Shelf Business Intelligence Tools February 02, 2011
New SenSage technology will let enterprises use off-the-shelf business intelligence tools to help navigate and analyze logs and events

More Than Half Of Mobile Providers Hit By Attacks That Resulted In Outages February 01, 2011
Arbor Networks annual infrastructure report for 2010 shows mobile networks in the crosshairs, DDoS attacks against ISPs intensify

Report: Noncompliance Much More Costly Than Compliance January 31, 2011
Ponemon Institute study finds average cost of not complying with security regulations and standards is more than two-and-a-half times as high as what it costs to comply

An Advanced Persistent Threat Reality Check January 27, 2011
Prevention is often futile, so how you manage the aftermath of discovering the intrusion can make all the difference in remediation

Product Watch: NetWitness To Add Real-Time Malware Analysis January 21, 2011
Tool assesses, scores, and prioritize risks from malware

Stuxnet And Playing Offense Instead Of Defense January 20, 2011
Security experts call for emphasis on resilience, offense

Security Monitoring Reports

Does SIEM Make Sense For Your Company?
A security information and event management system serves as a repository for all the security alerts and logging systems from a firm's devices. But this can be overkill for a company that is understaffed or has overestimated its security information needs. In this report, we discuss 10 questions to ask yourself in determining whether SIEM makes sense for you--and how to pick the right system if it does.

Monitoring Tools and Logs Make All The Difference
It's no longer a matter of "if" you get hacked, but when. In this special report, we take a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape.

Collaborative Security: Safe Ways to Share Event Info
Companies, even individual departments, are fighting the onslaught of cyberattacks, not as an army, but in isolated pockets of resistance. Coordinated efforts to share security information, both internally and among enterprises, are hamstrung by a lack of standard data formats, institutional entrenchment and legal concerns. In this report, we explain the obstacles and show you how to overcome them.