Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
|
Sourcefire Announces Integration With VMware vShield
Integration helps users reduce the risk of a security breach or data loss
National Survey Finds 1 In 3 Mobile Phone Owners Would Know They've Lost Their Phone Within 15 Minutes
Study also found that men would notice their phones had gone much quicker than women
Symantec Report: 'Bagle' Now Most Active Spamming Botnet
MessageLabs Intelligence identified that global spam volumes fell by 33.6% between March 15 and 17
SAIC, McAfee Report: Hacking Is No Longer Just About The Money
Cybercriminals are now focusing on intellectual property as a means of extracting revenues from companies
Verisign Unveils Uptime Bundle For DDoS, Managed DNS, And Threat Intelligence In The Cloud
Three bundled cloud-based services help improve the performance, security, and availability of websites, email, and critical network services
DDI's Vulnerability Scanning Engine Receives Patent-Pending Status
Also applies to SaaS-based Frontline Solutions Platform
nCircle Announces Benchmark Adapters For Qualys And Rapid7
nCircle Benchmark Metrics Packs deliver prepackaged field tested metrics and scorecards
StrikeForce Deplays 'Out of Band' Cloud Authentication Service
CAS delivers two-factor "Out-of-Band" authentication to organizations of all sizes
63% Of Merchant Networks Contain Unencrypted Payment Card Data In Violation Of PCI
SecurityMetrics scans indicate a large number of merchants use payment application software that does not conform to PA-DSS
Stratum Security Launches Website To Help Organizations Determine Their PCI Level
Online tool designed to help organizations determine their PCI level
Symplified Experts Join Cloud Security Alliance
CSA is a non-profit organization formed to promote the use of best practices
Vineyard Networks Promises To Add "Application-Aware" Security Capabilities To A Wide Range Of Vendor Products
Network Application Visibility Layer analyzes network data in real time
Symantec Brings VeriSign Identity Protection (VIP) Access For Mobile To The iPad
AFM interoperates with 700-plus types of mobile devices
McAfee Delivers Comprehensive Database Security Solution
Database security is a key element of McAfee's overall strategy
Hitachi ID Launches Privileged Access Manager, Self-Service Anywhere
New release of Hitachi ID Management Suite includes access control for privileged accounts, session monitoring, and access to self-service for mobile users
ANSI And Shared Assessments Launch Initiative
Companies to explore the financial impact of unauthorized protected health information access
Free PANscan Detects Forbidden Credit Card Data On Business Computer Systems
SecurityMetrics' automated scanning tool can
protect retailers and other businesses from theft of cardholder data
GlobalSign Launches OneClickSSL Plug-Ins
OneClickSSL uses an automated “click to Activate SSL” workflow
Lieberman Software Joins Cloud Security Alliance
Lieberman Software has been working with ISPs and cloud vendors for more than 17 years
McAfee To Acquire Sentrigo to Enhance Database Security Portfolio
The Sentrigo team will report to the McAfee Risk & Compliance business unit
New Standard Replacement For All Tokens, Passwords And PINs To Debut At Infosecurity Europe 2011
pin+ uses matrix-pattern authentication to generate one-time codes without hardware tokens or card readers
SAP Launches Next-Generation GRC, Enabling Unified View And Greater Control Over Risk
New release unifies all GRC activities on a standard platform
idOnDemand Blends Onsite And Central Secure Identity Issuance
Onsite Card Issuance feature aimed at organizations that require immediate on-site production of credentials
NetBenefit Attains PCI DSS Compliance Standard For Its Managed Hosting Services
The security standard requires rigorous compliance and assessment
CyberSource Launches Fraud Detection Radar For Online Merchants
CyberSource Decision Manager correlates attributes of orders against data generated from transactions processed by Visa and CyberSource
ControlCircle Launches Rapid-Deployment Managed Cyber Threat Services
Scalable BotNet infiltration protection and DDoS mitigation services available to SMEs and global organizations
Secunia Joins Microsoft Systems Center Alliance
Secunia CSI automatically repackages security updates and pushes them to System Center Configuration Manager
IronKey Introduces Protection For Banks And Their Customers From RSA SecurID Data Breach
Trusted Access for Banking is available immediately worldwide
Splunk 4.2 Delivers New Levels Of Operational Visibility
New version adds real-time alerting, centralized management capabilities
Richard Bejtlich To Join MANDIANT As Chief Security Officer, Security Services Architect
Bejtlich joins MANDIANT after four years at General Electric, where he served as Director of Incident Response and led GE's Computer Incident Response Team
Security Innovation Bridges Gap Between Compliance And Application Security
TeamMentor Enterprise Edition includes guidelines for developing applications in compliance with the latest version of PCI-DSS
UTI Releases Best Practices For Raising Mobile App Quality
Cross-platform guidelines been created by AT&T, LG, Motorola, Nokia, Oracle, Orange, Samsung, and Vodafone
Kaspersky Lab Offers New Small Office Security Platform
Kaspersky Small Office Security simplifies security tasks across the office
New Trusteer Service Can Detect Malware Without Installing Any Software
Pinpoint Web login and transaction monitoring service that can detect the presence of malware
Trustwave Rolls Out PenTest Manager
PenTest Manager offers enterprise clients the ability to manage all forms of penetration tests in real time
Proofpoint Moves Into Cloud-Based Email Security And Compliance Platform For The Enterprise
Proofpoint CloudControl employs a three-tiered architecture
Study: Medical Identity Theft: The Growing Cost Of Indifference
Second annual study reveals medical identity theft is on the rise, yet consumers remain unmoved by the risks
AlgoSec Enhances Automated Firewall Management, Network Security And Operations
AlgoSec Security Management Suite 6.0 automates network security policy management from analysis to change workflow
Phone-Based Authentication Firm Authentify Acquires Technology Firm
Authentify strengthens its position in mobile authentication and funds transfer verification markets
Smart Card Alliance May Conference Will Focus On Road Maps To EMV And Secure ID In U.S.
Smart Card Alliance 2011 Annual Conference is for professionals in the payments and security markets
Consumer Federation of America Issues Best Practices For Identity Theft Services
Aim is to curb msleading claims and promote responsible industry
practices
Symantec Takes The Pain Out Of Renewing SSL Certificates
Symantec’s Express Renewal feature eliminates the need to submit a Certificate Signing Request
M86 Security Offers Safer Web Browsing With Free Plug-In
M86 SecureBrowsing provides real-time scanning of URLs and
alerts users to potentially malicious Web content
FBI Announces Initial Operating Capability For Next Generation Identification System
NGI provides automated fingerprint and latent search capabilities
Organization Looks To Honor Infosec Workforce Advocates In The Americas
(ISC)2 accepting nominations for its inaugural Americas Information Security Leadership Awards (ISLA) Program
eEye Launches Retina Cloud
In addition, eEye released more than a dozen new audits for its Retina family of vulnerability management products
Panda Security and ftopia Partner To Secure Online Collaboration Between Businesses
Companies integrate cloud-based anti-malware with cloud-based file
collaboration
EU Agency Gets Tough On Botnets
ENISA sets out the top 10 key issues for policy-makers in 'Botnets: 10 Tough Questions'
Trusteer And WorkLight Tackle Android And Other Mobile Malware Outbreaks
Integration of Trusteer Secure Web Access with the WorkLight Mobile Platform will complement built-in security mechanisms currently offered by WorkLight
Imperva Expands SecureSphere
Adds agent-based monitoring and auditing for DB2 z/OS mainframe databases
|
The 10 Most Impactful Types of Vulnerabilities for Enterprises TodayManaging system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
