Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for September, 2010

Attention Auditors! Visit ISACA Today at Caesar’s Palace in Las Vegas, NV

Don’t forget to stop by ISACA Booth # 25 today to learn how PIM ensures auditors meet compliance risks & satisfy audits.

Post by Peter McCalister September 28, 2010
BeyondTrust is the expert source of VMware Security LEARN MORE

More from VMWorld on Virtualization Security

VMWorld we had the pleasure of meeting with Jon Brodkin from Network World, who published what might be the best-written explanation of how IT administrators can take advantage of the hypervisor yet. Naturally, as Jon absorbed what our very own Principal Systems Engineer Jordan Bean showed him in a live demonstration and walked it over…

Post by Peter McCalister September 28, 2010

BeyondTrust Survey at VMWorld Shows What it Takes to Get Attendees in a Tutu

44% of attendees said their colleagues could steal sensitive information from mission critical servers if they wanted to and another third of respondents said their colleagues “might” be able to 37% of attendees say “most” of their mission-critical servers are virtualized and 61% said at least some were. When asked what their colleagues would do…

Post by Peter McCalister September 28, 2010

eEye Technology Partnership: RedSeal

A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities…

Post by Morey Haber September 24, 2010

New eEye Zero-Day Tracker Site is Up!

We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability….

Post by Marc Maiffret September 22, 2010
, , , ,


Yes its PCI time again. PCI DSS 2.0 has just completed final review and is expected to come out next month. As indicated in the summary of changes document , there are no major changes expected. Refinements to better align standards, provide clarifications, increase merchant flexibility, and additional guidance on specific technologies including virtualization and…

Post by Brad Hibbert September 16, 2010
, , , ,

Microsoft Patch Tuesday – September 2010

Well, our friends in Redmond have been busy these past few months.  Not only did they release 15 security bulletins in August, but they followed up with an additional 9 bulletins this month. From this month’s bulletins, administrators should pay particular notice to MS10-061, MS10-063 and MS10-068.  Note that MS10-061 is being used in the…

Post by Chris Silva September 14, 2010

The Retina Protection Agent Part II

Part of being a good product manager is keeping an eye on your competition with a lifecycle development approach in mind. This considers whether the competition is expanding their product line outside of the solutions core competency and if the maturity requires rapid development and feature releases. At the end of lifecycle, the solution becomes…

Post by Morey Haber September 10, 2010

Configuration Compliance and Regulatory Reporting

In recent years there have been an increasing number of legislated regulatory mandates with which organizations must comply with to prove the confidentiality, integrity and availability of information stored in their systems and provided through external parties. After reading various whitepapers, websites and other articles that loosely use the terms “PCI, HIPAA, SOX, CIS, NIST,…

Post by Brad Hibbert September 9, 2010
, , , , , , , , , , , ,

Video: eEye’s Support of Government Standards

For many years now, eEye has had a strong partnership with the government to help both educate and support important security standards that help to create a common language and framework for security technologies to inter-operate. We have led the way with supporting many government security standards and frameworks within our products and typically well…

Post by Marc Maiffret September 7, 2010
, , , ,