Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Security and the Cloud

When enterprise applications and services migrate from the physical data center, organizations begin to lose visibility and control as the shared infrastructure model of the cloud forces IT to give up their traditional control over the network and system resources. As a result, many organizations and cloud providers will tell you that security continues to…

Post by Brad Hibbert June 8, 2011

A Shiny New Internet Expands Address Space and CyberSecurity

Wednesday, June 8, engineers, technicians and content providers who rely on the internet’s viability will conduct a grand, global experiment. On World IPv6 Day, Internet Protocol Version 6 (IPv6) will go live for a day on the public internet – turning on everywhere for (at least) 24 hours. Hopefully, not too much will break in…

Post by Peter McCalister June 8, 2011
broken chain

Reporting Snapshots and Saved Views

I would like to tell you about a new feature recently added to Retina Insight. It may sound so simple but it solves a huge problem for businesses that like to perform ad-hoc reports.  If your one of those companies that likes to run reports ad-hoc, when you want, and review it compared to older…

Post by Morey Haber June 7, 2011
Break in

Insider Threats Aren’t Perpetrated By The Obvious: Part 1

It would be nice if every villain inside your organization walked around wearing a big sign that broadcasts “bad guy looking to do bad things”, but alas it is only in the cartoons and movies of Hollywood where you can always find the stereotypical bad guy: black top hat, curled black mustache and sinister grin.

Post by Peter McCalister June 7, 2011
Yours for least privilege

Yours Mine and Ours

As we previously discussed, a recent report by the Ponemon Institute on the Security of Cloud Computing Providers showed “the majority of cloud computing providers do not consider security as one of their most important responsibilities”. So what are you to do if you want to use the cloud and need to do it in a secure and compliant way? To me it’s a matter of shared responsibility – yours, mine and ours.

Post by Peter McCalister June 6, 2011

Quintiles Selects PowerBroker for Desktops to Get Least Privilege

Quintiles Transnational is a company that helps improve healthcare worldwide by providing a broad range of professional services, information, and partnering solutions to the pharmaceutical, biotechnology, and healthcare industries. Headquartered near Research Triangle Park, North Carolina, and with offices in more than 40 countries, Quintiles is a leading global pharmaceutical services organization and a member of the Fortune 1000.

Post by Peter McCalister June 3, 2011

A Snapshot in Time: Looking at the Bigger Picture Around Vulnerability Assessment Data

Recently I had the pleasure of exhibiting at the Secure World conference in both the Atlanta and Philadelphia venues and had many interesting conversations with various CISO, CIO’s, Security Managers, Information Assurance Engineers and Auditors.  We talked about various subjects from some of the latest threats (i.e. the Playstation Network debacle) to vulnerability assessment.  One…

Post by Jerome Diggs June 2, 2011

6 Questions To Determine if you Should Give a DAM

Yes this is a play on Database Activity Monitoring and yes I am writing this blog late at night so a few puns are intended but the seriousness of the message should not be glossed over.

Post by Peter McCalister June 2, 2011

Who’s In Charge of Cloud Security?

As we have discussed before much of the way we define and implement security is driven by compliance. But despite a wide number of frameworks from COBIT to PCI those compliance standards aren’t very clear, leaving ample room for every auditor to interpret them differently.

Post by Peter McCalister June 1, 2011

Upcoming Standards – SCAP ARF Support

The Assessment Results Format (ARF) language is a general Security Content Automation Protocol (SCAP) results reporting language developed by the US Department of Defense (DoD) in conjunction with NIST and members of the SCAP vendor community. If you are unfamiliar with it, it provides a structured language for exchanging and exporting detailed, per-device assessment data…

Post by Morey Haber May 31, 2011