eEye Technology Partnership: RedSeal
A traditional approach to minimizing the risk associated with vulnerabilities has been to utilize firewalls to block access or prevent a hacker from using a port, service, application, or protocol based vulnerability to penetrate the network. Most large organizations identify a plethora of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities…
New eEye Zero-Day Tracker Site is Up!
We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability….
PCI DSS 2.0
Yes its PCI time again. PCI DSS 2.0 has just completed final review and is expected to come out next month. As indicated in the summary of changes document , there are no major changes expected. Refinements to better align standards, provide clarifications, increase merchant flexibility, and additional guidance on specific technologies including virtualization and…
Microsoft Patch Tuesday – September 2010
Well, our friends in Redmond have been busy these past few months. Not only did they release 15 security bulletins in August, but they followed up with an additional 9 bulletins this month. From this month’s bulletins, administrators should pay particular notice to MS10-061, MS10-063 and MS10-068. Note that MS10-061 is being used in the…
The Retina Protection Agent Part II
Part of being a good product manager is keeping an eye on your competition with a lifecycle development approach in mind. This considers whether the competition is expanding their product line outside of the solutions core competency and if the maturity requires rapid development and feature releases. At the end of lifecycle, the solution becomes…
Configuration Compliance and Regulatory Reporting
In recent years there have been an increasing number of legislated regulatory mandates with which organizations must comply with to prove the confidentiality, integrity and availability of information stored in their systems and provided through external parties. After reading various whitepapers, websites and other articles that loosely use the terms “PCI, HIPAA, SOX, CIS, NIST,…
Video: eEye’s Support of Government Standards
For many years now, eEye has had a strong partnership with the government to help both educate and support important security standards that help to create a common language and framework for security technologies to inter-operate. We have led the way with supporting many government security standards and frameworks within our products and typically well…
DLL Hijacking Assessment & Mitigation
There has been a lot of discussion lately about the older, but newly rediscovered, DLL Hijacking vulnerability. If you are not already familiar with this vulnerability, it allows for system compromise across an unknown number of applications. Specifically, the vulnerability takes advantage of the process of how Microsoft Windows applications load DLL (Dynamic-Link Library) files,…
The Retina Protection Agent
Traditional anti-virus solutions that rely on blacklisting malware are insufficient to protect today’s systems from the plethora of threats. Security vendors have evolved endpoint protection solutions to include firewalls, host-based intrusion prevention solutions, and even proactive application protection capabilities in order to defend against the evolving threat landscape. Unfortunately, many businesses still rely on anti-virus…
AFITC 2010
If your organization has never considered, or taken, IT security seriously, a keynote speech given by Maj. Gen. Richard Webbers at the Air Force Information Technology Conference 2010 in Montgomery, AL would have certainly changed your mind. The General went through a brief history of the 24th Air Command, its role in supporting cyber threats,…
