Blog

Friday Summary: February 26, 2010

By Adrian Lane
Next week is the RSA conference. You might have noticed from some of our recent blog entries. And I am really looking forward to it. It’s one of my favorite events, but I am especially anxious for good food. Yes, I want to see a bunch of friends, and yes, I have a lot of vendors I am anxious to catch up with to chat ‘bout some of their products. But honestly, all that takes a back seat to food. I like living in Arizona, but the food here sucks. Going to San Francisco, even the small hole-in-the-wall lunch

RSAC 2010 Guide: Security Management

By Mike Rothman
To end a fine day, let’s continue through the Securosis Guide to the RSA Conference 2010 and discuss something that has been plaguing most of us since we started in this business: security management. Security Management For the past 20 years, we’ve been buying technologies to implement security controls. Yet management of all this security tends to be considered only when things are horribly broken – and they are. What We Expect to See There are four areas of interest at the show relative to security management: Log Religion: Driven by our friends at the PCI Security Standards Council, the entire

Retro Buffoonery

By Mike Rothman
I’m probably not supposed to do this, as I took the security marketer’s oath to get my first VP Marketing gig. But I’m going to pull the curtain back on some of the wacky stuff vendors do to sell their product/services. Today’s specific tactic is what I’ll dub retro buffoonery, which is when a vendor looks back in time, and states that they could have stopped attack X, Y and Z – if only their products were deployed before the attack. You see this stuff all the time. Whether it was TJX, Heartland, ZeuS, or

RSAC 2010 Guide: Virtualization and Cloud Security

By Rich
Now that we are at the end of the major technology areas covered in the Securosis Guide to the RSA Conference 2010, let’s discuss one of the 3 big themes of the show: Virtualization and Cloud Security. Virtualization and Cloud Security The thing about virtualization and ‘cloud’ is that they really cut across pretty much every other coverage area. But given they’re new and shiny – which really means confusing and hype-ridden – we figured it was better to split out this topic, to provide proper context on what you’ll see, what to believe, and what is important. What We Expect

RSAC 2010 Guide: Content Security

By Adrian Lane
Two business days and counting, so today and tomorrow we’ll be wrapping up our Securosis Guide to the RSA Conference 2010. This morning let’s hit what the industry calls “content security,” which is really email and web filtering. Rich just loves the term content security, so let’s see how many times we can say it. Email/Web (Content) Security In case you missed it, every email security vendor on the planet offers web content filtering within their portfolio of products and – for better or worse – the combination is now known as content security. No other security market has

Answering Dan Geer: It’s Time to Reexamine Priorities and Revisit Paradigms

By Adrian Lane
Dan Geer wrote an article for SC Magazine on The enterprise information protection paradigm, discussing the fundamental disconnect between the derived value of data and the investment to protect information. He asks the important question: If we reap ever increasing returns on information, where is the investment to protect the data? Dan has an eloquent take on a long-standing viewpoint in the security community that Enterprise Information Protection (EIP) is a custodial responsibility of corporations, as it is core to generation of revenue and thus the company’s value. Dan’s point that we don’t pay enough attention (and

Webcast on Thursday: Pragmatic Database Compliance and Security

By Rich
Auditors got you down? Struggling to manage all those pesky database-related compliance issues? Thursday I’m presenting a webcast on Pragmatic Database Compliance and Security. It builds off the base of Pragmatic Database Security, but is more focused on compliance, with top tips for your favorite regulations. It is sponsored by Oracle, and you can sign up here. We’ll cover most of the major database security domains, and I’ll show specifically how to apply them to major regulations (PCI, HIPAA, SOX, and privacy regs). If you are a DBA or security professional with database responsibilities, there’s some

RSAC 2010 Guide: Endpoint Security

By Mike Rothman
The fun is just beginning. We continue our trip through the Securosis Guide to the RSA Conference 2010 by discussing what we expect to see relative to Endpoint Security. Endpoint Security Anti-virus came onto the scene in the early 90’s to combat viruses proliferated mostly by sneakernet. You remember sneakernet, don’t you? Over the past two decades, protecting the endpoint has become pretty big business, but we need to question the effectiveness of traditional anti-virus and other endpoint defenses, given the variety of ways to defeat those security controls. This year we expect many of the endpoint vendors to start

Incite 2/23/10: Flexibility

By Mike Rothman
It is said that unhappiness results from either not getting what you want, or getting what you don’t want. I’m pretty sure strep throat qualifies as something you don’t want, and it certainly is causing some unhappiness in Chez Rothman. Yesterday, I picked up 4 different antibiotics for everyone in the house except me, which must qualify me for some kind of award at the Publix pharmacy. I like to think of myself as a reasonably flexible person who can go with the flow – but in reality, not so much. I don’t necessarily have a set schedule,

RSAC 2010 Guide: Application Security

By Adrian Lane
Continuing our postings from the Securosis Guide to the RSA Conference 2010, we turn our attention to application security. Application Security Application Security is a nascent market, but data from several recent data breach reports and OWASP studies have disproven the myth of the “Insider Threat”. The primary cause of breaches is poorly executed applications – specifically web applications that rely on complex multi-layered infrastructure. While there is no agreement on which methods and technologies are ‘best’ for securing applications, application developers show growing interest in learning about the available options. What We Expect to See A Focus on Web Application Development
Page 214 of 324 pages ‹ First  < 212 213 214 215 216 >  Last ›