Email Security

The Enterprise Strategy Group has been actively following the information security market since 2003. During this timeframe, ESG has undertaken numerous surveys involving thousands of enterprise security professionals and conducted hundreds of interviews with CISOs and other senior security executives. Over the past few years, ESG has noticed change in the information security air. Since enterprises face a much more dangerous threat landscape, they are actively evolving historical tactical security defenses into a more formal information security management framework. Based upon this evolutionary trend, ESG developed a 4-phased security management maturity model.

This white paper, from cloud computing strategist Steve Staso, describes one key area of Cloud security - the management of privileged accounts. Learn about proven, automated, and scalable solutions available today for public Cloud providers, as well as private Cloud architects.

NBC News. Steve Wozniak. Sarah Palin-all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations with respect to the measure they take to manage use of the applications across their workforces. Join Tyler Shields as he explores how enterprises can mitigate the security concerns that stem from these social media applications. Mr. Shields will also explore the motivations for these hacks-- Defamation of brand? Or a Trojan horse for IT and Infosec professionals-distracting them from the real breaches and threats to ensue?

With the DroidDream malware discovery in March, and then Pandora's vulnerabilities identified in April, the inevitable happened: 2011 become the 'year of mobile malware'. All the pieces of the malware ecosystem puzzle that researchers have been warning about are falling into place. Modern mobile applications run on devices that have the functionality of a desktop or laptop running a general-purpose operating system. While many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps, mobile devices aren't just small computers. They're designed around personal and communication functionality which makes the top mobile application risks different from the top traditional computing risks. In this presentation, Veracode's Vice President of Security Research, Chris Eng, will outline the Top 10 Mobile Application Risks, designed to educate developers and security professionals about the mobile application behavior - both maliciously- designed or inadvertent - putting users at risk.

Learn about the HIPAA/HITECH regulations affecting electronic protected health information (ePHI) and how to meet regulatory compliance through encryption of data at rest and encryption key management across the heterogeneous enterprise. Strong encryption, policy-based access controls, and secure key management provide a separation of duties and ensure consistency across both structured and unstructured data.

Ad hoc encryption is no longer adequate - leading to higher costs and increased risk. So, what's needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization. Read this industry analyst report from Enterprise Strategy Group (ESG) to understand the issues as you evaluate your encryption strategy.

Enterprise key management is a critical issue for IT organizations that is compounded by the proliferation of encryption keys from discrete encryption point solutions and transparent database encryption (TDE) technologies. Learn how to control encryption keys and policies on an enterprise scale while reducing administration costs and security risks.

A key technical underpinning of the Cloud is the Application Programming Interface (API). APIs provide consistent methods for outside entities such as web services clients and desktop applications to interface with services in the Cloud. More and more, it will be through APIs that cloud data moves; however, the security and scalability of APIs are currently threatened by a problem called the password anti-pattern - the need for one API to collect and replay the password for a user at another API in order to access information on behalf of that user. OAuth defeats the password anti-pattern, creating a consistent, flexible identity and policy architecture for web applications, web services, devices, and desktop clients attempting tocommunicate with Cloud APIs.

Today's enterprise employees use an ever-increasing number of applications, both enterprise hosted and in the Cloud, to do their jobs. What's more, they will access those applications from a variety of devices (desktops, laptops, tablets, phones, etc) and application models (both browser and native). Expecting those employees to remember strong and unique passwords for each and every application simply does not scale. Providing employees seamless, secure "single sign-on" access to their applications has become business critical.

The Simple Cloud Identity Management (SCIM) specification defines a simple, RESTful protocol for identity account management operations. SCIM's model is based upon the experience of existing schemas and SaaS deployments, with specific emphasis on simplifying development and integration, and wherever possible, applying existing authentication, authorization, and privacy mechanisms.

Cyber threats are one of the greatest risks faced by IT organizations today. Networks serve as a key control point for cyber security, providing an access path for both inside and outside attacks. Yet networks are not easy to secure. Cyber security cannot be addressed in isolation. It must consider other variables and test them together in order to ensure an optimal solution. This process is called PASS testing since it includes performance, availability, security and scalability testing. This paper describes today's cyber threat, cyber security design challenges and the PASS testing methodology for design validation.

IBM Tivoli Endpoint Manager combines the separate pieces of the patch management puzzle into an intelligent, simplified solution that streamlines and optimizes the process of researching, assessing, remediating, confirming, enforcing and reporting on patches.

In this report, EMA analysts examine IBM Endpoint Manager as a solution to the challenges faced by organizations today when attempting to provide a unified approach to IT operations and security.

Adherence to data security policies and mandates for compliance or governance is the most important objective for executives in companies running SAP. But many reveal that their data security policies are lacking. Traditional methods of managing file transfers can't prevent or protect your enterprise from compliance violations: they're insecure, inefficient, and non-auditable. This situation leaves a serious gap in compliance strategies. Learn how to close this gap with managed file transfer.

Your enterprise has invested heavily in SAP. But data exchange restrictions can limit the ability of your chain supply to reach its maximum potential. Large data files, FTP spaghetti and unreliable network connections all limit your ability to send and receive information. Just one of these problems is enough to raise costs and risks, and create long waits for data to come through. Read the white paper to find out how Managed File Transfer ensures your data flow is secure and speedy.

This document is aimed at those looking at data center builds, upgrades, or consolidation. It provides an introduction to some of the new security challenges of such environments and provides recommendations for implementing security in next-generation data centers.

The McAfee virtual patching solution provides a layered approach to security risk management, while adding the ability to apply a virtual patching strategy to your existing change-management process. It combines proven defenses and security insight with real-time Global Threat Intelligence to close the vulnerability window until patching can occur through your regular change-management processes.

Learn more about Gartner's evaluation of network IPS that places McAfee in the leaders' quadrant. Deep inspection network-based intrusion prevention continues to be a due-diligence security control. The near-tern future of the intrusion prevention system market will be determined by the pace of innovation of another market: next-generation firewalls.

Botnets pose a serious threat to your network and they rival the power of today's most powerful cloud computing platforms. These "dark" clouds, controlled by cybercriminals, are designed to silently infect your network. This paper details how you can protect against the risk of botnet infection using security gateways that offer comprehensive unified threat management (UTM).

As network security grows more complex, businesses are demanding the simplicity of UTM. Businesses are replacing multiple, outdated and costly appliances from different vendors with a single, reliable UTM solution. This whitepaper offers you detailed advice on how to choose the comprehensive unified threat management (UTM) that best suits your business.

An enterprise mobility strategy needs to include more than a mobile device management solution. To meet mobility and security requirements of mobile users, enterprises need to look at deploying a solution for mobile content management. Read this whitepaper to learn 10 security requirements to address BYOD in your enterprise.

Using client feedback, survey data, and input from security leaders, Forrester looked at DLP with a different lens and realized that security pros needed to approach DLP as an ongoing process, not a product or even a one-time project.

Single-layer defenses such as firewalls and anti-virus software are not enough against today's dynamic, evolving threats. View this paper to discover the top 5 malware delivery networks and explore how Blue Coat web security solutions powered by WebPulse can protect networks by providing intelligent, real-time cloud-based web defense.

The promise of virtualization is that it can deliver lower cost for storage, improved management by eliminating physical servers, and improved security by reducing the number of physical points of entry into a network. The reality, however, is that these aspirations are yet to be fully realized. For instance, many companies simply do not have sufficient tools to monitor and manage virtual environments. In addition, companies building virtualized networks must pay close attention to internal audits of hardware and patch management as IT staffs might not be fully up to speed on the security needs and requirements of the latest versions.

Organizations are dealing with a workforce that is increasingly mobile, connected and demanding - they are using their own devices and want access to corporate data at all times, from any location. Organizations must be able to extend the boundaries of their corporate network to provide consistent Web security protection, policies and reporting for all users on any device or network.