Firewalls

NBC News. Steve Wozniak. Sarah Palin-all victims of social media hacks. It goes without saying that the ubiquity of social media apps is creating concern amongst enterprise infosec organizations with respect to the measure they take to manage use of the applications across their workforces. Join Tyler Shields as he explores how enterprises can mitigate the security concerns that stem from these social media applications. Mr. Shields will also explore the motivations for these hacks-- Defamation of brand? Or a Trojan horse for IT and Infosec professionals-distracting them from the real breaches and threats to ensue?

With the DroidDream malware discovery in March, and then Pandora's vulnerabilities identified in April, the inevitable happened: 2011 become the 'year of mobile malware'. All the pieces of the malware ecosystem puzzle that researchers have been warning about are falling into place. Modern mobile applications run on devices that have the functionality of a desktop or laptop running a general-purpose operating system. While many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps, mobile devices aren't just small computers. They're designed around personal and communication functionality which makes the top mobile application risks different from the top traditional computing risks. In this presentation, Veracode's Vice President of Security Research, Chris Eng, will outline the Top 10 Mobile Application Risks, designed to educate developers and security professionals about the mobile application behavior - both maliciously- designed or inadvertent - putting users at risk.

Enterprise key management is a critical issue for IT organizations that is compounded by the proliferation of encryption keys from discrete encryption point solutions and transparent database encryption (TDE) technologies. Learn how to control encryption keys and policies on an enterprise scale while reducing administration costs and security risks.

In this special education supplement, SC Magazine examines the importance of specialized classes and certifications versus work experience, while a case study profiles how a public school system in New Jersey fulfilled a need to expand its broadband capacity and, at the same time, brought increased security to its network operations. Additionally, for the fourth year, we ask some of the universities designated by the NSA and DHS as Centers of Academic Excellence in Information Assurance about their programs.

A key technical underpinning of the Cloud is the Application Programming Interface (API). APIs provide consistent methods for outside entities such as web services clients and desktop applications to interface with services in the Cloud. More and more, it will be through APIs that cloud data moves; however, the security and scalability of APIs are currently threatened by a problem called the password anti-pattern - the need for one API to collect and replay the password for a user at another API in order to access information on behalf of that user. OAuth defeats the password anti-pattern, creating a consistent, flexible identity and policy architecture for web applications, web services, devices, and desktop clients attempting tocommunicate with Cloud APIs.

Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted services. This white paper explains how an identity management architecture, with the help of both SAML and OAuth, can support the two broad categories-web applications delivered through the browser and native applications installed onto the device-by providing a single consistent and cohesive identity infrastructure for both.

The infamy of WikiLeaks and the press' focus on the potential damage it has caused worldwide tends to overshadow some important questions like: Who and where does leaked data come from? How is it compromised? Is there any way an organization can prevent this from happening? The information supplied to WikiLeaks comes from trusted insiders; privileged users who have been trusted with access to very sensitive information to accomplish their jobs. In this whitepaper go beyond the WikiLeaks story to learn why insider threats are so difficult to detect with normal IT security, and how you can prevent them from damaging your organization.

This paper breaks down attack sources into four categories: external, malicious insiders, accidental insiders, and unknown. Breach categories are limited to areas that are most directly associated with data centers.

Ever feel like you're losing control in a rapidly changing IT environment and threat landscape? Is your traditional security solution blind to changing conditions and new attacks? According to Gartner's Neil MacDonald, "Context-aware and adaptive security will be the only way to securely support the dynamic business and IT infrastructures emerging during the next 10 years1." Sourcefire FireSIGHTT is innovative contextual awareness and automation technology that reduces operating costs while allowing network security to keep pace and be effective against dynamic forces. Learn more about optimizing your security protection and explore: . The challenges with delivering effective security today . Why traditional static approaches fail to provide the protection we need . How FireSIGHT technology can provide the missing insight and automation necessary to fully protect Download this white paper now to learn why Context-Aware and Adaptive Security is the key to effective protection today.

The promise of virtualization is that it can deliver lower cost for storage, improved management by eliminating physical servers, and improved security by reducing the number of physical points of entry into a network. The reality, however, is that these aspirations are yet to be fully realized. For instance, many companies simply do not have sufficient tools to monitor and manage virtual environments. In addition, companies building virtualized networks must pay close attention to internal audits of hardware and patch management as IT staffs might not be fully up to speed on the security needs and requirements of the latest versions.

Security experts estimate that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting. Still, many computers in organizations remain unpatched and unprotected. In this whitepaper, we'll explain three best practices for improving your security and compliance with patch assessment.

News headlines are a constant reminder that malware attacks and data loss are on the rise. This paper outlines eight common threats that traditional antivirus alone won't stop, and explains how to protect your organization using endpoint security.

This short podcast discusses the current trends to data and information. Listen in as an IBM Security expert offers key insights to ensure your systems are protected against the onslaught of exploits and vulnerabilities.

Learn more about the Oracle Database Firewall benefits that helps mitigate attacks by monitoring database traffic in real time.

With IBM, the Ministry of Foreign Affairs was able to launch its ePassport system in just six months-enabling it to obey a new country law as it went into effect. This comprehensive system used IBM Business Partner document readers, fingerprint and photo systems, and IBM TivoliŽ and WebSphereŽ software.

Businesses face an increasingly complex set of threats to their Web applications-from malware and advanced persistent threats (APTs) to disgruntled employees and unintentional data leaks. Although there is no single security measure than can prevent all threats, the use of SSL encryption and digital certificate-based authentication is one of them.

This white paper explains the licensing and proper use of Symantec SSL Certificates for securing multiple Web servers and/or multiple domains and subdomains in the network configurations.

This paper examines how recent trends in Internet trust marks can help restore confidence in online shopping, and as concluded by at least one recent study, even induce those who do shop to spend more.

The Insecurity of Privileged Users, a global benchmark study independently conducted by the Ponemon Institute, examines the inherent risk caused by a lack of control and oversight of privileged users in the workplace and what should be done to minimize this risk. The study surveyed privileged users who are defined as having broad access rights to IT networks, enterprise systems, applications and information assets and provides valuable insights and critical success factors for governing, managing and controlling privileged user access across the enterprise

In the inaugural 2011 Magic Quadrant report, Gartner Inc. provides insights into the Identity and Access Governance (IAG) market.

This viewpoints paper examines what's wrong with legacy provisioning and how a more strategic approach is needed.

There's a difference between cyber attacks and cyber espionage. The purpose of cyber crimes, designed to obtain credit card, bank data or intellectual property, is financial gain. Cyber espionage, meanwhile, is performed for political purposes and is calculated to disable critical infrastructure. Though evidence is at best circumstantial, major powers like China, the United States and Russia are all said to active in the cyber spying arena. While security appliances and services are available to thwart intrusions, there remains the human element, a disgruntled insider hurt by the financial downturn, tempted by easy gain to transfer enterprise data to gray market operators who could be anywhere in the world. It's all about managing risk, experts say, and a layered approach to security - one that includes both perimeter and internal defenses - is necessary, whether for a company or a country.

In this technical white paper from IBM, learn how predictive analytics can be used to detect internal and external threats to your organization. You will learn how techniques including cluster analysis, anomly detection, time series analysis, social network analysis, predictive models and scoring can be used to detect suspicious activity in real-time so your orgnization can take action to minimize risk and increase positive outcomes. As a final step, you will learn how automating model creation and scoring to ensure recent data points and observations are included in your analysis will further lessen the likelihood and impact of security event.

We've been so bombarded by computer viruses, worms, Trojan horses and other malware that we've become acclimated to their presence. We subscribe to an anti-virus (AV) offering and hope for the best. Trouble is, AV hasn't been keeping up. Studies show that even though most organizations use AV, more and more are succumbing to attacks. It's time to shift from the status quo to a new, more effective endpoint security approach, called intelligent whitelisting, which affords greater protection, productivity, and efficiency.

The vulnerability of Wi-Fi and conventional wired Ethernet networks is nothing new. But the new Firesheep Wi-Fi attack tool has opened the vulnerability up to others, putting sensitive information within the easy reach of even casual hackers. Learn what you need to do to protect your company from these attacks.