To Layer or Integrate? That is the Question

Indeed, the debate over whether to mix a myriad of tools and technologies to create a bulletproof shield that hackers can’t invade or to take an integrated approach to in-depth defense to combat persistent threats is ongoing. But more cyber security analysts are speaking out about the benefits of integration.

Also known as layered defense,

> Read More

Compliance Is Bad for Security

There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same person,

> Read More

3 Executive Strategies to Prioritize Your IT Risk

Every company wants to know the best way to protect their company, but it can be difficult when faced with the evolving security challenges of today. I recently sat down with Richard Mason, VP & CSO at Honeywell, Roger Grimes, security columnist and author, to get their thoughts on risk management best practices. I hope these strategies will help companies prioritize their IT risk and think beyond the traditional IT standards.

> Read More

For Want of a Nail …

… the kingdom was lost.

This real-life cautionary tale, told to me by my colleague’s brother (let’s call him Mr. X), concerns a risk-reward decision gone awry. X’s company is a good-sized global in international construction services company with over $1B in revenue and around 5000 employees; they have about 7000 servers and endpoints under management.

> Read More

Back to School: Keeping Your IT Skills Sharp

It’s back to school time for the kids—and it’s the perfect time to consider sharpening your IT skills. You’ll find continuing education opportunities abound at colleges and universities, but if you are like most Information Technology professionals you don’t have time to make that level of commitment.

So what’s a hungry IT security pro to do in order to keep on the cutting edge of this fast-paced,

> Read More

A Word (or two) on the IBM Acquisition of BigFix

Today, IBM announced plans to acquire BigFix and we have been asked several times today what this all means to Lumension. So I thought I would weigh in with my thoughts – both from an industry perspective and from Lumension’s perspective, more specifically.

As it turns out, there has been increasing M&A activity in the technology industry – the IT security space,

> Read More

2010 Predictions Redux- 2nd Half Predictions and Looming Threats

As we ended 2009 and entered 2010, many predicted that 2010 was poised to go down in history as “the year of insider threats”. It was not a risky prediction to make considering our economic peril and our industries continued unwavering albeit misplaced focus on the gateway rather then endpoint security.

The Worldwide State of the Endpoint Survey 2010 highlighted the reasons why the neglect of the endpoint is poised to increase enterprise risk:

  • Organization’s increasing use of technologies that improve productivity and reduce costs but create endpoint risks.

> Read More

Lessons from the Road…Tokyo, London, Sydney: Part I

A few things I learned while on the road in the past couple of weeks:

1.    The platform-centric approach is firmly planted both here and overseas;
2.    The efficiency of agents on the endpoint is increasingly under the microscope;
3.    Application whitelisting is truly hitting a global tipping point;

> Read More

The Case for Endpoint Operations and Endpoint Security Convergence

Ask any IT administrator where their greatest security risk lies and they will tell you it’s at the endpoint. The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network. Data that once resided on secure centralized servers (and was accessed only by local desktops within a company) has migrated to remote “offices” where technology is distributed,

> Read More

Why More Legislation Could Hurt FISMA Compliance

The US Government last week proposed updating the Federal Information Security Management Act (FISMA) to include a clause about the continuation and monitoring of security threats based on government agency risk profiles. The new amendments to the act would change FISMA compliance in the following ways:

  • Establish a national cyberspace division within the executive office of the President.

> Read More

Insights from America’s Growth Capital and RSA Conferences

Last week, I attended two security-related events in San Francisco. I spoke on the topic of the converging endpoint on a panel at America’s Growth Capital’s 6th Annual Information Security and West Coast Emerging Growth Conference. And I walked the floor at the RSA Conference, where Lumension exhibited. Here are my thoughts on the key themes and big takeaways from these events.

> Read More

New Era of Collaboration Between IT Operations & Security

Much has been said over the past few years about the convergence of IT security and IT operations. Most companies look at this convergence from an optimization standpoint; hoping to increase security, achieve greater compliance, and reduce IT risk. Many larger companies, however, still operate under a siloed approach, working primarily with point solutions for security,

> Read More

How to Achieve and Sustain Compliance, and Manage Risk: Best-in-Class Approach

In May 2009, Aberdeen Group published a research report entitled IT GRC: Managing Risk, Improving Visibility, and Reducing Operating Costs. The study describes the policy, planning, process, and organizational elements that contribute to successful initiatives in the area of IT governance, risk management, and compliance (IT GRC).  I recently sat down with Derek Brink,

> Read More