Enterprise Security Blog

It's way too risky to hide behind regulatory standards when developing security processes and practices. In the case of Direct Marketing Services, (Montgomery Ward breached, no notification obligation?), they followed the explicit direction of PCI DSS for incident response. But instead of using it as a starting point - it was the start and finish of their incident response and it was deficient, resulting in a significant breach exposing thousands of cardholders. Automating understanding, investigation and response has never been easier and time nor budget are good excuses for not taking the next steps to comply and protect.

Appliances like Intellitactics SAFE security information and event management (SIEM) appliances are simple to deploy and easy to use. Besides acquiring and storing all the log data you need to meet PCI standards, the real time security event management provides instant access to the logs and events to promote understanding of what is happening along with rapid investigation.  You can do more with logs, have the information you need at your fingertips. You decide how to respond, notify and communicate across the organization. Don't find yourself in a high risk situation while hiding behind the standard. Select a right sized SAFE appliance that matches your budget and your requirements and comes with packaged PCI report definitions and the intelligence you need to acquire and analyze logs from PCI sensitive assets.

Intellitactics, Inc. and Securify, Inc., a leading provider of identity-based monitoring solutions, today announced packaged integration in order to deliver a more complete picture of ‘who is doing what and where’ on the network. Securify monitors network traffic creates an accurate baseline even within dynamic networks, and maps this activity to a unique user identity with groups/roles from existing network directories such as Microsoft Active Directory. Securify sends prioritized access anomalies and policy violations, including user identity and robust incident details, to Security Manager in real-time. The combination of Securify and Intellitactics enables network security and operations teams to instantly pinpoint when and where a specific user is doing something they should not, and prioritizes alerts based on the Intellitactics risk score. This integration provides the security team the whole picture, which is so important for fast and accurate response and audit readiness.

For more information on the Intellitactics and Securify partnership visit: http://www.intellitactics.com/int/about/pr/20080625.asp

For more information on Securify visit: www.securify.com

Headlines related to significant cases of data loss are appearing with ever increasing frequency. Many of these high-profile stories involve perpetrators gaining inappropriate access to some form of corporate or consumer financial data, primarily credit or debit card information. Yet, in a growing number of litigation cases, significant fines have been imposed by the court when litigants were unable to produce certain forms of data or validate that their IT infrastructure was appropriately and securely configured to prevent the loss of that data. Join me in the webinar as I discuss the issues and the solutions.

Date: June 18, 2008
Time: 1:00 pm EDT
Register Here

In the age of cell phones and satellite internet hook-ups it’s impossible to hide from the office and now it’s getting so you can even run. It’s summer, you know that time when you’re supposed to plan a little family getaway to escape the pressures of office life for a while. But for many, the soaring fuel prices are putting many vacation destinations out of reach unless you can get a bargain price for those airline tickets. Well it’s no surprise that cyber criminals know their markets and are now targeting online travel to troll for their next victims. Oh and if you do manage to find a flight you can afford, I wouldn’t recommend kicking the tires on that plane…

Check out this CSO article to find out more about the latest in online fraud hitting the travel industry: http://www.csoonline.com/article/385364/Report_Thieves_Target_Online_Travel_Sites_/1

A long, long, long time ago on an operating system far, far, far away my primary job was writing code. While trying to figure out if I designed my system well enough to withstand the onslaught of my user community, (because users always use systems in ways they weren’t designed to be used), a senior colleague once told me, “If you can think of it, it can happen”. Apparently he was right because in the NetworkWorld article Sci-fi Writers: New Tech Will Bring More Security Challenges, science fiction writers are telling us the very same thing.

According to our sci-fi thinkers our next attacks will come from another universe. So forget about this universe, now you’re supposed to defend against hackers from another universal stealing your identity from this universe. Well truthfully, if they aren’t pretending to be me in this universe, why should I care that they are pretending to be me in another universe? As long as we aren’t dipping into the same bank account for our morning cup of java and my doctor doesn’t think I have six arms do I really need to upgrade to the multi-universe identity theft plan now?  I really don’t think the credit card company will believe me when I tell them that brand new 50 inch flat panel TV was purchased by the guy in the next universe who stole my identity. Talk to me when our universes start sharing more than science fiction stories.

Then I’m told that devices will become so small they will be embedded in my skin and I will be under constant attacks from a mere handshake. Reality check! How many strangers walk up to you on the street and shake your hand just to say hello? These days you can’t even get people to look at you when you walk by, let alone get close enough to touch you, so if we continue with our current social mannerisms of avoiding human contact at all costs, then these attackers will be very easy to recognize (not to mention that personal stun gun will make them drop like a stone).

And what about the quantum computers that break encryption codes as fast as they are written? Well, that sounds like WarGames all over again. I have faith that those quantum computers will create and decode all the possible encryption codes (no doubt before anyone can even finish their coffee), publish all the answers, and just stop working. Once published no one, not even the bad actors will be able to hide forcing the world to, dare I say it, be truthful. But then we can’t forget all those virtual worlds where we will need truth-telling technology to decide for us what is genuine verses what is not because apparently we will not be able to do it ourselves. This of course begs the question if we can’t tell what is real analyzing our own data, then how are the people writing this truth-telling technology supposed to figure it out for us? Clearly psychiatry is the profession of the future…”Tell me Kari, why do you feel this world is not real?”

While I can think of it, I’m having a hard time believing it will happen. My kids on the other hand, are headed to med school and I'm off to shop for couches.