Jon’s Network

Some interesting new research out of ETH Zürich showed that Firefox’s Auto-Update mechanism works the best at keeping users updated with the latest and safest version compared to all other major browsers. The report, Understanding the web browser threat, used Google’s browser data from the last 18 months to figure out a lower bound [...]

[Read more →]

Top 5 Concepts Every IT Security Professional Must Understand in 2008

[Read more →]

Any such security regulation can only reduce the amount of wealth and comfort the economy produces because it is foisting one man’s values upon another - “for the public good”.

At Bejtlich’s recommendation, I read with great interest Cyberinsurance in IT Security Management by Walter S. Baer and Andrew Parkinson. The bulk of the paper [...]

[Read more →]

The ideal state of security would be when a threat agent gets inside your domain, or gets access to your secrets, property etc., but it doesn’t matter.Hoff kicked off quite the discussion on the Jericho Forum (follow up here with links to the blogs that discussed JF).

This slide deck (pdf), by Andrew Yeomans, [...]

[Read more →]

Rob Newby is my hero today. He got a mention in the WSJ, my favorite paper, (even though I canceled my subscription a couple months ago). He submitted an article to Vauhin Vara after she asked him for “tips that employees can use to do a better job using IT without violating company [...]

[Read more →]

UPDATE: More on the Patchlink name change here

Patchlink has announced that they will acquire SecureWave, which adds endpoint security to their recent acquisition of the vulnerability scanner STAT Guardian (now Patchlink Scan), and their existing prowess at automated patch management. Last Fall, I told Patchlink that Bit9 would be a good buy for them, [...]

[Read more →]

How do we protect companies from malware that no one has ever seen before?

In this podcast we touch briefly on the well-known malware problem and how Webwasher tackles it at the gateway with their Anti-Malware Module. Using a combination of signatures, heuristics and behavior analysis (proactive detection in marketing lingo), they can stop more [...]

 

 webwasher antimalware jonsnetwork podcast 4 [21:49m]: Play Now | Play in Popup | Download

[Read more →]

For Jon’s Network Podcast Number 3, I spoke with Chris Nickerson, Director of Security Services for Alternative Technology, an Arrow Company. He knows the security industry well having held high level positions at Shook, Hardy and Bacon, Sprint and KPMG. He discusses the balance between check-box compliance and intelligent risk mitigation as well as [...]

 

 Assess-First-Jonsnetwork-podcast-3 [16:01m]: Play Now | Play in Popup | Download

[Read more →]

Oliver Braekow, Webwasher product manager for Secure Computing, was the guest of the first Jon’s Network Podcast.

Oliver explains how, using their SSL scanner module, Webwasher prevents malware from using HTTPS to communicate. It will also prevent users from bypassing traditional web content filters using popular CGI proxies. This is important to keep [...]

 

 Jon's Network Webwasher Podcast [16:13m]: Play Now | Play in Popup | Download

[Read more →]

Can you guess the vendor? I watched a web demo yesterday. Here are my notes from the strategic portion that demonstrate well how list based solutions are no match for today’s threats. Which vendor gave the presentation?

Problems no outbound inspection no anti-malware protection from live web pages (web 2.0 pages with more user generated [...]

[Read more →]