Some interesting new research out of ETH Zürich showed that Firefox’s Auto-Update mechanism works the best at keeping users updated with the latest and safest version compared to all other major browsers. The report, Understanding the web browser threat, used Google’s browser data from the last 18 months to figure out a lower bound [...]
Entries Tagged as 'Security'
Firefox Auto-Update Leads the Pack
July 2nd, 2008 · No Comments
Tags: Firefox · Security · Web · Web Filtering
Top 5 Concepts Every IT Security Professional Must Understand in 2008
March 20th, 2008 · No Comments
Top 5 Concepts Every IT Security Professional Must Understand in 2008
Tags: Security
Don’t Regulate Cyberinsurance Markets
October 3rd, 2007 · 4 Comments
Any such security regulation can only reduce the amount of wealth and comfort the economy produces because it is foisting one man’s values upon another - “for the public good”.
At Bejtlich’s recommendation, I read with great interest Cyberinsurance in IT Security Management by Walter S. Baer and Andrew Parkinson. The bulk of the paper [...]
Tags: Economics · Free Markets · Risk Management · Security · insurance · risk
Jericho Forum Moves Us Closer to Ideal Security
September 25th, 2007 · 5 Comments
The ideal state of security would be when a threat agent gets inside your domain, or gets access to your secrets, property etc., but it doesn’t matter.Hoff kicked off quite the discussion on the Jericho Forum (follow up here with links to the blogs that discussed JF).
This slide deck (pdf), by Andrew Yeomans, [...]
Tags: Frameworks · Jericho Forum · Security · Standards
Newby in the WSJ
August 15th, 2007 · 1 Comment
Rob Newby is my hero today. He got a mention in the WSJ, my favorite paper, (even though I canceled my subscription a couple months ago). He submitted an article to Vauhin Vara after she asked him for “tips that employees can use to do a better job using IT without violating company [...]
Tags: Security
Why Patchlink Needs to Change Their Name
June 17th, 2007 · No Comments
UPDATE: More on the Patchlink name change here
Patchlink has announced that they will acquire SecureWave, which adds endpoint security to their recent acquisition of the vulnerability scanner STAT Guardian (now Patchlink Scan), and their existing prowess at automated patch management. Last Fall, I told Patchlink that Bit9 would be a good buy for them, [...]
Tags: Anti-Virus · Endpoint Security · Malware · NAC · Patch Management · Patchlink · Positive Security Model · Proactive Security · Security · marketing
Webwasher Anti-Malware Explained - Jon’s Network Podcast 4
June 5th, 2007 · No Comments
How do we protect companies from malware that no one has ever seen before?
In this podcast we touch briefly on the well-known malware problem and how Webwasher tackles it at the gateway with their Anti-Malware Module. Using a combination of signatures, heuristics and behavior analysis (proactive detection in marketing lingo), they can stop more [...]
Tags: Malware · Security · Web Filtering · Web Proxy · Webwasher · podcast
Assess First, Technology Second - Jon’s Network Podcast 3
May 29th, 2007 · No Comments
For Jon’s Network Podcast Number 3, I spoke with Chris Nickerson, Director of Security Services for Alternative Technology, an Arrow Company. He knows the security industry well having held high level positions at Shook, Hardy and Bacon, Sprint and KPMG. He discusses the balance between check-box compliance and intelligent risk mitigation as well as [...]
How to Solve the SSL Security Problem Using Webwasher- Jon’s Network Podcast 1
April 13th, 2007 · 6 Comments
Oliver Braekow, Webwasher product manager for Secure Computing, was the guest of the first Jon’s Network Podcast.
Oliver explains how, using their SSL scanner module, Webwasher prevents malware from using HTTPS to communicate. It will also prevent users from bypassing traditional web content filters using popular CGI proxies. This is important to keep [...]
Tags: Anti-Virus · Malware · Security · Web Filtering · Web Proxy · Webwasher · podcast
Guess the Web 2.0 Security Vendor
April 12th, 2007 · 2 Comments
Can you guess the vendor? I watched a web demo yesterday. Here are my notes from the strategic portion that demonstrate well how list based solutions are no match for today’s threats. Which vendor gave the presentation?
Problems no outbound inspection no anti-malware protection from live web pages (web 2.0 pages with more user generated [...]
Tags: Anti-Virus · Email Security · Malware · Security · Spam · Web · Web Filtering
