http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2014-10-28 20:29:45 - Research Library : It s all about the data You want to make data useful by making it available to users and applications which can leverage it into actionable information You share data between applications, partners, and analytics systems to derive the greatest business intelligence value possible But what do you do when you cannot guarantee the security of those systems How can you protect information regardless of where it moves One approach is called Data Centric Security, and it is designed to protect data instead of infrastructure Here is an except from our paper DCS Decisions This is what Data Centric Security DCS does focus security controls on data rather than servers or supporting infrastructure This approach secures data wherever it moves The challenge is to implement security controls that do not render it inert Put another way, you want to derive value from data without leaving it exposed Sure, we could encrypt everything, but you generally cannot analyze encrypted data Nor can you expect to securely distribute key management and decryption capabilities everywhere data moves But you can enable data to be protected everywhere without exposing sensitive information This research delves into what Data Centric Security is, the challenges it addresses, and the technologies used to support customer use cases We hope you find this research useful, and see DCS as an alternative to traditional infrastructure security We would like to thank Intel Services for licensing this research and supporting our Securosis Totally Transparent Research process Download Trends In Data Centric Security PDF Subscribe to our daily email digest http://www.secuobs.com/revue/news/542942.shtmlhttp://www.secuobs.com/revue/news/542942.shtml Secuobs.com : 2014-07-24 19:47:35 - Research Library - Papers and Posts ---------------- This section covers Identity Management and Access Control topics General Coverage ---------------- 1 IDM Reality Sets In 2 IDM It s A Process 3 Incomplete Thought Why Is Identity and Access Management Hard Presentations ------------- We do not currently have presentations available for this topic Podcasts, Webcasts and Multimedia --------------------------------- We do not currently have any multimedia for this topic Vendors Tools ------------- The following is just an alphabetized and categorized list of vendors and products in this area including any free tools we are aware of Being here does not imply any endorsement this list is simply meant to assist you if should you should start looking for tools Please email info securosiscom if you have any additions or corrections Subscribe to our daily email digest http://www.secuobs.com/revue/news/526798.shtmlhttp://www.secuobs.com/revue/news/526798.shtml Secuobs.com : 2014-07-24 19:47:35 - Research Library - Most folks think the move towards the extended enterprise is very cool You know, get other organizations to do the stuff your organization isn t great at It s a win win, right From a business standpoint, there are clear advantages to building a robust ecosystem that leverages the capabilities of all organizations But from a security standpoint, the extended enterprise adds a tremendous amount of attack surface In order to make the extended enterprise work, your business partners need access to your critical information And that s where security folks tend to break out in hives It s hard enough to protect your networks, servers, and applications while making sure your own employees don t do anything stupid to leave you exposed Imagine your risk based not just on how you protect your information, but also on how well all your business partners protect their information and devices as well Actually, you don t need to imagine that it s reality In Threat Intelligence for Ecosystem Risk Management we delve into the risks of the extended enterprise and then present a process to gather information about trading partners to make decisions regarding connectivity and access more fact-based Many of you are not in positions to build your own capabilities to assess partner networks, but this paper offers perspective on how you would, so when considering external threat intelligence services you will be an educated buyer Direct Download PDF Threat Intelligence for Ecosystem Risk Management We want to thank BitSight Technologies for licensing the content in this paper The largesse of our licensees enables us to provide our research without cost to you Threat Intelligence for Ecosystem Risk Management ToC Subscribe to our daily email digest http://www.secuobs.com/revue/news/526797.shtmlhttp://www.secuobs.com/revue/news/526797.shtml Secuobs.com : 2014-07-24 19:47:35 - Research Library - Application Security 2014 Open Source Development and Application Security Survey Analysis Security Analytics with Big Data Defending Against Application Denial of Service Attacks API Gateways Where security enables innovation Securing Big Data Recommendations for Securing Hadoop and NoSQL Pragmatic WAF Management Giving Web Apps a Fighting Chance Building a Web Application Security Program Cloud and Virtualization What CISOs Need to Know about Cloud Computing The Future of Security The Trends and Technologies Transforming Security A Practical Example of Software Defined Security Defending Cloud Data with Infrastructure Encryption Compliance Tokenization Guidance Tokenization vs Encryption Options for Compliance Data Encryption 101 A Pragmatic Approach to PCI Data Security Defending Data on iOS 7 Dealing with Database Denial of Service Understanding and Selecting a Key Management Solution Pragmatic Key Management for Data Encryption Understanding and Selecting Data Masking Solutions Implementing and Managing a Data Loss Prevention Solution Defending Data on iOS Understanding and Selecting a Database Security Platform Understanding and Selecting a File Activity Monitoring Solution Database Activity Monitoring Software vs Appliance The Securosis 2010 Data Security Survey Understanding and Selecting a Tokenization Solution Understanding and Selecting a DLP Solution Understanding and Selecting a Database Encryption or Tokenization Solution Low Hanging Fruit Quick Wins with Data Loss Prevention V20 Database Assessment Content Discovery Whitepaper Selecting a Database Activity Monitoring Solution Endpoint Security The 2015 Endpoint and Mobile Security Buyer s Guide Advanced Endpoint and Server Protection Reducing Attack Surface with Application Control The 2014 Endpoint Security Buyer s Guide The Endpoint Security Management Buyer s Guide Evolving Endpoint Malware Detection Dealing with Advanced and Targeted Attacks Endpoint Security Fundamentals Best Practices for Endpoint DLP Identity and Access Management Identity and Access Management for Cloud Services Network Security Defending Against Network-based Distributed Denial of Service DDoS Attacks Firewall Management Essentials Network-based Malware Detection 20 Assessing Scale, Accuracy and Deployment Network-based Threat Intelligence Searching for the Smoking Gun Defending Against Denial of Service DoS Attacks Network-based Malware Detection Filling the Gaps of AV Applied Network Security Analysis Moving from Data to Information Fact-Based Network Security Metrics and the Pursuit of Prioritization Network Security in the Age of Any Computing Understanding and Selecting an Enterprise Firewall Project Quant Malware Analysis Quant Measuring and Optimizing Database Security Operations DBQuant Network Security Ops Quant Metrics Model Network Security Operations Quant Report Project Quant Survey Results and Analysis Project Quant Metrics Model Report Security Management Leveraging Threat Intelligence in Security Monitoring Security Management 25 Replacing Your SIEM Yet Eliminate Surprises with Security Assurance and Testing Security Awareness Training Evolution Continuous Security Monitoring Threat Intelligence for Ecosystem Risk Management The CISO s Guide to Advanced Attackers Building an Early Warning System Implementing and Managing Patch and Configuration Management Vulnerability Management Evolution From Tactical Scanner to Strategic Platform Watching the Watchers Guarding the Keys to the Kingdom Privileged User Management Security Management 20 Time to Replace Your SIEM Security Benchmarking Going Beyond Metrics React Faster and Better New Approaches for Advanced Incident Response Monitoring up the Stack Adding Value to SIEM Understanding and Selecting SIEM Log Management The Business Justification for Data Security Web and Email Security Quick Wins with Website Protection Services Email-based Threat Intelligence To Catch a Phish Subscribe to our daily email digest http://www.secuobs.com/revue/news/526796.shtmlhttp://www.secuobs.com/revue/news/526796.shtml Secuobs.com : 2014-07-24 19:47:35 - Research Library - Anti-virus is basically dead, at least according to the biggest anti-virus vendor The good news is that signature-based AV has actually been dead for a long time even the big players have been broadening their capabilities to assess, prevent, detect, and investigate advanced malware on endpoints and servers There has been a tremendous amount of activity and innovation in protecting endpoint and servers, driven by necessity Endpoint protection has become the punching bag of security For every successful attack, the blame seems to point directly to a failure of endpoint protection Not that this is totally unjustified most solutions for endpoint protection have failed to keep pace with attackers But hygiene and awareness alone will not deter advanced attackers very long We frequently say advanced attackers are only as advanced as they need to be they take the path of least resistance But the converse is also true When these adversaries need advanced techniques, they use them Traditional malware defenses such as antivirus don t stand much chance against a zero-day attack Advanced Endpoint and Server Protection ToC Our Advanced Endpoint and Server Protection paper highlights the changes in threat management resulting from these advanced attackers using advanced tactics We discuss changes in prevention, as well as advances in both detection and investigation This is really a call to action to rethink how you deal with advanced adversaries, and ultimately how you protect your devices Advanced adversaries require organizations to rethink how they manage threats The idea that targeted attacks can be prevented consistently is a pipe dream, so organizations need to shift away from largely ineffective legacy technologies for protecting endpoints and servers More specifically this means devoting more resources and investing in innovative approaches to blocking attacks in the first place, including advanced heuristics, application control, and isolation technologies But even with significant investment in innovative prevention, a persistent attacker will still compromise your devices This highlights the necessity of shifting security investment toward detecting and investigating attacks We would like to thank the companies who have licensed this content in alphabetical order Bit9 Carbon Black Cisco Sourcefire and Trusteer, an IBM Company We make this point frequently, but without security companies understanding and getting behind our Totally Transparent Research model, you wouldn t be able to enjoy our research Download Advanced Endpoint and Server Protection PDF Subscribe to our daily email digest http://www.secuobs.com/revue/news/526795.shtmlhttp://www.secuobs.com/revue/news/526795.shtml Secuobs.com : 2011-06-30 22:24:09 - Research Library - Papers ------ Webcasts -------- http://www.secuobs.com/revue/news/314589.shtmlhttp://www.secuobs.com/revue/news/314589.shtml Secuobs.com : 2011-02-08 02:07:47 - Research Library - Company Name Exhibitor Type Booth Number Sub-category Category Website 3M Mobile Interactive Solutions Division Exhibitor 2740 Mobile Security Endpoint Security http solutions3mcom wps portal 3M en_US Meetings Home ActivIdentity Exhibitor 1128 Authentication Identity and Access Management http wwwactividentitycom Advanced Product Design Exhibitor 340 Advantech Exhibitor 217 AFC Industries Exhibitor 235 Furniture Other http wwwafcindustriescom Agiliance Exhibitor 2351 Compliance Security Management and Compliance http wwwagiliancecom Akamai Technologies Silver Sponsor 2017 Content Delivery http wwwakamaicom Alert Enterprise Exhibitor 351 Compliance Security Management and Compliance http wwwalertenterprisecom Alert Logic Exhibitor 2529 IDS IPS Network Security http wwwalertlogiccom AlgoSec Exhibitor 856 Firewalls Network Security http wwwalgoseccom en indexphp AlienVault Exhibitor 652 SIEM Log Management Security Management and Compliance http wwwalienvaultcom Alta Associates Inc Exhibitor 850 Compliance Security Management and Compliance http wwwaltaassociatescom AMAX Information Technologies Exhibitor 346 http wwwamaxitcom American Portwell Technology, Inc Exhibitor 628 http wwwportwellcom Anakam, an Equifax Company Exhibitor 226 Authentication Identity and Access Management http wwwanakamcom Anne Arundel Community College Exhibitor 2728 Education Other http wwwaaccedu Anonymizer, Inc Exhibitor 2722 Content Security Network Security http wwwanonymizercom Antiy Labs Partner Pavilion 1541 Endpoint Security http wwwantiynet Anue Systems Inc Exhibitor 2445 Application Testing Application Security http wwwanuesystemscom APCON Exhibitor 832 http wwwapconcom Application Security, Inc Exhibitor 639 Database Security, Vulnerability Assessment Data Security, Security Management and Compliance http wwwappsecinccom AppRiver Exhibitor 1059 Managed Services Email Web Security http wwwapprivercom Approva Exhibitor 428 Compliance Security Management and Compliance http wwwapprovanet Araknos SRL Unipersonale Exhibitor 347 SIEM Log Management Security Management and Compliance http wwwaraknosit en azienda aziendahtml ArcSight Exhibitor 931 SIEM Log Management Security Management and Compliance http wwwarcsightcom Armorize Technologies Inc Exhibitor 329 Web Application Assessment Application Security http wwwarmorizecom Art of Defence GmbH Exhibitor 342 Web App Firewalls Application Security http wwwartofdefencecom Arxan Technologies Exhibitor 328 Secure Development Application Security http wwwarxancom Astaro Exhibitor 2251 Firewalls, Email Security Gateway, Web Security Gateway Network Security, Email Web Security http wwwastarocom AT T Exhibitor 831 http wwwattcom atsec information security Partner Pavilion 1350 Compliance Security Management and Compliance http wwwatseccom Authentify, Inc Exhibitor 1029 Authentication Identity and Access Management http wwwauthentifycom Authernative, Inc Exhibitor 550 Authentication Identity and Access Management http wwwauthernativecom Avenda Systems Exhibitor 318 NAC Network Security http wwwavendasyscom Axway Silver Sponsor 2225 http wwwaxwaycom BeCrypt Inc Exhibitor 2129 Disk Encryption Endpoint Security http wwwbecryptcom Beijing LinkTrust Technologies Development Co,Ltd Partner Pavilion 1541 Perimeter Defense Network Security http wwwlinktrustcomcn Beijing Topsec Science and Technology Co,Ltd Partner Pavilion 1541 Beijing Venustech Inc Partner Pavilion 1541 Perimeter Defense Network Security http englishvenustechcomcn Beijing Zhongguancun Overseas Science Park Exhibitor 1541 http wwwzgcgovcn english BeyondTrust Corp Exhibitor 945 Anti-Malware Endpoint Security http wwwbeyondtrustcom Bit9, Inc Exhibitor 2621 Anti-Malware Endpoint Security http wwwbit9com Bivio Networks Exhibitor 2133 Content Security Network Security http wwwbivionet Black Box Network Services Exhibitor 2550 http wwwblackboxcom BlockMaster AB Exhibitor 2425 Mobile Security Endpoint Security http wwwblockmastersecuritycom Blue Coat Systems, Inc Gold Sponsor 1139 Threat Mgmt, Anti-Malware, Web Security Gateway Network Security, Email Web Security http wwwbluecoatcom BluePoint Security Exhibitor 2559 Cloud Security Virtualization and Cloud http wwwbluepointsecuritycom Brainloop Inc Partner Pavilion 1350 Access Management Data Security http wwwbrainloopcom BreakingPoint Systems, Inc Exhibitor 951 Monitoring Network Security http wwwbreakingpointsystemscom BroadWeb Corporation Partner Pavilion 1541 Perimeter Defense Network Security http wwwbroadwebcom Bsafe Information Systems Inc Exhibitor 855 Compliance Security Management and Compliance http wwwbsafesolutionscom BSI Partner Pavilion 1344 http wwwbsigroupcom C4ISR Journal Exhibitor 2650 Publication Other http wwwc4isrjournalcom CA Technologies Platinum Sponsor 1533 DLP, SIEM Log Management, Compliance Data Security, Security Management and Compliance http cacom Capella University Exhibitor 251 Education Other http wwwcapellaedu Cavium Networks Exhibitor 528 http wwwcaviumnetworkscom Hardware CCSOcom Exhibitor 2619 http wwwccsocom Disassembler Celestix Networks Exhibitor 852 Perimeter Defense Network Security http wwwcelestixcom Cenzic, Inc Exhibitor 332 Application Testing, Application Assessment Application Security http wwwcenziccom Check Point Software Technologies Exhibitor 2317 Firewalls, IDS IPS, Remote Access, Disk Encryption Network Security, Endpoint Security http wwwcheckpointcom Cherry Exhibitor 755 http wwwcherrycorpcom Hardware China quality certification certificate authority Partner Pavilion 1541 Compliance Security Management and Compliance http wwwcqccomcn english CipherOptics Exhibitor 1923 Encryption Data Security http wwwcipheropticscom Cisco Global Platinum Sponsor 1717 Firewalls, Remote Access, Threat Mgmt, Email Security Gateway, Web Security Gateway, Managed Services Network Security, Email Web Security http wwwciscocom Cloud Security Alliance Exhibitor 2718 http wwwcloudsecurityallianceorg Comodo Group, Inc Exhibitor 2439 Endpoint Defense Endpoint Security http wwwcomodocom CoreTrace Corporation Exhibitor 1963 Anti-Malware Endpoint Security http wwwcoretracecom CORISECIO GmbH Partner Pavilion 1350 http wwwcoriseciocom Coverity Exhibitor 333 Secure Development Application Security http wwwcoveritycom Critical Watch Exhibitor 950 Compliance Security Management and Compliance http wwwcriticalwatchcom Cryptography Research, Inc Exhibitor 2233 http wwwcryptographycom Secure dev hardware cv cryptovision GmbH Partner Pavilion 1350 Encryption Data Security http wwwcryptovisioncom Cyber-Ark Software, Inc Exhibitor 2045 Authentication Identity and Access Management http wwwcyber-arkcom Cybera Exhibitor 752 Compliance Security Management and Compliance http wwwcyberacom Cyberoam Exhibitor 723 Perimeter Defense Network Security http wwwcyberoamcom Damballa Exhibitor 433 Endpoint Defense Endpoint Security http wwwdamballacom Dasient, Inc Exhibitor 554 Endpoint Defense Endpoint Security http wwwdasientcom Dataguise Inc Exhibitor 645 Database Security Data Security http wwwdataguisecom Department of Homeland Security US-CERT Exhibitor 457 http wwwus-certgov DeviceLock Exhibitor 2228 Mobile Security Endpoint Security http wwwdevicelockcom http://www.secuobs.com/revue/news/283559.shtmlhttp://www.secuobs.com/revue/news/283559.shtml Secuobs.com : 2010-09-17 00:52:11 - Research Library - Secure application development is about building secure software Most security products offer band-aid protection for existing applications they filter, block, or proxy communications to from applications that are incapable of protecting themselves We want to get away from this never-ending hamster-wheel of pain , and instad code applications that are self-reliant and can protect themselves The secure code movement is in its infancy There are different processes, training programs, and tools to aid the development of secure applications -- which we will cover here We will also reference some of the OWASP and Rugged Software projects Papers and Posts ---------------- FireStarter Agile Development and Security Comments on Microsoft Simplified SDL Rock Beats Scissors, and People Beat Process FireStarter Secure Development Lifecycle -- You're Doing It Wrong Structured Security Program, Meet Agile Process FireStarter For Secure Code, Process Is a Placebo -- It's All about Peer Pressure Are Secure Web Apps Possible Clickjacking Details, Analysis, and Advice Presentations ------------- Security Agile FAIL Podcasts, Webcasts, and Multimedia ---------------------------------- We do not currently have multimedia for this topic Vendors ------- We'll include white and black box analysis, fuzzing, and tools vendors This list is currently evolving, and we'll include other firms as time permits Cigital HP SpiDynamics, Fortify IBM Ounce Veracode WhiteHat Security http://www.secuobs.com/revue/news/246772.shtmlhttp://www.secuobs.com/revue/news/246772.shtml Secuobs.com : 2010-05-31 13:19:21 - Research Library - Applications and Database Monitoring and Protection ADMP What is it It's a different way to think about security for applications It's a unified approach to securing applications by examining all of the components at once, viewing security as an operational issue, and getting tools to talk to each other It means looking at application security in context of the business rules around transaction processing, and not just from a generic network traffic perspective It is also a bit of prognostication, recommendation, and evangelism on our part, all rolled up into one unified theory This approach also defocuses from some of the more traditional network and platform security models, and looks at the data and how applications process transactions and data ADMP is essentially the data center branch of information-centric security, and it combines elements of data and application security into a consistent and specific architecture The goal is to watch application transactions from the browser through the database, and apply security controls that actually 'understand' what's going on Our definition is Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and or activity Papers and Posts ---------------- 1 The lead-in to this series of thought is Rich's posts on The Future Of Application and Database Security, Part 1 and Part 2 2 Definitions Content Monitoring and Protection And Application and Database Monitoring and Protection 3 What is my motivation, or Why Are We Talking About ADMP 4 ADMP and Assessment Linking preventative and detective technologies 5 ADMP A Policy Driven Example 6 Web Application Security We Need Web Application Firewalls to Work Better 7 It's Time To Move Past Vulnerability Scanning To Anti-Exploitation Presentations ------------- Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle Podcasts, Webcasts and Multimedia --------------------------------- We do not currently have any multimedia for this topic http://www.secuobs.com/revue/news/227193.shtmlhttp://www.secuobs.com/revue/news/227193.shtml Secuobs.com : 2010-05-31 13:19:21 - Research Library - This research page covers System Information Management SIM , System Event Management SEM , and Log Management technologies Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are differentiated things and talk about the common business problems they help customers address Papers and Posts ---------------- If you are just getting started, we recommend you read the following blog posts and papers in order In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments This research page covers System Information Management SIM , System Event Management SEM , and Log Management technologies Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are differentiated things and talk about the common business problems they help customers address Papers and Posts ---------------- If you are just getting started, we recommend you read the following blog posts and papers in order In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments 1 SIEM, Today and Tomorrow is a look back at some of the evolutionary struggles of SIM SEM, and what is happening with the market space today 2 LogLogic Acquires Exaprotect 3 It seems like every other post we mention SIM SEM and Log Management We get a briefing from a vendor nearly every week, and we both know and cover this space Creating this research page, we realized just how few posts we have written that are dedicated to it We will provide more in the coming weeks General Coverage ---------------- 1 Policies and Security Products, covering the expense of policy creation and maintenance Presentations ------------- 1 Adrian's presentation on Meeting Compliance with SIM, SEM and Log Management provides an in-depth discussion of using SIM SEM and Log Management products for meeting compliance, and offers practical tips in dealing with technical and process challenges Podcasts, Webcasts and Multimedia --------------------------------- We do not currently have any multimedia for this topic Vendors Tools ------------- The following is just an alphabetized and categorized list of vendors and products we are aware of in this area including free tools It does not imply endorsement, and is meant to assist you, should you start looking for tools Please email info securosiscom if you have any additions or corrections Vendors ArcSight CA CISCO MARS eIQ ExaProtect IBM Intellitactics LogLogic LogRhythm NetForensics NetIQ NitroSecurity Quest InTrust RSA EnVision Sensage Symantec SSIM Tenable TriGeo Q1 Labs http://www.secuobs.com/revue/news/227192.shtmlhttp://www.secuobs.com/revue/news/227192.shtml Secuobs.com : 2010-05-31 13:19:21 - Research Library - This research page covers web filtering as well as email security and anti-spam options The email security market, like the web gateway market, is one of the most saturated and commoditized in the security industry As with firewalls and anti-virus on Windows , it is essentially impossible to do business without these tools And to no one's surprise we see continued convergence of these threat protection products in some cases, it's merely mergers and acquisitions to provide two separate products from the same vendor, but in other cases we see combined solutions -- often in an attempt to displace point products As many of the site-managed solutions also offer gateway and secure data exchange services, we will cover that here as well The intended audience for this page is those interested in security products for their business, to keep their users' inboxes free of spam, and ensure Internet browsing stays within company policy In the past we would just have said 'porn', as that is why many of these platforms are purchased In reality there are many other security and compliance uses for these technologies, which are as least as important Papers and Posts ---------------- If you are just getting started, we recommend you read the following blog posts and papers in order In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments 1 Barracuda Networks Acquires Purewire 2 McAfee Acquires MX Logic 3 The Symantec acquisition of MessageLabs demonstrates that the battle for this fully commoditized market is not over 4 Marshal8e6 Buys Avinti, and how the smaller vendors need to innovate and re-position their technologies to compete General Coverage ---------------- 1 The First Phishing Email I Almost Fell For 2 I Heart Creative Spam 3 Spam Levels and Anti-Spam SaaS 4 Hackers 1, Marketing 0 Presentations ------------- PDF versions of presentations when available may also be useful, although they don't include any audio for any audio video, please see the next section Podcasts, Webcasts and Multimedia --------------------------------- We do not currently have any multimedia for this topic Vendors Tools ------------- The following is just an alphabetized and categorized list of vendors and products in this area including any free tools we are aware of It does not imply endorsement, and is meant to assist you should you start looking for tools Please email if you have any additions or corrections Vendors Aladdin Astaro Axway Tumbleweed Barracuda Networks Cisco Ironport Clearswift MIMESweeper Cloudmark CommTouch Google Postini Marshal8e6 Mail Marshal 8e6 Technologies McAfee IronMail, WebWasher, Secure Computing, CipherTrust Proofpoint SonicWall MailFrontier Symantec BrightMail and MessageLabs WebSense http://www.secuobs.com/revue/news/227191.shtmlhttp://www.secuobs.com/revue/news/227191.shtml Secuobs.com : 2010-05-31 13:19:21 - Research Library - IMAGE About Our Research About the Research Library About Our Research ------------------ Securosis is a new breed of IT research firm focusing on the broad information security and compliance markets As opposed to relying on big sales forces and high pay walls, we publish our primary research for free on our blog Yeah, we know, it's different and scary But it works In terms of our primary research model, our focus is to help mid-market IT and security professionals successfully execute on their projects, by providing actionable information to accelerate their progress It doesn't mean our research isn't relevant to large enterprises and government agencies It just means our primary constituency is someone who wears a security hat as well as a number of other hats on a daily basis Each week, Securosis publishes a ton of research on what's happening in the security business, all focused on keeping our readers connected and focused on what's important, not on the noise Our weekly research includes Securosis FireStarter Each week Securosis holds an internal, no-holds-barred research meeting Each analyst prepares a topic and the other analysts typically rip it to shreds The end result is a thought generator that challenges our perspectives and demands further discussion Each Monday, we publish the findings of that research meeting to stir the pot a bit and get the echo chamber vibrating Securosis Incite Something we've adopted from Security Incite is a hard-hitting summary of the news happening in our industry Each Wednesday we send out 8-10 links with analysis of what's happening out there and why it's important Securosis Weekly Summary Just in case you don't have anything better to do over the weekend, on Friday we send out a list of things we've posted on the blog and also each analyst's favorite outside post This keeps you up to date on what we've been up to Ad Hoc Posts Yes, the art of blogging is far from dead During the week, once or twice a day we post something of interest It could be a more detailed treatment of an announcement, something that's been bothering us, or part of our primary research which is always posted to the blog first In case you are some kind of dinosaur and don't use an RSS reader, you can sign up for email distribution of our blog posts Sign up for the Daily Digest or the Weekly Summary --------------------------------------------------------------------- For each of our coverage areas, we have a defined hierarchy of primary research documents we prepare to ensure deep coverage and actionable advice Understanding and Selecting This series of posts provides the backdrop for each security domain The research takes a product category perspective and helps readers understand why and how they'd use certain technology, and what is important when evaluating products and offerings As an example, check out our work on Understanding and Selecting a Database Activity Monitoring Solution Building a Topic Program The next level in our research is how to structure a security program to solve a specific problem This is about more than just figuring out what product to buy, but the underlying processes and techniques required to address a specific problem You can see our Building a Web Application Security Program for an example of this research Project Quant For a select few coverage areas, we go very deep and actually define very granular process maps and establish metrics to quantify those processes for an aspect of security We do a public survey to make sure we nail the process map and publish the survey results when we get a statistically significant sample Check out Project Quant for Patch Management to understand this research --------------------------------------------------------------------- About the Research Library -------------------------- Are you tired of having to hunt through screen after screen of crappy search results just to find the few bits of information you need Or trawl through endless forums and unrelated blog entries just to educate yourself on a new topic We are too that's why we created the Securosis Research Library The Library is designed to be your first stop when researching a new topic We've collected our best blog posts, white papers, and multimedia materials together in a structure designed to help you find what you need as quickly as possible Unlike search results or a wiki, we've organized the material for each topic in the order we think it will be most useful, rather than by date or some other arbitrary sorting method We don't cover every security topic you could think of, but we're constantly expanding into new areas and filling in coverage that's lighter than we'd like Where possible, for technology-related topics we include a list of Free Open Source and commercial products We try to keep these lists updated, but if you see something we are missing please email us so we can add it This is just a list of what's available in alphabetical order -- we aren't endorsing any particular products We update the material in the Library on an ongoing basis, and each entry is dated with the last update If you'd like to keep your own copy, just subscribe to the RSS feed Since we update the date on each entry when we make changes, your RSS reader should keep a current, local copy of the entire library Pretty cool, eh We hope you find it useful, and please email us with any suggestions, errors, or omissions http://www.secuobs.com/revue/news/227190.shtmlhttp://www.secuobs.com/revue/news/227190.shtml Secuobs.com : 2010-02-23 05:30:49 - Research Library - The Securosis Research Agenda is a dynamic entity We are constantly revisiting our research plans, so visit often to see what is in the hopper Understanding and Selecting a Database Encryption or Tokenization Solution Understanding and Selecting a Database Assessment Solution Project Quant for Database Security Project Quant for Network Security Monitoring and Management Quick Wins with DLP Pragmatic Data Security Network Security Fundamentals Endpoint Security Fundamentals Understanding and Selecting a SIEM Log Management Product Understanding and Implementing Network Segregation Data Security for the Cloud Some of these are papers will be sponsored, some won't, but all will be released for free under a Creative Commons license on our blog and within the Research Library http://www.secuobs.com/revue/news/194482.shtmlhttp://www.secuobs.com/revue/news/194482.shtml Secuobs.com : 2010-02-20 22:10:29 - Research Library - Stand by for our network security page http://www.secuobs.com/revue/news/193876.shtmlhttp://www.secuobs.com/revue/news/193876.shtml Secuobs.com : 2010-02-20 22:10:29 - Research Library - Stand by for our security management page http://www.secuobs.com/revue/news/193875.shtmlhttp://www.secuobs.com/revue/news/193875.shtml Secuobs.com : 2010-02-20 22:10:29 - Research Library - Stand by for our endpoint security page http://www.secuobs.com/revue/news/193874.shtmlhttp://www.secuobs.com/revue/news/193874.shtml Secuobs.com : 2009-10-23 01:48:37 - Research Library - This section of the research library is dedicated to all things Cloud Mostly we will cover Cloud Security, but along with this week need to have some understanding of what 'The Cloud' actually is, and what the major variations look like We will also cover SaaS and Virtualization under this space not because they are 'The Cloud', but they involve a Cloud-like model in many cases We will be adding a lot of content to this section in the coming weeks Papers and Posts ---------------- Rich's series defining a Cloud Security Data Lifecycle Introduction, Create, Store, Use, Share, Archive and Delete Securing the Cloud with Virtual Private Storage How The Cloud Destroys Everything I Love about Web Application Security Presentations ------------- Understanding Cloud Security in 30 Minutes or Less Podcasts, Webcasts and Multimedia --------------------------------- Chris Hoff co-hosts the Network Security Podcast, and talks about the Microsoft EM partnership, Liquid Machines and Information Centric Security Oh, he mentions a few things on 'The Cloud' too http://www.secuobs.com/revue/news/153224.shtmlhttp://www.secuobs.com/revue/news/153224.shtml Secuobs.com : 2009-10-23 01:48:37 - Research Library - This is one of the newest areas of our coverage, and although cloud computing and virtualization are distinct technologies, they are very closely related http://www.secuobs.com/revue/news/153223.shtmlhttp://www.secuobs.com/revue/news/153223.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - http://www.secuobs.com/revue/news/124583.shtmlhttp://www.secuobs.com/revue/news/124583.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - http://www.secuobs.com/revue/news/124582.shtmlhttp://www.secuobs.com/revue/news/124582.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - http://www.secuobs.com/revue/news/124581.shtmlhttp://www.secuobs.com/revue/news/124581.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - http://www.secuobs.com/revue/news/124580.shtmlhttp://www.secuobs.com/revue/news/124580.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - We've probably written more about Data Loss Prevention than any other single technology Actually, we prefer to call it Content Monitoring and Protection CMP , but when we use that only about 3 people know what we're talking about We define CMP DLP as Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis We use a pretty narrow definition to keep things clear -- CMP DLP is a defined product category, not some general definition for anything that protects data Encryption, DRM, portable device control, and all the other things that call themselves DLP can help with data loss, but aren't DLP We think using a big bucket like that only confuses people The best way to tell if something is DLP is to focus on the content awareness analysis If it only uses keywords or basic regular expressions, it isn't really DLP Now why should you care about DLP Is it just another over-hyped technology Nope -- we consider it to be one of the most significant security technologies to emerge over the past few years By adding content and context awareness, we can now protect information based on what it is, as opposed to where it's stored or some silly label someone slapped on it as metadata CMP tools are also expanding their understanding of business context, not just the data itself, so we can apply intelligent policies that reflect business processes, while only interfering with said processes when there is a policy violation CMP helps us find our sensitive information, watch how it's being used, and then protect it It's far from perfect, but it's still good enough that we recommend it, and we'd use it ourselves if we didn't just give away all of our stuff for free We keep all of our Research Library pages updated with our latest research Content is added where it fits best, not in chronological order, so we mark new material with the month year it was added to help you find changes more easily Papers and Posts ---------------- If you are just getting started, we recommend you read the following blog posts and papers in order In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all of the public comments as well 1 The most important piece of work we've published on CMP DLP is our white paper, Understanding and Selecting a Data Loss Prevention Solution This report covers all the basics- features, architectures, use cases, and a recommended selection process with testing criteria It was originally released as a series of blog posts part 1 introduction , part 2 content awareness , part 3 data-in-motion , part 4 data-at-rest , part 5 data-in-use endpoint , part 6 central administration , and part 7 selection process This is really the place to start if you need to learn about DLP 2 I also wrote a feature for Information Security Magazine that covers similar material, but is much more condensed 3 We also released a paper on Best Practices for DLP Content Discovery This covers all the important issues when using DLP for data at rest It was also a 6 part series part 1, part 2, part 3, part 4, part 5, part 6 use cases 4 The third paper in our CMP DLP series is dedicated to Best Practices for Endpoint DLP As always, available in a series of blog posts part 1, part 2, part 3, part 4, part 5, part 6 use cases 5 An early article on DLP as a feature vs a full solution DLP Is A Feature, CMF Or Whatever We'll Call It Is A Solution 6 A discussion on the evolution of CMP DLP ILP Extrusion Prevention CMF CMP SILM A Short Evolution of Data Loss Prevention 7 A short piece I did for Network World on DLP, and why it's worth looking at now 8 I'm a big proponent of full DLP solutions- this explains why Data Protection Isn't A Network Security Or Endpoint Problem 9 The dirty little secret of DLP 10 Data protection developments are running along parallel paths -- one for productivity applications and communications CMP DLP , and the other in the data center ADMP Our definitions of DLP and ADMP 11 Then a post on how those two worlds will connect 12 A Network World article I wrote on pitfalls of DLP 13 A look at the differences between DLP, content classification, and e-discovery 14 You can also use DLP to help prevent malicious outbound connections from sophisticated attackers Presentations ------------- Presentation on Understanding and Selecting a Data Loss Prevention System This is a companion to the DLP White Paper Podcasts, Webcasts and Multimedia --------------------------------- We do not currently have any multimedia for this topic Vendors Tools ------------- The following is just an alphabetized and categorized list of vendors and products in this area including any free tools we are aware of It does not imply endorsement, and is meant to assist you should you start looking for tools Please email info securosiscom if you have any additions or corrections Note that many other products include DLP light features, such as basic keyword or regex matching We are only including dedicated DLP solutions here Full Suite DLP CA Orchestria EMC RSA Tablus McAfee Reconnex Symantec Vontu Vericept Websense PortAuthority Workshare Partial-suite solutions Code Green Networks GTB Technologies Network-only tools Clearswift Fidelis Security Systems Palisade Systems Proofpoint Endpoint-only tools NextSentry Trend Micro Provilla Verdasys http://www.secuobs.com/revue/news/124579.shtmlhttp://www.secuobs.com/revue/news/124579.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - http://www.secuobs.com/revue/news/124578.shtmlhttp://www.secuobs.com/revue/news/124578.shtml Secuobs.com : 2009-07-25 02:04:03 - Research Library - http://www.secuobs.com/revue/news/124577.shtmlhttp://www.secuobs.com/revue/news/124577.shtml Secuobs.com : 2009-07-06 17:33:11 - Research Library - http://www.secuobs.com/revue/news/117218.shtmlhttp://www.secuobs.com/revue/news/117218.shtml Secuobs.com : 2009-07-06 04:20:18 - Research Library - http://www.secuobs.com/revue/news/117086.shtmlhttp://www.secuobs.com/revue/news/117086.shtml Secuobs.com : 2009-06-27 07:12:35 - Research Library - http://www.secuobs.com/revue/news/114404.shtmlhttp://www.secuobs.com/revue/news/114404.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111697.shtmlhttp://www.secuobs.com/revue/news/111697.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111696.shtmlhttp://www.secuobs.com/revue/news/111696.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111695.shtmlhttp://www.secuobs.com/revue/news/111695.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111694.shtmlhttp://www.secuobs.com/revue/news/111694.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111693.shtmlhttp://www.secuobs.com/revue/news/111693.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111692.shtmlhttp://www.secuobs.com/revue/news/111692.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111691.shtmlhttp://www.secuobs.com/revue/news/111691.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111690.shtmlhttp://www.secuobs.com/revue/news/111690.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111689.shtmlhttp://www.secuobs.com/revue/news/111689.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111688.shtmlhttp://www.secuobs.com/revue/news/111688.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111687.shtmlhttp://www.secuobs.com/revue/news/111687.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111686.shtmlhttp://www.secuobs.com/revue/news/111686.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111685.shtmlhttp://www.secuobs.com/revue/news/111685.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111684.shtmlhttp://www.secuobs.com/revue/news/111684.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111683.shtmlhttp://www.secuobs.com/revue/news/111683.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111682.shtmlhttp://www.secuobs.com/revue/news/111682.shtml Secuobs.com : 2009-06-19 21:57:14 - Research Library - http://www.secuobs.com/revue/news/111681.shtmlhttp://www.secuobs.com/revue/news/111681.shtml Secuobs.com : 2009-06-13 06:18:28 - Research Library - This research page covers System Information Management SIM, SystemEvent Management SEM, and Log Management technologies Basicallyanything that collects application logs, provides analysis andreporting on those events, plus a few other variants As these threeareas are morphing into one, we felt it would be best at this time tostop pretending they are "differentiated" things and talk about thecommon business problems these technologies help customers addressPapers and Posts----------------If you are just getting started, we recommend you read the followingblog posts and papers in order In keeping with our TotallyTransparent Research policy, for sponsored papers we also link to theoriginal blog posts so you can see how the content was developed, andall public comments1 LogLogic Acquires Exaprotect2 It seems like every other post we mention SIM/SEM and LogManagement We get a briefing from a vendor nearly every week, andwe both know and cover this space Creating this research page werealize just how few posts we have written that are dedicated tothis space We will provide more in the coming weeksGeneral Coverage----------------1 Policies and Security Products, covering the expense of policycreation and maintenancePresentations-------------* Adrian's presentation on SIEM and Compliance provides an in-depthdiscussion of using SIM/SEM and Log Management products formeeting compliance, and offers practical tips in dealing withtechnical and process challengesPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topicVendors/Tools-------------The following is just an alphabetized and categorized list of vendorsand products in this area including any free tools we are aware ofIt does not imply endorsement, and is meant to assist you should youstart looking for tools Please email info@securosiscom if you haveany additions or correctionsVendorsArcSightCACISCO MARSeIQExaProtectIBMIntellitacticsLogLogicLogRhythmNetForensicsNetIQNitroSecurityQuest InTrustRSA EnVisionSensageSymantec SSIMTenableTriGeoQ1 Labs*Jeez, I hope I did not miss anyone, but that is all I rememberGeneral Tools, Libraries and Key managementhttp://www.secuobs.com/revue/news/109317.shtmlhttp://www.secuobs.com/revue/news/109317.shtml Secuobs.com : 2009-05-11 22:46:04 - Research Library - This research page covers Web filtering as well as Email security andAnti-Spam options The email security market, like the web gatewaymarket, is one of the most saturated and commoditized in the securityindustry As with firewalls or anti-virus, it is essentially impossibleto do business without these tools And, to no one’s surprise, we seecontinued convergence of these threat protection products; in somecases, it’s merely mergers and acquisitions to provide two separateproducts from the same vendor, but in other cases we see combinedsolutions- often in an attempt to displace point products As many ofthe site managed solutions also offer gateway and secure data exchangeservices, we will cover that here as wellThe intended perspective for this page is those interested in securityproducts for their business to keep their users inbox free from spam,and mediate Internet browsing that may violate company policy In thepast we would just have said 'porn', as that is why many of theplatforms are purchased In reality there are many other security andcompliance uses for these technologies that are as least as importantPapers and Posts----------------If you are just getting started, we recommend you read the followingblog posts and papers in order In keeping with our TotallyTransparent Research policy, for sponsored papers we also link to theoriginal blog posts so you can see how the content was developed, andall public comments1 The Symantec acquisition of MessageLabs demonstrates that thebattle for this fully comoditized market is not over2 Post on the general threats around using External DatabaseProcedures variants in relational databasesGeneral Coverage----------------1 Spam Levels and Anti-Spam SaaS2 Discussion of Marshall8e6's acquisition of Avinti, and how thesmaller vendors need to innovate et re-position their technologiesto competePresentations-------------These PDF versions of presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsectionPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topicVendors/Tools-------------The following is just an alphabetized and categorized list of vendorsand products in this area including any free tools we are aware ofIt does not imply endorsement, and is meant to assist you should youstart looking for tools Please email info@securosiscom if you haveany additions or correctionsVendorsAladdinAstaroAxway TumbleweedBaracuda NetworksCISCO IronportClearswift MIMESweeperCloudmarkCommTouchGoogle PostiniMarshal8e6 Mail Marshal + 8e6 TechnologiesMcAfee IronMail, WebWasher, Secure Computing, CipherTrustProofpointSonicWall MailFrontierSymantec BrightMail and MessageLabsWebSensehttp://www.secuobs.com/revue/news/94609.shtmlhttp://www.secuobs.com/revue/news/94609.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - Database Security is one of the broader topics that Securosis coversDatabase servers are highly complex systems -- storing, organizing,and managing data for a wide array of applications Most mid-sizedfirms have dozens of them, some embedded in desktop applications,while others serve core systems such as web commerce, financials,manufacturing, and inventory management A Fortune 100 company mayhave thousands To address the wide range of offerings and uses, wewill cover database security from two different angles The first isthe security of the application itself, and the second is the use andsecurity of the data within the databaseDatabase Vulnerability Assessment VA, access control et usermanagement, and patch management are all areas where preventativesecurity measures can be applied to a database system For securingthe data itself, we include such topics as Database ActivityMonitoring DAM, auditing, data obfuscation/masking, and databaseencryption Technologies like database auditing can be used foreither, but we include them in the later category because they providea transactional view of database usage We also include some of thedatabase programming guidelines that can help protect databases fromSQL injection and other attacks against application logicPapers and Posts----------------If you are just getting started, we recommend you read the followingblog posts and papers in order In keeping with our TotallyTransparent Research policy, for sponsored papers we also link to theoriginal blog posts so you can see how the content was developed, andcomments1 The most important piece of work we've published on databasesecurity is the series "Understanding and Selecting a DatabaseActivity Monitoring Solution" white paper, and here are links tothe individual blog posts: Part 1, Part 2, Part 3, Part 4, Part 5,and Part 62 The post on Database Activity Monitoring and Event CollectionMethods is designed to supplement some of the considerations anyIT practitioner should consider when selecting a DAM solution3 Several posts on database encryption: the first from Rich is AnIntroduction to Database Encryption, followed by media encryptionoptions for databases, and additional considerations from Adrianregarding threat vectors to consider when encrypting data4 The 5 laws of Data Masking5 Information on weak database password checkers6 Database Connections and Trust, and databases are not typicallyset up to validate incoming connections against SQL injection andmisused credentials, and this post on recommending StoredProcedures to address SQL Injection attacks7 Separation of Duties and Functions through roles and programmaticelements, and putting some of the web application code back intothe database8 Native database primary key generation to avoid data leakage andinference problems, and additional comments on Inference Attacks9 Your Top 5 Database Security Resolutions10 Posts on separation of duties: Who "Owns" Database Security, andthe follow-up: DBAs should NOT own DAM et Database Security11 A look at general threats around using External DatabaseProcedures and variants in relational databasesGeneral Coverage----------------1 Netezza buys Tizor2 More Configuration and Assessment Options Discusses recentOracle and Tenable advancements3 Policies and Security Products applies to database security aswell as other product lines4 Oracle Security Update for January 20095 Responding to the SQL Server Zero Day: Security Advisory 961040includes some recommendations and workarounds6 Will Database Security Vendors Disappear and Rich's follow-onDatabase Security Market Challenges considerations for this marketsegment7 Behavioral Monitoring for database security8 NitroSecurity acquired RippleTech9 Database Monitoring is as big or bigger than DLPPresentations-------------These PDF versions of presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsectionPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia on this topicVendors/Tools-------------The following is just an alphabetized and categorized list of vendorsand products in this area including any free tools we are aware ofIt does not imply endorsement, and is meant to assist you should youstart looking for tools Please email info@securosiscom if you haveany additions or corrections* http://wwwappsecinccom/Application Security Inc AppRadar* http://wwwguardiumcom/Guardium* http://wwwimpervacom/indexhtmlImperva SecureSphere* http://wwwiplockscojp/IPLocks UBM* http://wwwnetezzacom/Netezza Tizor* http://nitrosecuritycom/nitrosecurity* http://wwwsentrigocom/Sentrigo* http://wwwsecernocom/SecernoDatabase Vulnerability Assessment* http://wwwappsecinccom/Application Security Inc AppDetective* http://wwwfortinetcom/Fortinet* http://wwwimpervacom/indexhtmlImperva Scuba* http://wwwnessusorg/nessus/Tenable Network Security Nessus* http://wwwngssoftwarecom/Next Generation Security Software NGSSquirrelDatabase Encryption* http://wwwappsecinccom/Application Security Inc* http://wwwnetlibcom/NetLib* http://wwworaclecom/indexhtmlOracle* http://wwwrelationalwizardscom/Relational Wizards* http://wwwrsacom/RSA Valyd* http://wwwsafenet-inccom/SafeNet Ingrian* http://wwwsybasecom/Sybase* http://wwwnciphercom/solutions/business%20solutions/databasesaspxThalesaka nCipher* http://wwwvoltagecom/VoltageDatabase Auditing* http://wwworaclecom/indexhtmlOracle* http://wwwsofttreecom/SoftTree Technologies DB Audit Expert* http://wwwquestcom/InTrust-for-Databases/Quest IntTustDatabase Vendors* http://www-01ibmcom/software/data/db2/IBM* http://wwworaclecom/indexhtmlOracle* http://wwwsybasecom/Sybase* http://wwwmysqlcom/news-and-events/sun/Sun Microsystems MySQL* http://wwwteradatacom/t/Teradata* http://dbapacheorg/derby/Apache Derby* http://wwwpostgresqlorg/PostgreSQL Postgres* http://wwwingrescom/Ingres Open IngresThere are dozens of vendors, both big and small, who offer databases-- many with specific competitive advantages We aren't evenattempting to comprehensive, and specifically ignored any withoutwidespread mainstream adoption There are also dozens more open sourcedatabases with small numbers of deployments, perhaps primarilyembedded in applications or backending non-commercial webapplicationshttp://www.secuobs.com/revue/news/91474.shtmlhttp://www.secuobs.com/revue/news/91474.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - We've probably written more about Data Loss Prevention than any othersingle technology Actually, we prefer to call it Content Monitoringand Protection CMP, but when we use that only about 3 people knowwhat we're talking aboutWe define CMP/DLP as:Products that, based on central policies, identify, monitor, andprotect data at rest, in motion, and in use through deep contentanalysisWe use a pretty narrow definition to keep things clear -- CMP/DLP is adefined product category, not some general definition for anythingthat protects data Encryption, DRM, portable device control, and allthe other things that call themselves DLP can help with data loss, butaren't DLP We think using a big bucket like that only confusespeople The best way to tell if something is DLP is to focus on thecontent awareness/analysis If it only uses keywords or basic regularexpressions, it isn't really DLPNow why should you care about DLP Is it just another over-hypedtechnology Nope -- we consider it to be one of the most significantsecurity technologies to emerge over the past few years By addingcontent and context awareness, we can now protect information based onwhat it is, as opposed to where it's stored or some silly labelsomeone slapped on it as metadata CMP tools are also expanding theirunderstanding of business context, not just the data itself, so we canapply intelligent policies that reflect business processes, while onlyinterfering with said processes when there is a policy violation CMPhelps us find our sensitive information, watch how it's being used,and then protect itIt's far from perfect, but it's still good enough that we recommendit, and we'd use it ourselves if we didn't just give away all of ourstuff for freeWe keep all of our Research Library pages updated with our latestresearch Content is added where it fits best, not in chronologicalorder, so we mark new material with the month/year it was added tohelp you find changes more easilyPapers and Posts----------------If you are just getting started, we recommend you read the followingblog posts and papers in order In keeping with our TotallyTransparent Research policy, for sponsored papers we also link to theoriginal blog posts so you can see how the content was developed, andall public comments1 The most important piece of work we've published on CMP/DLP isour white paper, Understanding and Selecting a Data LossPrevention Solution This report covers all the basics- features,architectures, use cases, and a recommended selection process withtesting criteria It was originally released as a series of blogposts: part 1 introduction, part 2 content awareness, part 3data-in-motion, part 4 data-at-rest, part 5data-in-use/endpoint, part 6 central administration, and part7 selection process This is really the place to start if youneed to learn about DLP2 I also wrote a feature for Information Security Magazine thatcovers similar material, but is much more condensed3 We also released a paper on Best Practices for DLP ContentDiscovery This covers all the important issues when using DLP fordata at rest It was also a 6 part series: part 1, part 2, part 3,part 4, part 5, part 6 use cases4 The third paper in our CMP/DLP series is dedicated to BestPractices for Endpoint DLP As always, available in a series ofblog posts: part 1, part 2, part 3, part 4, part 5, part 6 usecases5 An early article on DLP as a feature vs a full solution: DLP IsA Feature, CMF Or Whatever We'll Call It Is A Solution6 A discussion on the evolution of CMP: DLP/ILP/ExtrusionPrevention CMF CMP SILM: A Short Evolution of Data LossPrevention7 A short piece I did for Network World on DLP, and why it's worthlooking at now8 I'm a big proponent of full DLP solutions- this explains why:Data Protection Isn't A Network Security Or Endpoint Problem9 The dirty little secret of DLP10 Data protection developments are running along parallel paths --one for productivity applications and communications CMP/DLP,and the other in the data center ADMP Our definitions of DLPand ADMP11 Then a post on how those two worlds will connect12 A Network World article I wrote on pitfalls of DLP13 A look at the differences between DLP, content classification,and e-discovery14 You can also use DLP to help prevent malicious outboundconnections from sophisticated attackersPresentations-------------These PDF versions of presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsectionNote that we are currently converting our presentations to post here,and they should be up soonPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topicVendors/Tools-------------The following is just an alphabetized and categorized list of vendorsand products in this area including any free tools we are aware ofIt does not imply endorsement, and is meant to assist you should youstart looking for tools Please email info@securosiscom if you haveany additions or correctionsNote that many other products include "DLP light" features, such asbasic keyword or regex matching We are only including dedicated DLPsolutions hereFull Suite DLP* CA Orchestria* EMC/RSA Tablus* McAfee Reconnex* Symantec Vontu* Vericept* Websense PortAuthority* WorksharePartial-suite solutions* Code Green Networks* GTB TechnologiesNetwork-only tools* Clearswift* Fidelis Security Systems* Palisade Systems* ProofpointEndpoint-only tools* NextSentry* Trend Micro Provilla* Verdasyshttp://www.secuobs.com/revue/news/91473.shtmlhttp://www.secuobs.com/revue/news/91473.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - Applications and Database Monitoring and Protection: ADMP What is itIt's a different way to think about security for applications It's aunified approach to securing applications by examining all of thecomponents at once, viewing security as an operational issue, andgetting tools to talk to each other It means looking at applicationsecurity in context of the business rules around transactionprocessing, and not just from a generic network traffic perspectiveIt is also a bit of prognostication, recommendation, and evangelism onour part, all rolled up into one unified theory This approach alsodefocuses from some of the more traditional network and platformsecurity models, and looks at the data and how applications processtransactions and dataADMP is essentially the data center branch of information-centricsecurity, and it combines elements of data and application securityinto a consistent and specific architecture The goal is to watchapplication transactions from the browser through the database, andapply security controls that actually 'understand' what's going onOur definition is:Products that monitor all activity in a business application anddatabase, identify and audit users and content, and, based oncentral policies, protect data based on content, context, and/oractivityPapers and Posts----------------1 The lead-in to this series of thought is Rich's posts on TheFuture Of Application and Database Security, Part 1 and Part 22 Definitions: Content Monitoring and Protection And Applicationand Database Monitoring and Protection3 What is my motivation, or Why Are We Talking About ADMP4 ADMP and Assessment: Linking preventative and detectivetechnologies5 ADMP: A Policy Driven Example6 Web Application Security: We Need Web Application Firewalls toWork Better7 It's Time To Move Past Vulnerability Scanning ToAnti-ExploitationPresentations-------------These PDF versions of presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsectionWe're working on converting our presentations and should have themavailable soonPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topichttp://www.secuobs.com/revue/news/91472.shtmlhttp://www.secuobs.com/revue/news/91472.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - This section of the research library is dedicated to applicationsecurity in its many forms On this page we cover the basic topics;such as Access Control, Monitoring et IDS, SIM, SEM, and LogManagement For other specialized fields within application security,such as web application security and secure software developmentpractices, we provide dedicated subsections On the navigation bar youwill see that we already have a few pages for specific coverage areasWe will continue to fill out our application security offerings, andprovide additional specific coverage areas over time Feel free tomake a request if you have something in this area you are interestedin seeingPapers and Posts----------------* Adrian's comments on structured software development securityprograms and the problems moving from Waterfall to Agile SoftwareDevelopment* How Common Applications Are Now the Weakest Link* Comments on "Containing Conficker" considers some of thechallenges most application developers are up against* Immutable Log technologies help with auditing and event trailverification* For application security, the implementation and management of apolicy set is a key factor in the cost and effectiveness of justabout any security product and, frankly, your happiness as well* Separation of Duties, Concept of Least Privilege, and otherrole-based user security measures* The Perils of the Insider Threat* PDF Security Pain, and stuff to think about on all script-enabledapplications* A very cool way of reverse engineering applications and contentwith Visual Forensic Analysis toolsPresentations-------------These PDF versions of presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsectionWe're working on converting our presentations and should have themavailable soonPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topichttp://www.secuobs.com/revue/news/91471.shtmlhttp://www.secuobs.com/revue/news/91471.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - Are you tired of having to hunt through screen after screen of crappysearch results just to find the few bits of information you need Ortroll through endless forums and unrelated blog entries just toeducate yourself on a new topic We are too that's why we createdthe Securosis Research LibraryThe Library is designed to be your first stop when researching a newtopic We've collected our best blog posts, white papers, andmultimedia material together in a structure designed to help you findwhat you need as quickly as possible Unlike search results or a wiki,we've organized the material for each topic in the order we think itwill be most useful, rather than by date or some other arbitrarysorting method We don't cover every security topic you could thinkof, but we're constantly expanding into new areas and filling incoverage that's be lighter than we'd likeWhere possible, for technology-related topics we include a list ofFree/Open Source and commercial products We try to keep these listsupdated, but if you see something we are missing please email us so wecan add it This is just a list of what's available in alphabeticalorder -- we aren't endorsing any particular productsWe update the material in the Library on an ongoing basis, and eachentry is dated with the last updateIf you'd like to keep your own copy, just subscribe to the RSS feedSince we update the date on each entry when we make changes, your RSSreader should keep a current, local copy of the entire library Prettycool, ehWe hope you find it useful, and please email us with any suggestions,errors, or omissionshttp://www.secuobs.com/revue/news/91470.shtmlhttp://www.secuobs.com/revue/news/91470.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - Papers and Posts----------------If you are just getting started, we recommend you read the followingblog posts and papers in order In keeping with our TotallyTransparent Research policy, for sponsored papers we also link to theoriginal blog posts so you can see how the content was developed, andall public comments1 The most important piece of work we've published on encryption isYour Simple Guide to Endpoint Encryption2 Post on the Three Laws of Data Encryption3 Post on When to Layer Encryption4 The post for Database Media Protection focuses on threats to themedia that need consideration5 The Data Security Lifecycle covers encryption during the movementand storage of dataGeneral Coverage----------------1 Part of the core value of Data Centric Security is the ability toprotect data regardless of where it moves or resides, which isfacilitated by encryption This is discussed in Part 1 and Part 2of the Best Practices for Endpoint Security, as well as:2 An editorial on how parts of the US intelligence communitydiscourage the adoption of encryption, as it is counterproductivefor their mission3 This post discusses Digital Rights Management DRM as itpertains to Cloud Computing and content protectionPresentations-------------PDF versions of our presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsection We have several on Encryption and Key Management that wewill be posting shortlyPodcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topicVendors/Tools-------------The following is just an alphabetized and categorized list of vendorsand products in this area including any free tools we are aware ofBeing here does not imply any endorsement; this list is simply meantto assist you if should you should start looking for tools Pleaseemail info@securosiscom if you have any additions or corrections---------------------------------------------------------------------Enterprise/General Encryption Providers* Certicom* CheckPoint* Entrust* GuardianEdge* IBM* PGP* RSA* SafeNet* Sophos Utimaco* Thales nCipher* TruCrypt* Voltage* WinMagicEndpoint Encryption Vendors* beCrypt* Credant* DESLock* McAfee SafeBoot* Microsoft BitLocker* Namo* Secude* SecuwareDatabase Encryption Vendors* Application Security Inc* NetLib* Oracle* Relational Wizards* RSA Valyd* SafeNet Ingrian* Sybase* Thales nCipher* VoltageKey Management, Certificate and other tools* Entrust* Verisignhttp://www.secuobs.com/revue/news/91469.shtmlhttp://www.secuobs.com/revue/news/91469.shtml Secuobs.com : 2009-05-03 04:47:38 - Research Library - If you really think about it, technically all of "informationsecurity" is "data security", but the reality is that most of ourindustry is focused on protecting networks and hosts, and very littleis dedicated to protecting the information assets themselves We hereat Securosis prefer the term "Information-Centric Security", sinceinformation is data with value as opposed to just a bunch of 0's and1's, but we know "data security" is more commonly used, and we're notabout to fight the industrySince data security encompasses a wide range of tools, technologies,and processes we will highlight top-level management issues on thispage, and encourage you to explore the subtopics for more details ondatabase security, DLP, encryption, and other specific areasWe keep all of our Research Library pages updated with our latestresearch Content is added where it fits best, not in chronologicalorder, so we mark new material with the month/year it's added to helpyou find changes more easilyPapers and Posts----------------If you are just getting started, we recommend you read the followingblog posts and papers in order In keeping with our TotallyTransparent Research policy, for sponsored papers we also link to theoriginal blog posts so you can see how the content was developed, andall public comments1 The most important piece of work we've published on data securityis the following: The Business Justification for Data Security Werecommend you download the whitepaper as it provides a condensedand professionally edited review, and here are the links to theindividual blog posts to add additional color and commentary: Part1, part 2, part 3, part 4, part 5, and part 6 03/092 Next, you should read our series of posts on the Data SecurityLifecycle which shows how all the various bits and pieces plug intogether Keep in mind that some of these technologies aren'tcompletely available yet, but the series should give you a goodoverview of how to take a big picture approach to data securityStart with the Lifecycle, then read the details on thetechnologies, organized by phase: Part 1, Part 2, Part 33 A short post on the general principles ofinformation-centric/data security4 Here is some background on why data and application security areincreasing in importance and driving most new security growthData And Application Security Will Drive Most Security Growth ForThe Next 3-5 Years5 Here's a good post with an overview of what we call the defensivesecurity stack; showing where data security fits in with network,host, and application security I mention CMF, which is the sameas DLP: Data Protection- it's More than A + B + C6 We believe that two existing technologies are evolving into the"core" of data security- Data Loss Prevention and DatabaseActivity Monitoring The are evolving into what we call ContentMonitoring and Protection DLP, for protecting productivityapplications and communications, and Application and DatabaseMonitoring and Protection DAM, for protecting applications andthe data center We define both technologies in Definitions:Content Monitoring and Protection And Application and DatabaseMonitoring and Protection7 This post continues that discussion in more depth: How Data LossPrevention and Database Activity Monitoring Will Connect 8 Data classification comes up all the time when discussing datasecurity Here's an overview that starts to introduce the idea ofpractical data classification: The Five Problems With DataClassification, And Introduction To Practical Data ClassificationWe followed it with a post: Practical Data Classification: Type 1,The Hasty Classification But the truth is, classification isusually quite problematic, and we don't recommend manualclassification to most enterprise users, as we wrote in: DataClassification is Dead We haven't finished our dataclassification series yet9 Related to data classification, here is a post on informationgovernance10 Before you start digging in too deep on data security, werecommend you prepare by understanding your users andinfrastructure, as we wrote in: Information-Centric Security Tip:Know Your Users and InfrastructurePresentations-------------These PDF versions of presentations may also be useful, although theydon't include any audio for any audio/video, please see the nextsectionThis is the Business Justification for Data Security Presentation thatRich and Adrian provided in February 2009Podcasts, Webcasts and Multimedia---------------------------------We do not currently have any multimedia for this topicVendors/Tools-------------The following is just an alphabetized and categorized list of vendorsand products in this area including any free tools we are aware ofIt does not imply endorsement, and is meant to assist you should youstart looking for tools Please email info@securosiscom if you haveany additions or correctionsSince data security is such a broad issue, please see thesubcategories for vendors and toolsIf much of this material seems somewhat generic, that's becausedata/information-centric security is a fairly high-level topic Wereally encourage you to learn about the specifics in the subcategoriesin the navigation menuhttp://www.secuobs.com/revue/news/91468.shtmlhttp://www.secuobs.com/revue/news/91468.shtml