Stories by Ellen Messmer

Should companies practice data retention or data destruction?

By Ellen Messmer | 22 August, 2014 00:01

Many businesses spend a lot of time thinking about how to retain and store data, but there's another idea: Think about how to destroy your data.

Start-up offers up endpoint detection and response for behavior-based malware detection

By Ellen Messmer | 20 August, 2014 23:06

Start-up SentinelOne is offering security software for behavior-based malware detection intended to augment, not replace, the type of full anti-virus endpoint protection suites that typically also have signature-based defense, a firewall and other features.

Start-up fights ambush attacks on SDN, virtual machine networks

By Ellen Messmer | 19 August, 2014 03:28

Start-up GuardiCore is working on a security product that works through a 'honeypot' approach to detect and block stealthy attacks on software-defined networks (SDN) and multi-vendor virtual-machine infrastructures for enterprise customers as well as cloud-service providers.

Certificate Authority Security Council backs SSL server rules taking effect Nov. 1

By Ellen Messmer | 16 August, 2014 01:56

As a safety precaution to prevent SSL server certificates being exploited for network man-in-the-middle attacks on organizations, vendors that issue SSL server certificates will begin adhering to new issuance guidelines as of Nov. 1. These new rules, as described by members of the industry group Certificate Authority/Browser Forum, mean certificate authorities (CAs) will not issue certificates that contain "internal names" and expire after Nov. 1, 2015.

Microsoft's strategy on identity management aimed squarely at cloud-based services

By Ellen Messmer | 15 August, 2014 02:02

Microsoft's strategy for providing customers with identity management options is increasingly reliant on cloud-based methods of authentication and access control for provisioning of Windows-based mobile devices as well as Apple iOS and Google Android devices.

Testing service rolls out vast federated identity management system using Oracle

By Ellen Messmer | 12 August, 2014 04:33

The Educational Testing Service, a non-profit organization that provides academic assessment tests, says it has gained efficiencies by centralizing its identity and access management (IAM) for on-premises, cloud and hosted applications. But it had to cope with a few bumps in the road along the way, especially in extending IAM into the cloud.

Does your business need a "Data Protection Officer?"

By Ellen Messmer | 09 August, 2014 04:53

New data-privacy regulation for the European Union expected to gain approval as early as October of this year would break new ground by requiring businesses selling goods and services to European citizens to appoint a so-called "Data Protection Officer" to be in compliance with the new law.

'Unusual uptick' in attacks on media, publishing, Cisco says

By Ellen Messmer | 05 August, 2014 22:28

In its semi-annual threat report out today, Cisco points to an "unusual uptick" in attacks on media and publishing, putting that sector the top target for malware.

Homeland Security wants corporate board of directors more involved in cyber-security

By Ellen Messmer | 30 July, 2014 06:06

Setting corporate cyber-security policy and taking actions around it must be a top concern for the board of directors at any company, not just the information-technology division, the Department of Homeland Security (DHS) indicated as a high-level official there backed a private-sector effort to raise awareness at the board level.

Is Bring Your Own Identity a security risk or advantage?

By Ellen Messmer | 29 July, 2014 04:51

The "Bring Your Own Identity" (BYOID) trend in which websites let users authenticate using identities established through Facebook, LinkedIn, Google, Amazon, Microsoft Live, Yahoo or other means raises some questions in the minds of IT and business managers. And a survey conducted by Ponemon Institute shows a vast difference in how the IT and business sides think about this so-called BYOID method of authentication.

New SSL server rules go into effect Nov. 1

By Ellen Messmer | 25 July, 2014 07:03

Public certificate authorities (CAs) are warning that as of Nov. 1 they will reject requests for internal SSL server certificates that don't conform to new internal domain naming and IP address conventions designed to safeguard networks.

Malwarebytes questions poor showing in anti-malware protection-evaluation lab testing

By Ellen Messmer | 25 July, 2014 02:41

Dennis Technology Labs (DTL), which tests anti-malware products for effectiveness in protection, for the first time included the free version of the Malwarebytes software in the labs' competitive evaluation along with nine other vendor products, both paid and free. The results published by DTL today reveal Malwarebytes Anti-Malware Free had a poor showing, with only Microsoft Security Essentials doing worse in terms of effectiveness of protection.

Cybercrime wave whacks European banks

By Ellen Messmer | 23 July, 2014 00:34

Banks across Europe are now coping with a wave of cybercrime in which crooks are transferring funds out of customer accounts through a scam involving bypassing some two-factor authentication systems to steal large sums, according to a security firm assisting in the investigation.

Juniper boosts DDoS Secure appliance to mitigate UDP-based amplification attacks

By Ellen Messmer | 17 July, 2014 23:35

Juniper Networks has added a new way for its anti-DDoS appliance to mitigate what's known as massive UDP-based amplification attacks that typically work by exploiting compromised servers of different kinds to both spoof and vastly increase the denial-of-service barrage.

Survey: Corporate security thwarted by dialog failure between IT dept. and management

By Ellen Messmer | 17 July, 2014 23:34

So talk to me!

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Mobile Security for Enterprise

Embrace BYOD and gain full control, visibility and security of your mobile devices in a single endpoint solution

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.