Application Security News, Features, and Interviews

News

With walls breached, document protection is the new security imperative

By David Braue | 22 July, 2014 10:00

Whether driven by hackers becoming more aggressive, or by new regulations increasing visibility around an ongoing problem, growing reports of data theft are prompting organisations to take urgent and proactive measures to protect business documents during every stage of their life cycle.

The week in security: Password managers, IT managers under fire over security disconnect

By David Braue | 21 July, 2014 14:54

Confirming warnings that password managers are |not as secure as you might think, single sign-on provider LastPass shared details of two vulnerabilities it found last year, while Australian retail site CatchOfTheDay was also behind the times as it revealed details of an exploit that occurred back in 2011.

Exposing the Cybersecurity Cracks - Hurdles to Getting Security Right

By Anthony Caruana | 18 July, 2014 17:48

The Ponemon Institute released the second part of their "Exposing the Cybersecurity Cracks: Australia" report earlier this week. Sponsored by Websense, the report focussed on three key areas: Roadblocks, Refresh and Raising the Human Security IQ.

Security industry co-operation gains primacy as Palo Alto goes to Aruba

By David Braue | 18 July, 2014 14:43

A Palo Alto Networks and Aruba Networks partnership to integrate security products reflects a growing trend towards security industry co-operation and threat information sharing, the firms' local heads have confirmed.

Aussie CSOs questioning tech value, rarely talk security with executives: Ponemon

By David Braue | 18 July, 2014 14:35

Fully one-third of Australian cyber-security teams never speak with their company's executive team about security threats and a further 22 percent only meet once a year to discuss security, according to a new Ponemon Institute survey that has found fully a third of respondents would completely overhaul their IT security infrastructure if they could.

Reviews

USB Secure Flash Drive Product Review

By Enex Testlab | 24 August, 2011 12:04 | 3 Comments

A vast majority of today’s workforce use USB memory sticks, they offer unequalled convenience for transferring data. In most situations, if the data is not confidential, a standard USB stick quite acceptable, but what do you use if your data is sensitive?

WatchGuard XCS770R Email Security Appliance Review

By Enex Testlab | 22 June, 2011 20:04

In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.

Slideshows

Tips and tricks for protecting Android devices

By Eric Geier | 29 August, 2011 13:59

Android doesn't rival BlackBerry when it comes to security and enterprise support. But Android devices can still be reasonably secure. Here are some tips to help you protect your investment, privacy and data.

USB devices: The big hole in network security

By Ellen Messmer | 24 August, 2011 12:42

Ponemon Institute asked 745 information-technology and security managers whether USB drives were important for business use, and if they were secure. What did the survey find?

20 useful IT security Web sites

By Jon Brodkin | 08 April, 2008 09:50

Bookmarking these sites will help you protect your network, comply with government regulations and stay ahead of all the latest threats.

Features

NEWS FOCUS: Cyber-espionage attacks threaten corporate data in new unrelenting ways

By Ellen Messmer | 08 August, 2011 20:26

Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.

NEWS FEATURE: Debate rages over how to manage personal mobile devices used for work

By Ellen Messmer | 28 July, 2011 06:47

Increasingly, businesses accept the idea that employees should be able to use their personal mobile devices, such as smartphones and tablets, for work. But debate is raging as to whether these employee-owned devices should be managed and secured exactly as corporate-owned devices might be.

5 open source security projects to watch

By Rodney Gedda | 20 January, 2011 11:23 | 1 Comment

Data security is always top of mind for CIOs and CSOs, and there is no shortage of challenges when it comes to picking the right tool for the job. With network and software vulnerabilities growing at a perpetual rate, good security software can help defend against many of the large-scale threats that occur locally and from all over the Internet. In this edition of 5 open source things to watch, we take a look at security products that will guard against threats without robbing your kitty.

5 'Great' Open-source Desktop Security Applications

By Joseph Guarino | 01 April, 2010 05:12

Contributions from free and open software makers can be found throughout the tech world. From your datacenter to the desktop and everywhere in between; there's an open solution to your computing needs. This is no less true in information security. My focus in this article is the several outstanding information security desktop tools that personify the innovation and ingenuity of the FOSS (Free and Open Source Software) world. Please keep in mind that all of these applications (except one) are cross-platform so you can find appropriate versions on whatever you run (BSD, Mac OSX, Linux or Windows). The examples herein, however, will be catered to the largest install base (statistically): Microsoft Windows.

Windows 7 Tips: Best Security Features

By Shane O'Neill | 04 February, 2010 04:52

For both enterprises and consumers, one of the big draws of Windows 7 has been its tighter security features.

Tutorials

Ten tips to secure client VPNs

By Martin Heller | 03 October, 2006 14:31

If you have given your trusted employees and key contractors remote access to your network via a client virtual private network (VPN), congratulations! By now, you have seen the productivity and cost benefits from allowing collaboration that surmounts geographical separation.

Opinions

The Industrialisation of Hacking

By Chris Wood | 26 October, 2012 16:02

The Industrial Revolution transformed four key aspects of society—innovation, transportation, communication and financial markets—changing the world forever. Although it began more than 200 years ago, there are surprising some parallels between this historically transformative period and IT security. The dynamics of the threat landscape and the increasing complexity of IT environments have given rise to a new era: The ‘Industrialisation of Hacking’.

Winning in the modern threat landscape

By CSO staff | 30 August, 2012 13:45

There are three major attack vectors which must remain secure. Insider threats are related to users who interact with data. Opportunistic attacks deal with understanding the threat scape and global threat intelligence. Targeted attacks are related to internal intelligence; for example, where are my critical assets? What are they vulnerable to? Where are my counter measures? With a strong security connected framework we can begin to address all of these with one centralized security solution that is capable of looking at everything from endpoint, network, to data security. This webcast proposes best practices for: • Understanding and protect against insider, opportunistic and targeted attacks • Integrating the threatscape with one security solution that incorporates all types of attacks • Bringing together endpoint, network and data security into one unified control

Part 1:The business drivers and technology basics of two-factor or multi-factor authentication

By Mike Ryan | 07 May, 2012 13:50 | 2 Comments

The Prime Minister’s Department invited submissions to “Cyber Security White Paper” late in 2011. This is Brass Razoo’s submission that prosecuted the case for Australia to adopt a federated multi-factor authentication that could be deployed nationally. By extending existing identification systems administered by Government and Financial Service providers, the nation could build an identification and security system that would be the envy of the world.

Opinion: The Wild List

By Ian Hyndman | 13 July, 2011 17:27

The WildList is a compilation of sample viruses that have been submitted by security professionals from around the world. It is published each month to a select group of subscribers. Contributors can be any security professional, but the sample must be submitted by at least two respected sources before it will be included in the list.

Opinions: The sorry state of application security

By Matthew Hackling | 11 July, 2011 10:17

Application security is currently one of the major battlegrounds in information security. Compromised web applications are ransacked for credit card numbers, personally identifiable information and is a major vector for spreading crimeware enabling criminals to defraud our banking institutions

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get Powerful Protection for All of Your Mobile Devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.