Friday, June 25, 2010

DLP shelfware piles up; Don't toss Facebook security in IT group's lap

Facebook risks? Don't look to your IT security group | Security group stretching payment-card standards cycle to three years

Network World Compliance

Forward this to a Friend >>>


Too many data-loss prevention tools become shelfware, says analyst
The good, the bad and the ugly of data-loss prevention tools and technologies got a solid once over from Gartner analyst Eric Ouellet, who spared no punches during his presentation on the topic during the first day of Gartner's Security & Risk Management Summit. Read More


RESOURCE COMPLIMENTS OF: IBM

Smart Grid Security Blog
The smart grid is a growing digital information network and modernized power generation, transmission, distribution and consumption system. Drawing upon lessons from security best practices from the Internet and telecom networks, this blog tracks the thinking on how to best secure the emerging Smart Grid and micro grids. Subscribe now!

In this Issue


RESOURCE COMPLIMENTS OF: AT&T

AT&T
Designing Tomorrow's Ethernet-Based Metropolitan Area Networks Click to continue

Facebook risks? Don't look to your IT security group
Risks associated with employee use of Facebook, Twitter and other social media websites social media shouldn't really be considered the primary responsibility of the IT security department, a Gartner analyst said Tuesday. Read More

Security group stretching payment-card standards cycle to three years
The Payment Card Industry Security Standards Council Tuesday announced it will begin moving to a three-year cycle related to the main technical standards it issues for protection of sensitive payment-card information, allowing merchants and others more time to adopt them. Read More

iPhones, iPads in the enterprise: 5 security views
More people use their Apple devices in the workplace, and more IT shops allow it. Naturally, security concerns abound. Here are a few. Read More

Biggest tech industry apologies of 2010 – so far
AT&T, Facebook, Google, McAfee, Adobe and others say "We're sorry" for assorted security, privacy and performance problems in 2010. Read More

iPhone management tools step it up with iOS 4
The new iPhone and iPad OS adds BlackBerry-like corporate security, which upgraded IT admin tools will tap Read More


WHITE PAPER: Qualys Inc.

12-point checklist outlines key considerations
Discover a 12-point checklist for choosing the best vulnerability management solution for your organization. Read now!

20 percent of Android apps can threaten privacy, says vendor
Twenty percent of applications on Android Market let third parties access private or sensitive information, according to a report from security vendor SMobile Systems. Read More

Dot-org domains can now be protected by DNSSEC
On Wednesday, .org became the first generic top-level domain to offer its customers improved security using DNSSEC (Domain Name System Security Extensions). Read More

Most firms face security 'red alert' as XP SP2's retirement looms
Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP Service Pack 2 (SP2). Read More

Why security needs to catch up to Web 2.0
Security managers can keep blocking Facebook, refusing to support mobile devices and vetoing cloud-based services, but they aren't going away. And ignoring ways to make room for them in your security program is like burying your head in the sand, according to Tom Gillis, vice president and general manager of Cisco's security technology business unit, and author of the new book Securing the Borderless Network: Security for the Web 2.0 World. Read More

Microsoft patching tamed by Qualys tool
Qualys has added a new reporting feature to its vulnerability management service that helps IT staff work out which Microsoft patches to apply and in what order. Read More


WHITE PAPER: Eaton Corporation

UPS Service Plans: How to Maximize Your Returns
This white paper explores key issues to consider and questions to ask when selecting a UPS service offering and service provider. It also examines some of the top features to look for when evaluating UPS service plans, and discusses the importance of supplementing emergency assistance with preventive maintenance Read More

Network access control authentication: Are you ready for 802.1X?
In the NAC products we tested, authentication varies from very strong to very weak, and every point in-between. When starting down your path of evaluating NAC products, decide very early what kind of authentication mechanism you want, if any. Read More

Trustwave acquires Breach Security
Trustwave has acquired Breach Security for an undisclosed sum, an acquisition that the company said would bring Breach Security's Web application firewall together with Trustwave's own enterprise security tools. Read More

Juniper NAC: Powerful, complex
Trying to describe Juniper's UAC is difficult, because Juniper's NAC strategy has its tendrils in virtually every security product the company makes, from firewalls to switches to SSL VPNs. Read More

McAfee NAC focuses on endpoint protection
McAfee NAC is clearly slanted towards endpoint security and compliance requirements more than fine-grained network access controls. Because McAfee NAC depends heavily on ePolicy Orchestrator, existing McAfee end-point security customers will find that adding McAfee's NAC to their networks is a very natural and easy extension. Read More

Network access control vendors pass endpoint security testing
One of the main promises of NAC is that you can ensure that endpoint security tools are up to date and that non-compliant machines can be identified or blocked. As regulatory compliance has grown in importance, NAC vendors have reacted by building strong feature sets aimed at endpoint security and compliance. In our NAC testing, we had good, and sometimes great, results across the board when it came to endpoint security. Read More

Cisco NAC: Strong in-line enforcement
While Cisco's overall NAC strategy is in flux, a NAC Appliance investment is likely to come with substantial purchase protection — just be sure to keep your SMARTnet contract up to date. Read More

Network access control management: Pick your poison
In testing 12 NAC products, we discovered an incredible variety of management styles. To organize our results, we broke things up into three main categories: overall management, separation of control, and high availability. Read More



Join us on LinkedIn

Discuss the networking issues of the day with your colleagues, via Network World's LinkedIn group. Join today!
- Jeff Caruso, Executive Online Editor

Books for you from Microsoft Subnet and Cisco Subnet

Throw your name in the hat for a complete CompTIA Security+ study guide and the SharePoint bible, Essential SharePoint 2010. Deadline July 31. Enter today!

Computerworld and Network World: Best of Green IT

Computerworld and Network World: Best of Green IT Computerworld and Network World are teaming up to identify the top organizations leading the way with green-IT efforts and the coolest green-IT products. Computerworld will feature two ranked lists in its Oct. 25 issue: Top green-IT end-user organizations and a Top green-IT data center suppliers/vendors. Network World will feature the most effective green-IT products, as cited by survey respondents, in its Oct. 25 issue and online. Please fill out our short survey or forward this link to the person in your company best able to answer questions about IT energy issues. Surveys should be submitted by Thursday, July 1 at 12 noon EST.

SLIDESHOWS

The view from the Googleplex
We recently visited the "Googleplex," Google's expansive headquarters in Mountain View, Calif., for an interview, and took the chance to snap a few pictures of life inside what must be one of the most entertaining workplaces in America.

Network access control in a nutshell
Twelve leading NAC products were put to the test. Here's what we found.

MOST-READ STORIES

  1. Google Voice no longer an invitation-only affair
  2. Meet the father of Google Apps (who used to work at Microsoft)
  3. Apple leaves iPad vulnerable after monster iPhone patch job
  4. Cisco announces the CCIE Emeritus Program
  5. More than a quarter of iPhones break within two years
  6. 40/100G Ethernet standard ratified
  7. VeriSign SSL hackable - Comodo exposes, VeriSign denies
  8. Open-sourced textbooks could ease college costs
  9. Visiting the Googleplex
  10. Ultimate guide to network access control products

Do You Tweet?
Follow everything from NetworkWorld.com on Twitter @NetworkWorld.

You are currently subscribed to networkworld_compliance_alert as networking.world@gmail.com.

Unsubscribe from this newsletter | Manage your subscriptions | Privacy Policy

If you are interested in advertising in this newsletter, please contact: bglynn@cxo.com

To contact Network World, please send an e-mail to customer_service@nww.com.

Copyright (C) 2010 Network World, 492 Old Connecticut Path, Framingham MA 01701

** Please do not reply to this message. If you want to contact someone directly, send an e-mail to customer_service@nww.com. **


No comments: