Customers have myriad challenges facing them, and the last thing they have time do to is validate vendor claims. Do their security purchases, past or present, stand up to independent scrutiny?  Most vendors will focus on a key value of their product which can often be difficult to prove or disprove.  Security efficacy and accuracy, [...]

The McAfee Network Security Platform is entering a new phase of its evolution. 
1. Fastest – We’ve recently released the M-series, which scales Intrusion Prevention from 100Mbps to over 10Gbps. 
2. Most Accurate – NSS Labs has awarded the M-8000 NSS Gold Certification for accuracy. 
3. General Leader – Gartner has placed us in the Leader’s quadrant for the 5th year.  [...]

With Web applications and Web 2.0 beginning to take center stage in most enterprises, it’s not surprising that IT efforts and budgets to secure this Web traffic are beginning to reflect this shift. IDC notes that the Web security market is expected to nearly double from 2008 to 2013 in their recently released Worldwide Web [...]

I was talking to a colleague the other day about the need to provide security to users as they surf the web … after all, Web sites have taken over as the major source* of attacks today. The discussion started with gateway security for Web surfing.
“Surely,” I argued, “The gateway is the first line of [...]

We all seem to take for granted that changes happen very quickly in the online world, yet for some reason we haven’t updated our definition of “defense in depth” in over a decade.
Originally borrowed from military lingo, in information security defense in depth represents the use of multiple computer security techniques to help mitigate the [...]

Roughly every four to six months for the past five years someone has gone out on a limb to declare to the world that spam is dead, or at least it will be dead soon. The cure? Some new technology that returns a binary decision on ham or spam: our technological enlightenment leading us out [...]

Hi all!
I hope the winter weather isn’t keeping you inside too much. But just in case it is, here is something you should read, NSS recently published an IPS report that within days had over 3400 downloads.
Why is there so much interest? Unlike other “independent” testing facilities who essentially test to a vendor’s specifications using [...]

I regularly pose the following question to customers: “What is the most prolific point of vulnerability in your company’s IT security?” Depending on who I am speaking with, I get different answers. System security folks refer to applications or PCs in general. Risk management teams may refer to the employees and cite education and awareness [...]

We’ve seen an evolution from mass-mailing viruses to more targeted attacks and threats targeting OS vulnerabilities moving to attacks against applications. We’ve seen growth in attacks targeting systems that contain valuable data, including mission-critical enterprise applications sitting in virtual environments, SAP solution-based environments and storage systems.  Companies must take these threats seriously and look for [...]

Jeremiah Grossman is having a bit of fun pointing out the quite accurate “5 stages of grief” in the context of security:

Denial
“We have firewalls, IDS, and SSL. We are Secure.”
Anger
“How the heck did this get so bad?!?!?”
Bargaining
“We can solve this with frameworks, developer education and some scanners.”
Depression
“We have so many websites and the code is [...]