Stories by Ellen Messmer

Can SDN usher in better IT security?

That software-defined networking (SDN) is a coming reality is starting to gain traction in IT security circles, with some vendors arguing it could lead to a level of interoperability in security largely missing at present.

Los Alamos National Lab's R&D fueling new quantum-crypto firm

Technology development firm Allied Minds says it has set up a new company, Whitewood Encryption Systems, to develop quantum-crypto technology under an R&D licensing arrangement with Los Alamos National Laboratory.

Security council blames breaches on poor PCI standard support

The growing number of data breaches resulting in massive numbers of payment cards being stolen from retail stores and other businesses is occurring because they're failing to keep up with the Payment Card Industry's data security standard, according to the PCI Security Standards Council.

Cleveland Indians turn to SIEM in malware, botnet battle

For the Cleveland Indians' IT department, dealing with malware on behalf of hundreds of Windows-using employees at the baseball team's Progressive Field data center operations can be a little bit like a pitcher facing a stacked batting line-up: a constant battle.

HyTrust, Intel team to lock down VMware virtual machines

HyTrust, in a partnership with Intel, today said its cloud security software used with VMware-based virtual machines can now ensure those VMs will only run in designated trusted locations based on what's called new "boundary controls."

Most websites are "One Day Wonders" -- and that's worrisome

The Internet's seething Web of content resembles endless bubbles popping to the surface for only a day, then vanishing, a security study from Blue Coat Systems released today indicates. That means there are a huge number of new, unknown and transient sites daily, posing challenges to determine whether they are benign, or should be blocked as dangerous.

Should companies practice data retention or data destruction?

Many businesses spend a lot of time thinking about how to retain and store data, but there's another idea: Think about how to destroy your data.

Start-up offers up endpoint detection and response for behavior-based malware detection

Start-up SentinelOne is offering security software for behavior-based malware detection intended to augment, not replace, the type of full anti-virus endpoint protection suites that typically also have signature-based defense, a firewall and other features.

Start-up fights ambush attacks on SDN, virtual machine networks

Start-up GuardiCore is working on a security product that works through a 'honeypot' approach to detect and block stealthy attacks on software-defined networks (SDN) and multi-vendor virtual-machine infrastructures for enterprise customers as well as cloud-service providers.

Certificate Authority Security Council backs SSL server rules taking effect Nov. 1

As a safety precaution to prevent SSL server certificates being exploited for network man-in-the-middle attacks on organizations, vendors that issue SSL server certificates will begin adhering to new issuance guidelines as of Nov. 1. These new rules, as described by members of the industry group Certificate Authority/Browser Forum, mean certificate authorities (CAs) will not issue certificates that contain "internal names" and expire after Nov. 1, 2015.

Microsoft's strategy on identity management aimed squarely at cloud-based services

Microsoft's strategy for providing customers with identity management options is increasingly reliant on cloud-based methods of authentication and access control for provisioning of Windows-based mobile devices as well as Apple iOS and Google Android devices.

IBM opening two state-of-the-art disaster recovery/resiliency centres

IBM is about to cut the ribbon officially opening two new state-of-the-art datacentres intended to provide disaster recovery and resiliency services, one in the Raleigh, N.C. area and other in Mumbai, India.

Testing service rolls out vast federated identity management system using Oracle

The Educational Testing Service, a non-profit organization that provides academic assessment tests, says it has gained efficiencies by centralizing its identity and access management (IAM) for on-premises, cloud and hosted applications. But it had to cope with a few bumps in the road along the way, especially in extending IAM into the cloud.

Does your business need a "Data Protection Officer?"

New data-privacy regulation for the European Union expected to gain approval as early as October of this year would break new ground by requiring businesses selling goods and services to European citizens to appoint a so-called "Data Protection Officer" to be in compliance with the new law.

'Unusual uptick' in attacks on media, publishing, Cisco says

In its semi-annual threat report out today, Cisco points to an "unusual uptick" in attacks on media and publishing, putting that sector the top target for malware.