Articles about Security Management

Cisco security puff from its website

Cisco in single SSH key security stuff-up

A red-faced Cisco has pushed out a patch for a bunch of virtual security appliances that had hard-coded SSH keys. Since the keys are associated with the virty appliances' remote management interface, a successful login would let an attacker waltz through the devices. The Borg has announced that its Web Security Virtual …
Red Hat Shadowman logo

Red Hat plans unified security management for Fedora 21

Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release. In this wiki post, the Fedora Project outlines what it calls “system-wide crypto policy”. The idea is that Fedora would provide consistent security for all applications running …
picard

Premera healthcare: US govt security audit gave hacked biz thumbs up

Serious doubt has been cast on the US government's data security regulations after Premera Blue Cross was declared secure by Uncle Sam – just months before the healthcare giant was ransacked for financial and medical information by hackers. The biz underwent a computer security audit by a federal watchdog in January 2014, was …
Iain Thomson, 23 Mar 2015
Job cuts jpeg

Layoffs at EMC's RSA security division

RSA, the security division of EMC, has confirmed plans to restructure its business, a move than means an unspecified number of long-term staffers will be shown the door. Details are scarce, for now, but RSA said that it plans to make new hires that will more than offset job losses by start of 2014. It wrote in an email: While …
John Leyden, 20 Sep 2013
The Register breaking news

BT links with Huawei raise national security concerns, say MPs

Chinese telecoms giant Huawei has dismissed claims that its technology, which is used by BT, is a threat to the UK's national security. The company was forced to defend itself today, after a parliamentary security and intelligence committee report attacked the civil service for failing to inform ministers of BT and Huawei's …
Kelly Fiveash, 06 Jun 2013
The Register breaking news

Microsoft rejigs enterprise end point security management

Updated Microsoft has decided to drop a standalone anti-malware management product in order to concentrate on server-based security and management software and hosted services. The management component of Stirling, the already delayed next generation of the Microsoft Forefront Protection Suite for end points (business PC anti-virus), …
John Leyden, 21 Apr 2010
Siemens GSM-R train cab radio. Pic: Joshua Brown

UK rail comms are safer than mobes – for now – say infosec bods

Analysis Last week's warning that Britain's railway systems could be susceptible to hacking has triggered a debate among security experts. Prof David Stupples of City University London made headlines last week with a warning that plans to replace the existing (aging) signalling system with the new European Rail Traffic Management System …
John Leyden, 30 Apr 2015
The Register breaking news

Putting the SaaS into security management

Hosted apps In all areas of business, security and privacy are built on good policy, properly applied. If you think moving to hosted services or software as a service (SaaS) changes this, then think again. While some aspects of security may be simplified, the cloud raises challenges in other areas. From the perspective of systems …
Tony Lock, 22 Dec 2010
Register Roundtable at the Soho hotel

CISOs' newest fear? Criminals with a big data strategy

CIO Manifesto We again gathered an eclectic mix of IT execs including some CISOs, CTOs etc, in a secret bunker to discuss whether we’re winning the security battle. OK, the “bunker” was a meeting room under the Soho Hotel, but not only are we not winning, it is not even clear what winning actually means. On Target Our IT execs happily …
Dominic Connor, 19 Jun 2015
Air traffic control at NATS

US air traffic control 'vulnerable to hackers' says watchdog

US air traffic control systems are potentially vulnerable to hackers, according to an audit by the American government. A report [46 pages, PDF] by the Government Accounting Office (GAO) faults the Federal Aviation Administration (FAA) for failing to meet compliance with the relevant government standards, specifically the …
John Leyden, 09 Mar 2015

Extreme Networks adds OpenDaylight to SDN suite

Extreme Networks has followed up its brand-new membership of the OpenDaylight Foundation (ODL) with an ODL-based OpenStack software defined networking (SDN) platform. The company had, two years ago, hitched its wagon to the Open Networking Foundation (ONF). It now explains its new focus on ODL on the basis that OpenDaylight- …
The Register breaking news

Using systems management tools in IT security

Workshop Every IT professional recognises the importance of securing the IT systems that are now at the heart of many business processes. This recognition goes beyond simple deployment of security technologies. As Register readers have told us, drivers such as compliance with regulatory pressures, minimising financial risks, securing …
Tony Lock, 11 May 2010
Sydney harbour bridge poking out of the clouds

Australia mandates* cloud use by government agencies

Australia's Department of Finance has updated its Cloud Policy to say “... agencies now must adopt cloud”. Those italics are the Department's, and it also has some qualifications for the edict, namely that cloud should only be adopted “where it is fit for purpose, provides adequate protection of data and delivers value for money …
Simon Sharwood, 08 Oct 2014

Cisco patches three-year-old remote code-execution hole

A three-year-old dangerous remote code execution hole affecting Cisco kit has been patched. Researcher Glafkos Charalambous discovered the Telnet vulnerability (CVE-2011-4862), which was first reported by the FreeBSD Project in 2011. It was left unpatched up prior to 15 October this year in Cisco appliances. The International …
Darren Pauli, 24 Oct 2014
Network Security

The Death of the Corporate Network Perimeter

In a recent survey over 400 Reg Readers you gave us the inside track on the current state of corporate networks and their ability to handle changing work patterns. In particular, you make the case that your networks are ill prepared to tackle the increasing diversity and sophistication of security threats. As you see it, the …
Tony Lock, 06 Jun 2014
grab_that_cash

We're not, er, 'cut-throat' capitalists – VC formerly known as ISIS

Not wanting to be confused with the vicious band of Middle Eastern warmongerers, ISIS Equity Partners has killed off its old brand, and is now answering the phones as Living Bridge. The name change was for fairly obvious reasons, as the venture capitalist doesn’t want to be associated with, er, blood-thirty, medieval cut-throats …
Paul Kunert, 21 Nov 2014
Android icon desktop toys

Blurred lines, as consumer tech swallows delivery of BIG IT

A decade of “consumerisation” of IT has, according to Gartner, succeeded in shifting the balance of power within organisations — across departments and from hierarchies to individuals. For IT companies traditionally dominating the B2C market, the opportunities to target the enterprise space looms large. Already consumer tech …
Rachel Willcox, 24 Jun 2015
Partnership

Can someone please standardise cloud standards?

As with any product, there are myriad ways of selling it and buying cloud services. While this extensive choice for customers means, in theory, they can pick and choose the type of cloud they want from a number of different providers, it also leads to confusion in the marketplace. If each cloud offering is slightly different to …
Frank Jennings, 06 Mar 2015
Confused computer keyboard

Software-defined everything: So, WHEN is the 'future'?

The software-defined data centre concept has attracted considerable attention and hype, with its promise of reducing hardware costs and automating control of infrastructure. Backers of the idea say the SDDC will enable policy-driven management of resources, allowing applications to be deployed across commodity hardware to suit …
Team Register, 05 Jan 2015
The Register breaking news

EMC slides Archer Technologies into security quiver

Storage behemoth EMC started down the 2010 acquisition trail on Monday by announcing an agreement to purchase Archer Technologies, a privately-held maker of IT governance, risk management, and compliance software. The vendor did not disclose the acquisition's price tag, but said the transaction is not expected to have a material …
Austin Modine, 04 Jan 2010
server room

Patch Management: Should it even exist?

Workshop From the outside in, it’s easy to question the need for software patching. “Surely,” some might ask, “If software was written properly we wouldn’t need the IT department to spend time patching it?” The even more cynical might suggest that the whole thing is a money-making ruse – without the need for patching, we wouldn't have …
Martin Atherton, 30 Mar 2010
arrow pointing up

Microsoft accuses Google of misleading feds over app security

Microsoft has accused Google of making "misleading security claims" to the US government, as the two companies continue to spar over the use of their respective online application suites among government agencies. With a recent lawsuit, various public statements, and posts to its website, Google has said that its Google Apps for …
Cade Metz, 11 Apr 2011
NICT's Daedelus security scanner

Controlling Application Access

Report Key Points The pressure is growing on the corporate network and the systems it supports. When asked about their network and application access infrastructure in a recent research study, the 404 respondents who participated highlighted a range of escalating pressures. Organisations of all sizes are seeing greater demands as a …
Dale Vile, 06 Jun 2014
The Register breaking news

Phone, internet corps SNUB US government's cybersecurity ABCs

Phone companies and ISPs in the US have convinced a top advisory panel to hold back the American government from forcing a set of basic IT cybersecurity standards on them. The Federal Communications Commission (FCC) set up a group of experts to figure out if the communications industry should be forced to adapt 20 "critical …
The Register breaking news

Symantec to extend security management portfolio

ComputerWire: IT Industry Intelligence Having released the first stage in its security management software strategy last month, Symantec Corp's president and COO, John Shwarz, has been talking to ComputerWire about the Cupertino, California-based company's plans to expand its management strategy. The first stage in the plan …
ComputerWire, 05 Nov 2002
The Register breaking news

Cloudy admin? Here's how to ward off Call of Duty-playing teens

Palo Alto Network has gone virtual with the latest version of its next-generation firewall, the VM-Series. The tech, launched last week, is designed to protect virtual and cloud environments and comes as part of a wider industry push to market virtual security appliances. Analysts Infonetics Research says the booming market for …
John Leyden, 20 Nov 2012

UK discovers Huawei UK staff auditing Huawei kit: Govt orders probe

Huawei will be probed by a top Whitehall official after the Chinese tech giant's staff in Oxfordshire were given the job of auditing Huawei's telecoms gear for Blighty's communications networks. The review was ordered following the publication of a report by an influential committee of MPs which warned of a conflict of interest …
John Leyden, 19 Jul 2013

They've taken my storage hostage ... now what?

Sysadmin blog There's an encrypting ransomware Trojan making the rounds called Cryptolocker. I will save the details on my battle with this beastie for later*, but suffice it to say that if this encrypts your stuff you are done. There is no getting your data back unless you have backups or pay the ransom. Let's set aside the ultra-well …
Trevor Pott, 24 Oct 2013
The Register breaking news

Latest Java patch is not enough, warns US gov: Axe plugins NOW

Security experts advise users to not run Java in their web browsers despite a patch from Oracle that mitigates a widely exploited security vulnerability. The database giant issued an emergency out-of-band patch on Sunday, but despite this the US Department of Homeland Security continues to warn citizens to disable Java plugins …
John Leyden, 15 Jan 2013
graph up

LogicaCMG clinches ESA satellite security deal

LogicaCMG is sniffing out subcontractors to help it service a €20m contract to develop a security management system for the European Space Agency’s Galileo satellite navigation system. The services vendor has secured three contracts covering: the Public Regulated Services Key Management Facility; the Mission key Management …
Team Register, 08 May 2006
cloud

Rivals dismiss MS Forefront security push

Microsoft released the final version of Forefront Client Security, its anti-malware software for enterprises, to manufacture on Wednesday. Security rivals were quick to suggest that the software will prove little better than the company's consumer anti-virus software, which performed disappointingly in independent tests earlier …
John Leyden, 03 May 2007
Screenshot of Windows 8.1's revamped Start screen

Microsoft lobs second Windows 8.1 preview at enterprise IT admins

Having already teased some of the consumer and small business features of Windows 8.1 with a preview release in June, Microsoft on Tuesday announced a second preview, this one with new features targeting larger IT departments. "Windows 8.1 Enterprise Preview builds on the Window 8.1 Preview which is currently available, adding …
Neil McAllister, 30 Jul 2013

EMC drops secret cash wad on Canadian software firm

EMC is on the acquisition trail again, if it ever really stepped off it. The latest target was Watch4net, a Montreal-based supplier of performance management software for undisclosed wads of cash. Watch4net is privately owned and was founded in 2000, with offices in Montreal, London, England, Munich and Toronto. Its software …
Chris Mellor, 01 Jun 2012

Office 365 hard enough to penetrate US government

Microsoft’s cloud productivity pack Office 365 has won an important certification from the US government, by ticking off all the to-do’s on the list to comply with the Federal Information Security Management Act (FISMA). FISMA requires US government agencies to develop and maintain security controls, the better to protect the …
Simon Sharwood, 11 May 2012
The Register breaking news

RIM: BlackBerry sales to US gov still on the rise

The White House and American government departments are still buying BlackBerrys, RIM's senior VP of security told Bloomberg, claiming that RIM had increased its share in the federal contract market. RIM's BlackBerry, one of few handsets to be security-approved by the Feds, is the top seller in US federal markets, said Scott …
Anna Leach, 10 Apr 2012
graph up

Security salaries hold up during economic gloom

Information security salaries are holding up well during the economic downturn but capital spending projects are feeling the axe, according to a pair of surveys from training organisation (ISC)2 and specialist recruitment consultant ISS. The survey of more than 600 respondents, contractors and permanent employees based in the UK …
John Leyden, 29 Apr 2009
The Register breaking news

Brit upstart flogs cloudy SaaS to clipboard-waving bods

Infosec 2012 UK-based startup SureCloud is flogging a cloud-based auditing and compliance platform at mid-market businesses with high info-security standards. SureCloud’s Unified Compliance Platform pulls together component elements such as vulnerability scanning, SIEM (security information & event management), wireless intrusion detection ( …
John Leyden, 24 Apr 2012
globalisation

IT bosses: directors don't take security seriously

Most IT managers believe that while their board-level superiors pay lip service to compliance and security, they don't really take it seriously, according to a survey carried out for software developer NetIQ. The survey also revealed that 51 percent of the 218 UK companies queried still do not have the processes and procedures …
Bryan Betts, 13 Aug 2007
The Register breaking news

eBay: It's safe to buy busted lava lamps and bug-infested rugs again

eBay has resolved a cross-site scripting bug on its website that independent experts warned posed a significant risk of fraud to users of the auction site. The XSS flaw meant that, once logged into a seller account on eBay, an attacker could insert an XSS exploit code into a listing of an item for sale. The XSS security flaw on …
John Leyden, 22 Nov 2012
The Register breaking news

On joining up physical security and cyber-security

A group of US technology firms have formed an alliance to develop better integration between physical and cyber security systems. The stated aim of the Open Security Exchange (OSE), , is to develop best practices and vendor-neutral specifications to enable the straightforward integration of physical and cyber security systems. …
The Register breaking news

BlackBerry squeezes MS on security, management, and control

Poll results Mobile email is a hot topic on enterprise agendas at the moment, with many already investing in this area or planning to invest, as we have previously seen. While there are numerous options open as organisations look to implement and/or scale up their installations, there are some obvious choices to make. One of these, …
Dale Vile, 22 Jun 2007
The Register breaking news

Amazon, eBay, banks snub anti-fraud DNS tech, sniff securo bods

Despite the best attempts of security vendors, neither online stores nor the financial industry seem particularly keen to adopt DNSSEC tech - an anti-fraud mechanism that makes it difficult for fraudsters to spoof legitimate websites. DNSSEC (DNS Security Extensions) uses public-key encryption and authentication to guard against …
John Leyden, 18 Feb 2013
hands waving dollar bills in the air

Security pros win out in office politics

More than a quarter (25.4 per cent) of the security workforce in Europe spends most of their workday dealing with internal politics or selling security to upper management, according to early results from a new survey. The second annual workforce study from security certification and training organisation ISC(2) also found that …
John Leyden, 18 Oct 2005
For Sale sign detail

WildPackets adds inTechnology to keep an eye on things

Network and application performance management system vendor WildPackets has announced inTechnology Distribution as distributor for the Australian market. The appointment adds the WatchPoint and OmniPeek software to inTechnology’s software offerings. The 11-year-old distributor describes itself as specialising in security, …
Warning: roadworks

Microsoft puts in Stirling work for unified security Nirvana

Microsoft is prepping a security software suite that will take it deep into Symantec and McAfee heartland. They won't be quaking in their boots just yet: the suite, called Stirling, hits the streets in 2009, at the earliest. Stirling integrates Microsoft's anti-virus, anti-spam and content filtering software, Internet Security …
Gavin Clarke, 06 Jun 2007
globalisation

CA reorganisation puts emphasis on security

Computer Associates Tuesday announced a reorganisation of its business to place more emphasis on its core systems management and security operations. CA is dividing itself into business units rather than product-based divisions in a strategy that will see the software giant organised along the same lines as arch-rival IBM. CA's …
John Leyden, 06 Apr 2005
The Register breaking news

EMC buys NetWitness after its impressive hack smackdown

EMC has announced its acquisition of network security monitoring and analysis platform outfit NetWitness. Financial terms of the deal, announced Monday, were undisclosed. NetWitness helped EMC's RSA division in the aftermath of the latter's high profile hack last month. Post acquisition, NetWitness will become a core component …
John Leyden, 05 Apr 2011
The Register breaking news

Dell splashes cash on SonicWall's powerful firewall erections

Updated John Swainson, president of Dell Software, took control of the giant's nascent software business last week and has moved fast, using the Dell checkbook to snap up SonicWall – a firewall and threat-management software and appliance maker – for an undisclosed sum. SonicWall, which was founded in 1991 by brothers Sreekanth and …
The Register breaking news

Malware-flingers can pwn your mobile with OVER-THE-AIR updates

Vulnerabilities in the baseband processors of a wide range of mobile phones may allow attackers to inject malicious code, monitor calls, and extract confidential data stored on the device, according to recent research from mobile security experts. However, according to El Reg's mobile correspondent, Bill Ray, this would be …
John Leyden, 07 Mar 2013
channel

Data theft replaces malware as top security concern

Theft of information and regulatory compliance are beginning to replace malware infestation and hacking as the top security concerns, according to a poll of enterprise IT security chiefs. The second annual Cisco-sponsored poll of 100 infosec pros in large UK enterprises found that 38 per cent of respondents place theft of …
John Leyden, 19 Apr 2007