Security Now Blog: Addressing Today's Information Security Issues

With software maintenance ending this December 2011, Cisco Security Agent (CSA) reaches End of Life. Known as Okena StormWatch, first introduced in late nineties, StormWatch acquired by Cisco in 2003 and was re-named as CSA. The other security vendors acquired similar Host Intrusion Protection Systems (HIPS) products of the same era.  CSA end-of-life is also the confirmation of an end of an era for HIPS even though similar HIPS products are still being marketed by the same security vendors. (more…)

Security experts say application whitelisting is the enterprise answer to deteriorating AntiVirus detection rates. Gartner’s referring to Application Whitelisting as “Application Control and Whitelisting” reveals the need to close remaining gaps with post-launch controls. However, application whitelisting requires a considerable level of effort. Even so, decision-makers can make practical choices today that mitigate their growing risks without overwhelming IT resources. (more…)

Set aside the IT magazines’ doom and gloom about Stuxnet.  Its a threat because it combines multiple exploit attack codes into a lethal cocktail.  Neither one of these attack binaries is particularly unusual.  Adapting to this threat can be simple.  But sticking with the typical enterprise security posture as-is, makes organizations an easy target. (more…)

Since January 2010, over 100,000, possibly up to 5,000,000 websites have been unleashing drive-by download attacks on visitors that were using Internet Explorer or Adobe Reader/Acrobat.  Less than a week ago, less than half of the roughly 50 leading antivirus products were detecting the attack.  If during this time you visited a website without any content because the owner hasn’t posted any content yet, and there’s some kind of boilerplate content along the lines of ‘under construction’, and if such a “parked” page were hosted by Network Solutions Inc., which may be the largest in the industry,  then your computer may be infected! (more…)

Researchers at Black Hat 2010 and DefCon 18 demonstrated how to circumvent security restrictions intended to prevent malicious PowerShell scripts from doing harm.  The researchers say antiVirus, host intrusion prevention system (HIPS), as well as software restriction policies (SRP) built into Windows Group Policies, and other advanced security software products cannot protect computers from these attacks.  AppGuard protects Windows computers from these sophisticated zero day attacks. (more…)