Three security themes to watch for at the 2010 RSA Conference

SAN FRANCISCO -- Attackers aren't getting more sophisticated, but their methods are getting more automated, wreaking havoc on corporate networks and the people who are supposed to protect them. Several themes may emerge when this year's 2010 RSA Conference kicks off this week. Experts will explain what organizations can do to protect their networks in the wake of the Google attacks. Meanwhile, enterprises are building a mixture of public and private clouds, and vendors are eager to present ways that they can be better secured. What exactly is a private cloud or a hybrid approach is up to interpretation. Finally, Howard Schmidt, the White House appointed cybersecurity coordinator, is sure to set the tone early during the conference when he explains what the government is doing this year to protect critical systems from attack. Here's a snapshot of the themes that could emerge this week.

1. Endpoint security in the wake of the Google attacks.
Vendors may hype the attacks against Google and at least two dozen other companies as evidence that cyberattacks are becoming more sophisticated.

2. Keeping public and private clouds secure.
This year all the chatter may be about private and public clouds and a hybrid approach.

3. Cyberwarfare and critical infrastructure protection.
The new White House appointed cybersecurity coordinator Howard Schmidt, and Janet Napolitano, secretary of the Department of Homeland Security, are scheduled to speak about the government's progress on defending systems tied to critical infrastructure and how the private sector can help.

Read full story

Lumeta IPsonar finds leaking connections into and out of networks of any size, complexity or security level. In the constant challenge to install patches and control the proliferation of viruses, IPsonar’s combined intelligence provides a more practical, proactive means to detect the devices most at risk and remediate those problems in order of priority. IPsonar provides documented evidence that can be used to strategically drive plans for the mitigation of vulnerabilities and the management of secure workflow which is a common requisite for compliance mandates.

Network security practices should never become stagnant, and leak discovery should be an integral part of that practice. Continual internal and external forces keep network vulnerability in a never-ending state of flux. Although security products and policy management guidelines continue to evolve, there is ultimately no single proven solution to prevent network leaks.

New Lumension® Risk Manager Update Includes Enhanced Remediation Management, and Third Party Connectivity to Streamline Audit Workflows, Manage Risk and Reduce Costs

Enhanced Key Benefits of Lumension Risk Manager:

• Expanded Controls Coverage/Intelligent Assessments: LRM 4.1 includes integration with the Unified Compliance Framework (UCF) database updates that include additions to the UCF database around State Level Security Breach Notification Laws and FTC Red Flag Rules.

• By utilizing the UCF, Lumension’s patent pending risk intelligence engine automatically identifies critical controls needed to achieve compliance and secure any IT asset. Controls are assessed once across and reported across all regulations, saving time and consolidating compliance projects.

• Actionable Remediation and Alerting: Through its enhanced tracking and notification features, LRM 4.1 can assign mitigation efforts to business owners and track ongoing remediation progress. LRM improves operational workflows, automatically updating assessment scores and giving administrators clear visibility of progress made towards compliance and remediation activities. Email notifications can alert administrators when levels of compliance have changed or surveys are past due.

• Expanded Flexibility & Automation through the Lumension Connector Development Kit: Most IT GRC companies provide limited integration to third-party systems. Lumension Risk Manager’s open connector ecosystem allows scan and inventory data to be imported from virtually any database system. Customers and consultants can use the Lumension Connector Development Kit to create custom connectors and import data from their network scanner, asset inventory system and other databases.

• Exception Management: Helps administrators produce more realistic risk and compliance scores where there are certain exceptions that have to be made for circumstances unique to the network. This gives security professionals greater flexibility to make exceptions where needed and allows them to approve, reject or create exceptions from scratch.