Optimal Security : the Lumension Blog

I was surprised to read about the on-going attempted extortion case involving an apparent data breach at Express Scripts, a pharmacy benefit management company based in St. Louis, MO. The company received an anonymous letter containing Personally Identifiable Information (names, SSNs, DOBs, and some prescription information) from 75 customers. It then demanded an unspecified payment [...]

A recent event in which an unidentified USB thumb drive introduced a Trojan onto both the SIPRNet and NIPRNet, has caused a DOD-wide reaction to “suspend use of thumb drives on all classified and unclassified networks.” This directive is meant to contain the Trojan activity primarily on systems using Microsoft Windows.
While this serious incident requires [...]

Has the anti-virus market become obsolete? It seems that some network administrators are opting out in favor of newer, more flexible options.
Brent Rickels, senior vice president of First National Bank, headquartered in Valley Mills, Texas, recalls that when the license renewal for his company’s previous anti-virus tool was getting close, it just seemed that the [...]

The largest merchants operating overseas will have less than two years to secure credit card transactions, Visa announced on Monday.
Level-one retailers — those processing more than six million Visa transactions per year — must prove adherence to the Payment Card Industry Data Security Standard (PCI DSS) by Sept. 30, 2010, Visa said in a news [...]

In this video I discuss the changes in the threat landscape that has resulted in the need to protect against the unknown with Whitelisting (Application-Control).

In this video I discuss how organizations can effectively address compliance while still cutting costs.

In this Videocast, Information Security Magazine’s Andy Briney and I sat down to discuss how organizations can implement a practical approach to identifying, prioritizing and responding to IT security risks. See how this type of proactive, policy-based approach can establish, enforce and maintain desired security postures.

Why start another security blog? That was the question we asked ourselves at the start of this project.

As data breaches and malicious security viruses and attacks plague global business networks, we wanted to provide an open forum to encourage two way conversations with our ecosystem:  our customers, partners, key influencers, and IT users about the [...]

The election has created yet another opportunity for the bad guys to use a popular event to entice users to click on URLS and infect their PC. The current Barack Obama mania is blinding many to the normal common sense they apply to opening emails and surfing the Web.
Malware, using the media hype surrounding Barack [...]

Video Blog discussing Patch Tuesday November 2008.