Optimal Security : the Lumension Blog

In this presentation, learn about the latest innovations that operationalize application whitelisting across dynamic business environments and deliver more effective endpoint security above and beyond stand-alone anti-malware.

It certainly seems that in 2010, a month doesn’t go by without hearing about yet another zero-day threat affecting a popular browser software. In the first quarter of 2010, we already have seen new zero-day issues in the most popular browsers in use today:

Microsoft reported yet another new zero-day issue with Internet Explorer, and within [...]

In light of all of the widely varying commentary on the Advanced Persistent Threat (APT) issue I have been reading about on the Internet, I wanted to weigh in with my opinion on the issue.
APT - the New Menace?
For the past 20 years, we have at best only reacted to the changing Internet threats [...]

Makes Us Wonder if Web 2.0 / Social Apps are a Boon or a Bane.

The IT security community has been buzzing about a new zero-day exploit for Adobe that is reportedly in the wild.  It is now being investigated by Adobe and initial details are available on Adobe’s blog.
The malicious PDF files are reportedly being used in targeted attacks with the PDF being sent as an email attachment and [...]

We recently sat down with Nigel Stanley, Analyst at Bloor Research to discuss how whitelisting has evolved over the years and where the endpoint security market is heading in 2010.

Q: What role does whitelisting technology play in protecting a company’s vital information and managing critical risk?
A: Application whitelisting, which is the notion of only allowing pre-determined [...]

The latest Internet Explorer zero day threat will unfortunately catch many off guard and will have a significant impact on many organizations that are still relying on outdated defenses.
For the past decade or perhaps longer, our way of dealing with threats has been to try to filter our way out of trouble. However, with our [...]

There’s been a lot of talk about what role whitelisting will play in the endpoint protection suites of the future.  Opinions dissent about what it will take for whitelisting to become easily implementable for users and whether it will replace or augment the traditional anti-virus approach.  Whatever the opinion, I think most folks can agree [...]

As far back as a decade ago, attacks consisted of simultaneously launching strikes utilizing multiple vulnerabilities to gain a foothold in a target network and then following up with privilege escalation attacks to make it more worthwhile for the bad guys. For many years, we simply referred to these attacks as blended threats. While “Chained [...]

The current Twitter cross-site-scripting vulnerability (Twitter XSS vulnerability) should not be a surprise to anyone given how new the Twitter platform is.  For millions of its users including myself, we have all seen our fair share of bugs and issues such as Twitter downtime for maintenance, lost profile pictures, misdelivered direct messages and publicly revealed [...]