Optimal Security : the Lumension Blog

Much has been said over the past few years about the convergence of IT security and IT operations. Most companies look at this convergence from an optimization standpoint; hoping to increase security, achieve greater compliance, and reduce IT risk. Many larger companies, however, still operate under a siloed approach, working primarily with point solutions for [...]

Windows 7 has arrived on the scene with much hoopla. Understandably, many IT folks have greeted it with some trepidation. Here are my thoughts on what you should consider before migrating to this new platform.
No. 1: Windows 7 is better than XP, which is now already eight years old. While Windows 7 may not be [...]

Apple clearly seems to have taken a page from the Microsoft playbook and is now regularly delivering software patches almost monthly — typically in the shadow of Microsoft Patch Tuesday. However, this month’s Apple patch release falls on the eve of Patch Tuesday as IT teams prepare to address tomorrow’s Microsoft Patch Tuesday.
The nearly [...]

Last winter and spring we all watched with interest the headlines heralding the spread of the Confickr botnet.  The under-reported part of the story was that fact that well-patched enterprise networks were largely unaffected by Confickr’s bloom.  In some circles, this seems to have lead to a complacency or belief that botnet infections are not [...]

In general there are few “Facts of Life” that are accepted because there is an abundance of supporting data – hence, they simply cannot be disputed. Below are half a dozen “Facts of Life” I use in my own life that I’m happy to share:
1.      If I smoke cigars or cigarettes it will have a [...]

There’s no way this ends well.
The Wall Street Journal recently reported (sub. req’d) that Starwood Hotels filed suit against Hilton Hotels and two former employees, Ross Klein and Amar Lalvani, for corporate espionage, theft of trade secrets and unfair competition. Klein was the former President of Starwood Luxury Brands Group, and Lalvani was formerly Senior [...]

Wireless has always been a concern but it is about to become a nightmare
For me, it started years ago with a curiosity of the useful wireless access point detection tools that were freely downloadable on the Internet. I have regularly used NetStumbler to identify rogue access points for my clients. It is typically run on [...]

We’ve hardly stepped into 2009, yet it has already become clear that we’re in for another rocky year when it comes to headline data breaches, botnets, and social networking threats. Just look at our Annual Report and Threat Predictions for 2009. It is enough to make a security guy like myself shake his head because [...]

Just read an interesting article by Bill Brenner, who writes the FUD Watch blog at CSO, entitled Debunking the Patch Tuesday Hype Machine. In it, Mr. Brenner points to the onslaught of press releases he receives as the second Tuesday of every month approaches, warning that …
… the apocalypse is at hand. Patch immediately, their [...]

SQL injection attacks have been in the news lately given two recent highly publicized attacks against security vendors.  According to a recent IBM report, SQL injection attacks increased 30X between this past summer and the end of 2008 and resulted in a 50 percent increase in the number of malicious URLs hosting exploits. The report [...]