Optimal Security : the Lumension Blog

While our budget-constrained defenses remain relatively static, the threat vector continues to change. Historically in network security, attackers seem to regularly stay one step ahead of defenders. I have watched the arms race unfold for more than two decades as attackers worked their way up the OSI stack from network layer attacks like the infamous [...]

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a [...]

Ask any IT administrator where their greatest security risk lies and they will tell you it’s at the endpoint. The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network. Data that once resided on secure centralized servers (and [...]

Microsoft announced today they will be releasing a critical out-of-band patch MS10-018. From an impact perspective, this is a remote code execution and impacts Internet Explorer (IE) versions 6 and 7.  The unscheduled release is in response to a reported upswing in attacks against Microsoft customers as detailed in Microsoft Security Advisory 981374. Beyond the [...]

In this presentation, learn about the latest innovations that operationalize application whitelisting across dynamic business environments and deliver more effective endpoint security above and beyond stand-alone anti-malware.

Paul Henry, Forensics and Security Analyst, provides his insights in this February 2010 Patch Tuesday Security Briefing.

After a light start to the year in terms of patching, Microsoft is throwing out its heaviest patch load in four years for IT departments to tackle for the month of February with 13 patches in all - five of which have a maximum security rating of critical.
Three of the critical patches standout from the [...]

About a hundred years ago (in Internet terms … so, a couple of years back), I learned about RealPlayer the hard way. Despite the warnings from my friend and all-around knowledgeable good guy Tim, I installed it on my lappie so I could play some interesting bit of fluff from the Internet. I then spent [...]

There is a new Internet Explorer zero-day vulnerability this week that is at the center of “in-the-wild” attacks targeting large corporations including Google and Adobe.  As the research and vendor communities have been deconstructing the vulnerability, automated attack tools and various methodologies used to carry out the attack, a number of facts and mitigation steps [...]

When you begin to dig into the intricacies of accurately projecting what the threat landscape will look like in the next year, it is actually relatively easy in some respects. Just look at failing defensive technologies and you’ll have a good indication of what will transpire in our network environments. Let me explain.
The best example [...]