Optimal Security : the Lumension Blog

As we ended 2009 and entered 2010, many predicted that 2010 was poised to go down in history as “the year of insider threats”. It was not a risky prediction to make considering our economic peril and our industries continued unwavering albeit misplaced focus on the gateway rather then endpoint security.
The Worldwide State of the [...]

A few things I learned while on the road in the past couple of weeks:
1.    The platform-centric approach is firmly planted both here and overseas;
2.    The efficiency of agents on the endpoint is increasingly under the microscope;
3.    Application whitelisting is truly hitting a global tipping point;
4.    Compliance costs continue to be an issue; and
5.    Never [...]

Ask any IT administrator where their greatest security risk lies and they will tell you it’s at the endpoint. The endpoint has expanded well beyond a desktop to include mobile devices, which allow greater user flexibility and productivity but also increase security risks to your network. Data that once resided on secure centralized servers (and [...]

The US Government last week proposed updating the Federal Information Security Management Act (FISMA) to include a clause about the continuation and monitoring of security threats based on government agency risk profiles. The new amendments to the act would change FISMA compliance in the following ways:

Establish a national cyberspace division within the executive office of [...]

Last week, I attended two security-related events in San Francisco. I spoke on the topic of the converging endpoint on a panel at America’s Growth Capital’s 6th Annual Information Security and West Coast Emerging Growth Conference. And I walked the floor at the RSA Conference, where Lumension exhibited. Here are my thoughts on the key [...]

Much has been said over the past few years about the convergence of IT security and IT operations. Most companies look at this convergence from an optimization standpoint; hoping to increase security, achieve greater compliance, and reduce IT risk. Many larger companies, however, still operate under a siloed approach, working primarily with point solutions for [...]

So, the Federal Trade Commission (FTC) has, for the fourth time (!) delayed enforcement of the so-called “Red Flags” rules, according to a statement posted on the agency’s website. Compliance enforcement is now scheduled for June 1, 2010 –- in case you’re keeping score at home, the previous dates were 01-Nov-08 (original), 01-May-09 (first delay), [...]

In May 2009, Aberdeen Group published a research report entitled IT GRC: Managing Risk, Improving Visibility, and Reducing Operating Costs. The study describes the policy, planning, process, and organizational elements that contribute to successful initiatives in the area of IT governance, risk management, and compliance (IT GRC).  I recently sat down with Derek Brink, vice president [...]

Organizations continue to be plagued by increasing regulations coming from states and federal governments, industry regulations and internal compliance policies.  They are further challenged by the complexities and costs associated with demonstrating compliance while managing the right levels of risks.  I recently sat down with Rob Israel, the CIO of John C. Lincoln Health Network, one of Lumension’s customers to [...]

As a marketer for a security software provider in this industry for a few years now, I’ve seen lots of FUD around preventing the next threat. Every vendor does it and every vendor tells you how their solution can help prevent XYZ from stealing your data or disrupting your business. In times like these where [...]