Optimal Security : the Lumension Blog

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a [...]

It certainly seems that in 2010, a month doesn’t go by without hearing about yet another zero-day threat affecting a popular browser software. In the first quarter of 2010, we already have seen new zero-day issues in the most popular browsers in use today:

Microsoft reported yet another new zero-day issue with Internet Explorer, and within [...]

Rich Mogull, founder of Securosis, provides his take on the predictions from the RSA show floor and how technology consolidation will impact endpoint landscape.

Lumension talks security with Charles Kolodgy of IDC at RSA about the evolution in endpoint management and security and what role new and emerging technologies will play in managing risk. Also, future predictions and trends.

In light of all of the widely varying commentary on the Advanced Persistent Threat (APT) issue I have been reading about on the Internet, I wanted to weigh in with my opinion on the issue.
APT - the New Menace?
For the past 20 years, we have at best only reacted to the changing Internet threats [...]

Makes Us Wonder if Web 2.0 / Social Apps are a Boon or a Bane.

We recently sat down with John Dunn, editor of Techworld, to discuss how whitelisting has evolved over the years and where the endpoint security market is heading in 2010.

Q: You were writing about whitelisting seven years ago, how close do you think whitelisting is to becoming a mainstream security technology?
A: It won’t happen quickly beyond [...]

We recently sat down with Nigel Stanley, Analyst at Bloor Research to discuss how whitelisting has evolved over the years and where the endpoint security market is heading in 2010.

Q: What role does whitelisting technology play in protecting a company’s vital information and managing critical risk?
A: Application whitelisting, which is the notion of only allowing pre-determined [...]

There’s been a lot of talk about what role whitelisting will play in the endpoint protection suites of the future.  Opinions dissent about what it will take for whitelisting to become easily implementable for users and whether it will replace or augment the traditional anti-virus approach.  Whatever the opinion, I think most folks can agree [...]

As far back as a decade ago, attacks consisted of simultaneously launching strikes utilizing multiple vulnerabilities to gain a foothold in a target network and then following up with privilege escalation attacks to make it more worthwhile for the bad guys. For many years, we simply referred to these attacks as blended threats. While “Chained [...]