Archive for February, 2014

A proactive approach to SIEM

As the old adage goes “the best defense is a strong offense”, McAfee Risk Advisor seeks to replicate that through a proactive approach to risk management. With the goal to reduce the grab in the dark approach organizations take to procuring and deploying security measures, Risk Advisor pinpoints critical assets which require immediate attention. Leveraging McAfee Lab’s ability to gather threat data from millions of collection points, it is kept up to date with thread analysis and any potential remedies.

Risk Advisor has an inbuilt scoring system which quantifies an organization’s risk mitigation efforts. It uses the vulnerability and threat status, criticality of an asset, and any pre-existing countermeasures to generate a current risk score. This allows managers to look at what effect their risk mitigation efforts has had on their asset.


Risk Advisor is designed to work out of box with a multitude of other McAfee products such as McAfee’s Virus Scanner, Host Intrusion Prevention, Vulnerability Manager, Policy Auditor and Network Security Manager to provide countermeasure information across various functions. It has even been integrated into non-McAfee products such as SAP BusinessObjects to extend its risk analysis to business decisions.


Read Full Post »

Giving you a better picture of your Data

It was Ronald Reagan who said “Information is the oxygen of the modern age” and although it was at a time where virtual data was incomparable to what it is now – it has only become more evident how true those words were. In 2010 Verizon’s Data Breach Investigation reported an astounding 92% of all records comprised stemmed from database breaches (which comprised the majority of breaches at 25%), a marginal increase from the 2009’s 75%.

Organizations store data ranging from customer records (credit card numbers, billing information), employe records (salary, PII) and finances (revenue, assets, proprietary data). All of which is highly damaging if in the wrong hands. All of this makes it a highly enticing target for malicious attacks. With the increasing complexity of databases and applications directly interacting with them leading to the people responsible having no idea where their databases are or how secure their configurations are. Another issue on the rise in recent times is the greater demand for uptime of services leads to organizations holding off on patching vulnerabilities in favor of meeting up-time goals.


McAfee’s Security Scanner (DSS) aims to alleviate the headache for database personnel by providing three key features. DSS acts as a tactical database scanner seeking out database throughout the entirety of your network ensuring a global picture is developed. A clear view into the organization’s security posture with the capabilities to thoroughly check for over 3,500 vulnerabilities, and lastly to provide actionable data to address discovered risks.

DSS’ ability to discover databases provides an unmatched ability to not only seek and discover, but to highlight areas of key critical data such as PII, in-depth information about patch status, and security compliance levels. Its reports are built upon the concept of “less is more”, providing detailed priority levels of each threat based on advice from experts in the database security audit field combined with fix scripts wherever possible.

The entirety of these features are made available through a detailed centralized database browser allowing users to concurrently view hundreds of databases saving hours of work.

Read Full Post »

Simplifying Network Audits

The task of conducting a full network audit has always been a daunting task to any network related personnel. Nipper is a solution to this problem; it aims to painlessly assist in conducting a network audit through automated configuration vulnerability analysis and an agent-less solution. It triumphs over traditional methods such as penetration testing (A thorough but costly and slow process), agent-based (Software must be installed in each device to be tested which is not always possible), and Network Scanners (can cause networks to be bogged down due to the large amount of probes required).


Nipper’s reporting features allow for an audit to be generated that is tailored specifically to what the end user needs.

  • Personalize reports with your company details so all reports are generated automatically with your company’s name, logo, report naming policy

  • Rate with the default Nipper standards or use CVSS (industry standards vulnerability rating). Customize your environmental variables based on priorities (Low to High) – Confidentiality Requirement, Collateral Damage Potential, and more.

  • Exclude whole Issues (EG. Users with Default Passwords) or specific Devices from an issue.

  • Notes for specific issues

  • Save only what you want to save – specific report sections (EG. Filtering Rules) or entire tables (EG. Security Audit Table)

Reports generated contain information that technical staff can utilize to mitigate the issue and graphical information management can digest easily.


Such versatility and cost saving is the reason Titania’s Nipper Studio claimed both Computing Security Awards – Network Security Solution and Enterprise Security Solution of the Year in 2012 against well established competitors such as WatchGuard and Fortinet.

Read Full Post »

Reducing your costs during the SDLC

As technology increasingly becomes apart of our daily lives – we are seeing an increase of applications being developed to meet the growing need of consumers. With that comes a greater need to produce said applications quicker. With that comes the issue of overlooked bugs and sloppy coding increasing the ever present threat of attacks for businesses and users. A report published by the NIST (National Institute of Standards and Technology) in 2011 noted that 95% of all vulnerabilities stem from the application layer (Refer to Fig 1.0).

Fig 1.”Areas of Vulnerability” Source: NIST 2011

This is a staggering amount of vulnerabilities that are left open due to various circumstances but can easily be negated through proper security measures during the SDLC. Opting to proactively look for these vulnerabilities during the SDLC rather than reactively fixing them post release can save a company from a multitude of issues such as bad publicity, time better spent elsewhere, and most importantly costs.


Fig 2.”Cost to fix Bugs during SDLC”

Although figure 2.0 uses data from 1996 it is clearly evident that the cost to fix a bug exponentially increases further along the SDLC with the least expenses incurred during the coding phase. This is where IBM’s Security AppScan Source Edition comes into play.

AppScan Source Edition’s two main functions are to identify vulnerabilities during the coding phase through source code analysis and then eliminating them efficiently. Applying security measures during the build process further mitigates the chances of vulnerabilities getting past. AppScan Source Edition has the capabilities to scan more than one million lines of code per hour allowing for even the most complex enterprise level applications to be analyzed.

It’s versatility extends further to detailing and reporting security issues and the status of them for governance and compliance (Up to 40 supported security compliance reports) related functions. Reports are prioritized in terms of severity to better help service teams fix vulnerabilities efficiently, audits and compliance reports are crafted so it is easily digestible at the executive level.

AppScan Source is based on an open architecture allowing you to seamlessly integrate it into your current work environment and tools. The ability to define security policies to be followed and have it be enforced thoroughly allows AppScan Source to be an enforcer for Security Practices across the entire enterprise.

Read Full Post »