StoneBlog.stonesoft.com

According to Sari Kajantie from the Finnish National Bureau of Investigation (NBI) in Helsingin Sanomat, the biggest national newspaper in Finland on 4 August 2011: “It is not the fault of the employee who has opened the attachment, if the hacker can access all company data from a single laptop.”

Companies need to pay much more attention to their internal network activities and traffic. It should not come as a surprise to anybody that individual laptops are compromized. Workstation networks must be separated from the servers by firewalls and intrusion prevention systems; not only by installing these devices, but also by paying attention to rules and monitoring their alerts.

Continue reading »

written by Ari Vänttinen - 939 views \\ tags: Advanced Evasion Techniques, AET, Context and situation awareness, cybersecurity, IT security, risk management, Security, security threat, SMC

It seems the U.S. Congress is finally gaining an understanding of how cybersecurity should be managed. Maybe someone told them security is a process and they finally understood. At any rate, it’s welcome news that the recent cybersecurity reforms passed. While the original FISMA was well-intentioned, it was clear that it wasn’t helping security in any meaningful way. Often our customers and prospects were spending more time worried about generating large binders full of paperwork and less time on monitoring and examining events on the network.

It’s good to read news reports that departments and agencies like NASA and the U.S. State Department have recognized the value of real time, continuous monitoring and rapid threat mitigation instead, and are pushing for more of the Fed to move in that direction. Stonesoft’s own recommendations are along those lines.

Security truly is a process at the end of the day and any tools that facilitate that process should be considered. Geographic mapping of events in real time, effortless log data management and forensics analysis, visualization of events in both physical and virtual environments and all wrapped up in a centralized management center is the way to go. Of course, our own StoneGate solution is designed this way too.

Do you think the new direction of the Fed is good or bad? Stop by Booth 33 at <a href="Black Hat 2010 this week in Las Vegas and discuss it with us. We’d love to hear from you! Or come learn more about network security. Simplified.

written by markb - 1,134 views \\ tags: cybersecurity, information assurance, legislation, Security