For all the right reasons, your company has been thinking about deploying
SIEM…to create an alert system when those with less than good intentions
come knocking; to remediate potential network threats; to comply with
federal, state or industry regulations; and identify the risks and
vulnerabilities throughout the enterprise IT infrastructure and architecture.
If you maintain even a modest (SMB -> Fortune 1000) organization that has any
online identity, SIEM should be the cornerstone of your asset protection
First and foremost, SIEM (and to a certain extent log management) is about
visibility. Who is doing what and when on your network. It is as much about
understanding the holistic landscape of your infrastructure as it is
protecting proprietary assets. Without it, it’s akin to coaching the Big
Game without any idea who is the opponent; or for that matter... (more)
Last month the Federal Financial Institutions Examination Council (FFIEC)
shared an opinion on the viability and security of cloud computing. In the
four-page statement, the interagency body empowered to prescribe uniform
principles, standards, stated that cloud computing is “another form of
outsourcing with the same basic risk characteristics and risk management
requirements as traditional forms of outsourcing.”
What they are offering is a back-handed endorsement of cloud computing with
the caveat that if you perform your due diligence and the solution passes the
security smell... (more)
One byte at a time.
Now before you roll your eyes at my stupid pun, consider the deeper wisdom to
this IT twist on an very old adage.
Security is big. It encompasses a great many definitions, confronts a great
many issues and is addressed through a great many solutions using a great
many formats. For many organizations, it can be an overwhelming proposition.
Beyond the issues of data defense, regulatory compliance, traffic management,
identity regulation, archiving, reporting, access control, intrusion
detection, encryption, app administration, help desk assistance, there is the ... (more)
CloudAccess, a provider of unified security solutions from the cloud,
announced the release of the latest version of CloudIDM/AM which features a
unique and seamless integration between enterprise identity management and
access control (single sign on/access management) from the cloud.
“We’ve taken the next evolutionary step to integrate the key capabilities
of provisioning, multi-factor authentication and role-based workflow
management with an advanced single sign on for SaaS and legacy applications
and manage it all from the cloud,” said CloudAccess CEO Kevin Nikkhoo.
One of the true benefits of the cloud is the ability to reconfigure and
create a stronger, more active asset protection strategy than you might be
able to otherwise afford. But let’s look beyond the cost factor for a
moment and analyze a true best practice that gives an organization a true
advantage within the cloud and an overall strategic deployment of security
To look at the future of security configuration we have to look back 500
years into the mists of history to see a model that worked well then…and
works just as well today. I’m talking specifically of the cast... (more)