I feel it’s time to share a little of my great wisdom (hey you at the back, don’t laugh!) and write a short list of my favourite, most useful, informative and time-saving (often life-saving) tools in my IT toolkit…
The official blog from Satisnet Ltd
Onapsis – 15 May 2013: Many organizations today are faced with the problem of detecting real-world security risks in their SAP platforms in a cost effective and timely manner. Assessing complex environments to check beyond just classic Segregation of Duties controls is not feasible without an automated solution.
Aerohive Networks has been positioned as a Visionary in the 2012 Magic Quadrant for the Wired and Wireless LAN Access Infrastructure report by Gartner. According to Gartner, a vendor in the Visionaries quadrant demonstrates an ability to increase features in its offering to provide a unique and differentiated approach to the market.
Puppet Dashboard (a default part of the Puppet Enterprise installation) uses MySQL as a backend; over time the two default databases it uses (console & console_auth) can grow to several gigabytes in size. Currently in my test environment with just four nodes and three weeks of data I have in excess of 100Mb of data:
Presented by John McCann, Morten Stengaard and Milan Koppen and hosted by Raphael Perez. On 10th April 2013, WMUG hosted a virtual meeting with Satisnet & Secunia, to demonstrate Secunia’s award-winning solutions, which equips corporate and private customers worldwide with Vulnerability Intelligence, Vulnerability Assessment and automated Patch Management tools to manage and control vulnerabilities across their networks and endpoints.
After spending two days at Infosecurity 2013 in the IBM stand, I’ve taken more interest in IBM’s SIEM solution QRadar. In this blog I will be briefly describing the different things that are achieved using this solution.
Safend Mobile Security is here… With Safend DPS version 3.4.7 there are many bug fixes and also support for Windows 8 Pro and Enterprise machines, Windows Server 2012 and can be used as a database on a SQL server 2012 for instance.
VMTurbo Operations Manager is an intelligent workload management engine, able to automate striking and maintain the perfect balance between performance and efficiency in your virtual environment be it VMware, HyperV, XenServer, RHEV or a mix of these.
It still surprises me when I hear of another attack against a company using such a simple technique as SQL injection. I’ll admit, it has been a while since I last developed a front end (back in the days when it was all client – server) but simple input validation can’t have gone that far out of fashion that an application should allow an entire SQL query to go through when a single digit is the expected input. No doubt there is potentially a horde of people willing to queue up to tell me how different it is in these days of web applications, dynamic URL generation & rapid development, but to be honest, the point I’m getting to (to shortcut a rather long and tortuous route) is that we shouldn’t and can’t rely purely on the security of the front end application to shield our crown jewel which is the data in our back end database.
Patch management using Shavlik supports agentless and agents based scans. Agentless scans and deployment is preferred by most. However, in places where you can’t perform agentless scan due to restriction of opening certain ports and starting certain services, agents can be used. Shavlik agent is fully self-contained, has a small footprint on the machine. There are a few things to take into note while using agents.
I have always wondered what type of data is sent over to SIEM’s and how detailed that data is. When Websense released a dedicated service for SIEM integration/support I was intrigued on how it worked.
With WSGA (Web Security Gateway Anywhere) your Websense appliance has a feature called TruWeb DLP (Data Loss Prevention) which can be enabled on the Websense Content Gateway. TruWeb DLP enables you to apply DLP policies to HTTP/HTTPS traffic which goes through the appliance.
In our previous PuppetLabs blog, we covered how Puppet can establish simple resources very quickly. Despite enforcement being one of its strongest suits and why it was primarily developed, Puppet can also be used as an auditing tool. If we take a very simple example of the Apache webserver configuration file:
VMTurbo Operations Manager is an extremely powerful tool enabling enterprises to find and maintain that all too difficult balance between performance and efficiency that virtualisation offers but so rarely delivers.
The majority of users around the world have some sort of Anti-Virus in place to protect their critical file systems from Malware, Trojans and a plethora of malicious programs. With Modern Malware becoming more and more advanced can anti-virus really cope?
If your organisation runs any Unix or Linux systems, it’s easy to see how simple configurations changes quickly become projects to ensure that all your servers remain in the same state. Combine these small configuration changes with the necessity of staying up to date with the latest stable or recommended versions of mission-critical packages and what starts as a small annoyance quickly becomes a time sink of a project. You could use a tool like rsync or rdiff-backup but they require a lot of work to get off the ground in the first place and don’t have a central management platform to give you an overview. Time that could be spent working on other projects then gets used up ensuring the backup process has worked.
Tenable Nessus ProfessionalFeed customers can now audit the configuration of PAN-OS™-based Palo Alto Networks firewalls. Nessus can audit the firewall operational configurations and allow Palo Alto Networks firewall reports to be embedded into Nessus reports. Mehul Revankar, Tenable’s lead compliance auditing engineer, and Russell Butturini, Senior Enterprise Security Architect and Nessus and SecurityCenter customer, talk about this new feature and the benefits.
Author: Wade Williamson, Palo Alto Networks – 25 March 2013: One of the core concepts behind WildFire is the ability to provide better protections against malware through the sharing of data across many networks. In most cases, this sharing is done automatically – new malware (or a new malware variant) is seen in a network in Los Angeles, and in 30 to 60 minutes, all subscribing customers worldwide are protected from that malware and its variants.
Last month I attended Mobile World Congress 2013 which was an exciting 4 days with all the ‘bigwigs’ from the mobile world descending upon Barcelona. The entire event was divided into 8 halls; I spent most of my time in Hall 3 as Airwatch, Samsung, LG, Huawei, Qualcom, Intel and many more were present there. It was hard to keep track of all events happening around as there were many announcements made and countless seminars taking place.