|
|
Securing the network on a budget
 No one denies that—economically—the second half of 08 has been a wild ride. In 09 companies are going to have to do some soul searching and find ways to get the most out of their security investments as budgets shrink. At StillSecure, we understand that's the reality of difficult economic times.
So my advice to security professionals looking over the horizon into 09 is, first, make the most of your existing investments. Maximizing current systems is more cost-effective than purchasing and deploying new technologies. See our new Post-Connect whitepaper, below, for an example of getting double duty out of your security investments.
Also, be sure to check out our VAM Lite freeware announcement. If you're a small or medium business it could be your chance to implement a vulnerability management system at no cost.
Second, focus on defending against social engineering-based threats. Reinforce best practices that increase employee awareness of fundamental dangers: desktop downloads, questionable email attachments, unlocked idle workstations, password management and other relatively simple measures that can go a long way to preventing security incidents.
Good luck, and feel free to give us a call. We can help.
Rajat Bhargava
President and CEO, StillSecure
November, 2008 | |
|
Top 10 vulnerabilities: October 2008
The StillSecure Security Alert Team compiles the top 10 network vulnerabilities on a monthly basis, pulling from CVSS and other public scoring organizations. We also take into account customer feedback, inquiries, and public and private monitoring and analyses. Here's what was on the radar in October:
| S.No | Vulnerabilities | CVSS Score | Severity |
| 1 | Microsoft Windows Server Service Vulnerability (MS08-067) | 10 | High |
| 2 | Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability | 10 | High |
| 3 | Adobe Flash CS3 SWF File Handling Code Execution Vulnerabilities | 10 | High |
| 4 | Microsoft Windows 2000 Active Directory Vulnerability (MS08-060) | 10 | High |
| 5 | Microsoft Host Integration Server Code Execution Vulnerability (MS08-059) | 10 | High |
| 6 | Novell eDirectory Heap Overflow and Denial of Service Vulnerabilities | 10 | High |
| 7 | Microsoft Internet Explorer Multiple Remote Vulnerabilities (MS08-058) | 9.3 | High |
| 8 | Microsoft Excel Multiple Code Execution Vulnerabilities (MS08-057) | 9.3 | High |
| 9 | Hummingbird Deployment Wizard ActiveX Remote Vulnerabilities | 9.3 | High |
| 10 | Iseemedia LPViewer ActiveX Control Code Execution Vulnerabilities | 9.3 | High |
Say hello to VAM Lite™ freeware
If you're a small business or just someone who wants to dig deeper into vulnerability management without spending one thin dime, keep reading. We just released VAM Lite, the freeware version of VAM, our award winning vulnerability management system.
VAM Lite has all the key functionality of the full VAM product—scheduled and on-demand vulnerability scanning and device discovery, prioritization of vulnerabilities based on threat severity and host importance, and auto-provisioning of repair tasks.
So what makes it "Lite?" Only three features have been throttled down: vulnerability scanning is limited to 100 IPs; the Security POV™ reporting module is not included; and distributed scanning environments are not supported. That's it.
We believe once you see the power of VAM you'll never take other vulnerability assessment tools seriously again. It's that powerful.
Learn more and download »
StillSecure Powers New Novell Zenworks Network Access Control Solution
At the end of September, we announced our new strategic relationship with Novell to provide a re-branded version of our StillSecure Safe Access® network access control solution (NAC) as part of the Novell ZENworks® systems management family.
ZENworks Endpoint Security Management provides removable device security, personal firewalls, wireless security and application control to secure the network and give organizations mobile computing flexibility without fear of data loss or attack. Adding Safe Access extends ZENworks' current capabilities by bringing policy-based NAC to end users.
In addition to Novell, 5 of the 7 top switch vendors have partnered with us to incorporate Safe Access in their product lines. Basically, the heavy hitters love our approach to network access control. More »
New white paper: Keeping endpoints honest
Alan Shimel, our Chief Strategy Officer and a prominent security blogger, recently published a new white paper titled Keeping Trusted Endpoints Honest: Using IDS/IPS for Post-Connect NAC. Written for a SANS tool talk we hosted in early November, this 1300-word paper gives you a high-level overview of NAC and accomplishing post-connect monitoring using signature based IDS/IPS technology.
Download it now from the StillSecure website.
Deloitte names StillSecure a "Fast 50" company
In October, we were honored to be named to Deloitte's prestigious Technology Fast 50 Program for Colorado, a ranking of the 50 fastest-growing technology, media, telecommunications and life sciences companies in the state. Deloitte ranks companies based on the percentage revenue growth over the last 5 years. The average increase in revenue among companies that made the list was 507 percent.
Deloitte also recognized our reputation as a network security innovator. Kurt Randall, Deloitte's chair for the 2008 Colorado Technology Fast 50, said "We commend StillSecure for making the commitment to technology and delivering on the promise of market longevity." After we learned of this honor, a bunch of us went to the bar downstairs and had a few cocktails. More »
We'll be exhibiting at these events in the coming months, so drop by and say hello. We'll even give you a t-shirt or something.
Products
