|
|
|
|
|
Thursday, December 27, 2007 2:06 PM/EST
Today I learned a bit more about the McAfee Security Innovation Alliance from Pinkesh Shah, senior director of product management for policy compliance and risk management. From the conversation I picked up on two important concepts that will likely be a recurring theme for security in 2008. The first is deeper integration of the products that make up McAfee's security suite and more integration through partnerships, which is where the McAfee SIA (Security Innovation Alliance) comes in. The second is security infrastructure consolidation. In 2008 I'm planning on a closer look at McAfee's SIA, which is similar to Check Point's Opsec program. One of the compelling things about an integration program is the obvious benefit of being able to integrate competitive products into the McAfee infrastructure. SIA was launched in Oct. 2007, so the first half of 2008 will be a critical time to watch what happens with the offering....
Friday, December 14, 2007 6:55 PM/EST
In my upcoming review of nCircle's Device Profiler 3000 (DP3000), I was reminded of how much overlap there is between compliance regulations. In a nutshell, the DP3000 is a scanning engine (it uses Nmap, for example) that collects configuration data from servers, network devices and applications and then forwards that information back to the central console called the Compliance Configuration Manager. (This product is the result of nCircle's acquisition of Cambia in May 2007.) The data collected by the DP3000 is concentrated at the CCM and then spit out in the form of reports, dashboards and monitors that show what's changing in the IT environment and what impact that's having on compliance posture. Reports issued by the product enable an IT staff to make sure out-of-compliance objects are prioritized and brought back into compliance while the senior IT staff gets big-picture reports that provide an overall idea of how the...
Monday, December 10, 2007 6:03 PM/EST
For most small and midsize organizations, use the following formula to find a Web host provider: Price (where low is good and high is bad) divided by services (where more is better) equals "our decision." There are some nonintuitive factors that must now be brought into play to get the best hosting provider for your organization. But first, let me set the stage for this discussion with a real-life example. I'm on an e-mail thread started by Diane Steinhauser, the executive director of the TAM (Transportation Authority of Marin). This thread, along with several long phone calls that I've had with Diane reveal that business leaders must also consider hosting security as part of the selection criteria. The problem is that there isn't an independent rating system or licensing body for Web host providers. Thus, picking a "good" hoster now also means asking a lot of questions about reputation and...
Thursday, September 13, 2007 4:36 PM/EST
In a nutshell, Automatic Updates is automatically updating even on Windows XP systems that are set to "no automatic updates." My colleague Joe Wilcox reported on Windows Automatic Updates and also on Automatic Updates perception problems. Andrew Garcia, one of my eWEEK Lab partners, confirmed the behind-the-scenes-behavior. Now that we're all up to speed on Microsoft's activity, I went digging in the EULA (End User License Agreement) to see if, as many readers told us, this was all perfectly legal and upfront. As near as I can tell, Windows XP Professional OEM EULA says that Microsoft may automatically download software to a user's computer. However, the EULA doesn't give consent for the installation of the downloaded software. Microsoft distinguishes between downloading and installing updates. In the Automatic Updates configuration screen the options are: 1) Automatically download and install, 2) Download and let me choose when to install, 3) Notify but...
|
|
