Cameron Sturdevant

Today I learned a bit more about the McAfee Security Innovation Alliance from Pinkesh Shah, senior director of product management for policy compliance and risk management. From the conversation I picked up on two important concepts that will likely be a recurring theme for security in 2008. The first is deeper integration of the products […]

Anti-Malware Testing Working Group is a group of vendors and test organizations that plan to release methodologies for testing security products. Brian Prince, one of my news colleagues, has more on the story here. The question Brian asks, “Why has testing lagged so far behind the threat landscape?” is a good one, but one that’s […]

I had the pleasure of speaking with Alex Tatistcheff, information security manager for Idaho Power, on Dec. 12 about his implementation and use of nCircle’s CCM (Configuration Compliance Manager). Anyone interested in compliance management, especially for servers, would do well to take a look at the case study. There’s also a review of nCircle’s product […]

nCircle’s Configuration Compliance Manager 5.2 helps IT managers at medium to large-sized companies satisfy the demands of regulatory compliance by collecting information relevant to PCI, SOX and HIPAA compliance requirements from a wide variety of IT infrastructure devices, such as servers, routers and firewalls. While nCircle has offered this compliance scanning solution since May 2007, […]

Manual audits to check for Sarbanes-Oxley Act and internal control compliance of Idaho Power’s servers was eating up too much time. One solution was to test a small percentage of representative servers, but Idaho Power wanted more complete information and in August 2006 started looking at compliance solutions. The result was the February rollout of […]

In my upcoming review of nCircle’s Device Profiler 3000 (DP3000), I was reminded of how much overlap there is between compliance regulations. In a nutshell, the DP3000 is a scanning engine (it uses Nmap, for example) that collects configuration data from servers, network devices and applications and then forwards that information back to the central […]

I attended a Symantec endpoint security reviewer workshop in San Francisco Dec. 11. These workshops are always an interesting mix of “head fixing” on the part of the workshop sponsor (Symantec is far from the only company that holds such events) combined with often feisty reviewers on the other side. Our wrangles yesterday ranged from […]

For most small and midsize organizations, use the following formula to find a Web host provider: Price (where low is good and high is bad) divided by services (where more is better) equals “our decision.” There are some nonintuitive factors that must now be brought into play to get the best hosting provider for your […]

At a recent speaking engagement about PCI and SOX compliance, I asked the audience to get out their wallets and pull out their credit cards. Then I asked them to hand the card to the person on their right. Everyone got out their wallet. Nobody would hand over the card. The point of the exercise […]

10 Things You Should Know About Spam Between marketers and malware, spam has some powerful perpetrators. Technologies such as fast-flux DNS, which uses a large number of servers and quick-changing domain records, have created botnets with spamming zombies that are hard to take down. In fact, 10 Things You Should Know About Spam – 1. […]