Jun
17
From: GCN
By William Jackson
An emerging area in network security is automation, using various tools to monitor systems and network traffic for signs of trouble. Automation can handle tasks that otherwise would have to be done by IT staff members, who are then freed up for other tasks.
Jun
17
From: Nextgov
The Homeland Security Department does not keep tabs on whether contractors that monitor vulnerabilities on federal networks have undergone training, according to a new inspector general audit.
These private sector system administrators support CyberScope, a central reservoir for incoming streams of data summarizing every federal agency’s computer security posture. The composite view of threat-levels is intended to help Homeland Security leaders manage cyber risks governmentwide. The account of an inadequate security training program for system administrator contractors at DHS follows the alleged breach of top secret files by a system administrator contractor at the National Security Agency.
Jun
12
From: VentureBeat
John Koetsier
In the initial rush to the cloud, some companies may have lost site of the fact that security, efficiency, and continuous monitoring are just as important in the cloud as in the datacenter. It looks like they’re picking up that theme now, but perhaps not as swiftly as their customers might like.
A new study by by cloud optimization company Newvem checked 61,545 Amazon Web Services instances which total a yearly spend of over $157 million. The good news is that cloud users are getting much more savvy about security, utilization, and optimization.
Jun
12
From: Network World
National Harbor, Md. — Security monitoring — the type involving traditional security information and event management (SIEM) — can be done in some public cloud environments, according to Gartner. And if you’re using public cloud services, it’s time to think about doing it.
Security monitoring of assets that the enterprise has placed in cloud is still not a common practice, but it really should be, said Gartner analyst Anton Chuvakin during his presentation this week at the Gartner Security and Risk Management Summit. There is always a “loss of control” when turning corporate data assets over to the cloud, Chuvakin says, but “you can compensate by increasing the visibility that comes with collection of logs and network traffic.”
Jun
11
From: InformationWeek
Elena Malykhina
Federal agencies have been making significant progress to improve their cybersecurity. However, much more needs to be done as agencies work toward achieving the Obama administration’s cross-agency cybersecurity goals by the end of 2014, according to the latest progress report released by the White House.
Last March, federal cybersecurity coordinator Howard Schmidt unveiled a plan for agencies to implement priorities that safeguard federal IT systems against cyberattacks. The White House’s objective by the end of 2014 is to have agencies achieve 95% implementation of critical administration cybersecurity capabilities on IT systems in the areas of trusted Internet connections (TIC), continuous monitoring, and strong authentication. The effort is part of the Cross Agency Priority (CAP) Goals initiative on Performance.gov, which feds use to grade agencies on their improvement efforts.
Jun
11
Editor’s Note: Mitre’s registratation page is here, https://register.mitre.org/devdays/.
From: Mitre
Developer Days 2013
| The MITRE Corporation will be hosting Developer Days on July 22-24, 2013, at MITRE in McLean, Virginia, USA. This three-day event will be technical in nature and focus on the Open Vulnerability and Assessment Language (OVAL®) effort, remediation, and other security automation topics.
The purpose of the event is for the community to discuss OVAL and other security automation efforts and specifications in technical detail and to derive solutions that benefit all concerned parties. An exciting agenda is being developed. The event will begin at 10:00 a.m. on Monday, July 22, and end at 5:00 pm. on Wednesday, July 24. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the security automation community. |
Jun
04
From: CSO
By Edward Ferrara
Last week Deloitte announced the acquisition of Vigilant. This is important news for several reasons. With over 14,000 consultants that specialize in information security Deloitte is the largest and broadest of any security consultancy globally. Deloitte provides customized security solutions across a broad number of vertical industries, including financial services, aerospace, defense, retail, manufacturing, technology, communications, energy and pharmaceuticals.
May
31
From: eWeek
By Robert Lemos
The push to improve security at federal agencies could mean as much as $6 billion for security firms that win the coveted contracts.
The U.S. government’s push to improve the security of its civilian, intelligence and military agencies has attracted enormous interest from the security industry, with almost two dozen teams of companies competing for a piece of a $6 billion budget over the next five years for deploying systems that will continuously monitor the security status of networks and systems.
May
28
From: Network World
Jon Oltsik
Around 2005, Cisco coined the term “self-defending networks” and used it to market products like Cisco PIX and Catalyst IDS blades. By 2007, the marketing brain trust at Cisco had moved on in another direction, adopting another grand theme for network security.
May
21
From: FCW
By Frank Konkel
With Federal CIO Steven VanRoekel called away on White House business, Deputy CIO Lisa Schlosser stepped in to talk about federal IT priorities via Skype at the ACT-IAC Management of Change 2013 conference in Cambridge, Md.
Her message, similar to those VanRoekel has delivered recently, centered on increased innovation, improved cyber and information security, a CIO Council-led effort to implement continuous monitoring in the federal space, and cost-cutting measures such as strategic sourcing and shared services.