Weekly Industry Round-up, Week of 3/1
Posted by hyperguard on March 5, 2010
Experts Laud IPS Virtual Patching, but Warn against Misuse
At this week’s RSA Conference, security pros said that virtual patching can be an effective short-term fix for network vulnerabilities, but it shouldn’t replace the implementation of proper fixes for systems and applications. During a panel discussion on network security, manager of infrastructure security for automaker Daimler, Peter J. Kunz, mentioned the concept of using intrusion prevention systems (IPS) and vulnerability management products to virtually patch vulnerabilities in applications and systems by blocking potentially malicious network traffic from reaching those network locations. Kunz said “you’re buying some time” with virtual patching, but you’re not adding to the security of your environment.”
Cloud Security Alliance Names Top 7 Threats to the Cloud
Also at RSA, the Cloud Security Alliance (CSA) identified the top seven security threats to cloud computing. The CSA’s leading cloud threats are abuse and nefarious use of cloud computing; insecure application programming interfaces; malicious insiders; shared technology vulnerabilities; data loss/leakage; account, service, and traffic hijacking; and unknown risk profile. Check out the CSA’s Top Threats to Cloud Computing V1.0 report.
Cloud Security, Cyberwar Dominate RSA Conference
Tim Greene discusses how cloud security dominated the RSA Conference this week as a major concern of business. The worry about the threat of cyberwar was also strong, with officials from the White House and FBI encouraging private participation in government efforts to defend information and communications networks.