Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New security tools from Tenable, HP, Co3 attempt the impossible

By John Breeden II | Aug. 12, 2014
Automated incident response is one of the fastest growing fields in computer security. Alternatively called threat monitoring, vulnerability management or threat management, it encompasses the seemingly impossible task of defending a network from active threats as they happen, in addition to detecting every possible vulnerability that could be exploited by an attacker.

Agent can also find web pages that don't link anywhere and have likely been abandoned or forgotten, yet are still part of the enterprise and will still display if someone types their addresses directly. Those pages could be a vulnerability as long as they are still active, yet in most large websites there are at least a few that slip past content designers over the years. As such, Agent should probably be installed on any public-facing devices at the very least, especially those tasked with displaying web content.

Although WebInspect requires a little bit more technical knowledge than some programs, the ability to launch actual attacks as part of an automated threat response system can't be overstated. Organizations that need to know the hows and whys of attacks directed against them should consider the program despite the extra effort installing it and its companion Agent program entails.

Co3 Security Module

The Co3 Security Module began life on the incident response side of the house, and it remains well ahead of everyone else in that area, even as it begins to branch out into detection and monitoring. In fact, there is no reason that the Security Module couldn't be implemented as part of an overall security plan to shore up responses to intrusions, even if other methods of detection and continuous monitoring are also employed.

The idea behind Security Module is that most organizations don't know what the proper, and sometimes legally mandated, response is to an intrusion or data theft. Companies may move in and patch a hole, but they may be dropping the ball if they also need to inform certain authorities about the incident. Beyond just the legal requirements, there are several best practices guidelines that should probably be adhered to as well.

The Security Module goes well beyond just patching up the network in the event of an incident. It checks all the valid regulations that apply and spells out exactly which ones need to be dealt with based on the type of data that has potentially been compromised, the location of the breach, how large a data theft is possible and whether the loss is the result of an actual attack or an accident.

A proper response in the state of Tennessee may be completely different from what needs to be done in California, Canada or Europe. The Security Module is kept up to date with all state and federal regulations in the United States and those from Asia, Europe and South America. It even keeps best practice responses on file for major trade organizations, so nothing is left to chance. All of that data is kept up to date by a team of researchers so that the day that a new data security law goes into effect in Ohio, the program will reflect that new information if an intrusion involves that state.


Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.