Posts Tagged ‘ linux ’

Security Rises in Importance Among IT Pros

27 mei 2016
By

A new survey from CompTIA underscores the paradox that security solution providers across the channel regularly face. While IT security is a higher priority than in the past, nearly half the 500 IT security professionals surveyed said they believe their companies’ existing security products and processes are good enough. At the same time, only about half said they are satisfied with their existing IT products and technologies. That would suggest that half the respondents are at least open to considering new IT security options. However, the biggest driver of changes in corporate IT security posture is not a security breach, but rather changes to IT operations processes. For solution providers, that means the best way to identify security opportunities is to track changes to IT operations in customer environments. In the meantime, it’s also clear that many IT security pros are perhaps just a little too confident in their current skills and overall security posture. Unfortunately, it’s only a matter of time before many of them face a rude awakening. We look at key findings from the CompTIA study.

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/slideshows/security-rises-in-importance-among-it-pros.html/

Tech Data Creates Dedicated Security Unit

27 mei 2016
By

Tech Data is homing in on security with a new business unit that aims to help solution providers navigate an expanding array of security products and services.

In the last couple of years, IT security has gone from an afterthought to a fundamental component of any IT solution. Most IT organizations today would not dream of deploying an IT solution that didn’t include a comprehensive approach to securing it.

In recognition of that new reality, Tech Data has created a dedicated Security and Information Management business unit to help solution providers navigate an ever-expanding array of security products and services.

Tracy Holtz, newly appointed director of product marketing for the business unit, said that with the rise of the cloud, the Internet of things and the bring-your-own-device (BYOD) phenomenon, building IT security has never been a more complex undertaking. The new business unit will provide access to IT security expertise and will focus on helping partners identify other partners with IT security expertise that they can leverage, said Holtz.

“In the past, security was addressed within each of our multiple business units,” said Holtz. “Now we want to take a more solutions-oriented approach.”

In addition, Tech Data will make available highly trained IT security professionals that its partners can leverage to implement IT security solutions at a time when experienced IT security professionals are in short supply, Holtz said.

IT security solutions today encompass a lot more than firewalls and antivirus software, Holtz said. “Just about every vendor in one way another now addresses security issues within the context of their products.”

Case in point is Citrix. While not widely noted as a provider of IT security products, the virtualization software vendor has a dedicated chief information security officer (CISO,) who also works with partners and customers to address security issues.

Speaking at the Citrix Synergy 2016 conference

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/tech-data-creates-dedicated-security-unit.html/

Als schildpad naar de cloud

23 mei 2016
By

Voorwaarden voor plaatsing van reacties

Reacties van gasten worden niet direct op de site geplaatst. De redactie controleert vooraf of de reactie aan een aantal voorwaarden voldoet.
Deze voorwaarden zijn:

  • De reactie dient betrekking te hebben op de inhoud van bovenstaand artikel.
  • De reactie moet correct, bondig, professioneel en beschaafd zijn.
  • De reactie mag geen beledigingen, bedreigingen, al dan niet fictief, aan het adres van de andere sitebezoekers of aan prominente personen bevatten.
  • Uitingen van geweld, racisme, anti-semitisme, het zwartmaken van individuen, groepen of organisaties worden niet getolereerd.
  • Het plaatsen van persoonsgegevens zoals telefoonnummers en adressen in de tekst van de reacties is niet toegestaan.
  • Reacties met (verkapte) reclame voor producten of diensten worden bewerkt of niet geplaatst.
  • Reacties met te veel taalfouten, volledig in hoofdletters zijn getypt, of te veel vraag/uitroeptekens bevatten worden niet geplaatst.

De redactie behoudt zich het recht voor om reacties aan te passen, in te korten of te verwijderen. De redactie gaat niet in discussie over geplaatste of verwijderde reacties. IP-nummers worden gelogd, maar niet gepubliceerd.

Het is de redactie toegestaan om de inhoud van de reacties te hergebruiken in de print en online titels van de uitgever van Computable.

×

Bron: Computable Lees het complete artikel hier: https://www.computable.nl/artikel/columns/magazine/5716481/5215853/als-schildpad-naar-de-cloud.html

Your next server will be a box full of connected stuff, not a server

23 mei 2016
By

Servers are about to devolve into bespoke collections of compute and storage, says Gartner veep and distinguished analyst Andrew Butler.

Speaking last week’s Infrastructure Operations Data Centre Summit in Sydney, Butler said the days of buying a server to handle a specific workload are nearly gone. Instead, you’ll soon shop for collections of components that can be assembled into rigs capable of handling different workloads at different times.

“Each buyer will end up with a different cocktail,” Butler said, a concept HP and Cisco currently call composable infrastructure. This idea suggests that the components inside a chassis have an API that lets a workload assemble itself the server it wants for the job. Butler says this vision is upon us, with the two aforementioned companies already offering the chance to “buy elements that deliver a compute experience largely dictated by you.”

Another big change he predicts is photonics inside the chipset, to speed communications over the motherboard. The likes of Intel, IBM and Oracle are working on this and HP has already delivered a photonics-capable Synergy rack systems.

One thing that won’t change, Butler said, is the increasing dominance of x86 systems running Windows or Linux. Non-x86 servers are now just 16 per cent of the market. IBM’s mainframes have the lion’s share of that 16 per cent.

“There is no inflection point coming that will increase demand for non-x86 and Unix,” he said. Organisations migrating from those platforms, he said, will see Linux as their natural destination.

Also unlikely to change much, Butler feels, is who you’ll shop from when acquiring servers. Dell and HP have a little more than half the market to themselves and that won’t change. Cisco’s solid fourth place won’t slip.

“Lenovo’s share has fallen quite significantly,” Butler said, as is to be expected after while it digests IBM’s

Bron: The Register Lees het complete artikel hier: http://go.theregister.com/i/cfa/http://www.theregister.co.uk/2016/05/23/server_futures/

8 Key Facts About Security Risks in Windows Environments

19 mei 2016
By

The growing success rate of cyber-attacks indicates that enterprises are open to security risks in Windows environments, according to a survey by ManageEngine, a vendor of network, server, desktop and application management software. The study, based on a poll of 327 IT administrators from organizations worldwide, finds that many of the attacks are centered on Active Directory and used to control access to the network and resources that aren’t secured correctly by many organizations. Although the survey finds that organizations are paying attention to security for Active Directory, “Windows environments are far from being secure, and improved overall visibility is essential, according to Derek Melber, technical evangelist for ManageEngine and microsite manager of security hardening for Active Directory and Windows Servers. Opportunities abound for companies in the channel to play a role in developing solutions to give enterprises the knowledge and tools they need to monitor and mitigate security risks in the Windows environment. Here’s a look at key findings from the study.

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/slideshows/8-key-facts-about-security-risks-in-windows-environments.html/

Distinguishing ‘True’ Malicious Security Threats

18 mei 2016
By

On average, organizations experience nearly 5,800 suspicious activities monthly, according to a recent survey from cloud security specialist CloudLock that analyzed the daily behavior of 10 million users, 1 billion files and 140,000 cloud apps. One of the biggest challenges organizations face with thousands of suspicious or unusual activities is determining which ones hold the biggest potential threats. The research offers a methodology designed to help security professionals focus on user activities that exhibit a higher level of threat. It centers on an adaptive security model that includes threat intelligence, cloud vulnerability insight, cyber research, community intelligence, centralized policies and contextual analysis. Organizations, particularly those that don’t have the internal IT resources, can work with service providers with a strong security practice to develop a program that pulls together all of these predictive and preventive capabilities. Channel Insider examines key findings from the study.

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/slideshows/distinguishing-true-malicious-security-threats.html/

Symantec antivirus bug allows utter exploitation of memory

17 mei 2016
By

British white hat hacker and Google Project Zero chap Tavis Ormandy is making life miserable for Symantec again: the bug-hunter has turned up an exploitable overflow in “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products”.

Described here, the problem is in how the antivirus products handle executables compressed using an early version of the Aspack compression tool.

If the engine encounters truncated section data – “when SizeOfRawData is greater than SizeOfImage” – the buffer overflow occurs. Ormandy writes:

“Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it.”

Entertainingly, it’s a cross-platform bug that affects Windows, Mac, and *nix platforms. In Mac / Linux / Unix, an attacker can cause a remote heap overflow in the Symantec process, giving the attacker root access.

The Windows bug is even better: “On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get”, he writes.

Either e-mail or browser attacks will work, Ormandy says, attaching a test case file to his post.

Ormandy tweeted that Live Update will carry some fixes, while others will require a patch. ®

Bron: The Register Lees het complete artikel hier: http://go.theregister.com/i/cfa/http://www.theregister.co.uk/2016/05/17/tavis_ormandy_zeroes_in_on_antivirus_remotecrash_bug/

Intel Security Ups Its Game With Platform Strategy

17 mei 2016
By

Intel Security is offering channel partners various incentives for selling solutions to customers rather than point products.

Intel Security officials have a new strategy that involves pivoting away from selling point products to a platform-based solution that offers a broad range of integrated offerings. Now, the company is looking to its partners to fall in line with the strategy and start bringing it to their customers.

At this month’s Ascend 2016 Partner Summit, Intel Security executives spent two days in Boca Raton, Fla., laying out the benefits of the new initiative for both the company and the channel and outlining the different ways they plan to make it worth the partners’ time and effort. In keynotes and smaller sessions, the officials reiterated the importance of channel partners to their strategy and promising greater transparency in what they’re doing moving forward.

At the same time, they stressed that they were prepared to spend resources and work closely with those partners willing to embrace the initiative, though less attention and effort would be given to those who could not enthusiastically support it.

During his keynote address, Richard Steranka, senior vice president of global channel operations at Intel Security, said that during Intel’s fiscal 2015, the North America business grew 13 percent from the previous year, while the Latin America region increased 6 percent. In the first quarter of this year, bookings were 14 percent overall, while those for some particular products grew even more.

Steranka also noted that 90 percent of Intel Security’s business comes through the channel.

“If anybody is confused about how important the channel is to us today, I hope that clears it up,” Steranka said.

It was less than a year ago, at Intel Security’s Focus conference, that executives unveiled the new strategy that they said better addresses a changing security landscape that includes more

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/intel-security-ups-its-game-with-platform-strategy.html/

How Security and Regulatory Compliance Differ

14 mei 2016
By

ANALYSIS: Many executives continue to believe that achieving one automatically assures the other. Here’s why this is not the case.

Regulatory legislation was never written specifically to address network or data security.

Guideline documentation for legislation, such as the Health Insurance Portability and Accountability Act, barely mentions security. Yet many executives, whether guided by their IT management or their own misperceptions, continue to believe that achieving one automatically assures the other. This is not the case.

Regulatory compliance audits are designed to capture the state of a given organization’s operations at a given moment in time. Once the company has prepared for a regulatory audit and the audit is performed, that’s it until the next cycle.

On the other hand, security requires a constant interaction between the management of a business and its assets. Constant scrutiny not only of the assets themselves but also of the measures put in place to protect them is an absolute requirement of an optimally secure environment.

Making your customers aware of this distinction can be critical to their continued survival and business success, while it also provides you with two separate opportunities where once there was only one.

Protect What’s Most Important

In the context of company data assets, it is most important to put the highest-value assets first. This requires your customer to engage you for an objective evaluation of each asset on several key criteria:

Criticality: Neither compliance nor security matters much when you’re not there anymore. Many companies do not consider or appreciate the criticality of certain data entities, processes and other assets that could cost them the company, if compromised.

Valuation: How much would it cost your customers if they lost particular data assets? One good reason to do this is that many companies spend far more than a particular asset is worth protecting that asset.

Confidentiality: What would be

Bron: Linux and Unix Nieuws Lees het complete artikel hier: http://www.channelinsider.com/security/how-security-and-regulatory-compliance-differ.html/

Obscuur ImageMagick tovert websites lek

12 mei 2016
By

Voorwaarden voor plaatsing van reacties

Reacties van gasten worden niet direct op de site geplaatst. De redactie controleert vooraf of de reactie aan een aantal voorwaarden voldoet.
Deze voorwaarden zijn:

  • De reactie dient betrekking te hebben op de inhoud van bovenstaand artikel.
  • De reactie moet correct, bondig, professioneel en beschaafd zijn.
  • De reactie mag geen beledigingen, bedreigingen, al dan niet fictief, aan het adres van de andere sitebezoekers of aan prominente personen bevatten.
  • Uitingen van geweld, racisme, anti-semitisme, het zwartmaken van individuen, groepen of organisaties worden niet getolereerd.
  • Het plaatsen van persoonsgegevens zoals telefoonnummers en adressen in de tekst van de reacties is niet toegestaan.
  • Reacties met (verkapte) reclame voor producten of diensten worden bewerkt of niet geplaatst.
  • Reacties met te veel taalfouten, volledig in hoofdletters zijn getypt, of te veel vraag/uitroeptekens bevatten worden niet geplaatst.

De redactie behoudt zich het recht voor om reacties aan te passen, in te korten of te verwijderen. De redactie gaat niet in discussie over geplaatste of verwijderde reacties. IP-nummers worden gelogd, maar niet gepubliceerd.

Het is de redactie toegestaan om de inhoud van de reacties te hergebruiken in de print en online titels van de uitgever van Computable.

×

Bron: Computable Lees het complete artikel hier: https://www.computable.nl/artikel/achtergrond/technologie/5754586/5182002/obscuur-imagemagick-tovert-miljoenen-websites-lek.html