10. October 2010 · Comments Off on Oracle fixes add to massive patch load expected Tuesday – SC Magazine US · Categories: Data Loss Prevention · Tags: , , ,

Oracle fixes add to massive patch load expected Tuesday – SC Magazine US.

Of the 81 fixes in Oracle’s quarterly patch release, seven of them are for databases.

The question is how long will it take to test and install these patches? Experience says months. That means your systems will be exposed to these vulnerabilities for months.

I am by no means suggesting you should rush the deployment of these patches. Thorough testing is a must.

The answer is the virtual patching capability of Sentrigo, a database protection solution. In a matter of days, if not sooner, Sentrigo updates their agents protecting your databases with new “vulnerability signatures” that protect against threats looking to exploit the well documented vulnerabilities for which Oracle is providing patches.

In many cases, Sentrigo ships the “vPatches” before Oracle ships their patches.

We recommend Sentrigo as a core component of our next-generation defense-in-depth architecture.

30. December 2009 · Comments Off on DLP Administration Requirements & Security/Compliance Portfolio Management · Categories: Data Loss Prevention, Security/Compliance Portfolio Management · Tags: , ,

Dark Reading's December 21, 2009 article, 4 Factors To Consider Before Firing Up that DLP Solution provides welcome insight into the administration requirements of DLP systems. Too often, the press just hypes the latest security solution types (think NAC in 2006 and 2007; where is Cisco's TrustSec?). While DLP is surely not new, this type of article is still refreshing.

The four factors described are:

  1. Policy – Initial creation and/or customization, ongoing modification
  2. Data Discovery – Initial and ongoing configuration of data identification algorithms
  3. Integration – e.g. ICAP, email, encryption
  4. Administration – Alert Adjudication

The article says that the amount of administrative work is a function of "the size of your organization and the level of deployment." I would add a third – the product you select.

Actually, all security products require at least Policy Management, Integration, and Alert Adjudication. Therefore when considering adding a new security/compliance solution type, review your overall security/compliance portfolio and consider consolidation opportunities as a way to control administration costs.

While the major security vendors have been acquiring and integrating additional functionality for years, start ups have been coming to market with innovative approaches to unifying functions designed and built from the ground up. Next generation firewalls, as described by Gartner, comes to mind.