We've just posted an new article on developerWorks, "IBM
Comment (1) Visits (8522)
Arxan Technologies has post
You might also be interested in....
Defending against malware: A holistic approach to one of today’s biggest IT risks
This white paper will examine the changing strategies that malware has employed in recent years, explain the typical sequence of events that occurs during an attack, and describe how an integrated defense can help keep the enterprise safe from these advanced persistent threats.
How much does a data breach cost your company? That's one of the toughest questions an IT security professional can be asked. The effects of a data breach are potentially catastrophic for a company, but it's a difficult task to quantify the risk.
That's why IBM has sponsored the Ponemon Institute's 2014 Study on the Cost of Data Breaches. This far reaching study is based on 1690 interviews across 10 countries and 16 sectors and is based on actual experiences of companies instead of could-have-happened theoretical discussions.
The Ponemon Institute has released both a global report and 10 country specific reports:
One of the most eye-popping charts in the report analyzes the reported data to show the clear relationship between the size of the breach and its cost: Keep in mind that this is not some hypothetical computer model. This is a regression based on the actual interviews and their reported data.
The 2014 Ponemon Cost Of Data Breach study is must reading for anyone needing to build a business case for protecting against data breaches.
If you want see a concise history of the past three years of IT Security incidents, you need to download the IBM
As you can tell by the change in colors as you scan the graphic from left to right, the industry is starting to get a handle on DDoS atacks and SQL injection attacks, while attack types based on physical access to machines and distribution of malware are becoming more common. As noted in the report:
"The declines in vulnerabilities demonstrated at the end of 2013 in both XSS and SQL injection could indicate that developers are doing a better job at writing secure web applications, or possibly that traditional targets like content management systems (CMSs) and plug-ins are maturing as older vulnerabilities have been patched. As noted, XSS and SQL injection exploitation continue to be observed in high numbers, indicating there are still legacy systems or other unpatched web applications that remain vulnerable. This is expected, considering there are many thousands of blogs and other websites run by individuals who may not have the skills or awareness to update to later versions of their platform or framework."
The other thing to note in the graphic is that the overall number of incidents overall impact of IT security incidents aren't exactly going down, so it seems there is still plenty of job security in the IT security arena in 2013.
Short URL for this post: http
IBM provides advance notification of End Of Support (EOS) dates allowing customers reasonable time to complete software upgrades or to refresh appliance products. To view upcoming EOS dates by product segment, click a link in the list below.
View all IBM Software EOS announcements for 2017 and 2018.
Q: What are the major Support Lifecycle milestones?
A: The major Support Lifecycle milestones are:
Q: How do you determine if your installed software is still supported?
A: Search by product name or keyword using the Supp
Q: What happens when EOS is announced?
A: Often, there is a newer version of the software available for download. In most cases, you’ll have sufficient time to plan for and install the latest version. For more information on the lifecycle stages, including EOS, view this short YouTube video on the IBM
Q: What is the standard version format for IBM Software products?
A: The full product version is expressed by a four-digit code known as the IBM Version, Release, Modification and Fix Level structure, or VRMF. View this Technote for additional information and description of each element. You may also find this Glossary of product support and maintenance terms helpful.
Q: Where can you view additional details on product updates or replacement information?
A: Using the Support Lifecycle Search, search for your product, select View for details and click the EOS announcement link to view Repl
Q: What are your options if you are unable to upgrade or refresh your current products before EOS?
A: You can request a Support Extension. Support Extensions are available for Customers who are unable to migrate to a supported version, release or appliance platform prior to EOS. For more information, visit the IBM
Q: How do you stay connected for future product announcements?
A: There are several ways to receive product announcements:
Q: How can you connect with IBM Security on social media?
Q: Where can you find more information on IBM Support policies?
A: You can view and download the IBM
The IBM Support Lifecycle Policy sets forth the minimum length of time IBM will provide security content and technical support for a product version and release. Click the applicable product segment link below to view the Support Lifecycle Policy.
I'm proud to announce we've just published "Fig
BIO-key International's fing
You can learn more about ISAM and BIO-key products and technologies. at the BIO-key International community on developerWorks.
zSecure 2.1.1 has been announced with the following products...
... and the following solutions
Please refer to this blog entry on System z Management for details on the solutions.
All zSecure products support RACF. zSecure Audit and Adapters for QRadar SIEM support CA-ACF2 and CA-Top Secret. zSecure Alert supports CA-ACF2.
You might also be interested in this article on 50 years of mainframe security.
Edit: Updated zSecure for z/VM release from 1.11.1; 1.11.2 became available on March 13, 2015.
Edit: The latest zSecure for z/OS release is zSecure 2.3.0.
Craig Knapik has just published a handy guide to XGS
Comments (3) Visits (6401)
See below for an announcement from Kathryn Zeidenstein about some new video tutorials on InfoSphere Guardium policies
Hi community members
Back in 2011 or so the lab services team had done a LotusLive education session on policies that was very well received. I have taken the first of these presentations and broken it into 4 modules that are now hosted on the InfoSphere Guardium YouTube channel.
You can find links to all 4 of the modules on this new page on the InfoSphere Guardium community wiki. http
Here are the direct links:
Break out the popcorn!!
Have a great weekend.
In this new how-to guide from Ricardo Gutierrez Cabanillas, you will learn to configure the IBM Security Access Manager for Web 8.0 appliance as a front-end load balancer and cluster of reverse proxy servers to build a highly available, fault-tolerant, secure web environment.
The front-end load balancing function automatically assigns client requests to the appropriate reverse proxy server based on the specified scheduling algorithm. Moreover, the front-end load balancer provides stickiness or persistence for existing sessions, allowing incoming requests from the same client to be forwarded to the same server. A typical setup is two front-end load balancer servers and multiple reverse proxy servers.
You might also be interested in.....
Tolly evaluated the IBM Security Access Manager Web Gateway Appliance (AMP 5100) for its web protection effectiveness, performance, and ease of use. Read this report to see the details of the AMP 5100's ability to block 100% of the inline-preventable OWASP Top 10 Web threats from 2010-2013.
On February 16, 2016 IBM announced authentication enhancements for z Systems, including a new product IBM Multi-Factor Authentication for z/OS (5655-162), with a planned availability date of March 25, 2016.
IBM z/OS Security Server Resource Access Control Facility (RACF) provided enabling infrastructure updates for z/OS V2R1 and V2R2.
IBM Security zSecure suite provided supporting updates for zSecure 2.1, 2.1.1, and 2.2.
Multi-Factor Authentication raises the level of assurance of mission-critical systems by requiring authentication with multiple factors during the logon process.
Each authentication factor must be from a separate category of credential types:
1) Something you know (e.g. a password or PIN code),
2) Something you have (e.g. an ID badge or a cryptographic key),
3) Something you are (e.g. a fingerprint or other biometric data).
More details can be located through this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
You might also be interested in the zSec
Comment (1) Visits (6226)
Tolly Enterprises recently published their eval
Tolly engineers evaluated the AMP 5100's effectiveness in blocking the most common threats as defined by OWASP. Tolly found the AMP5100 to be 100% effective in blocking in-line preventable attacks.
Tolly specifically validated the AMP5100is able to prevent all forms of SQL injection attacks, XSS, and broken authentication attacks. The Tolly evaluation goes into more details about the AMP510's ease of use and performance characteristics.
You can download and read
Shahnawaz Backer has published a how-to guide on how
From the abstract:
"This article highlights the configuration necessary for bonding―or teaming―the Network Interface Card (NIC) for the QRadar Security Information and Event Management (SIEM) appliance. It addresses topics related to high availability of the QRadar SIEM appliances and is intended for administrators in charge of maintaining those appliances."
You might also be interested in...
Protect your critical assets with an integrated, cost-effective approach to vulnerability assessments and risk management.
Read this white paper to learn:
Download "Managing security risks and vulnerabilities."
In three clear and concise videos, Steven Teilhet, head security researcher for IBM Security AppScan Source Edition, explains: