Gartner recently released their Retail Security & Compliance Survey 2011 that details the costs associated with becoming PCI compliant. Excluding the cost of assessors – these costs are estimated at $1.7 million over the survey period, 2.35 years. Level 1s  spent approximately $2.1 million on PCI compliance and Level 2-4s approximately $1.1 million. In the [...]

File Integrity Monitoring Helps Companies Identify and Remediate Imminent Security Breaches Superior, CO – June 21, 2011 – StillSecure®, a managed network security solutions and certified compliance company, today introduced the StillSecure File Integrity Monitoring Service for organizations seeking to ensure that their systems have not been compromised and those currently struggling with regulatory compliance [...]

Let’s take a look at the last 7 days of suspicious activity in which we find the Xilcter/Zeus Trojan running wild with an average of 864 unique events per customer. This is an average of over 120 per day. It’s becoming more and more evident that propagation of this Trojan has grown significantly. It seems [...]

    Lunch & Learn Session Co-Sponsored by Host.net and StillSecure BOCA RATON, FL (March 10, 2011) – Learn how to protect your enterprise data against attacks, whether you’re housing it locally or in the cloud, in “Don’t Leave Your IT Security to Luck,” a lunch-and-learn session from 11:30am-1:30 pm on Thursday, March 17 being [...]

StillSecure Joins CoreSite’s CloudCommunity, Fostering Innovation and Thought Leadership on Cloud Security. Santa Clara, CA – March 10, 2011 — StillSecure®, a managed network security solutions and certified compliance company today announced at the Cloud Connect Conference, that the Company will provide its complete suite of managed security and certified compliance solutions for CoreSite’s data [...]

Last week I was asked to present at a chapter meeting of AFCOM in Chicago.  The Chicago AFCOM Chapter, along with CoreLink Data Centers, were wonderful hosts. With a topic as broad as Internet Security, it is sometimes difficult to narrow down what people should know.  after some thought and some discussions, we decided that [...]

Over the past 7 days we have encountered 3216 events for ET WEB_SERVER Likely Malicious Request for /proc/self/environ. This signature represents a phase of a remote file inclusion attempt in which it tries to obtain root level access by using the last PID used by the servers creation of the /proc directories. After the /proc/self [...]

McDonald’s announced in an email to their customers Friday that Arc Worlwide, a marketing services arm of Ad giant Leo Burnett, was hacked and allowed a large amount of McDonald’s customer data to be “obtained by an unauthorized third party.”    According to an article in the Orange County Register: Arc Worldwide, a long-time business partner of McDonald’s, told [...]

Many compliance testing products utilize the Nessus scanning engine to do the grunt work of evaluating endpoint security posture. While Nessus is a valuable vulnerability scanner and gets the job done quite well for a variety of network products, it’s not up to the job of quick and efficient compliance testing for transient devices. It [...]

Some very common phrases thrown around these days are: “compliance does not equal security.” “You must go above and beyond compliance,” These are incredibly frustrating statements for merchants who spend all that time and money staying compliant and implementing all the necessary security controls. So, is it true? Those that make this statement either see [...]