‘Don’t Leave Your IT Security to Luck’ Event in Boca March 17

    Lunch & Learn Session Co-Sponsored by Host.net and StillSecure BOCA RATON, FL (March 10, 2011) – Learn how to protect your enterprise data against attacks, whether you’re housing it locally or in the cloud, in “Don’t Leave Your IT Security to Luck,” a lunch-and-learn session from 11:30am-1:30 pm on Thursday, March 17 being [...]

StillSecure to offer Managed Security and Certified Compliance Solutions to Coresite customers

StillSecure Joins CoreSite’s CloudCommunity, Fostering Innovation and Thought Leadership on Cloud Security. Santa Clara, CA – March 10, 2011 — StillSecure®, a managed network security solutions and certified compliance company today announced at the Cloud Connect Conference, that the Company will provide its complete suite of managed security and certified compliance solutions for CoreSite’s data [...]

5 things Business people should know about Internet Security

Last week I was asked to present at a chapter meeting of AFCOM in Chicago.  The Chicago AFCOM Chapter, along with CoreLink Data Centers, were wonderful hosts. With a topic as broad as Internet Security, it is sometimes difficult to narrow down what people should know.  after some thought and some discussions, we decided that [...]

The /proc/self/environ vulnerability By Cesar Salas, StillSecure SOC Analyst

Over the past 7 days we have encountered 3216 events for ET WEB_SERVER Likely Malicious Request for /proc/self/environ. This signature represents a phase of a remote file inclusion attempt in which it tries to obtain root level access by using the last PID used by the servers creation of the /proc directories. After the /proc/self [...]

McD’s Hacked: Would you like customer data with that Big Mac?

McDonald’s announced in an email to their customers Friday that Arc Worlwide, a marketing services arm of Ad giant Leo Burnett, was hacked and allowed a large amount of McDonald’s customer data to be “obtained by an unauthorized third party.”    According to an article in the Orange County Register: Arc Worldwide, a long-time business partner of McDonald’s, told [...]

The Scalability of Compliance

Many compliance testing products utilize the Nessus scanning engine to do the grunt work of evaluating endpoint security posture. While Nessus is a valuable vulnerability scanner and gets the job done quite well for a variety of network products, it’s not up to the job of quick and efficient compliance testing for transient devices. It [...]

Security and Compliance Disconnect: Does Compliance = Security?

Some very common phrases thrown around these days are: “compliance does not equal security.” “You must go above and beyond compliance,” These are incredibly frustrating statements for merchants who spend all that time and money staying compliant and implementing all the necessary security controls. So, is it true? Those that make this statement either see [...]

Security and Compliance: Product or Managed Service?

As the security market evolves and changes, one of the key questions facing customers today is do you buy a product / solution and manage it yourself or do you outsource to a managed service? We’ve written about this topic before and more extensively. As with anything in life, unfortunately there aren’t hard and fast [...]

The Problem isn’t the PCI DSS – Compliance as the First Step Towards Security

While listening to Dr. Anton Chuvakin (@anton_chuvakin) the other afternoon on a webcast and talking briefly with Joshua Corman (@joshcorman) the other week, I started to realize that the problem the merchant industry is dealing with around compliance vs. security isn’t really with the PCI DSS.  The PCI DSS is just about a goal – getting people [...]

The PCI Complete Story

The concept for PCI Complete came about a year ago when I was tasked to improve the “PCI support” for our products and services. As I interviewed merchants, QSAs, and partners one thing became frighteningly clear, the compliance process that merchants struggle with for protecting our personal and credit card information is broken. This probably [...]