Gartner recently released their Retail Security & Compliance Survey 2011 that details the costs associated with becoming PCI compliant. Excluding the cost of assessors – these costs are estimated at $1.7 million over the survey period, 2.35 years. Level 1s  spent approximately $2.1 million on PCI compliance and Level 2-4s approximately $1.1 million. In the [...]

In recent weeks, Google and Facebook users have noticed a sharp rise in their accounts being hacked. Since people keep some very sensitive information in their Gmail accounts, including their contacts, documents, etc, it is very important to make sure these accounts stay secure. To combat this problem, these sites have begun implementing two-factor authentication [...]

Let’s take a look at the last 7 days of suspicious activity in which we find the Xilcter/Zeus Trojan running wild with an average of 864 unique events per customer. This is an average of over 120 per day. It’s becoming more and more evident that propagation of this Trojan has grown significantly. It seems [...]

With the creation of brute force attacks, two-factor authentications have long since become the new standard for Network Security. Two-Factor authentications, as the name implies, uses two independent factors in conjunction to authenticate a person, generally resulting in a higher level of authentication assurance. By taking something you know such as a password and combining [...]

    Lunch & Learn Session Co-Sponsored by Host.net and StillSecure BOCA RATON, FL (March 10, 2011) – Learn how to protect your enterprise data against attacks, whether you’re housing it locally or in the cloud, in “Don’t Leave Your IT Security to Luck,” a lunch-and-learn session from 11:30am-1:30 pm on Thursday, March 17 being [...]

StillSecure Joins CoreSite’s CloudCommunity, Fostering Innovation and Thought Leadership on Cloud Security. Santa Clara, CA – March 10, 2011 — StillSecure®, a managed network security solutions and certified compliance company today announced at the Cloud Connect Conference, that the Company will provide its complete suite of managed security and certified compliance solutions for CoreSite’s data [...]

Much of the time when we tend to think of exploits we consider the vector of attack being network infiltration. Even Hollywood’s romanticized notion of the hacker shows someone attacking from a dank dark basement using the internet to attack an organization, walking away with precious data. While this is a very real threat, some [...]

Over the past 7 days we have encountered 3216 events for ET WEB_SERVER Likely Malicious Request for /proc/self/environ. This signature represents a phase of a remote file inclusion attempt in which it tries to obtain root level access by using the last PID used by the servers creation of the /proc directories. After the /proc/self [...]

Some very common phrases thrown around these days are: “compliance does not equal security.” “You must go above and beyond compliance,” These are incredibly frustrating statements for merchants who spend all that time and money staying compliant and implementing all the necessary security controls. So, is it true? Those that make this statement either see [...]

While listening to Dr. Anton Chuvakin (@anton_chuvakin) the other afternoon on a webcast and talking briefly with Joshua Corman (@joshcorman) the other week, I started to realize that the problem the merchant industry is dealing with around compliance vs. security isn’t really with the PCI DSS.  The PCI DSS is just about a goal – getting people [...]