Cloud computing offers institutions a viable solution to optimizing their IT infrastructure. Through the use of a third-party cloud provider, banks can start storing data from all platforms and devices on remote servers, freeing up their legacy systems from demand they are often unable to process. That’s why the capacity management tools banks use must not only provide real-time data, but support the software of all different kinds of cloud providers and mobile platforms.

If your organization is required to comply with the Payment Card Industry-Data Security Standard (PCI-DSS), particularly Requirement 11, then you are likely familiar with the problems plaguing SSL, early TLS (i.e. TLSv1.0) and their supported ciphers over the past several months. High profile vulnerabilities such as HeartBleed, POODLE, FREAK and LogJam have sent merchants scrambling to patch...

Recently in Arstechnica.com there was an article bringing light to how Windows computers can be exploited when booby-trapped USB fobs are inserted into the machine that then executes malicious code.Microsoft has acknowledged this and released a security bulletin regarding the issue stating, “To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system.”So...

Make IT a competitive advantage by providing high customer satisfaction, efficient daily operations, and accurate CapEx planning. Build a strategic and tailored plan to increase your IT efficiency, reliability, and speed. How do you make IT a competitive advantage? Increase IT efficiency - OpEx, CapEx, and staff productivity Efficiency often means doing more with less, but it can also...

I recently came across a post on LinkedIn, asking about advice related to vulnerability management (VM) and specifically as it relates what elements should be included in the process. I found many participants giving advice which was more assessment related, as opposed to VM related. Seeing this confusion out there, I felt it important to share my views on the differences. So what is the...

Given the popularity of the Mac and the ever increasing number of users, we thought it would be good to share insight that everyone, regardless of what they use their Mac for, should do to protect their system and their data. This list is not all inclusive; however, it does give most users much more control over the security and privacy of their data. Under System Preferences >> Security &...

During some recent research, I came across two issues in a large vulnerability management (VM) vendor’s public community support forum. The first post described a problem in which their tool reported a different number of network endpoint assets from what was seen on “the console.” The second detailed a user experiencing duplicate assets. After some investigation, I determined that both issues...

Learn how to manage your Solaris environment--optimize hardware utilization, conserve datacenter floor space, power, and cooling, build a scalable architecture and keep up with growth and performance requirements--with TeamQuest.

I was recently putting together material for a recurring vulnerability management meeting with one of our clients. This involves comparing authenticated scanning results from one scanning period to the next in an effort to determine progress in addressing high-risk vulnerabilities; particularly, missing Microsoft, Adobe and Java patches, as vulnerabilities in these products are generally...

Are you Vulnerable to a breach due to the “Shellshock" bug?The “Shellshock" Bash vulnerability is a serious information security issue . It is a powerful attack affecting businesses of all sizes and industries. Fortra's Vulnerability Management has teams of vulnerability researchers and personal security analysts addressing concerns, mitigating risk and answering commonly asked questions.Q: What...

Cloud and DevOps drive need for new performance management software architecture.

Banks gain competitive advantage with capacity planning in digital age. Capacity management tools are a crucial part of modern enterprise systems – and they are rarely more necessary than in the world of high finance, where uptime and latency really matter.

Using Application Compatibility Fixes To Bypass User Account Control An often-overlooked method that can be used by an attacker to gain elevated code execution is utilization of a framework that is provided by Microsoft to help legacy applications function on newer versions of Windows. That framework is known as the application compatibility toolkit. Unfortunately, in addition to allowing legacy...

FINDING CVE-2013-5014 AND CVE-2013-5015Sometimes there is nothing more ironic than coming across critical vulnerabilities in the very security software designed to protect systems. In these cases not only does the security software fail to prevent an intrusion; it actually becomes the vector that allows system compromise of an otherwise secure machine. Several antivirus products have had these...

DEEP DIVE ANALYSIS OF CVE-2013-2347One of the benefits our clients have when using our vulnerability scanner is that many of the vulnerability checks we write are non-authenticated. This means that we do not require credentials to authenticate to hosts over the network in order to check for vulnerabilities. Instead, our team of researchers frequently reverse engineers software to identify unique...

Server virtualization for commodity servers is one of the most rapidly adopted technologies of all times. In this article we will discuss how best to optimize IT services in complex virtual environments.

Capacity planning solutions can help organizations make the best use of limited resources in their IT environments.