Security News

Saltworks, an application security company building world class AppSec programs from policy to production, unveiled SaltMiner, an innovative enterprise application security management solution that provides unparalleled visibility into application health, risk and compliance throughout the development lifecycle. An ISE Southeast Executive Forum sponsor in Atlanta, Saltworks announced SaltMiner from the show floor, highlighting how it automates the aggregation, analysis and reporting of vulnerabilities and security trends to provide a comprehensive view of enterprise risk exposure.

"This lack of confidence shows that many organizations approach risk management in an outdated and ineffective manner," said Matt Shinkman, vice president in the Gartner Risk and Audit practice. Organizations often have policies in place to deal with most risks, but they don't activate them until it's too late because no one is owning the risk or taking it seriously until it is fully manifested.

IDERA, a provider of powerful database productivity tools, announced an expanded portfolio of cloud-based database and workload management solutions for SQL Server. SQL Inventory Manager to automatically discover, track, and manage SQL Server inventory and perform health checks, including SQL Server in the cloud.

Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. The Zyxel CNM SecuManager is a networking management software solution that provides an integrated console to monitor and manage enterprise security gateways, such as the company's own ZyWALL USG and its VPN series products.

The process of constructing a holistic policy-based identity management solution can be difficult and overly complex, especially in the sensitive hospital environment with myriad identities. An integrated identity ecosystem provides a unified view across both cyber and physical security system; improving the overall hospital experience.

Checkmarx, a global leader in software security solutions for DevOps, announced that Ron Kormanek, vice president of North America sales, has been appointed to the company's executive management team as it continues to drive rapid customer adoption and set the new standard for secure software development and delivery. "Since joining Checkmarx nearly six years ago, Ron has been instrumental in both growing our customer portfolio by being at the forefront of some of our largest deals and cementing our status as the North American market leader in software security," said Benzaquen.

Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said. "If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.

Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said. "If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.

In light of this, incident management programs are more important than ever, and with ISACA's newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas-like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customizable spreadsheet.

Threat intelligence and visualization technology can play huge roles in improving vulnerability management. Mieng Lim of Digital Defense outlines the potential benefits.