Former U.S. Cyber Security Czar Richard Clarke and
Noted Security Experts Discuss Data Security at
Application Security, Inc. Event
Exclusive Wall Street Panel Highlights Database Security Risks and Best Practices for Fortune 500 Companies
NEW YORK - November 28, 2006 - Application Security, Inc. (AppSecInc) (www.appsecinc.com), the global leader in database security, hosted an invitation-only seminar for CXO-level IT security professionals featuring key perspectives from industry experts, Richard Clarke, Chairman of Good Harbor Consulting, LLC and former presidential advisor for cyber security and counterterrorism, and Neil MacDonald, Vice President and Distinguished Analyst from Gartner, Inc.
The exclusive Wall Street panel was held at the legendary Harvard Club of New York and included representatives of Fortune 500 enterprises from the financial, retail, and government sectors among others. The presenters discussed emerging IT security threats, steps corporations can take to address risks to data security, and the true costs of industrial espionage.
Featured Presenters and Key Findings:
Richard A. Clarke, Chairman, Good Harbor Consulting, LLC
Featured speaker Richard Clarke, the internationally recognized expert on security – including homeland security, national security, cyber security, and counterterrorism – shared his views on IT security threats faced by Fortune 500 companies today and new threats on the horizon. Among Mr. Clarke’s key observations were:
- Today’s IT security threats are increasingly focused on stealing valuable data. In this environment, relying on outdated measures like focusing exclusively on perimeter security is insufficient.
- Corporations vastly underrate the value of data within the enterprise. While much of the media has focused on consumer credit card data and social security numbers, the theft of proprietary company information can be just as damaging. Organizations must begin to recognize the value of sensitive data stored in a corporate database like pricing models, customer billing and payment information, trade secrets, and valuable R&D intellectual property.
- The risks from data leakage, cyber terrorism and industrial espionage are real. To stay ahead of these threats, corporations must act quickly and decisively to know what risks exist within their enterprise; harden their existing IT infrastructure; and monitor against threats in real-time. All of these efforts must include robust protections at the database layer.
Neil MacDonald, a Gartner Vice President and Distinguished Analyst
Also during the session, featured security expert, Neil MacDonald, a Gartner Vice President and distinguished analyst, provided insight and actionable recommendations regarding current and emerging IT security threats. Among Mr. MacDonald’s recommendations was that organizations should “operationalize for efficiency; architect for effectiveness.” Further in the discussion, Mr. MacDonald encouraged organizations to be aware of the changing threat environment in IT security and to avoid complacency.
According to Gartner’s 2006 Information Security Technology Hype Cycle, explained in detail during the event, emerging IT security threats that organizations face include zero-day threats, rootkits, and database worms—all of which can be used to target database assets within the enterprise.
Ted Julian, Vice President of Marketing and Strategy at Application Security, Inc.
Ted Julian, Vice President of Marketing and Strategy for Application Security, Inc., rounded out the panel and closed the executive summit by sharing observations from his database security experience. Mr. Julian offered a perspective arising from his decade of experience as a security industry pioneer and tenure as a well-known industry analyst.
Mr. Julian provided five tactical recommendations to address emerging database threats:
- Apply the existing vulnerability management program to the database. Organizations have been managing vulnerabilities on their network and general-purpose hosts for over a decade. Today’s targeted attacks demand that this best practice be extended to include databases. This step includes the ongoing process of discovery, assessment, hardening, activity monitoring, and reporting.
- Utilize robust database access controls and policies. Institute automated policies that deter or prevent unauthorized data access and are specifically mapped to key regulatory guidelines such as: PCI, Sarbanes-Oxley, Basel II, DISA-STIG, and CIS/NSA.
- Extend configuration control and awareness to the database. Control and awareness measures are an essential part of existing perimeter security programs. Extend these principles to the database layer to provide defense-in-depth that proactively identifies unauthorized database alterations, reconfigurations, and access control violations.
- Establish segregation of duties and strict control policies. Comprehensive role-based access controls enable organizations to restrict access to data as it resides in the database and help prevent unauthorized modification, loss, and disclosure.
- Protect the integrity of your systems and data against insider threats. To be effective, strong security policies must be enforced with strong monitoring technologies. Monitor the activities of external and internal users (including administrators) and provide real-time alerts on violations or other suspicious activity.
About Application Security, Inc. (AppSecInc)
AppSecInc is the leading global provider of database security solutions for the enterprise with offices in North America and the UK, and a robust partner-reseller network in key markets like EMEA, Asia-Pacific, and Latin America. AppSecInc’s products – the industry’s only complete vulnerability management solution for the database tier – proactively secure database applications at more than 600 organizations around the world. The innovative AppSecInc database security suite includes:
By securing data at its source, we enable organizations to more confidently extend their business with customers, partners, and suppliers while meeting regulatory compliance requirements. Our security experts, combined with our strong support team, deliver up-to-date database protection that minimizes risk and eliminates its impact on business.
- AppDetective™ for database vulnerability assessment scanning
- AppRadar™ for real-time database activity monitoring
- DbEncrypt™ for column-level database encryption
Please contact us at 1-866-927-7732 to learn more, or visit us on the web at www.appsecinc.com.
AppSecInc is a trademark of Application Security, Inc. All other company and product names are trademarks of their respective companies.
Application Security, Inc.
CHEN PR, Inc.