eiqcast's Podcast

eIQcast Episode 22: Update on PCI

Mike Rothman — Wed, 28 Oct 2009 19:51:53 GMT

Discussions about PCI-DSS rules this year have focused on how effective the guidelines really are at preventing theft of credit card data. Recent survey data indicates merely following PCI does not protect a wide range of protected data. In the newest episode of the eIQcast, eIQneworks Product Evangelist John Linkous provides an update on PCI compliance and how far it goes to actually keep credit card data secure. Running time: 10:38

eIQcast Episode 21: The Role of File Integrity Monitoring

Mike Rothman — Tue, 20 Oct 2009 20:48:43 GMT

In this episode of the eIQcast, Mike Rothman dives into the nuances of file integrity monitoring and why it's an important aspect of both security and compliance. One of the first things an attacker is going to do is mess around with system files, so having some mechanism to ensure that system files, registry values and the like aren't tampered with is a big part of "reacting faster" to potential security issues. Mike also discusses how eIQ's SecureVue security and compliance management platform provides this capability through it's newly updated agent technology, continuing to show technical innovation beyond simple security information and event management (SIEM) and log management solutions. Running time: 10:41

eIQcast Episode 20: Seeing Clearly Through the Clouds

Mike Rothman — Wed, 30 Sep 2009 12:09:58 GMT

In this latest episode of the eIQcast, eIQnetworks SVP of Strategy Mike Rothman discusses some of the challenges of cloud computing with Ross Levanto. Mike goes into the issues of maintaining visibility when networks and systems reside in someone else's datacenter, and some of the mechanisms eIQ is adding to SecureVue to help customers address this issue. This coincides with the recent announcement from eIQnetworks regarding security and compliance management in the cloud. Check it out on http://www.eiqnetworks.com. Running time: 11:40

eIQcast Episode 19: BUSTED! The Greatest Hacker Goes Down...

Mike Rothman — Tue, 18 Aug 2009 21:10:12 GMT

This past Monday the U.S. Justice Department charged 28 year-old Albert Gonzalez with a series of crimes that resulted in the theft of more than 130 million credit and debit card numbers from late 2006 to early 2008. The indictment places blame for several high-profile data theft incidents on a small group of individuals who found holes in websites used to transfer the credit card data. Basically, these folks have to be the best hackers out there if they were behind every high profile data breach of the past two years. In the latest episode of eIQcast, Security and Compliance Evangelist John Linkous reviews the charges, talks about how retailers and consumers can protect themselves, and notes how the crime was carried out by exploiting a well-known (and extremely easy to replicate) web site security weakness.

eIQcast Episode 18: eIQviews on Black Hat

Mike Rothman — Mon, 03 Aug 2009 17:01:29 GMT

eIQnetworks Senior Vice President of Strategy Mike Rothman just returned from Black Hat USA 2009 in Las Vegas, which took place from July 25-30, 2009. Mike has been to Black Hat many times, and the more things change, the more they stay the same. The presentations all lead to same conclusion: No matter who you are, where you are or how secure your network is, you are vulnerabile. In the latest episode of the eIQcast, Mike discusses his thoughts about the latest Black Hat show, the leading attack vectors (like SSL, iPhones, and web apps), and other assorted topics with Ross Levanto.

eIQcast Episode 17: Exposed Smart Metering and Energy Security Compliance

Mike Rothman — Mon, 06 Jul 2009 13:50:41 GMT

According to published reports, one of the anticipated sessions at the upcoming Black Hat conference will show vulnerabilities within smart metering technologies that certain utilities are deploying to make the electricity grid more intelligent-- from energy production through consumption. The big question is whether the vulnerabilities would put utilities out of compliance with energy industry regulations regarding security. In the latest episode of the eIQcast, Ross Levanto asks eIQnetworks Product Evangelist John Linkous for a review of what we know about the vulnerabilities and the current state of security compliance within the energy industry.

eIQcast Episode 16: The need for Automation

Mike Rothman — Thu, 11 Jun 2009 21:26:22 GMT

As noted in the previous post on eIQviews, the results of spring surveys show that security spending is down. While that's not exactly a surprise, it puts security managers in a pickle. Given the economic situation, how are they to keep their systems secure and compliant, especially since the regulations haven't change and the hackers don't take time off during a recession? That question is the subject of the latest episode of eIQcast, where Ross Levanto interviews eIQnetworks senior vice president of strategy. Running time: 10:46

eIQcast Episode 15: Beyond PCI to Security

Mike Rothman — Fri, 05 Jun 2009 14:01:23 GMT

Since Your Working Toward PCI Compliance, Why Not Try to Make Your Enterprise Secure, too? Events in 2009 provide further proof that PCI compliance is not enough to secure credit card information, yet PCI compliance is a major driver of technology purchases each and every day. If the need-to-have products for PCI compliance are not enough for security, what are the nice-to-have products that can make an enterprise far more secure? In the latest episode of the eIQcast podcast series, Ross Levanto asks eIQNetworks Product Evangelist John Linkous for his thoughts on the question. In the process, they discuss the features and functionality that IT and security teams can investigate as part of PCI compliance projects to greatly enhance the security of their systems.

eIQcast Episode 14 - Analyzing Melissa Hathaway's Recommendations

Mike Rothman — Mon, 04 May 2009 15:11:25 GMT

During one of the most hyped keynotes at the recent RSA conference, President Obama's "cyber-security czar" Melissa Hathaway outlined at a high level plans for improved security within the federal government. In the latest episode of eIQcast, Host Ross Levanto and eIQnetworks Product Evangelist John Linkous analyze Hathaway's comments and the industry's reaction to them. The report Hathaway recently completed and sent to the President has not been made public; it's expected that many of her recommendations will emphasize the need for ongoing monitoring of networks and security controls, as well as the need for the White House to step up its management of IT security across the entire government. Editor's note: This episode was recorded on Friday, May 1, and therefore references the RSA Conference that ended on April 23. Running time: 10:57

eIQcast Episode 13: Verizon Breach Report

Mike Rothman — Wed, 22 Apr 2009 14:41:09 GMT

Recently the folks at Verizon Business released their annual data breach analysis report. From the RSA 2009 show, Ross Levanto and eIQ Product Evangelist John Linkous discuss the findings and help interpret what issues are identified by looking at the report. Running time: 9:53

eIQcast Episode 12 - Continuous Compliance Coming (or not)

Mike Rothman — Mon, 06 Apr 2009 15:01:00 GMT

As recently discussed in a post by Mike Rothman, a Visa executive this week sought to clarify a company claim that no PCI-compliant company has suffered a data breach. Given that PCI compliance is determined at a fixed moment in time, the unattainable ideal is "continuous" compliance. In the latest episode of eIQcast, Ross Levanto asks eIQnetworks Product Evangelist John Linkous about Visa's claims. They review how companies can move toward the unattainable continuous compliance goal, and they provide tips on certain effective data security strategies not specifically mandated by the PCI rules.

eIQcast Episode 11: Conficker Mania

Mike Rothman — Wed, 01 Apr 2009 12:35:17 GMT

On the eve of the April 1 expected trigger date of the worm Conficker, host Ross Levanto interviewed eIQnetworks Product Evangelist John Linkous in this episode of eIQcast. They discussed why everyone is especially concerned about this particular worm. They also reviewed certain data sources that should be monitored to determine if Conficker has struck a network. Running time: 10:02

eIQcast Episode 10: Stimulating the EHR

Mike Rothman — Mon, 16 Mar 2009 20:21:42 GMT

The American Recovery and Reinvestment Act signed by President Obama last month includes a new initiative to create standard electronic health records over the next few years. Since a standard way to exchange health information opens up the possibility of a hacker attack, the federal government is creating new rules to protect the health records. In this episode of eIQcast, Ross Levanto interviews eIQnetworks Product Evangelist John Linkous. They walk through the new initiative outlined in the act and the timeline for the new IT rules addressing electronic record protection. Running time: 11:22

eIQcast Episode 9: HIPAA is back!

Mike Rothman — Thu, 05 Mar 2009 14:10:38 GMT

It looks like 2009 maybe finally be the year of HIPAA. For those of you in the business for a long time, HIPAA was big news back in the early part of this decade (2001-2004), but due to a lack of enforcement, the regulation has not been top of mind for years, in the wake of Sarbanes-Oxley and PCI. But that seems to be changing. Recently, the pharmacy company CVS/Caremark was levied a fine of more than $2M for a violation of HIPAA rules. Additionally, provisions in the stimulus bill recently signed into law by President Obama provide insight into future enforcement of HIPAA compliance. In this episode of eIQcast, host Ross Levanto interviews eIQnetworks Product Evangelist John Linkous on the news of the fine and what it means for IT and security managers. Running time: 10:51

eIQcast Episode 8: Another Payment Processor Breach

Mike Rothman — Fri, 27 Feb 2009 15:32:53 GMT

As noted in an earlier post on this blog, news surfaced this week of credit card theft at a payment processing firm. While the name of the firm has not been announced, you'd think the crime scene investigators are on the job. The news comes merely weeks after payment processor Heartland Payment systems reported credit card theft from its network. In the latest episode of eIQcast, host Ross Levanto interviews eIQnetworks Product Evangelist John Linkous, who discusses how the credit card information was reportedly stolen, whether this is evidence of a new trend, and how future incidents of this type may be prevented.