Download the Report
Advanced Threat Protection
Download the Datasheet
Let's Go Threat Hunting: Gain Visibility and Insight into Potential Threats and Risks
Download the Whitepaper
Bracing for the Tidal Wave of Data Privacy Compliance in America
View Recent Catches
Catch More Threats
August 28, 2008
The Ford Pinto was a subcompact manufactured by Ford (introduced on 9/11/70 — another infamous coincidence?). It became a focus of a major scandal when it was alleged that the car’s design allowed its fuel tank to be easily damaged in the event of a rear-end collision, which sometimes resulted in deadly fires and explosions. Ford was aware of this design flaw but allegedly refused to pay what was characterized as the minimal expense of a redesign. Instead, it was argued, Ford decided it would be cheaper to pay off possible lawsuits for resulting deaths. The resulting liability case produced a judicial opinion that is a staple of remedy courses in American law schools.
What brought this on? Well, a recent conversation with a healthcare institution went something like this:
Us: Are you required to comply with HIPAA?
Them: Well, I suppose…yes
Us: So how do you demonstrate compliance?
Them: Well, we’ve never been audited and don’t know anyone that has
Us: So you don’t have a solution in place for this?
Them: Not really…but if they ever come knocking, I’ll pull some reports and wiggle out of it
Us: But there is a better, much better way with all sorts of upside
Them: Yeah, yeah whatever…how much did you say this “better” way costs?
Us: Paltry sum
Them: Well why should I bother? A) I don’t know anyone that has been audited. B) I’ve got better uses for the money in these tough times. C) If they come knocking, I’ll plead ignorance and ask for “reasonable time” to demonstrate compliance. D) In any case, if I wait long enough Microsoft and Cisco will probably solve this for me in the next release.
Us: Heavy sigh
Sadly..none of this is true and there is overwhelming evidence of that.
Regulations are not intended to be punitive of course and implementing log management in reality provides positive ROI
August 08, 2008
Hot server virtualization and cold compliance Without a doubt, server virtualization is a hot technology. NetworkWorld reported: “More than 40% of respondents listed consolidation as a high priority for the next year, and just under 40% said virtualization is more directly on their radar.” They also reported that server virtualization remains one of IT’s top initiatives even as IT executives are bracing themselves for potential spending cuts. Another survey of 100 US companies shows 60% of the respondents are currently using virtualization in production to support non-mission-critical business services. In other words, they are using it in a “production sandbox” before deploying it on a large scale.