White Papers


This section contains a few of our published White Papers. For our most recent publications, please check our News page.

In a Fix? Try a Vulnerability Remediation Life Cycle (VRLC)

There are plenty of ways to detect vulnerabilities. But assigning priorities and determining the best way to fix them is another matter. Which vulnerabilities need to be dealt with immediately, and which can wait? What should you do when a simple patch won’t suffice? How do you ensure that the problems won’t recur? In this Dark Reading Tech Center report, we explain how to implement a vulnerability remediation process that improves security for the long haul.

Practical Approaches for
Securing Web Applications across the Software Delivery Lifecycle

Enterprises understand the importance of securing web applications to protect critical corporate and customer data. What many don’t understand, however, is how to implement a robust process for integrating security and risk management throughout the web application software development lifecycle. Poorly implemented processes are, at best, ineffective for managing web application risk and, at worst, lead to data loss and unacceptable slow-downs in delivery times. Securing the web application lifecycle does not have to mean slowing it down. When web application delivery is implemented in a collaborative, repeatable, and process-oriented manner, companies can benefit from more efficient development models and more secure applications. By integrating security into the process from the very beginning, companies can short-circuit expensive and time consuming “gotchas” at the end of the lifecycle. Additional efficiency can be realized by focusing attention on the most critical exposures and vulnerabilities, such as the SANS Top 25 (http://www.sans.org/top25errors/) and leveraging automated tools and solutions that seamlessly integrate with existing development practices.

Addressing the Unstructured Data Protection Challenge

This document provides an overview analysis of the many facets of data-centric protection and explains how organizations can approach the problem strategically. Next we concentrate on one key aspect of data-centric security: that of unstructured data and detail selection criteria most companies should consider when choosing an enterprise solution for the unstructured data-centric security problem.

Register for the SecurityCurve Fraud Focus Paper at Guardian Analytics

Financial fraud is nothing new; enterprising attackers have been coming up with schemes like the “Yazoo Land Fraud” for at least the past hundreds of years. Check-kiting and socially engineered wire transfers are decades old attacks that have been frustrating banking customers and fraud examiners for years. Online and electronic banking services have brought significant efficiencies to customers and financial institutions, but they’ve also introduced new exploit channels to the fraud pipeline.

While increasing phishing and malware attacks grab the headlines, financial fraudsters are also using hybrid attacks across multiple channels to obfuscate their trail and maximize their take. Silently performing reconnaissance work in an online ac-count is often a first-step to executing a more lucrative offline scam. In this Note, we’ll take a brief look at how seemingly innocuous access to online account could be contributing to the rise in offline fraud and provide a look at how stopping unauthorized online access could lead to a reduction in fraud across multiple channels.