T.E.N. Knowledge Base



To the Cloud! Software Security Evolution at Adobe > Watch the Video
For years software security at Adobe meant defending ubiquitous software on the desktop and in the browser. But with offerings like Creative Cloud Adobe is now in the hosted services game. The secure software engineering team had to retrench and retool to secure a new type of offering against a new set of threats. This talk describes the evolution of security at Adobe to meet this new challenge.

Taking PDF Security to a New Level with Adobe Reader® and Adobe Acrobat® > Download Whitepaper
Adobe Reader X and Adobe Acrobat X take the security of PDF documents-and your data-to a whole new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration with the Microsoft® Windows® and Mac OS X operating system architectures, and improved deployment and administration tools.

Adobe® Flash® Player and Adobe AIR® security > Download Whitepaper
Both Adobe Flash Platform runtimes-Flash Player and AIR-include built-in security and privacy features to provide strong protection for your data and privacy, whether you use these Adobe products on your desktop system or mobile device. Adobe constantly advances these protections to incorporate the latest developments in the industry and stay ahead of the continually evolving threat landscape.

Adobe Incident Response and Management > Download Whitepaper
The Adobe Secure Software Engineering Team (ASSET) team proactively focuses on preventing security vulnerabilities in Adobe products before they ship, but Adobe knows that ensuring security doesn't end when a product is released. If external security researchers, partners, or customers discover a vulnerability after a product ships, the Adobe Product Security Incident Response Team (PSIRT) responds to resolve the security issue quickly, effectively, and thoroughly. PSIRT is your first line of defense for vulnerability resolution and threat mitigation. PSIRT coordinates with Adobe product engineering teams to identify the appropriate response plan and keeps you informed on mitigation procedures and release schedules.

Adobe Secure Product Lifecycle > Download Whitepaper
The Adobe Secure Product Lifecycle (SPLC) is a rigorous set of industry-leading best practices, processes, and tools designed to keep customers safe and more secure in the evolving threat landscape as they deploy and use Adobe software. The SPLC touches all aspects of the product lifecycle-from providing essential security training for software development teams and building security features into product design, to developing quick incident response plans postship.

Security and Compliance in the Cloud  > Download Whitepaper
Cloud computing offers flexibility and savings, but as data, systems and services move to the cloud, organizations expose themselves to serious security and compliance challenges.

Security delivered at the speed of business  > Download Whitepaper
Intelligent, identity-infused security, access and compliance management.

The Complete Guide to Log and Event Management  > Download Whitepaper
Everybody has logs and that means that everybody ultimately will have to deal with them-if only because many regulatory mandates prescribe that. In this guide, Dr. Anton Chuvakin will analyze the relationship between SIEM and log management, focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments. In addition, he will provide recommendations for companies that have deployed log management or SIEM so they can plot their roadmap for enhancing, optimizing and expanding their deployment. He will also recommend a roadmap for companies that have already deployed both of these technologies.

The Essential DMARC Primer: Understanding DMARC for Securing Email Channels > Download Whitepaper
DMARC (Domain-based Message Authentication, Reporting and Conformance) describes a framework that enables Internet-scale domain-level email protection, preventing fraudulent usage of legitimate email domains. DMARC’s domain-level protection provides the first real means to proactively create defensible email channels between senders and end-users, allowing companies to address Brand Protection in the email channel. The DMARC model provides the DNS based policy publication, feedback, and enforcement mechanisms necessary to build secure email channels, upon which trust can be established.

Where is your Corporate Data Going?  > Read eBook
Do you know where your corporate data is going? The answer should be a resounding, “Yes!” Unfortunately, it’s more difficult than ever to answer that question. Today’s fast-paced, mobile workforce relies on personal devices and popular consumergrade file sharing tools to access and share information with colleagues inside and outside the enterprise. However, doing so makes it nearly impossible to control corporate data and can lead to devastating privacy, security and compliance breaches, damaged business reputations and costly fines.

RtSA Tracker Datasheet > Download Datasheet
Click Security’s RtSA Tracker application – which runs on our revolutionary Real-time Security Analytics (RtSA) platform – provides automated visibility into early stage kill-chain activity – enabling organizations to piece together anomalous and malicious actor activity before exfiltration or damage occurs.

How Advanced Attacks Get Past Traditional Controls  > Download Whitepaper
The cyber threat landscape has changed dramatically in just the last few years. Zero-day threats, advanced persistent threats (APTs), and web, mobile, and application level attacks and exploits often bypass traditional security defenses such as firewalls, anti-malware, intrusion detection, and user authentication systems. While these traditional security technologies are necessary and form the foundation of a comprehensive IT security strategy, they are no longer enough to effectively defend an organization’s IT infrastructure from compromise.

100 Tips for Implementing Network Security  > Download Whitepaper
Insight from chief information security officers and those that support them.

Internet Security Threat Report  > Download Whitepaper
Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network, which is made up of approximately 69 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, and other third-party data sources.

Big Data, Meet Enterprise Security  > Download Whitepaper
Large organizations worldwide are working to develop and deploy Big Data analytical facilities alongside their established business intelligence infrastructure. These initiatives are motivated in nearly equal parts by the conviction that new business insights and opportunities are buried in the avalanche of new data, by the knowledge that conventional business intelligence systems are unequal to the task, and by the fear that competitors will be first to master and exploit the available new data streams.

Michael Colson

Michael Colson
Sr. Product Manager, Security Products

Re-Evaluation of Response to Advanced Persistent Threats > Download Presentation
Advanced Persistent Threats (APTs) are a significant challenge for even the most sophisticated security team. NetIQ will examine some of the recent research findings on APTs, and discuss real-world strategies to reduce the risk of these complex and pervasive threats.

Jim Routh

Jim Routh
Chief Information Security Officer
ISE® Northeast Executive Award Winner 2007

Is Mobile in your future? Not really… > Download Presentation
As information security risk professionals, you are well acquainted with emerging technology adoption curve that favors functionality over controls (see the rise of the Android in the market). This is particularly true of disruptive technologies that impact consumers and mobile computing is a great example. You probably hear how important it is to develop a mobile strategy by your respective business leaders and your CIOs since mobile computing will continue to grow and influence consumer behavior. This session will present a perspective that mobile computing already arrived and the future is more about the convergence of mobile, social networking and cloud computing technologies and how to apply innovative controls to this convergence as opposed to attempting to manage risk through conventional controls.

Larry Wilson

Larry Wilson
Chief Information Security Officer
University of Massachusetts

Embracing a Security-First Approach > Download Presentation
There are no boundaries when it comes to malicious threats — hackers can attack at anytime from anywhere. In order to ensure protection of an organization’s intellectual property, data and assets, a CISO must take a strong security-first approach vs a cumbersome policy-driven, compliance-first approach. For the University of Massachusetts, this involved establishing and automating a controls system to maintain authorized and unauthorized device asset inventory, software assets, security device configurations and continuous vulnerability assessment and remediation. It also involved establishing key alliances with solutions providers in order to deploy the most robust and effective technology solutions available within the allotted budget. Learn how the UMass Security-First Approach significantly improved the security and stability of UMass’ infrastructure, resulting in stable systems with less down time, along with direct ownership.

Andrew Porter

Andrew Porter
Director of IT Architecture, Bus Sol Strategies MRLIT

Redefining B2B Collaboration in the Cloud > Download Presentation
One of the most difficult challenges global corporations face is the need to facilitate collaboration quickly and easily between teams distributed across the globe without creating new risks to security and data control. Merck determined this need was business critical and set forth on the task to develop a system to improve the speed of engagement and provide a single pane of glass for the user to interact with many different systems/databases at Merck. The solution was a secure cloud-based identity hub — the Secure Access Manager (SAM) — which is now serving more than 3,000 employee users and 2,000 partner users from over 220 companies, and meets a highly–available, ‘zero downtime’ service requirement. Learn more about how this service model addressed a business critical need, while also improving the organization’s overall security posture.