Off-network security is a huge problem; Storm spam nearly doubles in volume

Security News Alert This newsletter is sponsored by Credant Technologies On-demand Webcast: Compliance and External Media USBs, iPods, MP3s: the regulatory compliance implications of PII on unprotected endpoints and how to reduce risk of data leaks. What are current and upcoming regulatory compliance implications of PII stored on unprotected endpoints? What kind of solution helps to reduce risk of noncompliance? Network World's Security News Alert, 08/23/07 Ponemon: Off-network security is a huge problem, 08/21/07: Security typically tops the list of priorities for IT executives, but a recent survey conducted by the Ponemon Institute reveals that at least one area of IT data security is being overlooked. Off-network security — or the technologies and policies that ensure data is protected on devices after being removed from the network — doesn't rank as high as Larry Ponemon, founder and chairman of the Ponemon Institute, says it should. Storm Trojan spam nearly doubles in volume, 08/22/07: Account confirmation spam is the latest spammer trick, asking recipients to confirm their account information with a bogus organization by logging into a Web site that is infected with the Storm Trojan malware. This latest technique is catching on: Account confirmation spam has grown in volume from 18% of all spam on Tuesday to 35% Wednesday. Storm spam poses as site confirmation, 08/22/07: The Storm malware, which first appeared in January of this year, is showing no signs of slowing down -- just this week reinventing itself as a Web site membership confirmation message. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Data security rollouts fast-tracked with Fidelis program, 08/22/07: Fidelis Security on Tuesday announced a quick-start program for its data-leak prevention product that is designed to help companies identify their sensitive information and begin protecting it within two weeks. Keeping remote workers safe through NAC: With many employees accessing corporate data systems from home PCs, Xilinx rolled out a NAC implementation to ensure that its remote systems met the company's secure computing policies. Abe Smith, CSO at Xilinx, talks about the rollout and how it will help protect the company's intellectual property. (8:40) The security concerns of file transfer, 08/20/07: In last week’s newsletter, I wrote about using secure file transfer tools as a complement to your enterprise e-mail system to offload large file attachments from e-mail. The primary focus of that newsletter was how to relieve the bandwidth-hogging pressure of handling large files via e-mail. This week, I want to talk about the need for securing those files. SharePoint expert Michael Noel blogs: “One of the more useful features in SharePoint 2007 from an extranet perspective is the ability to use an alternate authentication provider other than Active Directory” Spyware app gives lackluster performance, 08/21/07: Lavasoft's Ad-Aware 2007 Plus is the paid version of the popular scanner Ad-Adware 2007 Free. For the $27 price, you get automatic signature updates, scheduled scans, and real-time protection features not included in the free product. But despite its sleek interface and easy-to-configure controls, Ad-Aware Plus failed to meet basic expectations when pitted against adware, spyware, and rootkit threats. Live Chat: The truth about NAC: Security expert Joel Snyder separates NAC fact from fiction. Live, Tuesday Aug. 28 at 2 p.m. Submit your questions now.

TODAY'S MOST-READ STORIES: 1. Gunplay blamed for Internet slowdown 2. Microsoft-Cisco collaborative lovefest over? 3. 1.6M records stolen from Monster.com 4. U.S. kills controversial anti-terror database 5. TiVo's disaster recovery plan 6. 10 virtualization companies to watch 7. Monster.com identity attack may continue 8. Google Earth gets starry-eyed 9. Survey: Cisco has the knack for NAC 10. Top 10 'networkiest' eBay oddities MOST E-EMAILED STORY: 1.6M records stolen from Monster.com

Contact the author: Senior Editor Ellen Messmer covers security for Network World. E-mail Ellen. This newsletter is sponsored by Credant Technologies On-demand Webcast: Compliance and External Media USBs, iPods, MP3s: the regulatory compliance implications of PII on unprotected endpoints and how to reduce risk of data leaks. What are current and upcoming regulatory compliance implications of PII stored on unprotected endpoints? What kind of solution helps to reduce risk of noncompliance? BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007