NTA Monitor

Latest News

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More

The Return of the Insider Threat

1st July 2009 When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. Read More

From the Perimeter

A quarterly newsletter, addressing the latest news and views from your leading IT Security Consultancy, NTA Monitor.

Browse previous Industry Comments

Will IE6 be the next NT4?

All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. 1st October 2009 Read More

The Return of the Insider Threat

When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. 1st July 2009 Read More

The rise of information security compliance and regulation

The increase in information security compliance regulations shows no signs of slowing down as more and more business sectors are being required to comply with some form of information security regulations. Whereas a few years ago compliance was only a big issue for central government and the financial services industry, now retailers and local government are affected through PCI DSS and CoCo, and many companies need to ensure that their suppliers are compliant as well. 1st April 2009 Read More

The continuing problem of data loss

The reports of data loss incidents keep coming in. It seems that despite the huge publicity over the past year, loss of sensitive information is still happening at an alarming rate. 1st January 2009 Read More

Network Equipment Patching

Most organisations already have a policy in place for patching their servers and workstations. However, it is still apparent that many organisations do not patch their network equipment at all. In fact, those that regularly patch their networking infrastructure are in the minority. 1st July 2008 Read More

Forensic Readiness

Forensic examinations are often performed after an incident has occurred. Invariably, one of the lessons learned as a result of these investigations is that the audit logs could be improved to make any future investigation easier and more productive. 1st April 2008 Read More

UK Penetration testing accreditation

Accreditation for penetration testing companies and individuals is set to change this year, as two new certifications are now on offer: CREST and Tiger. The long-established and well respected CHECK certification will continue to be offered by CESG. 1st January 2008 Read More

The limitations of reactive patching

We're all aware of the huge numbers of patches that are being issued to fix security flaws, but these patches are invariably developed as a response to a vulnerability that's been discovered by a researcher or exploited by attackers. We see very little proactive patching based on generic issues or vulnerabilities that are known to affect other vendors' products. In short, vendors do not look beyond their own implementation when it comes to patching flaws and as a result, the products have avoidable vulnerabilities. 1st October 2007 Read More

New industry body is formed for security testers

Most of the major players in the UK security testing market have recently formed a new industry body called CREST, which stands for the Council of Registered Ethical Security Testers. 1st July 2007 Read More

Update management, is it secure?

Every security consultant worth his salt has recommended to clients that security patch management should be performed regularly and automated wherever possible. Anti-virus programs, web content protection software and spam filters should also be regularly updated; automatically where possible. 1st April 2007 Read More

Sign up to receive NTA's quarterly newsletter, From the Perimeter:

Fields in bold are required.

Contact details
Company details