Thumbs up for Intel's new remote kill technology

Origin Storage gives thumbs up to Intel's new remote kill technology

Basingstoke, UK: Intel's new Anti-Theft (AT) technology for computers, which allows for companies to give a remote command to a laptop PC to disable access to the computer's operating system or, where appropriate, disabling the encryption key system, has been given a big welcome by Origin Storage.

"The points raised by Duncan Mee, the director of WinMagic over the weekend, in a podcast with security analyst Ben Chai (http://bit.ly/bdZ3T4), in which he explains that the Intel AT technology can auto-disable the laptop if it does not `call home' every 30 days, is a very powerful feature," said Andy Cordial, managing director with the storage systems integration specialist.

"What this means is that laptops will start to cease to be such an attractive target for thieves, who will effectively be left with a high-tech doorstop on their hands when the AT system is triggered, either remotely, or the laptop fails to call home within the required period," he added.

According to the Origin Systems MD, the WinMagic solution is a powerful proposition and one that Origin bundles with its self-install encrypted drive kits for laptops, which were launched at the Infosecurity Europe show earlier this year (http://bit.ly/bHAMjq).

The key to the WinMagic solution, says Cordial, is that it operates at the BIOS level, making it both efficient and robust, and means that the encryption and decryption technology is transparent to the end user of the laptop.

And this approach, he explains, is what makes the Intel AT technology - as WinMagic's director says - such an equally powerful proposition, since it means the attractiveness of laptops will steadily decrease as more and more notebook PCs have the technology installed at their heart.

Of course, Cordial says, it will take time for today's laptops - many of which do not feature whole disk encryption (WDE) - to reach the end of their working lifetime, and during this period, companies would do well to consider Origin's self-install WDE kits as a data security option.

"As Duncan at WinMagic says, Intel's AT technology gives companies a much more powerful method of controlling access to a remote laptop and, of course, the machine does not need to be connected to the Internet for the technology to be triggered on a time-out basis," he said.

"It's still early days for the technology, however, but it's a powerful proposition and that's why we give a definite thumbs-up to what we expect will become a standard feature on the next generation of computers," he added.

For more on Intel's AT technology: http://www.intel.com/technology/anti-theft

For more on Origin Storage: www.originstorage.com

Source: Eskenzi PR

Naptech enables standard servers to build 10Gbps IPS

Scaling IPS Performance to 10G and Beyond

ANDOVER, Massachusetts, USA: At the recent Interop Tokyo event, Napatech successfully demonstrated that a standard server with 8 CPU cores can be used to build a full throughput 10 Gbps Intrusion Prevention System (IPS). Napatech has shown with this breakthrough that high-performance IPS products can be built using off-the-shelf components at lower cost, with less risk and faster time-to-market. More significantly, this demonstration shows that throughput performance can be scaled with the number of available CPU cores leading to even higher throughput possibilities.

“With Napatech network adapters, we can take full advantage of available CPU cores, which allows the solution to scale”, according to Erik Norup, President, Napatech Inc. “We can support up to 32 CPU cores, so throughput performance can be increased even higher, if more CPU cores are available. This provides predictable scalability in performance.”

“There are several IPS products on the market, but few capable of analyzing at a sustained line-rate of 10 Gbps. Most of these products are based on expensive, customized hardware development”, added Norup.”By basing IPS products on standard PC servers and Napatech Intelligent Real-time Network Analysis adapters, IPS vendors can avoid the cost, time and risk related to hardware development while taking advantage of the volume pricing and annual improvement in performance of PC servers”.

The Napatech demonstration at Interop Tokyo was based on Napatech’s NT20E In-line network adapter and 8 instances of SNORT, an open source intrusion detection software application, equally distributed on 8 CPU cores in a standard PC server. Both HP and Dell servers have been used in the demonstration. Napatech achieved full 10 Gbps throughput (10 Gbps receive and 10 Gbps transmit) using real-world traffic. Napatech’s new NT20E2 2x10 Gbps low-profile, PCI-Express Gen 2 network adapter was also demonstrated at the event.

Webinars and whitepapers describing Napatech’s solution are available on Napatech’s website at http://www.napatech.com/resources.

Napatech is the leading OEM supplier of multi-port 10 GbE and 1 GbE intelligent adapters for real-time network analysis with over 60,000 Ethernet ports deployed. Napatech network adapters provide real-time packet capture and transmission with full line-rate throughput and zero packet loss no matter the packet size. Intelligent features enable off-load of data traffic processing and packet analysis normally performed in the CPU. This results in more processing power for the network monitoring, analysis, management, test, measurement, security or optimization application being supported. Napatech has sales, marketing and R&D offices in Mountain View, California, Andover, Massachusetts and Copenhagen, Denmark.

For more information visit us at: www.napatech.com, or please contact:

Source: Eskenzi PR

Message for application development security is getting through to developers, experts agree

by Michael Smith (Veshengro)

Research released in April 2010 in the US claims to show that the message about secure coding is starting to get through to software developers in large organizations. And, says Fortify Software, this is excellent news, as it means that customized and in-house developed applications should start to be less liable to security flaws and loopholes.

"The research from our colleagues at Errata Security is interesting since it shows the uptake of software security assurance platforms from the likes of Microsoft is moving forward," said Richard Kirk, European director with the application vulnerability specialist.

"Besides finding that Microsoft SDL and Microsoft SDL-Agile are the most popular secure coding platforms in use, the study’s researchers also found that more than half of those interviewed included preventative security activities in the development lifecycle of their software," he added.

According to the Fortify director, the study also found that firms with product development teams of under 10 people manage to implement formal methodologies more successfully than companies of more than 100 members of staff.

Kirk went on to say that Fortify's own observations have shown that the main causes of software vulnerabilities stem from the early stages of the software development life-cycle.

"Our own research, he explained, tells us time and time again about the need for regular code auditing as part of a development process, as this ensures that software that is being developed is inherently secure," he said.

"In other words `building security in' - as opposed to attempting to add it after the fact - is the best option. This approach is not only more cost effective, but also results in applications that are much more secure because security was considered at every stage in the development process," he said.

"Errata's research is excellent news for any organization that uses software in any shape or form, as it shows the message that application security is a distinct, but essential, part of information security is getting through to where it matters - the software developers," he added.

For more on the research results: http://bit.ly/bCPhUG

For more on Fortify Software: www.fortify.com

It also would appear that the greatest problem with software loopholes and other problems is that software is not tested log enough and released on the user too early, making users the testers and often putting their data and operations at risk.

This can be seen time and again with Microsoft Windows problems that are due to the fact that the software is not tested long enough in the Beta phase, if they even have one of them for the Window OS.

When we moved from MS-DOS to Windows 3 and then 3.1 between each release there were many years and the programs worked well and were stable. WIN95, many years after the arrival of WIN3.1, was a very stable system, as far as Windows went, anything that came thereafter was a problem.

And the way it is beginning to appear we are heading the same way with many of the Linux distributions for there are new versions appearing – to all intents and purposes – on a six monthly basis or such. We cannot afford to have untested or badly test operating systems and other software. Don't rush, folk! Just get the stuff right.

© 2010

World Cup 2010 Survey reveals IT Are the Unsung Hero’s

Survey reveals that, while the rest of the workforce may skive to watch the World Cup, it’s the IT Team that can be relied on in a crisis

London, UK: A recent survey, conducted by Tufin Technologies, has discovered that IT professionals are not geeks in a dusty back room speaking a language all of their own, instead they’re potentially knights in shining armour waiting to ride into battle. The study, amongst 241 UK IT professionals, asked; should they experience a major IT disaster during the final of the World Cup would they delay fixing the problem, remarkably, 87% said they would forego the match to fix the problem. According to one respondent “the score will not change if you’re not watching it”. This is in contrast to the findings released two weeks ago by the Chartered Management Institute (CMI) who questioned 700 British businesses and found they were worried the competition could cost “a fortune in lost production as employees take time off and waste time nattering about the tournament”.

Tufin repeated their survey amongst IT professionals in the US to see if they were any different to their UK counterparts, but this time asking if they’d continue to watch the SuperBowl in the event of a crisis. Interestingly a similar level of response was found among the IT professionals with 80% of the 262 US respondents saying they’d stop watching and fix the disaster. A small minority of respondents, 12% in the UK and 15% in the US would continue to watch the game while leaving the organisation to fend for itself. One IT professional suggested that: “Those IT professionals choosing the “footie” over their duties, maybe the fault of corporate management not educating their people on Risk Management and Business Continuity.”

Speaking about the choices available, one respondent drew the comparison that it was akin to “secure employment or growing a big beer belly” a sentiment, although perhaps less expressively voiced, shared by the majority. Another made the fabulous statement that “You must fix your ship or sink with it”.

Shaul Efraim, VP Products, Marketing and Business Development for Tufin Technologies said, “Although there have been many reports of people skiving to watch the matches – especially with the favourable time differences, our study shows that many network defenders won’t be taking their eye of the ball, if you’ll pardon the pun. IT professionals have been busy preparing for this event in the months preceding the opening ceremony in South Africa, fully aware that there will be others within the organisation that could compromise the system by streaming video content, downloading apps and visiting websites - all potentially harbouring and injecting malicious code. By ensuring patches and policies are up to date, and that your firewall is fully optimised, the next month should pass by without major incident – at least off the pitch.”

Tufin’s personal favourite response to this survey was from a respondent who believes employment in the IT sector is “not just a job, it’s an adventure”. If only the rest of the workforce had the same job satisfaction, perhaps the next four weeks wouldn’t cost British businesses the predicted one billion pounds.

Source: Eskenzi

New Qualys Patch Report Aligns IT Security With Operations

New Feature in QualysGuard Vulnerability Management Consolidates and Prioritises Security Patches Across Company Assets for Fast, Accurate Remediation of Vulnerabilities

Redwood Shores, CA: Qualys®, Inc. the leading provider of on demand IT security risk and compliance management solutions, today announced Patch Report, a new feature in QualysGuard® Vulnerability Management to help customers quickly identify and implement patches to eliminate vulnerabilities in their IT environments. The new reporting feature provides users with actionable patching information for non-security staff such as system administrators and patch management system operators. It includes prioritised lists of patches that need to be applied to a selected set of assets in order to reduce risk, without applying unneeded redundant patches.

“We are excited about using the new QualysGuard Patch report because it will provide a useful tool that improves efficiency in vulnerability remediation and helps ensure that we are patching properly,” said Joe Bennett, director of information security for CredAbility, a nonprofit organisation offering credit counseling and education. “We do monthly reporting that tracks the remediation of detected vulnerabilities, and now with Patch Report, we can see exactly how many patches we pushed and how many vulnerabilities it remediated.”

The new QualysGuard Patch Report drives efficient remediation of vulnerabilities by:

  • Eliminating manual tasks and time spent looking through identified vulnerabilities and figuring out which patches will address each vulnerability, saving customers from redundant, unnecessary patching.

  • Providing accurate, easy-to-read reports with consolidated patching information for security or non-security staff (system administrators, patch management system operators, IT or operations staff).

  • Including a simple user interface that gives users the flexibility to create actionable patch reports sorted by host, patch, operating system or asset group. The user can dynamically filter this information to further reduce or increase the scope of the report.

  • Providing persistent search filters so anytime the user runs it, it generates the most up-to-date patch information based on recent scans and knowledgebase updates.

“Whereas security and operations teams tend to work in silos, vulnerability management is an area where these teams must work together to determine what needs to be patched, and patch quickly to secure IT environments and reduce the risk of service interruptions,” said Scott Crawford, research director for EMA. “Qualys Patch Report enables security professionals to provide operations staff with a clear, consolidated report of what patches to apply, increasing efficiency for both teams as they remediate possible threats to security.”

“At the request of our customers, we built this new Patch Report so they can provide their counterparts in operations with a meaningful, task-oriented, “out-of-the-box” remediation plan,” said Philippe Courtot, chairman and CEO for Qualys.

Pricing and Availability

Available immediately, the new Patch Report feature is the latest enhancement to QualysGuard Vulnerability Management, the industry-leading vulnerability management solution used by more than 4,000 companies worldwide. QualysGuard Vulnerability Management automates the lifecycle of network auditing and vulnerability management across the enterprise, including network discovery and mapping, asset prioritisation, vulnerability assessment reporting and remediation tracking according to business risk, enabling companies to eliminate network and application vulnerabilities before they can be exploited. For more information, visit: http://www.qualys.com/products/qg_suite/vulnerability_management/

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 4,000 organisations in 85 countries, including 42 of the Fortune Global 100 and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organisations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.
For more information, please visit www.qualys.com.

Source: eclat Marketing