Microsoft exchange management - The Next generation

The New Varonis® DatAdvantage® for Exchange Reduces the Time

Exchange Administrators Spend Managing Mailbox Access and Tracking Email Activity by up to 70 Percent

NEW YORK – Oct. 18, 2010 - Varonis Systems Inc (www.varonis.com), the leading provider of comprehensive data governance software, today announced it has extended its award-winning DatAdvantage® software to Microsoft Exchange. This platform extension gives Exchange administrators access to the Varonis® Metadata Framework™ technology (www.varonis.com/metadata) within DatAdvantage, which provides resource-saving automation for ongoing Exchange management tasks such as mailbox access management and consolidation, email activity tracking, access auditing and stale public folder and mailbox identification. By automating the way IT organizations perform daily Exchange management tasks, DatAdvantage delivers up to 70 percent time savings to overworked Exchange administrators.

“With traditional approaches, it was very difficult to understand access to mailboxes and public folders across all the Exchange servers, effectively audit email access and communication, and find owners for public folders and mailboxes,” said Bernard Besohe, local mail and system administrator for the Publications Office of the European Union. “With Varonis DatAdvantage for Exchange, we have significantly reduced our Exchange access and data management workload for tasks that we do many times every day. We now have a single console with a complete map to our ever-growing Exchange environment that has enabled our staff to identify and proactively manage and protect Exchange data.”

“Exchange data is a tremendous challenge to manage because permissions are not often well maintained, activity is not easily tracked or analyzed, and ownership for mailboxes and public folders is unknown,” said Vivian Tero, analyst for IDC. “Email systems contain a rapidly growing set of critical data that is very hard to protect and manage. By bringing the power of their widely used data governance system and Metadata Framework™ to the Exchange platform, Varonis is significantly increasing the control and efficiency that IT administrators have over this extremely important set of semi-structured data.”

Varonis® DatAdvantage® for Exchange enables customers to manage Exchange mailboxes and public folders alongside file servers and SharePoint sites through the proven Varonis Metadata Framework and DatAdvantage UI, offering the same trusted permissions visibility, audit trails and recommendations that customers have come to expect from Varonis Data Governance solutions.

“As the most widely adopted messaging platform and semi-structured data repository in the world, Microsoft Exchange is the go-to cross-functional collaboration system for many organizations,” said Yaki Faitelson, Chief Executive Officer, President and Co-founder of Varonis.. “Administrators are under enormous pressure to ensure that Exchange is secure, responsive, and constantly available. To do this, they require automation to understand activity patterns over the entire platform, understand ownership of the data, visualize access for all mailboxes and public folders across all the information stores, easily identify stale mailboxes and public folders and optimize processes for consolidation and migration. Varonis® DatAdvantage® for Exchange automates tasks that Exchange administrators are already doing manually, hundreds of times every day.”

With Varonis® DatAdvantage® for Exchange, customers can:

· Clean up shared mailboxes and identity appropriate delegation rights

· Clean up public folders and designate ownership assignments

· Audit and track message activity

· Identify spikes in activity

· Identify and remove stale public folders and mailboxes

Varonis® DatAdvantage® for Exchange features include:

· Bi-directional Permissions Visibility: From both a mailbox/folder and user/group view that allows administrators to easily analyze and report on permissions, spot permissions errors and improperly delegated access

· Auditing Automation: A detailed audit trail with highly granular filtering and sorting so administrators can easily see when email was sent, from and to whom it was sent, and when it was opened

· Recommendations and Permissions Modeling: Enabling administrators to quickly spot excessive rights and test permissions changes—prior to committing them—so that changes will not disrupt end-user productivity

· Ownership Identification: Automating ownership identification, assignment and reporting for mailboxes, public folders, and distribution groups to facilitate proper access authorization and review

· Stale Data Identification: Enabling IT to reduce storage overhead and costs

Varonis® DatAdvantage® for Exchange is available immediately for Exchange 2007 SP2, SP3, and starts at $8,000-$12,000.

For more information about Varonis® DatAdvantage® for Exchange, visit www.varonis.com/products/datadvantage/exchange

Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named "Cool Vendor" in Risk Management and Compliance by Gartner, Voted one of the "Fast 50 Reader Favorites" on FastCompany.com. Varonis has more than 2500 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, N.Y., regional offices in Europe, Asia and Latin America, with research and development offices in Hertzliya, Israel

Source: Eskenzi PR

This press release is presented without editing for your information. The ICT REVIEW does not recommend, approve or endorse the products and/or services offered.

How secure is the Genie inside the disk?

Hacking experiment further sharpens diskGenie’s credentials as one of the most secure portable hard drives available today

diskGenie, the first USB hard drive product to be awarded the government’s CESG Claims Tested Mark (CCTM) certificate, has retained its credentials as one of the most secure portable hard drives available following a failed hacking attempt. The award winning* device is the flagship product of iStorage, a leading specialist in portable storage and digital encryption.

diskGenie features a robust, compact, shock-proof design and combines ATM style PIN code access with 128 or 256-bit AES hardware encryption to ensure information is completely secure, even if the drive is removed from its enclosure. To put diskGenie to the ultimate test, iStorage ran an experiment with a renowned Dutch hacker to find out if he could break into the device and get access to the encrypted data.

After numerous failed attempts it came to light that diskGenie is the only portable hard drive the hacker has ever failed to hack. Instead, he offered a couple of ‘theoretical’ suggestions in which he felt it might be possible to hack it, but was unable to attempt them himself. The suggestions included an ‘Evil Maid Attack’ and ‘De-capping the PIC’ but the iStorage technical team have since concluded both to be invalid.

Evil Maid Attack’ - this approach could apply to almost any device or computer, but it is much easier with devices that require the PIN to be entered on a keyboard as both hardware and software key loggers can be used. Adding a key logger to the diskGenie is very technical and highly improbable. Even if an individual had the required knowledge to develop the key logger device, many conditions would still need to align for the attack to be successful including gaining access to the drive twice; knowledge of the contents of the drive; and the ability and skill to access the PCB without damaging it or the enclosure.

De-capping the PIC’ - only somebody highly motivated, technically advanced and with vast resources would attempt this as a last resort because the integrity of the encryption key and design would likely be destroyed in the process. Even assuming an attacker was properly motivated and equipped, they would still need intimate knowledge of where and how the key is stored inside the PIC. Furthermore, even if they were able to find the location, they would quickly discover that the stored key is ‘hashed’ and have no value whatsoever, meaning this scenario can also be completely discounted as viable.

John Michael, Managing Director of iStorage commented, “Any secure product can be hacked in ‘theory’ but it is very different in the real world. We are completely confident that no hacker will be able to gain access to the diskGenie without the correct PIN code. Having already been awarded the government’s seal of approval with the CESG Claims Tested Mark (CCTM) award, we are now considering either FIPS or CAPS accreditation to further enhance the product’s security credentials.”

iStorage provides high performance and ultra secure portable data storage and security products to users who need to protect their data held on PCs, Macs and portable devices. The founders of iStorage are pioneers in their field and hold several patents, both granted and pending, on a range of related data storage and security products. With a strong belief in careful product selection and unrivalled customer service, iStorage continues to deliver market leading innovations in portable data storage and digital encryption technology. Further information can be found on www.istorage-uk.com

This press release is presented without editing for your information.

Botnets for rent – explained

The Iranian Cyber Army has been making news with its decision to sell access to its botnet, Imperva’s Senior Security Strategist Noa Bar Yosef answers key questions on this issue below:

1) How much does it cost usually to rent a botnet? What are the factors involved in price?

Bots are used for a very large variety of purposes so its difficult to pinpoint a price. The growing and maintaining work of a botnet has become just an additional profession in the hacker supply chain of the growing hacking industry. Similar to market competition of the real world, botnet growers are competing to provide their service. Which means that prices are falling. There are different aspects which are taken into price account of the botnet hiring: • Size of a botnet • Type of attack (e.g. spam, DDoS, cred-fetching) • Target (military, private organisations, targeted or widespread) • Geo-location (targeted country, organisation and even language considerations) • Length of attack (one hour of spam, three-day DDoS attack or a monthly membership for phishing sites) • Although a rental is based on a multitude of factors, to give some ballpark figures for some of the more common ‘services’: : • A 24-hour DDoS attack can be anything from a mere $50 to several thousand dollars for a larger network attack. • Spamming a million emails, given a list, ranges between $150-$200. • A monthly membership for phishing sites is roughly $2,000.

2) Does this move by the ICA surprise you? How common is it for people to build botnets and then sell them off?

No, the move by the ICA is not surprising. Cyber-criminals, just like all criminals, seek different sources of revenue. Botnet growers are continuously advertising their services. What is interesting in the case of ICA is that they were the ones performing the attack. From their point of view, most of their attacks were politically motivated. But they seem to have asked themselves: Why can’t we make extra on the side with our infrastructure? These so-called ‘ideologists’ could be re-investing proceeds from ‘commercial’ operations to their political objectives and proceed with other attacks as well as further develop other cyber attack resources.

3) From a security standpoint, does this activity make botnet detection easier or harder? If people are selling groups of bots, doesn’t that mean you can stop multiple groups by disrupting the group selling the bots?

A. In general, this activity doesn’t impact the detection of botnets. Why? Many of the command and control servers use fast-flux technology, where the server constantly changes, so it is harder to find the ‘brain’ behind the zombies and take it down.

B. Advertising underground services carries risks of discovery. For example, a criminal in the real-world advertising fake Rolexes: that individual runs the risk of selling to an undercover cop. Similarly a criminal selling illegally obtained online credentials to some Facebook account runs the risk of the forum being tapped into by some authority. Yet these criminal acts proliferate since hackers are not stupid. They use different evasion techniques, secret forums and even a reputation-based system in order to avoid being detected.

4) Some say that smaller botnets are a bigger problem than the larger spamming botnets because the smaller ones tend to be targeted and seek to stay under the radar. Do you agree that that is the case, and is this related to the trend of people selling off portions of botnets?

It doesn’t make a difference. Why? A botnet grower has a large number of computers under his/her control (zombies). He/she rents a certain number of these zombies for different purposes. Each of these rentals together provide a botnet. So botnets range in size but ultimately they can be sourced to the grower. So criminals are not selling portions of their botnet, rather they are renting portions of the computers under their control according to the needs and requirements of the attack requestor.

Imperva is the global leader in data security. With more than 1,200 direct customers and 25,000 cloud customers, Imperva’s customers include leading enterprises, government organisations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems. For more information, visit www.imperva.com.

Source: Eskenzi PR Ltd.

This press release is presented without editing for your information.

Avalanche spam gang tap the power of ZeuS to boost cybercrime earnings

London, 25th October 2010 - Reports that the world's most prolific phishing gang have diversified their operations over from conventional phishing emails to distributing the ZeuS Trojan is another sign that hackers are becoming incredibly sophisticated, says Imperva, the data security specialist.

More than anything, the attack vectors used by the Avalanche botnet gang, who have taken two years to migrate to the new fraud architecture, indicate that criminal hackers are now using lateral thinking to develop their fraudulent modus operandi, says Amichai Shulman, Imperva's chief technology officer.

"What is apparent from our research is that the Avalanche cybercrime gang - who were reportedly responsible for two-thirds of the world's phishing attacks this time last year - are also using advanced programming techniques" he said.

The Imperva CTO continues, “The problem is that the banks, nor the users, are realizing that the client browser is actually under the control of the hacker. So although a user is in fact authenticated to the bank, all transactions are actually being performed from that moment on by the Trojan.”

Imperva's research teams, he went on to say, concluded that using a man-in-the-browser attack, similarly to those uncovered in September, enables the electronic criminals to  stage automated withdrawals. The problem of detecting this type of fraud is made all the more difficult as the banks are not aware that the initiator of the transaction is not the actual owner of the account but basically, an automated process," he said.

"This is why some financial institutions, such as Sainsbury's Bank (http://bit.ly/9Xxy9i), now require users to confirm by mobile phone text message when a new account payee is set up," he added.

"Until the banks are able to prevent against this type of complex malware-driven fraud, the cybercriminal gangs will continue to evolve their already sophisticated strategies to beat the banks - and their customers”

For more on the latest hacker e-banking fraud methodologies: http://bit.ly/9uCXWo

For more on Imperva: www.imperva.com

Imperva is the global leader in data security. With more than 1,200 direct customers and 25,000 cloud customers, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems.  For more information, visit www.imperva.com, follow us on Twitter or visit our blog.

Source: Eskenzi PR Ltd

This press release is presented without editing for your information only.

Trusteer Finds Massive Internet Security Hole Remains Unpatched by Users

Two Thirds of Web Users are Still Vulnerable to Attacks that Exploit Flaw in Java

NEW YORK, Oct. 25, 2010 – Trusteer, the leading provider of secure browsing services, today announced that more than a week after Oracle released a critical patch for Java, more than 68% percent of Internet users are still vulnerable to attacks that exploit these vulnerabilities.  This may be the biggest security hole on the Internet today, since 73 percent of Internet users are using Java.  The Trusteer Secure Browsing Service has already warned 14 million users to immediately apply the Java patch and in the mean time protects them against financial malware such as Zeus, that exploit the vulnerabilities in unpatched versions of Java.

According to Oracle due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 29 new security fixes across Java SE and Java for Business products. http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

One week after it was released by Oracle, only 7 per cent of Java users have installed the latest update.  This is worrying because the majority of Java users on the Internet are vulnerable to a large and growing number of Java exploits in the wild.  According to Microsoft, the vulnerabilities covered by the critical patch provide ‘...an unprecedented wave of Java exploitation...’  Trusteer believes it is the single most exploitable vulnerability on the web today.  http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx

“From a security threat standpoint Java is very much like Flash in that it is a ubiquitous technology installed on virtually every computer in the world, which makes an ultimate platform for distributing malware,” said Mickey Boodaei, Trusteer's CEO. “Using vulnerabilities in these applications is extremely efficient since it enables criminals to target more than two thirds of Internet users. Oracle is facing some major security challenges and one of its biggest hurdles is its software update mechanism. For some reason, it is not effective enough in distributing security patches to the field. Adobe experienced the very same problem last year and since then Flash has been the subject of multiple attacks. To date Adobe hasn't managed to overcome the problem although they are trying and have plans to introduce more security features in their future releases.”

“The spike in Java exploits shows every sign of continuing. Just 120 hours after a Google researcher published details of an unpatched Java exploit late last week, hackers had reportedly already started exploiting the vulnerability.  The fact that the time between an exploit being discovered and then being used by hackers in the real world is shortening is of great concern. And with so few users updating their systems, this means that a majority of users' computers are wide open to this new type of attack vector,” he explained. 

According to Trusteer, the Java exploit posted to the Full Disclosure mailing list late last week appears to have been picked up by Russian hackers, who are currently exploiting an iFrame-compromised song lyrics site, which re-routes Internet users to a Russia-based malware server.  This multi-level attack vector will have taken time to organise, which leads Trusteer to believe that hackers are now monitoring bug disclosure lists on a regular basis, and then mobilising their resources very quickly to create new zero day exploits.

Recommendations from Trusteer

For enterprises: identify all browser add-ons and browser technologies, not just Flash and Java. Make sure to block unnecessary services and quickly update vulnerable add-ons and browsers. Use browser security technologies that can minimize and control the threat within the organization.  Patch browsers and browser add-ons as soon as fixes are available.

For end-users: don't disregard vendor software update messages. If a software program is not needed, it should be removed. Otherwise it should be kept up-to-date. Use browser security technologies which can minimize, block, and alert on new threats.

Trusteer, the world’s leading provider of secure browsing services, helps secure computers against Man in the Middle, Man in the Browser, and Phishing attacks. Trusteer is currently used by more than 70 leading financial organizations and enterprises in North America and Europe, and by more than 14 million end users to protect their online banking, shopping and other communication against sophisticated malware attacks and fraud. HSBC, Santander, The Royal Bank of Scotland, SunTrust, Fifth Third, ING DIRECT, and Bank of Montreal are just a few of the banks using Trusteer’s technology. Trusteer's service for enterprises prevents malware from accessing enterprise network resources and sensitive information through SSL - VPN connections and unmanaged devices. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com

Source: Eskenzi PR Ltd.

This press release is presented without editing for your information only.

Vacation 2.0 – Danger of burglary due to vacation notifications given on Social Networks

by Michael Smith (Veshengro)

There is a serious danger of experiencing a burglary in one's home and/or office if, like so many, one announces that one is going on vacation on social networks.

Time and again on an almost daily basis, even amongst the people that I am in contact with, someone will post a notification that he or she is going to be away for a couple of days or weeks because of vacationing or trip to here or there, etc.

This is a virtual and real invitation to any criminal to scoot over and have a look at your place with the view of liberating a few of your possessions.

This is especially dangerous if you use Facebook's location service or it you happen to be careless with your personal information on Facebook or elsewhere in your profile. Neither your address nor other sensitive info belong there.

If you want to, at some stage, share this with someone you have come to know as trustworthy then that is a different story. On the general profile such information has nothing to do.

Also, unless you know that no one knows your direct location do not tweet or blog (on Facebook or elsewhere) as to your location of anything of that nature, e.g. being away on vacation in Timbuktu or even just in Blackpool.

Facebook plugins such as the “My Location” or whatever it may be called also does not belong onto your cell phone or laptop. While it may be nice to let everyone of your friends know how things are where you are there is a much better and safer way; it is called email.

Vacation updates on social networks are also a very bad ideas, as indicated, and should be an absolute no, no, and that even if you have not disclosed your location, your address, etc., in any of your profiles. Chances are that some criminal reading the entries might just know where you live and bingo. A nice opportunity burglary. Not something you would want.

If, as I have said already, you wish to share holiday information with friends and family do not do that via Facebook or Twitter or LinkedIn or MySpace or what-have-you.

Use email or instant messenger. You never know who is reading your blog entries and that includes material on platforms such as Blogger, etc. Blog about your vacation, you trip to wherever, or whatever, when you are back home safely.. Much better, in my opinion.

Let's remember that it is a jungle out there and the animals in this jungle do not play fair and by the rules.

© 2010

AVG Link Scanner seen as Spam

AVG Link Scanner seen as Spam by Facebook

by Michael Smith (Veshengro)

The part of the AVG Link Scanner that check links going into Facebook and puts a message there stating that the link has been checked and thus safe, is seen, suddenly, by Facebook as Spam.

Messages with links or links attempted to be sent to Facebook with the link scanner active will not be allowed. Unless Link Scanner's part for Facebook and MySpace is deactivated posts with any links are impossible to be posted to Facebook.

That, at least, was the state of play on Friday, October 22, 2010.

Therefore I advise users experiencing this problem to go into the Link Scanner part of AVG and remove the tick from the box that says “Add 'Secured by Link Scanner' to any sent Facebook...”

You will have to click on the link that says “Tools and advanced settings...” to get to that area where you can disable that function. Do not uncheck any of the other boxes on that page. Only the 'Secured by Link Scanner' box needs unchecking.

I hope that this helps those that may be experiencing problems. It worked for me.

© 2010

Infosecurity Europe says industry ready to meet cyber-attacks challenge identified in Spending Review

Infosecurity Europe says IT industry is ready to meet the challenge of terrorism and cyber-attacks identified as major threat to UK PLC

Responding to the government's newly-unveiled security strategy, the organisers of the InfoSecurity Europe event, held each spring in the UK, says that the UK's IT industry is ready to take on the challenges that the new decade of cybercrime will create. Infosecurity Europe's will be held at Earls Court, London 19-21 April 2011 www.infosec.co.uk

Claire Sellick, Infosecurity Europe's Event Director, said that the current - and ongoing - convergence of technologies in the IT sector means that business life can be made significantly easier, with information available on a 24-7 basis, even when out and about, using a mobile Internet-enabled device.

"Even without access to a laptop and mobile broadband dongle, business professionals can still hold a lot of computing power in the palm of their hand, in the shape of a smartphone. But just as these mobile Internet-enabled devices are threatened by cyber-crminals, our research suggests that, with the right technology in place, the Internet users of UK PLC are more than ready for the security threats that hackers and criminals throw at them," she said.

"The government has committed half a billion pounds to help defend the UK national infrastructure which, when viewed against a backdrop of budget cuts elsewhere in Whitehall, is a very positive move, for which the cross-party review team are to be applauded," she added.

According to Sellick, the conclusions of the cross-party Strategic Defence Review lays the foundations for a new period of UK defences, with the battle lines of the future being drawn in both the traditional physical landscape, as well as the equally important cyber landscape.

We are seeing, she said, a growing number of terrorists that eschew their traditional tools for the electronic weaponry that the Internet now offers them.

The UK IT security industry, she explained, has been supplying its clients with the latest computer defences for several years, creating an electronic ring of steel around business IT systems that few people truly understand, and even fewer can attack effectively.

"The rapid pace of electronic hackery and espionage, however, is such that crackers will develop new attacks and methodologies that can be employed for fraudulent, and well as terrorist means," she said.

"We're confident that, with the latest technology at their fingertips, today's British businesses can better defend themselves against the coming wave of security threats," she added.

For more on the government's national security strategy: http://bit.ly/aByYrL

Infosecurity Europe, celebrating 16 years at the heart of the industry in 2011, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of five Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 19th 21st April 2011, in Earls Court, London. For further information please visit www.infosec.co.uk

For more on the Infosecurity Europe show: www.infosec.co.uk

Idappcom welcomes government's revitalised cybersecurity strategy; calls for greater private/public co-operation

London, October 2010 - Responding to the UK defence review, which builds on the government's new security strategy, which was announced yesterday, Idappcom, the data traffic analysis and security specialist, says it welcomes the pragmatic approach the coalition government is taking on all aspects of security.

According to Ray Bryant, Idappcom's CEO, it is reassuring to hear that the government now classes a hostile Internet attack on the UK's IT infrastructure in the same `tier 1' security category as an act of international terrorism.

"For too long, governments have focused on physical disasters - and potential disasters - such as a major accident or a natural hazard such as serious flu outbreak, in their assessment of serious threats against the integrity of the UK," he said.

"It's therefore reassuring that, with Monday's security strategy announcement, and today's defence review, the government is demonstrating that it truly understands the importance of cybersecurity defences, as well as joined-up thinking on how this integrates with our national security," he added.

Idappcom's CEO went on to say that the defence cutbacks, whilst painful in some areas, will free up funding to allow the armed forces to lay the foundations of an effective UK cybersecurity defence strategy.

As private industry - especially in the IT industry - has demonstrated over the last few years, it is perfectly possible to meet the needs of implementing a good IT security strategy whilst at the same time cutting costs to meet budgetary constraints, he explained.

"And it's against this backdrop that we would encourage small companies to form partnerships with the government when it comes to developing an effective cybersecurity strategy, as the lessons being learned in the private sector can also be applied to the public sector," he said.

"It is to be hoped that the private sector can work with the public sector in better defending UK PLC's digital assets against all forms of cyberterrorism and - along the way - helping each other in achieving the budget savings that are clearly required," he added.

"Our observations are that, in order to weather the current economic storm, small companies need to form partnerships with the government, including the Ministry of Defence, as there is so much that both sides of the public/private sector divide can learn from each other."

For more on the UK's cybersecurity strategy: http://bbc.in/9ilqH8

For more on idappcom: www.idappcom.com

Trusteer Secure Browsing Service for Enterprises Protects Against Man in the Browser Attacks

New Offering Secures Sensitive Enterprise Applications Accessed from Remote and Unmanaged Computers

NEW YORK, Oct. 19, 2010 – Trusteer, the leading provider of secure browsing services, today announced the Trusteer Secure Browsing Service for Enterprises which protects enterprises against Man in the Browser attacks launched from malware controlled computers used by mobile employees, tele-workers and contractors. The Trusteer Secure Browsing Service creates a virtual firewall within the browser that blocks malware from entering or using the browser during a connection to enterprise applications. It is based on technology currently deployed by more than 70 financial institutions around the globe and more than 13 million online banking customers.  

Cyber criminals are targeting enterprises to steal intellectual property, log-in credentials, financial data and other sensitive information that resides inside corporate networks or in web applications. Targeted attacks, like the recent LinkedIn email phishing campaign, and search engine optimization techniques are being used to install sophisticated malware such as Zeus, Bugat, and Clampi on unmanaged computers that operate outside corporate networks. These malware programs conceal themselves inside the browser and are virtually invisible to anti-virus solutions. When infected unmanaged computers access enterprise resources via VPN connections and web portals the malware is able to elude perimeter security mechanisms like networks access control (NAC) systems to capture sensitive information and transmit it back to the criminals.

A Secure Browser Tunnel into the Enterprise

To protect browser-based access to enterprise IT resources located behind the firewall or in the cloud, Trusteer’s lightweight software based service creates a virtual firewall inside the user’s computer that prevents malware from entering or using the browser during a connection with enterprise applications. The Trusteer Secure Browsing Service for Enterprises blocks Man in the Browser attacks and locks down all communication with the enterprise, including VPN and cloud service connections, to protect against eavesdropping and tampering. The service is also capable of detecting, reporting on, and removing elusive Trojans such as Zeus, Bugat, Clampi and Gozi, before a machine can connect to enterprise applications. The service is supported by Trusteer’s 24x7 malware investigation service.

For ease-of-use, the Trusteer Secure Browsing Service for Enterprises remains transparent and is automatically activated without user intervention when a machine connects to enterprise applications. A management console enables IT departments to centrally set and enforce security policies on target machines including unmanaged devices belonging to employees, contractors, and partners, as well as computers with a high-risk profile. 

“The browser has emerged as the weakest link in the enterprise security infrastructure and is being exploited by malware authors and criminals to steal login credentials and plant Trojans in order to break into IT systems undetected,” said Mickey Boodaei, CEO of Trusteer.  “Meanwhile, the growing demand for mobility is challenging IT security’s ability to secure the network from breaches that originate on compromised trusted devices. The Trusteer Secure Browsing Service for Enterprises is a proven solution that reduces the risk of Man in the Browser attacks and can be easily deployed without any impact on users.”

Pricing and Availability

The Trusteer Secure Browser Service for Enterprises is available immediately from Trusteer. Pricing starts at US $25 per user.

About Trusteer

            Trusteer, the world’s leading provider of secure browsing services, helps secure computers against Man in the Middle, Man in the Browser, and Phishing attacks. Trusteer’s Secure Browsing Service has been available since 2008 and is currently used by more than 70 leading financial organizations in North America and Europe and by more than 13 million of their customers to protect their online banking communication against sophisticated malware attacks and fraud. HSBC, Santander, The Royal Bank of Scotland, SunTrust, Fifth Third, ING DIRECT, and Bank of Montreal are just a few of the banks using Trusteer’s technology. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com.

Spource: Eskenzi PR Ltd.

Trusteer Reports Hackers Improve Zeus Trojan to Retain Leadership in Crimeware Race

Version 2.1 of Leading Online Fraud Platform Evolves to Stay Ahead of the Financial Malware Pack

NEW YORK, Oct. 20, 2010 Trusteer, the leading provider of secure browsing services, today reported that it has captured and analyzed a new version (2.1) of the Zeus financial malware and found that it has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Zeus is under the spotlight of security vendors, banks, and law enforcement, which forces its developers to continually improve it to avoid losing business to competing malware like Bugat, Clampi, and SpyEye. Just like commercial application developers, the creators of Zeus run an R&D programme to ensure it can avoid detection and side-step the growing number of IT security mechanisms designed to detect, block and eliminate it.

New capabilities in Zeus 2.1 include:

· URL matching based on a full implementation of the Perl Compatible Regular Expressions (PCRE) library. This allows much more flexibility for Zeus's configuration to define targets. For example, Zeus can now target all URLs that start with “https” and then zero in on those that contain specific digits and keywords. Earlier Zeus versions had a primitive regular expression implementation which provided very little flexibility in specifying target URLs.

· The injection mechanism (Zeus’s main “work horse”) now uses sophisticated regular expressions based on PCRE as well, which helps avoid detection.  It can target individual web pages with elaborate injections, while not injecting into other pages.  This surgical injection method creates more convincing pages and can target more banks using a single attack. 

· Zeus now has a fine-grained "grabbing" mechanism, again based on PCRE, which can extract very specific areas of the page (e.g. the account balance) and report them to the C&C host. The grab mechanism provides an efficient way of collecting user data (such as account balance), as opposed to the cumbersome and wasteful way (supported by earlier Zeus variants) of having to copy the full page.

· As other researchers have already pointed out Zeus 2.1 completely changed the way it communicated with its Command &Control (C&C) servers with a daily list of hundreds of C&C hostnames, through which it cycles trying to find a live one which is a considerable improvement over the previous scheme.

· Zeus has added a 1024-bit RSA public key, which will probably be used for one-way encryption of data and authenticating the C&C server to Zeus clients.

“Since the Trusteer Secure Browsing software is installed on the PCs of millions of bank customers, automatically classifying, blocking, analyzing, and removing financial malware such as Zeus, our researchers can see enhanced attack vectors in real time,” said Mickey Boodaei, CEO of Trusteer.  “The improvements are similar to those seen in commercial software, but instead of enhancements being released on a monthly or annual basis, the timescales are now being compressed to just days and weeks, largely because of the immense fraudulent revenues involved. While commercial software needs to undergo extensive quality assurance processes before being released, Zeus has the luxury of pushing rapid updates without worrying too much about software quality.”

Previous malware has risen in popularity, then been tweaked and then faded away, the enhancements in Zeus - which is currently into version 2.1 - show no signs of abating, largely because of the modular coding structure of Zeus.  The modular approach, for example means that exploit hacks can be used to enhance the ability of Zeus to stage a real-time bank access attack, and so greatly extend its useful lifetime to the cybercriminals. As with any commercial application, software product maintenance and support are two of the more important reasons why users buy and use products, and Zeus has proven over the last three years that it does both very well for the cybercriminals.

The Zeus developers keep releasing new features - such as a highly granular browser injection facility - that allow them to stay one step ahead of the IT security community, as well as fixing bugs and other issues in previous versions.  This level of commitment attracts the fraudsters' business and maintains interest in the Trojan amongst security vendors, banks and law enforcement officials. And this in turn re-enforces the security circle, with hacker coders constantly tweaking and improving the malware as time goes on.

"The big question is how long can Zeus stay in pole position in the malware fraud charts? Our researchers suggest that, given its ability to be morphed and enhanced, it's going to be some while yet before other malware gets a look in at the top spot.  And this means that hackers have a vested interest to keep Zeus ahead of the game as far as its ability to defraud, forcing them to improve and increase their effort all the time to avoid losing the cybercriminal's business," Boodaei said.

IT security teams trying to defend against Zeus should:

1. Recognize that antivirus technology is only partially effective against modern malware such as Zeus, Bugat, and SpyEye. Many of these fly under the radar of antivirus solutions while targeting employees and stealing sensitive corporate information. This version of Zeus is extremely elusive and is virtually undetectable by antivirus products.

2. Recognize that the browser has emerged as the weakest link in the enterprise security infrastructure and is being exploited by malware authors and criminals to infect computers and steal sensitive information.

3. Protect employees, contractors, and unmanaged computers with secure browsing services, which can detect, block, and remove browser-borne malware from computers.

4. Put in place technology and processes that enable effective, and instant investigation of malware-related fraud incidents.

Trusteer, the world’s leading provider of secure browsing services, helps secure computers against Man in the Middle, Man in the Browser, and Phishing attacks. Trusteer’s Secure Browsing Service has been available since 2008 and is currently used by more than 70 leading financial organizations in North America and Europe and by more than 13 million of their customers to protect their online banking communication against sophisticated malware attacks and fraud. Trusteer’s Secure Browsing Service is also used by fortune 100 enterprises to protect unmanaged computers entering their network. HSBC, Santander, The Royal Bank of Scotland, Standard Bank, and ING DIRECT are just a few of the banks using Trusteer’s technology. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com.

Source: Eskenzi PR Ltd.

BitDefender releases free removal tool for Carberp Trojan

Standalone utility available for free download on MalwareCity.com to protect against growing threat from potent banking Trojan

BitDefender®, an award winning provider of innovative internet security solutions, has announced a free removal tool targeting the Trojan.Downloader.Carberp.A. Building on the technologies implemented in Zeus and Brazilian Bankers, Trojan.Downloader.Carberp.A has rapidly obtained its place among a rather exclusive club of banking Trojans. It is designed to intercept, manipulate and steal confidential information that a user might send or receive over the internet.

Trojan.Downloader.Carberp.A snatches details from websites that require log-in sessions over a SSL connection such as online banking services and e-mail providers. Apart from keeping an eye on every service that is important enough to force SSL authentication, Trojan.Downloader.Carberp.A is also instructed to monitor a list of websites containing several e-banking portals.

“Once executed on a computer, Trojan.Downloader.Carberp.A creates a couple of temporary files in the %temp% folder, then copies itself to the Windows Startup folder in order to self implement after every boot or restart,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab. “This approach may seem basic compared to other families of malware that add startup entries to the Registry, however, it is this depreciation that allows Trojan.Downloader.Carberp.A to execute itself on newer operating systems, or to run on users’ accounts that do not have administrative privileges.”

Right after infection, the downloader connects to a C&C server, from which it will download an encrypted configuration file, along with additional fire-power such as plug-ins. This allows Trojan.Downloader.Carberp.A to intercept internet traffic and to kill whatever antivirus it may find on the recently infected computer. It then sends the C&C server a unique ID and uploads a list of currently running processes via a GET request.

After it has successfully copied itself in the startup folder as either syscron.exe or chkntfs.exe, Trojan.Downloader.Carberp.A hides its presence by using function hooks in ntdll.dll in order to intercept any calls to NtQueryDirectoryFile and ZwQueryDirectoryFile. This means the user cannot see its files when using Windows® Explorer® or the command-line dir query.

Cosoi continues, “Every time a user logs in using SSL-based authentication to gain access to online banking, e-mail and social network accounts Trojan.Downloader.Carberp.A steals their details, before they are encrypted, and sends them to its C&C server over HTTP. By the time the log in request reaches the bank the credentials will already have fallen into the hands of the attackers.”

Trojan.Downloader.Carberp.A also targets certain banks in Germany, Denmark, the Netherlands, America and Israel following precise instructions that it receives from the C&C server along with configuration instructions. This sophisticated approach provides a lucrative financial tool designed to steal money from online service customers and SMBs. Trojan.Downloader.Carberp.A is also able to install without administrator privileges, attack systems that run the latest versions of OSs and doesn’t make any changes in the Registry or in critical areas of the operating system.

BitDefender customers have been protected since day zero via generic packer routines already included in the signature database. For those not protected by a BitDefender product, a free removal tool can be downloaded from the Downloads section of MalwareCity.com. For a full list of BitDefender 2011 features and benefits by product, visit www.bitdefender.co.uk or follow BitDefender on Twitter for daily malware alerts.

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe - giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware. www.bitdefender.co.uk

Source: Media Safari

Nuclear secrets revealed after unencrypted USB stick found in Cumbria hotel room

Just when you thought it was safe to go back into the water… (Ed)

18th October 2010 - Reports are coming in that an unencrypted USB stick - apparently containing details on the Sellafield nuclear site's operations - was found by a coach driver in a Cumbria hotel room.

And, says Credant Technologies, the endpoint data security specialist, it seems that the USB stick contained details of the nuclear firm's proposed workforce transfer from its Capenhurst operation in Cheshire to uranium specialist Urenco.one.

"This fact alone is manna from heaven to enemies of the UK, especially since the data on the USB stick suggested that International Atomic Energy technicians visiting the site were not sufficiently up to speed," said Sean Glynn, Credant's vice president and chief marketing officer.

“While the convenience of USB sticks make them an important tool for any business, you don’t have to be a nuclear scientist to know that the data carried on these devices must be protected,”he added.

Corporate USB sticks, says Glynn, should always include encryption and other forms of security as a basic requirement because - as this incident clearly shows - unencrypted data can, and does, fall into the wrong hands.

And in the case of Sellafield - the former Windscale nuclear material processing and handling site - he added that the data on the USB stick falls firmly into the kind of information which has national security implications, especially with the UK currently being on heightened terrorist alert (http://bit.ly/aMhIQI).

The discovery of this data on a USB stick in a hotel room, says the Credant vice president, is the kind of plot that would do justice to a John Le Carre thriller novel, rather than real-life hotel in deepest Cumbria.

"But here we have a coach driver making a discovery that has serious national security overtones. That technicians and other employees at Sellafield are using USB sticks to store and move sensitive data is not really a surprise in today’s world, but that there are not policies and procedures in place to encrypt or otherwise protect the data on those devices is a real concern,” he said.

"As the coach driver is quoted as saying in the local press, what if the USB stick had fallen into the hands of terrorists, or contained top secret information?" he added.

"Sellafield has done the right thing in launching an investigation, but this is a potentially serious breach of data security on several levels, with national security overtones. Sellafield needs to look very carefully at its data security policies, and the technology that enforces those policies."

For more on the Sellafield USB stick fiasco: http://bit.ly/9RY97A

For more on Credant Technologies: www.credant.com

Source: Eskenzi PR

Microsoft criticizes its competition OpenOffice.org on YouTube

by Michael Smith (Veshengro)

Epsom, UK, 10/15/2010: Some days ago Microsoft's Office Division made public on YouTube a video in which they list one supposed disadvantage of OpenOffice.org after the other.

They claim that Oracle's free office product, OpenOffice.org, is incompatible, insecure and slow and that it would be no alternative for firms and other businesses to the Microsoft Office-Suite.

In this video Microsoft's Office Division claims the free office OpenOffice.org to be entirely incompatible, insecure and way too slow. For the professional use in businesses they claim that the free Open-Source solution is entirely useless, as, because of the lack of support and the unreliability high additional costs would arise.

In the three-minute long film selected representatives of a variety of companies are cited who, so it is claimed, after the installation of OpenOffice were forced, because of disappointment, to switch over to the to be paid for Microsoft Office software.

Mostly mention is made of so supposed additional costs which are supposedly caused by the implementation of Open Source software solutions.

“First we used Open Office, based upon Linux systems, in order to save money. We found soon, however, that the exorbitant costs and the extremely limited available support, left us worse off than before,” claims, for example, James Fleminf, of the American company “Speedy Hire”.

An estimated 25% extra time would be needed in order to install and maintain Open Office based systems, claimed David Sterling, IT manager of Central Scotland Police. Even a teacher is quoted as saying that pupils who handed in a document converted with OpenOffice.org for grading and who, as a result, and how could it be different, received worse grades. With use of Microsoft Word or Excel this could and would not have happened, they claim.

After the video had been put up on YouTube and the first critics had countered the claims made as not being objective enough it was removed from YouTube. In the meantime, however, Microsoft has put it back up, in, so I understand, the same way as it was before.

Having been using OpenOffice.org for years now I can but say that I find it easier to use than MS Word (and other MS Office products) and there is absolutely no compatibility issue. In fact all documents convert to OpenOffice.org without any problems whatsoever, whether MS Word, Excel, or PowerPoint. Just a shame that MS often does not allow for proper back-conversion.

It is also a shame that the likes of Avery and others still only make their templates available for MS Word and not OpenOffice.org though many Microsoft templates do, in fact, convert.

I must say that I have serious misgivings as to the reliability of the quotes in the video as, for instance, many local governments and police authorities on mainland Europe work in OpenOffice.org on Windows and on Linux-based Operating Systems.

The claim about security issues with OpenOffice.org and its files is absolutely laughable. Microsoft would do well to clean up in front of their own door before talking about other people's products.

Then again, those tactics and antics of the Redmond-based company do not surprise me at all. It is the same story when it comes to talking about Open-Source Operating Systems as when it comes to OpenOffice and, indeed, other Open-Source software.

Microsoft is running scared that it could be losing customers, especially in the still ongoing Great Recession.

While it is true that not all the keyboard shortcuts on OpenOffice are the same as on MS Word, for instance, it does not take much to get used to them and the interface is not much different to MS Office, even Office 2007.

Folks, don't allow yourselves to be scared off by the bullies out of Redmond. Rather give the a good run for their money while not wasting yours.

OpenOffice.org is compatible and secure and fast and I use it every day.

© 2010

BitDefender releases Stuxnet Removal Tool

Standalone utility available for free download on MalwareCity.com

BitDefender®, an award winning provider of innovative internet security solutions, has today released a free removal tool targeting the Win32.Worm.Stuxnet. Available for free download on MalwareCity.com, the tool is capable of removing all known variants of the computer worm plus the rootkit drivers that are used to conceal critical components of it.

Win32.Worm.Stuxnet is part of a new breed of e-threats that emerged around mid-July. It infects all Windows-based systems but primarily targets supervisory control and data acquisition (SCADA) systems that run the Siemens WinCC software. It spreads by taking advantage of a multitude of 0-day exploits in the current versions of Windows.

The worm can execute itself from an infected removable medium as soon as the .lnk file on the drive has been read by the operating system. Successful exploitation of this vulnerability results in the injection of a backdoor, as well as the installation of two rootkits that will conceal both the .lnk files and the accompanying .tmp files.

“BitDefender added generic detection covering all variants of Stuxnet on July 19th so we have been protecting our customers since day zero,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab. “However, as part of our constant efforts to help users worldwide in their fight against e-threats, we have also created a Stuxnet Removal Tool. Therefore, users who are not protected by a BitDefender security solution can now also eliminate Stuxnet from their infected systems. The tool can be run on both 32 and 64-bit installations and it will eliminate both the rootkit drivers and the worm.”

The Stuxnet Removal Tool can be downloaded from the Removal Tools section of www.malwarecity.com, a BitDefender initiative for the software security community and a free resource for those interested in their online security.

For a full list of BitDefender 2011 features and benefits by product, please visit www.bitdefender.co.uk or follow BitDefender on Twitter for daily malware alerts.

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe - giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware. www.bitdefender.co.uk

<>

Gathering Clouds: Transferring Data Outside the UK

by Michael Smith (Veshengro)

While data protection is standardised to a large degree in the European Economic Area (EEA) and transfers within the EEA raise no issues, in general, transfers to most other jurisdictions, notably here the USA, may raise complex legal issues, and also privacy issues.

The 8th principle of the Data Protection Act 1988 ('DPA') stipulates that personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The USA does not seem to do that and too many of its alphabet agencies like to lay their hands on data from the UK, for instance.

However, in a global, increasingly cloud-based economy, data transfers between the EEA and the USA and other countries are inevitable. Thus, mechanisms have been developed to accommodate this. First there are the 'Safe Harbor' rules to which US companies may sign up agreeing to be bound by rules akin to those set out in the DPA. There are also Binding Corporate Rules ('BCR') and Model Contractual Rules ('MCR') that can be invoked to address the problem. BCR are a set of inter-company rules reflecting the 8 DPA principles. These are only valid for data transfers from EEA companies to their non-EEA affiliates. The European Commission has approved MCR which comprise model contractual clauses that can be implemented into contracts for data transfers from EEA companies to unaffiliated non-EEA companies.

The DPA distinguishes between a Data Controller is a person who alone, jointly or in common with others determines the purposes for which and the manner in which any personal data are processed and is responsible for ensuring compliance with the provisions of the DPA. Where Data Controllers have external contractors process data on their behalf, the latter are known as "Data Processors". But the Data Controller nevertheless remains responsible for the actions of the Data Processors.

Where an EU Data Controller sends personal data to a non-EEA Data Processor, the MCR can be invoked. In today's cloud-based environment, data may pass through numerous different processors and countries. It is not realistic to expect the Data Controller to monitor each such transfer so it has been deemed sufficient for the non-EEA Data Processor to obtain the consent of the EU Data Controller prior to entering into an agreement to send personal data to a sub-processor and for the Data Processor to enter into an agreement with sub-processors to process and handle the data in accordance with EU data protection law.

Binding rules or not knowing the interest of the agencies in the United States it will have to said that data transfer, especially data such as medical records, and other government records of residents of the UK and EU member states, to clouds based in the USA will not be a good idea at all.

While it is said that this and that rule is in place and that American companies sign up to those the fact is that should their agencies demand data they will (have to) hand it over.

We must remember that the jurisdiction of the country in which the servers are based applies and not the jurisdiction of any of the EU member states, such as the United Kingdom.

With any such data, especially sensitive personal data, based in the cloud on servers in the USA (or elsewhere) we can all kiss the notion of privacy goodbye and we should resist and work to prevent any government data being sent from our country to a foreign one.

© 2010

Criminals behind Zeus Trojan are failing to cover their tracks

Reports that the Metropolitan Police's e-crime unit have arrested 19 people in connection with the notorious Zeus Trojan malware - show that some of the criminal groups behind Zeus are failing to cover their tracks according to Mickey Boodaei, CEO of Trusteer, the Secure Browsing Service specialist.

“The arrests shows that some of the criminal groups behind Zeus are doing a poor job in covering their tracks,” said Mickey Boodaei, Trusteer's CEO “This provides an excellent opportunity for the police, the banks, and their customers to join together and get more criminals behinds bars. The police did a great job in tracing down this group and gathering information that can facilitate their arrest. This is not a simple task and I've heard many people saying that this is almost impossible due to the level of sophistication from criminals and the complication of the justice system. However, this case and a few others that precede it show that this can be achieved.”

In a recent initiative by Trusteer and a few other organizations, we were able to actually penetrate the criminals' servers and gather a lot of evidence from them. This shows that criminals are vulnerable.

“By running more operations like this and by the banks and other organizations investing effort in tracing fraudsters and not just blocking their activities, there is a good chance we can lower the volumes of attacks. Customers can take their banks' advice and implement fraud prevention tools that provide valuable capabilities to banks in detecting and blocking these threats. By working together we can definitely stop this threat from growing.” Boodaei said.

Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its array of services. Trusteer enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers’ machines. It also prevents phishing by validating site authenticity. Trusteer also allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer’s solutions are used by more than 70 leading financial organizations in North America and Europe and by more than 12 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com.

Source: Eskenzi PR

360ºIT, The IT Infrastructure Event: A flop?

by Michael Smith (Veshengro)

Epsom, UK, October 2010: Recently we saw the first ever 360ºIT show which was launched with huge fanfare after the last Storage Expo, growing out of the aforementioned event, and was touted to be the biggest show of its kind, at least in the UK.

Why do I sound so disappointed, you may ask? The truth is that I am and that the event did not, and not just by a margin, live up to the hype. The great hype came to absolutely nothing.

The show moved from the National Hall at Olympia to Earls Court One, a much bigger venue, and was going to be so much bigger than at its former home of the National Hall.

The 360ºIT show was going to be the be all and end all of all IT exhibitions in the UK.

Alas, nothing could be further from the truth.

The show may have taken up around an eighth to a quarter, if I want to be generous, of the entire Earls Court One exhibition center's floor. It was empty, and when I say here empty then I mean just that.

Very little was happening on the day that I was visiting and there were not even half the vendors present that had been at Storage Expo last year.

The recession, which the powers-that-be claim to be well behind us, might be a factor in this, a major player even, but I think that there may be much more to it.

There is only one way to make it a proper all-in IT event and that is when we incorporate everything bar information security in one and bring back the manufacturers of hardware, as in laptops, PCs, and other devices also.

In Britain there is no such show at this time and who can afford to travel to CeBIT in Germany, especially in the economic and the environmental climate of today.

Bringing an IT event back to the UK that would encompass all aspects of ICT is, in my opinion, and also that of many of the vendors that I spoke to on the floor, the only way to revitalize such a show and the industry. The venue certainly would be big enough for it.

Unless we see a miracle happening in 2011 with this event I predict it to have a very short lifespan.

It would be possible to counteract that but only by enlarging the remit and bringing in makers and vendors of computers per se, of peripherals, and the rest, in. I see no future there otherwise.

© 2010

Too much data can mean insecure data storage is the result

Data exists in many forms in most organisations and, as IT managers find to their annoyance when they start trying to archive that data in a coherent manner, its sheer volume can often be overwhelming.

This should not be that much of a surprise, however, as research firm IDC has identified that as much as 80 per cent of a firm's data is stored on shared network storage facilities.

The problem facing IT managers when looking to store this data is the duplication involved and it is for this reason that a growing number of storage vendors now offer de-duplication facilities before the data is actually archived.

The problem facing the public sector is that this information comes in a variety of guises: patient records within the Health Sector; benefit applications within Social Services, right up to draft government policies in Downing Street.

These various forms, documents, emails, conference call recordings and draft legislation are unquestionably vital in the day to day running of these departments yet are routinely stored as file data (the 80% we talked about) and left to fend for itself on the network.

It is desirable by malicious insiders and external hackers who recognise its worth, even if you currently don’t. Imagine if an outsider accessed these files the damage they could do with this sensitive information and also the damage that would be caused to the reputation of the department involved! Many organisations protect their databases but fail to afford their unstructured data the same protection - is yours one of them?

In case you need evidence that this isn't pure fabrication but does actually happen in the real world, the case is still ongoing against former MI6 worker, Daniel Houghton, who pleaded guilty to stealing top secret material but also claimed he made copies of the electronic files and attempted to sell them for #2 million to Dutch intelligence agents. Documents containing details of secret information gathering software Houghton devised and is thought to have copied are still missing. Also this month the US Military confirmed that more than 90,000 classified military documents had been copied including battlefield and intelligence reports - one of the biggest leaks in US history.

Regulators are increasingly concerned of the potential damage sensitive information contained in files can cause in the wrong hands and are creating and enforcing data security requirements for unstructured data. Compliance can be expensive and it's not optional.

Take HIPAA (Health Insurance Portability and Accountability Act), for example, the US Department of Health & Human Services' (HHS) Office for Civil Rights (OCR) recently announced significant proposed changes to the act including compulsory breach notification expected to become law later this year - not a cheap exercise just contacting everyone involved let alone the knock on effect to public confidence. A little closer to home lapse security policies and procedures could result in a breach of the Data Protection Act and could incur a financial penalty of up to #500K from the ICO (Information Commissioners Office).

So, hopefully now you recognise the importance of protecting your unstructured data, the question you need to answer is where is all this valuable file data coming from? Here's a quick checklist of sources to consider as you survey your own file data landscape, as well as thoughts on protecting these files:

Applications and Databases

Whether your applications and databases are running in-house or in the cloud, mid-level managers are probably using them to export interesting data for analysis, reporting, presentations and other legitimate activities. The US military breach mentioned above is one very public example of the damage that can be caused, and the far reaching consequences when spreadsheets, documents and presentations containing exported information are stored on shared file systems for enhanced communications and collaboration, poses a credible data security risk that needs to be mitigated. For other government departments that data may include credit card information, an individuals details or medical records could add compliance requirements such as HIPAA, SOX, PCI and/or Data Protection (DPA) to the list.

Intellectual works

Copious amounts of file data never experiences the safe confines of a database or an application, instead it goes straight from the mind of knowledge workers into a file stored somewhere on the network. Software source code is an obvious example, as are legal documents, draft policies, employment records and various research projects. These files often contain intellectual property and a wealth of information and rich detail about opportunities, partnerships, business operations, future plans and strategic advantage. Sharing this information on file servers and network attached storage devices can be critical for mobilising your company and uniting distributed project teams, but it’s just as critical to ensure that the data is protected from intentional or even inadvertent harm.

Application communication and storage

When applications need to communicate with each other, but don’t speak a common language, using intermediate files on a shared file system can serve as a form of enterprise application integration. For example, a doctor’s surgery with a legacy application running on a mainframe, and another medical department application running on Microsoft servers, can use files on a shared file server or NAS device to exchange information between the disparate systems. While only the applications should have access to those shared files, it’s highly likely that the file servers or NAS devices where the files are stored are accessible by many users. So, care has to be taken to safeguard access and prevent sensitive data from being compromised.

An even more basic, and more common, use of shared file systems by applications is when applications simply store their output or intermediate results in files. Applications can generate a lot of file data, and once this application-generated file data exists on shared storage, it needs to be protected against excessive access.

Digital media

No, were not talking about employees who store their movies and music on your enterprise file servers. Instead, think: digital recordings of calls between departments and external teams, video from security cameras, and even training and education materials such as podcasts and videos. Media files can be large, and when they are generated through ongoing business operations like contact centre recordings and surveillance videos ½ there can be a lot of them. If, for example, your department is processing pharmacy refills or purchases made with credit cards, your media files are governed by regulations such as HIPAA and PCI, and must be protected. Similarly, you will want to make sure only those with a need-to-know can access your surveillance video.

Informal business processes

Files are sometimes just more practical, functional or convenient than formal systems. For example, despite the widespread deployment of contact centre software, your representatives may keep documents or spreadsheets to track ongoing cases, details that don’t fit in standard forms, or other information they want to have readily at-hand. These types of informal process files are often stored on shared file systems so that teams can communicate across work shifts and geographies. While these files facilitate more efficient business, they can expose sensitive or regulated data to too many users, depending on the nature of your business.

Conclusion

From this it can seen that a shared file data on a typical IT resource can be generated by a number of different people and departments, whose business functions can be almost as diverse as the data they create.

The problem facing management, however, is how to manage that data on a cost-effective basis, and without impacting the overall security of the data concerned.

The task of effective - and secure - data storage is made more difficult by rising worries about rogue members of staff who, for various reasons, are prepared to break the security of their employers, and leak data to a third party.

Whether this is for altruistic or mercenary reasons is actually irrelevant, as the end result is still the same - an infringement of the Data Protection Act.

Bottom line? IT managers need to understand the role that data plays in their organisation, before they plan their data handling strategies.

Imperva is the global leader in data security. With more than 1,300 direct customers and 25,000 cloud customers, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems. For more information, visit www.imperva.com, follow us on Twitter or visit our blog.

Source: Eskenzi PR