Beware of Malicious Twitter trends

by Michael Smith (Veshengro)

Denis, of Kaspersky Labs, in Moscow, wrote on December 1, 2010 that after seeing the Aurora from Moscow he decided to write about it on Twitter and then decided to search for “северное сияние” (Aurora in Russian) to see if others have noticed it too.

He then saw a number of tweets from people in Moscow who also had seen the Aurora. He then noticed "Morgan Freeman" listed in the Twitter Trends.

Thinking that something had happened to him Denis checked the tag and found a number of suspicious messages. After checking the URL he found they were malicious – a new attack being carried through Twitter at that very moment, live.

Further investigation revealed several trending topics –‘Morgan Freeman’, ‘Advent Calendar’, ‘Pastor Maldonado’, ‘Toivonen’, ‘Grinch’ and ‘Hannukah’ – with various messages with the shortened URLs. Various shortening services were used: tinyurl.com, urlcut.com, bit.ly, doiop.com, tiny.cc, alturl.com, shortlinks.co.uk, yep.it – all pointing to malicious websites.

All these links lead to br********.com/about.html which will redirect user to bestivideos****.it. Then user will be redirected to myb****.com/flash/ where user will see the following ‘offer’:

Twittermalwarethreat This ‘codec’ is actually malicious and detected by Kaspersky Lab as Trojan-Dropper.Win32.Drooptroop.ipl.

Be careful with twitter trends because popular topics could always lead to malicious messages!

It would very much appear that shortened URLs are being used to offload malware on unsuspecting users of Twitter (and other social media sites) and, maybe, a way must be found to preview the links, as full URLs, so that users can see where the link actually sends them to.

Byt.ly and tinyurl.com will, in TweetDeck always, it would appear, present a box where the real URL is shown.

If you are using Firefox then by hovering over the link the full URL is being shown and it should become practice for all of us to use browsers such like that and protection plug-ins and ensure that we see the proper web address before we click on any link.

Cyber criminals have been using the hunger of people for news about this or that for some time already and emails were being sent about before with messages about the war in Afghanistan, supposed earthquakes, and other disasters. Or messages that this or that celebrity had appeared nude, etc.

The desire by users to be the first to learn about such issues tend to be their downfall and they end up getting trapped and it proves, time and again, that computer users must become much more savvy and by now, one would have hoped, that that would be the case already. Alas, however, it is not.

It is the same with people who believe that their anti-virus software makes their computer slow and that by disabling or even uninstalling it they would have a faster computer. That is as dangerous as removing a child stair gate just because we have to step over it.

Cyberspace is a dangerous place, unfortunately, and we need to keep out wits about us when venturing there. That does not mean that we should abandon it. Just using proper commonsense and care, plus some good protection software, a safe browser and not opening links in emails that we are not sure about, and especially NOT in any unsolicited emails.

Be careful, its a jungle out there.

© 2010

PRIVILEGE GUARD NAMED "BEST SECURITY PRODUCT 2010"

AVECTO PRIVILEGE GUARD NameD “BesT SecURITY PRODUCT 2010” BY WINDOWS IT PRO MAGAZINE

December 23rd , 2010,  North Andover, MA and Manchester, UK: Avecto Ltd, the leader in Windows privilege management, today announced that its Privilege Guard 2.6 was named as a GOLD medal winner of the “2010 Editor’s Best Awards” in the ‘Best Security Product’ by Penton Media’s Windows IT Pro® magazine.

“The 2010 Editors’ Best Awards—presented in conjunction with our 2010 Community Choice Awards—are a recognition of our editors’, contributors’, and authors’ favorite products of the year,” said Jason Bovberg, senior editor at Windows IT Pro. “Our editorial experts' annual tradition of selecting winners based on a product’s strategic importance to market, its competitive advantages, and its value to the customer is particularly significant to the Windows IT Pro and SQL Server Magazine communities this year, as we call out exceptional products in an economically tight, highly competitive market.

“Our Editors’ Best Awards let us leverage our contributing editors’ expertise to provide well-earned recognition to products that exceed industry standards. This year, we’ve even added valuable, in-the-trenches insight about winning products from our reader community. We're proud to now share this invaluable information with our Windows IT Pro and SQL Server Magazine communities. Our winners should be extremely proud of this honor of recognition from our editorial experts

Avecto Privilege Guard is the industry’s most comprehensive solution for enabling the security principle of least privilege in Windows environments. Privilege Guard eliminates the need to assign admin rights to users and allows enterprises to dynamically assign these rights to applications, tasks and scripts. Privilege Guard enables users to log on to Windows desktops and servers with minimal rights while empowering them to perform their day-to-day role, leading to increased security, simplified compliance with industry regulations and reduced support costs.

“Avecto is honored to be awarded a ‘Gold Editors Best’ award for 2010,” said Tony Bolland, chief executive officer at Avecto. “This is a wonderful accolade and we are delighted to have been recognized as having the best security product by Windows IT Pro. Knowing that we were selected for our product’s strategic importance to market, competitive advantages, and the value we deliver to customers is a major achievement for the Avecto team.”

About Avecto

Avecto is the leader in Windows privilege management, helping organizations to deploy secure and compliant desktops and servers. With its award winning Privilege Guard technology, organizations can now empower all Windows based desktop and server users with the privileges they require to perform their roles, without compromising the integrity and security of their systems.

Customers of all sizes rely on Avecto to reduce operating expenses and strengthen security across their Windows based environments. Our mission is to enable our customers to lower operating costs and improve system security by implementing least privilege. Avecto is building a worldwide channel of partners and system integrators and is headquartered in Manchester, UK. For more information, visit www.avecto.com.

About Windows IT Pro

Windows IT Pro is the leading and largest independent voice in Windows IT, with more than 2.5 million visits per month, and consists of a multitude of print and online channels. In addition to the flagship Windows IT Pro magazine, our technology network includes SQL Server Magazine, SharePointPro  Connections and DevProConnections. Other online channels include blogs, forums, podcasts, RSS feeds, webinars, virtual events, white papers, newsletters, classes and more. IT professionals get objective, “direct from the trenches” information about Microsoft’s latest Windows-based solutions and gain essential insight for keeping business-critical Microsoft applications up and running. For more information, visit www.windowsitpro.com.

Penton Media, Inc. is the largest independent business-to-business media company in the United States, serving more than 6 million business professionals every month. The company's market-leading brands are focused on 30 industries and include 113 trade magazines, 145 websites, 150 industry trade shows and conferences, and more than 500 information data products. For additional information about the company and its businesses, visit www.penton.com.

Source: Avecto Ltd, www.avecto.com

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Infosecurity Europe organisers say lack of awareness of PCI DSS 2.0 is very worrying

London, UK 23rd December 2010 - A survey that revealed that almost 30 per cent of IT directors/managers of major retailers in the UK are either unaware - or only partially aware - of the PCI DSS 2.0 security standard's requirements is very worrying, say the organisers of the Infosecurity Europe show. .  Infosecurity Europe will be held at Earls Court, London 19-21 April 2011 www.infosec.co.uk

According to Claire Sellick, event director with the show, it is also of significant concern that only 36.2 per cent of respondents to the survey knew that PCI DSS 2.0 includes significant changes regarding an organisation’s network architecture and virtualisation.

"What we have from the results of this LogLogic poll is that some of the IT managers with largest retailers in the UK - i.e. those with more than 50 outlets – just don’t `get’ what the PCI DSS 2.0 is all about, or the potential serious repercussions to their business of not being able to pass an audit. . If anyone should know about the issues involved, then it should be them," she said.

"The fact that the majority of them are doing their jobs, apparently blissfully unaware of the security requirements of the PCI Security Standard Council's rules as regards their IT architecture, is of phenomenal concern," she added.

Sellick went on to say that the increasing using of virtualisation in all large organisations, largely because of the economic imperative the technology offers, means that security managers really do need to be on their toes when dealing with the new IT platform.

Only a minority of existing security applications fully port over to a virtual machine environment, so it's critical that IT managers understand the need for a root and branch review of their IT security strategy before they migrate to a virtualised system.

And since the provisions of PCI DSS 2.0 mean that an organisation that cannot demonstrate it is operating within the rules to an auditor from the PCI Security Standards council could find itself unable to accept debit and credit cards, this really is an ultra-critical issue, she explained.

The only piece of good news to come out of this survey, she says, is the fact that around half of major retailers in the UK view PCI DSS as valuable addition to their security arsenal.

"Let's not forget that developing and maintaining an effective IT security strategy is all about knowledge. Only with the knowledge of what your options are can you truly develop a holistic set of security defences," she said.

"Frankly, anyone can source a leading-edge IT security appliance or software-based system, but to deploy it in an effective manner takes a high degree of security intelligence. And since PCI DSS 2.0 is so critical to modern businesses, the results of this survey are a real eye-opener," she added.

"It is to be hoped that IT managers who learn about the results of this survey will move swiftly to counter lack of understanding of PCI DSS rules in their organisation, otherwise when the PCI auditor comes knocking, their business could be in serious trouble."

For more on the PCI DSS 2.0 survey: http://bit.ly/dWmCvt

For more on the Infosecurity Europe show: www.infosec.co.uk

Infosecurity Europe, celebrating 16 years at the heart of the industry in 2011, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of four Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 19th 21st April 2011, in Earls Court, London. For further information please visit www.infosec.co.uk

Source: Eskenzi PR

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

CitySights card hack could generate PCI DSS fallout

CitySights card hack could generate PCI DSS fallout says Imperva

23rd January 2010 - Reports that the Web site of a New York-based tour firm has been hacked and around 110,000 bank card details lifted by hackers may have repercussions for the company on the PCI DSS front, says Imperva.

According to Amichai Shulman, chief technology officer with the data security specialist, the hack itself occurred via a SQL Injection attack. In such an attack, the hacker gains illegal access to information in the database. As media reports have shown, the hacker launched the attack on September 26 over a 3 week period obtaining over 100K credit card details including the account number, expiration date, CVV2, and other personal identifying information such as home and email addresses. Shulman’s team had investigated this attack, and what they found was an Indonesian hacker’s blog listing numerous websites vulnerable to attack, including the site of CitySights. Interestingly enough, the blog’s entry was dated September 9th – more than two weeks prior to the initial attack campaign.

While this case clearly illustrates the security misgivings the company suffered from, CitySights may also be in breach of the PCI DSS industry regulation. The PCI regulation, mandated by major credit-card processing companies such as Visa and Mastercard, defines the required security controls to be placed on the storage and processing of credit cards. The PCI regulation includes specific requirements in regards to the storage of unencrypted credit card data as well as prohibiting the storage of sensitive authentication data (CVV2) all together.

Since the hacker was able to gain access to this data, “may indicate that the firm’s data security practices are not aligned with PCI DSS requirements”, Shulman proceeds to say.

The tour company had offered a 50% discount voucher to its affected customers. Ironically enough, Shulman says, they posted the discount code online, making it in short available for anyone.

For more on the CitySights card database hack: http://bit.ly/fYK8Ro

For more on Imperva: www.imperva.com

Source: Eskenzi PR

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Working to Prevent Being the Next WikiLeak? Don’t Forget the Metadata

NEW YORK – Dec. 20, 2010 - Despite all the news surrounding WikiLeaks and the immense amount of data stolen from the US government, little has been written about the organizational processes that contributed to the leaks, how the soldier who stole the data had access to such sensitive data in the first place, and how digital collaboration has increased to the point where these incidents will likely become commonplace unless root causes are identified and addressed.

“Organizations are becoming significantly more collaborative,” said Yaki Faitelson, chief executive officer, president and co-founder of Varonis Systems. “As a result, data is more widespread and vulnerable than ever before. For organizations to prevent loss of sensitive data while still enabling the collaboration needed to conduct business, they need to ensure that they have processes and automation in place for authorization and review of access to data, monitoring who is using data, and identifying sensitive data that is at risk.”

Unstructured and semi-structured data on shared file systems, NAS devices, SharePoint sites and Exchange mailboxes is a challenge to manage for any organization. According to analyst firm Gartner, all of the documents stored in these repositories, such as spreadsheets, presentations, documents, and multimedia files, account for roughly 80 percent of business data. By its very nature, this shared data is highly dynamic, and growing by about 50 percent each year. Another issue is that the relevance of data is constantly in flux, changing far faster than each user’s access rights. Users are often able to download or edit data they no longer need access to long after a project finishes or their role has changed.

A key part of the solution is metadata - data about data (or information about information) - and the technology needed to leverage it. When it comes to identifying sensitive data and protecting access to it, a number of types of metadata are relevant: user and group information, permissions information, access activity, and sensitive content indicators. A key benefit to leveraging metadata for preventing data loss is that it can be used to focus and accelerate the data classification process. In many instances the ability to leverage metadata can speed up the process by up to 90 percent, providing a shortlist of where an organization’s most sensitive data is, where it is most at risk, who has access to it and who shouldn’t.

Each file and folder, and user or group, has many metadata elements associated with it at any given point in time - permissions, timestamps, location in the file system, etc. - and the constantly changing files and folders generate streams of metadata, especially when combined with access activity. These combined metadata streams become a torrent of critical metadata. To capture, analyze, store and understand so much metadata requires metadata framework technology specifically designed for this purpose.

"As the WikiLeaks fiasco has shown, it only takes one rogue staff member - or a malignant individual - to access and copy a set of critical data files for the entire security system, and the integrity of the organization, to be severely compromised. Staff collaboration is why the data is open to begin with. But using manual methods to secure data in this era of digital collaboration is asking for trouble. It is astonishing that every file share, NAS device, SharePoint site and Exchange mailbox doesn’t have automated protection that prevents unwarranted access since this type of solution is readily available and the benefits are immediate,” Faitelson said.

“Organizations have to be aware they no longer have to manually manage permissions to ensure that only the correct users have access to the right data and that their permission can be revoked when they no longer need them. The previously impossible is now possible through the intelligent use of metadata and data governance automation. The instinctive reaction of many to these WikiLeaks is to try and lock down all data. That is not only impossible, it is unnecessary if you use the right technology," said Faitelson.

For more on Varonis: www.varonis.com/metadata

About the Varonis® Metadata Framework™

Four types of metadata are critical for data governance:

· User and Group Information – from Active Directory, LDAP, NIS, SharePoint, etc.

· Permissions information – knowing who can access what data in which containers

· Access Activity – knowing which users do access what data, when and what they've done

· Sensitive Content Indicators – knowing which files contain items of sensitivity and importance, and where they reside

The Varonis Metadata Framework™ non-intrusively collects this critical metadata, generates metadata where existing metadata is lacking (e.g. its file system filters and content inspection technologies), preprocesses it, normalizes it, analyzes it, stores it, and presents it to IT administrators in an interactive, dynamic interface.

Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. The company was named "Cool Vendor" in Risk Management and Compliance by Gartner, and voted one of the "Fast 50 Reader Favorites" on FastCompany.com. Varonis has more than 2,500 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel.

Source: Eskenzi PR Ltd.

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

As 4m Brits travel this Christmas, thousands of Mobile Devices will go missing

As 4m Brits travel this Christmas, thousands of Mobile Devices will go missing & unclaimed at airports!

Could your staff be leaving more than their troubles behind at the security gates when jetting off this festive season?

20 December 2010, London (UK): ‘Tis the season to be jolly – and to leave sensitive corporate information behind at the airport!   According to telephone interviews with the lost property offices of 15 UK airports, including Heathrow and Luton, over 5,100 mobile phones and 3,844 laptops have been left behind so far this year; with the majority still unclaimed and many more expected to be left over the Christmas holiday peak season.  This figure is likely to be just the tip of the iceberg as ABTA expect over 4m people to be travelling over this period, and the overall figures do not take into account all those devices that were stolen, or kept by the ‘lucky’ finder.

The survey, carried out by Credant Technologies, the trusted experts in data protection, also found that in the majority of cases, those devices that aren’t reclaimed are then either sold at auction or donated to charities.  However the fact is that these devices may still contain information that could be available for the new owner!  With ID theft from mobile phones and other lost devices at an all time high, users should really take special care this Christmas when travelling.

According to a representative at Luton Airport, the most common place devices are forgotten is at the security check point as it’s a very pressured environment with numerous distractions.  Often, once the travelers have boarded the plane and left the country it’s just too expensive to return for the device, which in most instances will be covered by insurance, resulting in the majority going unclaimed.

But the device’s value is the last thing organisations should be worrying about, explains Seán Glynn, VP at Credant  Technologies, “What is much more concerning are the copious volumes of sensitive data these devices contain – often unsecured and easily accessed.  Without protecting mobile phones, laptops and even USBs with something even as basic as a password, a malicious third party can have easy access to the corporate network, email accounts and all the files stored on the device including the contact lists. Users also store such things as passwords, bank details and other personal information on the device making it child’s play to impersonate the user and steal their identity – both personal and corporate.”

Seven Top Tips To Secure Travel

1. As you leave - whether it’s the check-in desk, security check point, or even the train station, make sure you take everything with you, including your mobile devices. A few seconds to check could potentially save you hours of frustration and embarrassment.

2. Protect your mobile device: with at least a password (and ensure that it is a strong one, containing letters, numbers and symbols).  Better still, use an encryption solution so that even if your device is left behind, the data on it is not accessible to anyone who finds it.

3. Don’t elect to automatically complete online credentials, such as corporate network log in details, so that if you and your device should become separated, it cannot operate without you.

4. Back-up your device and remove any sensitive information that you do not need. If it’s not there it can’t be breached.

5. As in tip 4, remove SMS and emails that you don’t need anymore - you’d be sur­prised how many people keep their default password emails on their mobiles and other hugely sensitive information like PINs, bank account details or pass­words!

6. Don't leave your mobile device open to access (e.g. leaving Bluetooth or WiFi turned on) somewhere visible and unsecured.

7. Include your name and contact details in the device so that, if it should be lost, it can easily be returned to you. Some operators have a registration service to facilitate this.

8. Finally, speak to your IT department before you leave the office this year – that’s what they’re there for. They’ll help make sure your device is better protected should it find itself languishing all alone at the airport.

This survey was conducted by Credant Technologies amongst 15 UK airports, by phoning the lost property offices and finding out how many laptops and mobile phones are left on average every week. 

Source: Eskenzi PR

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Imperva research: Insiders are most often responsible for data loss in businesses

- Imperva survey also shows: IT security managers in businesses have significant concerns about Cloud Computing

- Correlation to IT Security Trends for 2011 from the Imperva Application Defense Center (ADC)

London, UK, 15th December 2010 - According to a recent survey of 100 anonymous German IT security managers, conducted by Imperva and entitled "Application Data Protection"; many of the respondents saw insider threat as the biggest danger when it came to data loss within corporate networks (54 percent). Far fewer respondents took the chance to blame anyone at all (25 percent), and even less believed that hackers were primarily responsible for data theft incidents (21 percent). Another result showed that 70 percent of respondents were not planning to outsource mission-critical or sensitive data, as part of a cloud-project to an external service provider, over the next twelve months.

Dietmar Kenzle, Regional Sales Director DACH & Eastern Europe: “Employees within a company, that have privileged rights, i.e. the ‘insider’, are increasingly becoming the focus of IT security managers. The ability to directly access company databases is enough motivation to turn a regular employee into a potential criminal. The database server is the usual target for insider employees as it is a Bastion that is easy to take and also highly rewarding. To prevent sensitive data from falling into the wrong hands companies should be aware of possible scenarios and the methods of criminal insiders. Through the use of appropriate tools, for example, third party cloud providers, security compromises may be averted or at least mitigated."
Kenzle added: "Concerns of a different kind are evident in the transfer of sensitive data to the cloud. Certainly there will be common problems in the foreseeable future as current research shows that many companies are still skeptical about this step. Many perceive the risks in having all their information stored in a virtual stratum to be too great as it still remains to be seen which security mechanisms will provide the most reliable protection. The use of a web application firewall - especially in a third-party managed service - is an essential building block made within a security framework for the cloud."

What will IT security managers face in 2011?

The survey findings correlated with the latest IT security trends for 2011 which Imperva published in their annual report in November. Analysis of data security incidents by the Imperva Application Defense Center (ADC) in the past year showed that IT security managers will have to face 2011 with challenges in three key areas:

- The protection of mobile devices will play a more important role. Providing more complex identification and authentication solutions for mobile devices will become a particular area of focus due to the expected increase in the volume of mobile malware attacks.

- A late reaction. Companies will start to move part of their data storage and applications to the Cloud, culminating in the gradual establishment of Cloud-based data security solutions by the end of 2011.

- Possible increase in the State support of cyber-attacks such as Stuxnet will build on the concepts and techniques of the commercial hacking industry; thus an increase in unnoticed and ongoing spy networks (Advanced Persistent Threats (APT)) will be made possible.

Amichai Shulman, CTO of Imperva, said: "We expect, in the coming months, clearly different threat scenarios that will provide data security managers with a number of major challenges. The biggest potential danger is posed by the growing proliferation of advanced mobile devices used to access corporate networks. I expect that we will, next year, see the first major data security incident that will be caused by such high-risk devices. In addition, incidents which are based on advanced techniques for permanent spying networks will become an increasingly major problem to businesses - political and financial gain being the most prominent driving forces of these issues."

Imperva is the global leader in data security. With more than 1,200 direct customers and 25,000 cloud customers, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems.  For more information, visit www.imperva.com, follow us on Twitter or visit our blog.

Source: Eskenzi PR

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Report shows UK Government and IT security experts willing to change governance to benefit from the cloud

London, UK, 14th December 2010 – CSC (NYSE: CSC) today announced the results of a study that reveals a willingness within the government and IT community to be flexible around security governance, in order to benefit from cloud computing and shared services. Results show that users are open to sharing sensitive activities in the cloud, as long as the parties involved share similar characteristics and have the same cultural approach to security.

The report, titled 'Shared Services: A perfect storm of opportunity,' was developed by CSC with support from UK government body CESG (Communications-Electronics Security Group), the information assurance arm of GCHQ (Government Communications Headquarters). Respondents included 200 senior security and IT experts working across central and local government and their associated suppliers, who attended the Government's Information Assurance flagship event, IA10 in September this year.

With security of utmost concern to UK government departments, the survey asked what the inhibitors are to achieving full cost savings and efficiencies from cloud computing. The research revealed that the main barrier to the adoption of cloud services are the different approaches to information security across potential users, and that confusion still exists about the cloud.

Enthusiasm to find the middle ground on governance was demonstrated by the majority of respondents (65 percent) being willing to share Security Operations Centre (SOC) services, as an interim measure to build trust between users. People also declared that a reduction in the number of audit events to be monitored – along with a revision to internal governance, risk and compliance policies and processes – were the two most important compromises when migrating to cloud services.

“Reaping the cost benefit of shared services is of paramount importance to local and central government but security policies and compliance regulation have made this a real challenge,” said Ron Knode, CSC’s director for Global Security Solutions. “The most startling discovery in the survey is that the public sector is more flexible and willing to look at alternative approaches to certain aspects of security, and develop stepping stones towards using shared services. Previously, nobody was willing to do this – departments had their rules and that was that. Now suddenly, people are indicating that ‘if you’re a lot like me,’ maybe they can come together with an altered set of governance processes and decision-making criteria to gain the benefits of the cloud.”

When asked what the most important aspects are when establishing shared services, the “cultural approach to Information Assurance (IA) and Information Risk Management” was respondents’ top answer. Desktop applications are the first choice for respondents when questioned about which service functions they were most comfortable in sharing. In addition, while the vast majority strongly agreed that the use of a public cloud would substantially increase risk to confidentiality, a majority also agreed that a shared private cloud (or community cloud) among users with similar security cultures would likely be an acceptable risk.

Confusion around what contributes to the development of cloud services was also evident with respondents. When asked what technologies and approaches used to develop cloud services were the most mature, the survey unveiled conflicting opinions with no clear outcome.

Survey presents three key recommendations:

“For progress to be made in cloud computing, departments need to focus on the paths of least resistance, such as creating a like-minded community sharing lower-risk services. By establishing a governance test-bed, users can examine and validate potential areas of flexibility of governance. Transparency also has to be included in every proposed cloud standard and advocates should resist the urge to develop too many clouds but rather explore progressive or layered clouds, which accommodate different user standards,” Knode added.

To help increase confidence in shared services and build momentum in cloud adoption within government, CESG and CSC have made three key recommendations following the survey:

Recommendations summary:

1. Common bond payoffs: The willingness to be flexible in governance presents an opportunity that should not be missed. Concentrate on affinity: If you can find a team outside your immediate organization whose security culture, maturity and general obligation to security governance is close to your own, then hunt for shared functions, business processes or applications. If they emerge, then that’s a great way of kicking-off a shared service model and capturing the shared service payoffs. Why not use a community cloud to share similar-risk services?

But don’t just set out to prove the technology; instead, establish a focused, cloud-based risk-governance test-bed (not just a general cloud pilot) and use it to test scenarios that examine and validate potential areas of flexibility in governance.

Finally, there’s evidence that industry may be prepared to go as far as the sharing of security officer services. Include this in the trial and – if it’s successful – momentum for more shared services will surely follow. You’ll need a champion, of course – someone to lead the sharing initiative. The right IT partner will be able to help.

2. Cloud usage barriers: New cloud standards are inevitable, whether developed by central government or by the industry itself. Either way, transparency must be a fundamental characteristic in any and every agreed standard.

For most public services, data anchoring in some form or another will be hugely important, so government departments need to be sure to include a mandate for geographic, platform and process anchoring of data and transactions. Transparency and accountability in the cloud are key, so get them specified in the standards where possible.

3. Compliance adjustment: The danger with ensuring every cloud-based process or service complies with a specific standard is that you end up with multiple clouds. It is far better to exploit the willingness to be flexible with governance in establishing, measuring and confirming compliance. Explore progressive (layered) cloud solutions that enable people to add their own degrees of compliance and certification when they need to. Fix the methodology, not the cloud.

CSC is a global leader in providing technology-enabled solutions and services through three primary lines of business. These include Business Solutions and Services, the Managed Services Sector and the North American Public Sector. CSC’s advanced capabilities include system design and integration, information technology and business process outsourcing, applications software development, Web and application hosting, mission support and management consulting. The company has been recognized as a leader in the industry, including being named by FORTUNE Magazine as one of the World’s Most Admired Companies for Information Technology Services (2010). Headquartered in Falls Church, Va., CSC has approximately 94,000 employees and reported revenue of $16.1 billion for the 12 months ended October 1, 2010. For more information, visit the company’s website at www.csc.com.

CESG is the Information Assurance (IA) arm of GCHQ based in Cheltenham, Gloucestershire, UK. We are the UK Government's National Technical Authority for IA, responsible for enabling secure and trusted knowledge sharing to help our customers achieve their business aims. CESG aims to protect and promote the vital interests of the UK by providing advice and assistance on the security of communications and electronic data. We deliver information assurance policy, services and advice that government and other customers need to protect vital information services. We work on a cost recovery basis for all customer-specific solutions and services, though IA policy and Guidance documentation is usually free of charge to the UK official community. For more information, visit www.cesg.gov.uk

Source: Highland Marketing – on behalf of CSC

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

After this years’ security Tsunami – tips on how to survive 2011

by Phil Lieberman, CEO, Lieberman Software

In-house and internal threats will be a big element of 2011 as organisations begin to understand that anti-virus, malware, and phishing software is no longer effective. There will be an epiphany that critical infrastructure is under constant attack and that there is a serious need to implement more comprehensive security software, security perimeters, data loss prevention and human assets to counter the existing and expanding security threats. This will translate into a significant need for the modernisation of infrastructure and enhanced education in human resources to implement these systems.

As the wikileaks security Tsunami shows us – the malignant insider is impossible to identify – you have to ensure that no-one has authority to access data they don’t need.

In the coming year companies will start to understand that the insider threat is real and that their existing security culture of using weak passwords, sharing privileged passwords and never changing root passwords will lead to greater financial losses and damage to their reputations. IT will finally “get” that the concept of segregation of duties, controls and regulatory compliance is not a burden, but a requirement for a well run organisation.

In 2011 we will also see a change in mindset for security from a series of checkboxes and point in time compliance, to a new way of thinking: continuous compliance. This translates into organisations finally integrating all of their security systems together to provide an integrated view.

We will also see a massive shift from Windows XP to Windows 7 as companies realize the impossibility of trying to secure XP against security threats. In this upcoming year we will also see many software companies discontinuing support of XP for their applications.

The realities of the “cloud” will become clearer in 2011. We will see a migration of Small to Medium Enterprise (SME) customers to more cloud based solutions. This will be caused by small companies realising their inability to create secure, reliable and regulatory compliant solutions.

I expect that many large software companies will try to grab ever higher levels of revenue for support and upgrades in 2011. This will lead to the migration of companies from their existing (creaky and unreliable) platforms onto the cloud and competitor’s offerings. This grab for more money will force the migration from legacy systems to those that support web services (SOA) where companies have a chance of some flexibility in mixing/matching solutions.

2011 will be a game changer for the channel with a massive wave of hardware upgrades to support modern and secure operating systems, new sales of cloud offerings as SMEs realise the advantages of the cloud, and enhanced understanding of insider threats and implementation of solutions to manage privileged accounts.

New major breaches of data are bound to occur. Maybe they won’t be in the order of magnitude of the wikileaks saga but those organisations that don’t batten down the security hatches will be on a very turbulent sea during 2011.

Source: Eskenzi PR Ltd.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

ISACA leader warns companies to prepare for a Frantic Friday of employee online shopping

London, UK  (9th December 2010)—The big freeze that hit the UK at the start of December is likely to be felt in more ways than one, says a business IT leader with ISACA, the not-for-profit IT security association.

According to Peter Wood, member of ISACA Security Advisory Group and CEO of First Base Technologies whose experience with IT security spans back to the very earliest days of the Internet, the big freeze means that this year's online shopping surge is likely to be pushed back from previous years.

"All the signs are that this coming Friday - the 10th of December - is likely to be among the busiest days for pre-Christmas online shopping, and the bad news is that, as it's a working day, business productivity could take a severe hit," he said.

"But perhaps more important, ISACA's research suggests that, in the rush to get all the Christmas present shopping done online, many employees will be opening up their employers to online security attacks, as their normally high guards will be lowered," he added.

Wood points to the fact that IBM's Coremetrics operation reported a 94 per cent increase in the value of goods purchased online in last year's pre-Christmas run-up, as well as the fact that the average number of presents bought online had increased from 2.7 to 3.7 presents per person in 2009 (http://bit.ly/dTIL0I).

If these figures are extrapolated to this year's online Christmas, it becomes clear that, coupled with the big freeze, consumers' retail shopping is certain to be curtailed in favour of the bargains to be found online, he went on to say.

Wood, whose company specialises in penetration testing, adds that further analysis of last year's pre-Christmas online shopping trends showed that the busiest day tended to be towards the end of week.

Factoring in the data from Experian Hitwise’s analysis of last year’s Christmas  (http://bit.ly/hGDPQC), it's fairly obvious that, coupled with the big freeze,  the 10th of December will be a Frantic Friday as far as online retailing goes, he explained.

As ISACA's own research has shown, he says, organisations need to be aware that the enthusiasm of their employees to do their holiday shopping online means that their normal security procedures may be compromised.

According to the association, which has more than 95,000 constituents around the world, its recent `Shopping on the Job' survey - which took in responses from 360-plus workers in the UK and 630-plus staff in the US,  57 per cent of employers do not prohibit the use of work email addresses for online shopping by staff.

As well as increasing the risk of malware infections, Wood says that ISACA researcher s also found that managers underestimated the productivity losses due to all their staff's online shopping.

ISACA'a 2010 Shopping on the Job survey also  found that 18 per cent of those surveyed said that they thought the financial cost per employee due to productivity losses were between £500 and £3000, whilst a further 9 per cent said that the losses were between £3000 and £6,000 per member of staff.

And, says Wood, a further 5 per cent said they believed losses were between £6,000 and £10,000 and per person.

The survey, says the ISACA security professional, shows the real risks that organisations are taking for failing to differentiate between employees’ working activities and obvious leisure activities in the workplace.

No one likes to be accused of being a scrooge by banning a little fun in the workplace, especially at this time of year, but the lack of security policies - and their enforcement - that is highlighted by this analysis is very worrying, he said.

It's against this backdrop that I advise employers to seriously consider the use of separate computers - isolated from the corporate IT systems where appropriate - for online shopping in the workplace during breaks and mealtimes, and for the issue of Web email addresses such as Gmail and Hotmail, exclusively for employee's leisure time usage, he added.

"Using this approach makes sound business and security sense, since it isolates the problem. Employers should also use IT security systems to enforce the rules, and so defend their company IT resources from a potentially devastating infection," he said.

"As our annual ISACA online shopping report clearly shows,  allowing staff relatively unfettered access to the Internet for shopping purposes in the workplace can be  dangerous. There is no point in employers taking unnecessary risks with their IT assets," he added.

For more on the topic of managing risky online behaviour in the workplace, download ISACA's  new free white paper, E-Commerce and Consumer Retailing: Risks and Benefits, at http://www.isaca.org/online-shopping-risks.

With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations. ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Source: Eskenzi PR

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Organisations warned to review security as WikiLeaks DDoS attacks intensify

London, UK 8th December 2010 Amidst reports that a number of financial Web portals have been effectively downed by a series of Distributed Denial of Service (DDoS) attacks from WikiLeaks' supporters should not come as any surprise, say the organisers of the Infosecurity Europe show which  will be held at Earls Court, London 19-21 April 2011 www.infosec.co.uk

But, says Claire Sellick, Event Director of the InfoSecurity Europe event, with all the signs that the founder of WikiLeaks, Julian Assange, may in prison for some time pending his extradition to Sweden or the US, the hactivist attacks are almost certain to escalate.

"The fact that the massive Mastercard Web site, which is accessed on a regular basis from many countries around the world, has been downed by a DDoS attack from the 4chan-linked Anon Operation, shows the scale the hacktivists can now operate on," she said.

"Other sites of organisations that severed their links with Assange in recent days have also been subjected to DDoS attacks of varying intensity, but one thing is for sure, these attacks will continue on the sites concerned for a long time to come," she added.

Whilst the attacks were likely, she went on to say, it is important for any organisation with a Web-facing presence - even if it a simple shop window - to understand that, with the right security in place, it is possible to prepare for a DDoS attack.

And, whilst a full-on attack is difficult to assuage, technologies such as hosting and route diversification can go a long away towards setting the barrier for an effective DDoS attack a lot higher than it may have been previously.

As WikiLeaks itself has shown, the Infosecurity Europe show director says, a Web site can be hosted on multiple sets of servers, which can also be peered on different Internet peering exchanges.

In the UK, she explained, the main London Telehouse peering point is complemented by the MaNAP/EdgeIX peering station in Manchester, and some ISPs now peer their connections through both points.

US hosting providers, meanwhile, have similar diversity, meaning that an attack on one peering point, or domain group, will not bring down all accesses to the site in question.

For smaller organisations, Sellick says that route diversity can often include using more than one business ISP for Internet access, which in itself - if combined with using different local phone exchanges for the broadband lines - can make a firm's Internet facilities far more robust against a disaster.

"Good IT security planning also has its place. You don't need to spend a fortune on beefing up your Internet security. A little forward planning can go a long away," she said.

"Once thing is for sure, however, and that is the WikiLeaks DDoS attacks are not going to go away. If anything we expect they will intensify in the days ahead and companies need to take this opportunity to review and boost their IT/IP security arrangements to protect themselves," she added.

For more on the WikiLeaks DDoS attacks: http://bit.ly/gdPAp2

For more on the Infosecurity Europe show: www.infosec.co.uk

Infosecurity Europe, celebrating 16 years at the heart of the industry in 2011, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe.  Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of four Infosecurity events around the world with events also running in Belgium, Netherlands and Russia.  Infosecurity Europe runs from the 19th – 21st April 2011, in Earls Court, London.  For further information please visit www.infosec.co.uk

Source: Eskenzi PR

This press release is presented without editing for your information only.

Just in Time for the Holidays – Zeus Targets Major Retailers

Our research group recently discovered a Zeus botnet that is targeting credit card accounts of major retailers including Macy’s and Nordstrom just as the holiday gift buying season is in full swing. We captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud. This attack is using a Zeus 2.1.0.8 botnet – the latest and most sophisticated version of the Zeus malware platform.

CNP fraud refers to transactions when a credit card is not physically present, as in an internet, mail or phone purchase. It is difficult for a merchant to verify that the actual cardholder is indeed authorizing the purchase. Because of the greater risk, card issuers tend to charge merchants higher fees for CNP transactions. To make matters worse, merchants are typically responsible for CNP fraud transactions.  Therefore, CNP merchants must take extra precaution against fraud exposure and associated losses.

The attack we discovered uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions.  In this case, the social engineering method used is very credible since the victim has navigated to the card issuer’s website – www.macys.com and www.nordstromcard.com – when Zeus injects a legitimate looking man-in-the-middle pop-up that requests personally identifiable information:

001

Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective. An additional layer that can prevent card information from being stolen in the first place is now required. As this latest Zeus configuration demonstrates, criminals are constantly evolving and refining their attack methods. While merchants and card issuers can’t adapt their security infrastructure as quickly as criminal groups can modify their attacks, they need to accept when current protection methods are not no longer sufficient and refresh their defense mechanisms accordingly.

For more information see http://www.trusteer.com/blog

Source: Eskenzi PR Ltd.

This press release is presented without editing for your information only.

Bank of Cyprus UK secures its customers with Trusteer Rapport

December 8 2010; London (UK) :-  Bank of Cyprus UK announces it is working with Trusteer to launch an additional security service to its customers as of today Wednesday 8th December 2010.

Available as a free download, Trusteer’s Rapport secure browsing service can be installed on a customer’s personal PC to lock down the browser and create a safe tunnel for communication between the customer and Bank of Cyprus UK, preventing fraud.

Bank of Cyprus UK supplies its customers with a Digipass® as part of its three pronged approach to security. Rapport is being introduced to complement this technology and provide extra confidence to those using its online banking facilities. Should a fraudster attempt to take over a user’s account Rapport issues an alert of the unusual behaviour immediately, allowing the Bank of Cyprus UK to take action and prevent loss.

Soteris Antoniades, Assistant Chief Executive - Service for Bank of Cyprus UK said, “We short-listed and evaluated two products and Trusteer won hands down. The other solution was complicated, requiring the customer to perform various additional actions, potentially alienating customers and defeating the object. Instead they simply install Rapport, it runs discreetly in the background without any further customer interaction, customers continue with their usual online behaviour, only now it’s secure. What’s really special about the technology is, while it appears simple to the customer, it’s a very sophisticated technology providing detailed intelligence that we can use in our continuing efforts to thwart attacks.”

“By selecting Trusteer, Bank of Cyprus UK is sending a message to its customers that it takes security very seriously, and is doing everything possible to keep them safe and secure¨ said Mickey Boodaei CEO of Trusteer. “We continue to work with Bank of Cyprus UK, as we do with all our clients, to provide a holistic approach to online fraud by preventing incidents at the point of attack while investigating their source to mitigate future attempts. Individuals are increasingly aware of the dangers online, however the fraudsters are deploying ever more sophisticated attacks to trick Joe Public.  Luckily by working with enlightened organisations like Bank of Cyprus UK, we can help identify these scams and avoid people falling foul.”

Trusteer secures online banking

A light-weight security software that downloads onto the customer’s computer in minutes, Rapport works in the background and doesn’t call for a change in user behaviour. The solution comes with an application that enables financial institutions to effectively trigger alerts, view and analyse data as well as manage security.

When a Trusteer user browses to the Bank of Cyprus UK website the service immediately locks down the browser. This prevents malware from injecting data and stealing information entered and presented in the browser. Trusteer also removes malicious financial malware it discovers on protected machines. The service is directly connected to the bank and to a 24x7 fraud analysis service. Attempts to steal money from customers are immediately detected by the bank and are blocked using various layers of protection.

Bank of Cyprus has been established in the UK since 1955. We are a division of Bank of Cyprus Public Company Limited which is based in Cyprus.

Over time Bank of Cyprus UK has evolved into a focused business bank serving the needs of a diverse customer base of small and medium sized businesses from centres in London (2) and Birmingham, and a Corporate office in Central London.

To support its business banking activities, Bank of Cyprus UK offers a range of consistently competitive fixed term deposit and savings products. Currently nearly 90% of UK funding comes from UK customer deposits.

In addition to state of the art telephone and online banking services, business customers of Bank of Cyprus UK also have access to the Lloyds TSB UK branch network for their counter service needs.

Drawing from a talent pool with significant experience in advising and supporting small businesses across a range of sectors, Bank of Cyprus UK has the expertise and knowledge to comment or provide articles on a broad range of industry issues.

For more information, please see www.bankofcyprus.co.uk

Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers’ machines. It also prevents phishing by validating site authenticity. Trusteer Flashlight allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer’s solutions are used by more than 70 leading financial organizations in North America and Europe and by more than 15 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com.

Source: Eskenzi PR Ltd.

This press release is presented without editing for your information only.

Imperva Unveils Comprehensive Strategy to Enhance Data Security in the Cloud

Imperva Spinoff Incapsula Helps Hosters Offer Affordable, Enterprise-class Web Application Protection for Small and Medium Businesses

REDWOOD SHORES, Calif—December 6, 2010—Imperva, the leader in data security, today unveiled a comprehensive strategy to help cloud providers, enterprises and small to medium sized businesses (SMBs) protect sensitive data against external and internal threats and comply with regulations such as PCI, SOX and HIPAA.  Additionally, Imperva spinoff ‘Incapsula’ will help web hosters give SMBs affordable web application protection. The Incapsula web application firewall service gives small businesses an easy and affordable way to manage website security and performance for any domain that they own even if it is hosted by a third party. For hosters and other service providers, Incapsula enables website security to be extended to an entire customer base.  Imperva will resell this service to complement Incapsula’s own sales efforts.

“Cloud computing has created a paradigm shift in the way organizations view their data center architecture,” explained Imperva CTO Amichai Shulman.  “Imperva is stepping up to the challenge of protecting cloud-based data from hackers and cloud insiders with a comprehensive data security solution.”

“Incapsula’s service helps web hosting companies provide SMBs with an easy, affordable way to defend their web applications against external hackers,” explained Gur Shatz, CEO of Incapsula.  “Given the nature of today’s indiscriminate, bot-based attack methods, small businesses are subject to significant cyber attacks and require enterprise-class protection.”

Subscribing to Incapsula’s web protection service is a simple five-minute process that does not require installation of hardware or software, just a simple DNS change.  Incapsula inspects all incoming traffic to any subscriber’s website, keeping hackers out while accelerating outgoing traffic.  The Incapsula service is suitable for the SMB and cloud market, requiring minimal setup with service beginning in the first quarter 2011.  The list price for this service is expected to start at $50 per month.

Incapsula complements Imperva SecureSphere’s cloud capabilities, such as those leveraged by web hosting company, FireHost. “SecureSphere gives FireHost a scalable web application security platform that can handle our rapid customer growth. As part of our core service, all customers are protected from web attacks using the SecureSphere Web Application Firewall. We're also excited to offer premium data security services for HIPAA and PCI compliance based on SecureSphere Database Activity Monitoring and File Activity Monitoring products,” explained Chris Drake, CEO of FireHost.

Imperva’s high-level cloud capabilities include:

Attack Protection and Access Control for the Cloud:  SecureSphere Web Application Firewall (WAF) provides market -leading protection for cloud-based web applications against complex and sophisticated attacks. SecureSphere WAF enables a quick and easy route to PCI 6.6 compliance and the ability to instantly mitigate known application vulnerabilities.

Data Access Auditing for the Cloud:  SecureSphere Database Activity Monitoring (DAM) and File Activity Monitoring (FAM) provide sensitive data access auditing for cloud-based databases and file-sharing systems.

SecureSphere supports all major cloud deployment models and is available by deploying physical or virtual SecureSphere appliances within a cloud data center:

· Infrastructure as a Service (IaaS) providers:  IaaS providers offer state-of-the-art flexible and secure cloud data centers.  SecureSphere enables IaaS providers to offer web attack protection and regulatory compliance readiness to their customers and generate incremental business. Imperva customers include Savvis and Firehost.

· Platform as a Service (PaaS) providers: PaaS providers offer application development and delivery platforms that accelerate time-to-market of new applications and services. SecureSphere enables PaaS providers to give their customers web attack protection as part of the underlying platform.  

· Software as a Service (SaaS) providers:  SaaS providers deliver cloud-based business applications for sales, financial, HR and other functional areas. These applications host large amounts of sensitive data across many organizations. As organizations adopt cloud applications to streamline their IT operations, SaaS providers are expected to ensure data security and address regulatory compliance – as would be the case for on-premise data.

· Enterprise Private Clouds:  Private clouds are a replacement or an extension of the traditional data center and must address the security of publicly facing web applications. SecureSphere Web Application Firewall (WAF) provides the industry-leading protection against Internet attacks targeting web applications and enables rapid mitigation of web application vulnerabilities.

For more information visit www.incapsula.com or www.imperva.com

Imperva is the global leader in data security. With more than 1,200 direct customers and 25,000 cloud customers, Imperva’s customers include leading enterprises, government organizations, and managed service providers who rely on Imperva to prevent sensitive data theft from hackers and insiders. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring for databases, applications and file systems.  For more information, visit www.imperva.com, follow us on Twitter or visit our blog.

Source: Eskenzi PR

New ISACA Guide Shares Strategies for Minimizing Virtualization Risks

Rolling Meadows, IL, USA (7th December 2010): With its potential to reduce expenses, drive automation and provide flexibility, virtualization has earned its way onto the board agenda and is being implemented by enterprises worldwide. But with the many benefits of virtualization come considerable risks. Global IT association ISACA provides a balanced look at virtualization—and strategies to help enterprises maximize the value—in a new white paper available for free download from www.isaca.org/virtualization.

According to the “Virtualization: Benefits and Challenges” white paper, virtualization risks can be divided into three groups:

· Attacks on virtualization infrastructure—The two primary types are hyperjacking and virtual machine (VM) jumping. Hyperjacking is still a theoretical attack scenario, but has earned significant attention because of the major damage it can potentially cause.

· Attacks on virtualization features—The more common targets include VM migration and virtual networking functions.

· Compliance and management challenges—The number and types of VM can easily get out of hand; VM sprawl and dormant VMs make it a challenge to get accurate results from vulnerability assessments, patching/updates and auditing.

To combat these risks, ISACA recommends the following:

1. Patch and harden the hypervisor and the guests it supports.

2. Use physical, network and virtualization-based separation to segment VMs and systems.

3. Use transport encryption to secure VM migration.

4. Implement virtualization-aware management products and services.

“Virtualization has recently become a more common practice and enterprises are already realizing cost savings and efficiencies by moving to virtualized environments,” said Ramsés Gallego, CISM, CGEIT, CISSP, an author of the white paper and general manager at Entel IT Consulting. “However, to achieve this value, enterprises must consider the potential security risks and governance considerations. Having well-documented business processes and strong audit capabilities will help ensure the best possible value.”

To download a free copy of “Virtualization: Benefits and Challenges” and a virtualization security checklist from HyTrust, visit www.isaca.org/virtualization.

With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter: http://twitter.com/ISACANews

Source: Eskenzi PR

460 Chinese Hackers show why IT security is so critical

London, UK 3rd December 2010 - Reports are coming out of China that the government has made a total of 460 arrests of computer hackers so far this year. This figure is an effective admission by Chinese officials that the country has the same problem as here in the West – namely, large numbers of IT-literate people who are crossing over into dark hat hacker territory.

According to Claire Sellick, Event Director for Infosecurity Europe, as if this number was not an eye opener in itself, the Chinese government has revealed that arrests of hackers have soared by an amazing 80 per cent compared to last year.  Infosecurity Europe will be held at Earls Court, London 19-21 April 2011 www.infosec.co.uk

"China's Ministry of Public Security has described the hacker situation in the country as very grim and, whilst it observes that a number of computers in companies have little or no effective security measures, it really does illustrate the scale of the problem," she said.

"China is rapidly entering the ascendant in the IT stakes, with the country now boasting the largest number of mobile phones of any country in the world. It’s also clear that the country's Internet infrastructure is also growing rapidly, along with the number of Internet users," she added.

The Infosecurity Europe Event Director went on to say that the media has been full of oblique references to Western computer systems being attacked by hacktivists who are sympathetic to the Chinese cause.

Some outlets have even reported that the government was behind the attacks on Google late last year, a topic that cropped up in the current raft of documents being released in the Wikileaks saga (http://bit.ly/hjoFu0), she noted.

The crucial thing to remember, says Sellick, is that the rise of the Internet means that the world has become a global village, meaning that it just as easy for hackers in a Chinese city to attack a company IT resource in the UK, as it is for a hacker elsewhere in the UK.

The Internet, she explained, has changed many aspects of the IT and business world, and whilst most of those changes have been for the better, some are not.

It's against this backdrop that the Infosecurity Europe show Event Director says that it has become imperative for organisations to deploy the very best security technology to defend their digital data assets.

"But keeping up to speed with these trends, as well as abreast of the latest security defence technologies and strategies, has almost become a full-time job," she said.

"This is why we're encouraging IT and business professionals to make space in their diaries for the next Infosecurity Europe event, which takes place at Earls Court 1, London, between the 19th and the 21st of April, 2011," she added.

For more on the Chinese hacker arrests and ministry comments: http://bit.ly/f3xyOP

Infosecurity Europe, celebrating 16 years at the heart of the industry in 2011, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of four Infosecurity events around the world with events also running in Belgium, Netherlands and Russia. Infosecurity Europe runs from the 19th 21st April 2011, in Earls Court, London. For further information please visit www.infosec.co.uk

Source: Eskenzi PR

This press release is presented without editing for your information only.

Seeweb selects Scality to provide faster public cloud storage service in Italy

Paris, France - 2nd December 2010 - Seeweb, one of Italy's largest web hosting companies and first player in Cloud Computing services, is to deploy Scality's RING storage platform to provide a cloud storage service to its customers fully hosted in Italy, bringing a lower latency than most other similar services deployed in other countries. Seeweb expects to launch its new service for B2B customers next weeks, as well as to introduce a similar service to private individuals.

Seeweb has a high reputation in Italy, being innovative and most of all a high-quality hosting provider for businesses as well as individuals. As such, they needed to get in the Storage-as-a-Service market with a strong offering matching this reputation. After thoroughly testing the market for a solution, Seeweb decided to go with Scality's RING Platform, a turn-key cloud-storage enabling solution giving them a quick go to market option without sacrificing on reliability and performance, key aspects for Seeweb when designing a new service.

Seeweb Chief Executive Officer Antonio Baldassarra said: "For customers, Scality's RING platform will mean their data is stored geographically close, also guaranteeing lower latency. And, because there's no single point of failure, we can also assure them of the highest levels of reliability. These factors alone eliminate two of the most common concerns about cloud storage, from business customers in particular. We look forward to attracting many new customers as a result of this step forward.

"What it means for us, internally," he added, "is that we're acquiring unlimited scalability, losing the headache of volume management, and avoiding hardware vendor lock-in - all at costs vastly below the level of other approaches we explored."

"Scality RING Technology is the only reliable object-based storage solution we found that can enable us to provide innovative cloud services to the market, with an extremely easy management of the storage environment", added Seeweb's CTO Fabio Fedele.

"After becoming a market leader for cloud storage in Germany, Scality now enjoys considerable business success in Italy. Our technology is being deployed by two of Italy's top five hosting companies to develop their high-performance cloud storage services", commented Serge Dugas, Chief Sales and Marketing Officer of Scality.

Scality technology brings a new approach while solving storage needs and cuts costs up to 50 per cent when compared to solutions from other SAN- or NAS-based vendors offering the same level of performance and reliability, moreover, it enables companies to efficiently scale their architectures using any kind of hardware.

Founded in 1998, Seeweb is Italy's third-largest hosting company, the first in Cloud Computing offer via its Cloud Server and Cloud Hosting plans. It operates two datacenters, in Milan and Frosinone, providing internet, virtual and shared hosting services to banks, public institutions and even the Press Agency of the Vatican. For more information, visit http://www.seeweb.it.

The Scality RING platform creates a series of nodes that are built using off-the-shelf servers. Each node on the RING controls its own segment of the overall storage pool. By monitoring other segments and constantly replicating - as well as load-balancing - the data, the storage becomes self-healing in the event of a drive or segment of the pool failing for whatever reason.

Scality technology is used by service providers to deploy Storage-as-a-Service offerings, by email providers to store emails for millions of users, and by web service providers managing billions of files with very high performance expectations, either for Web 2.0 or business applications.

For more information please contact sales@scality.com and visit http://www.scality.com.

Follow Scality on Twitter: @Scality.

Source: Omarketing

This press release is presented without editing for your information only.

The Golden Hour of Phishing Attacks

We recently conducted research into the attack potency and time-to-infection of email phishing attacks. One of our findings was eye-popping, namely, that 50 per cent of phishing victims’ credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn’t include the time required to take down the phishing Web site, we have dubbed the first 60 minutes of a phishing site’s existence is the critical ‘golden hour’.

!cid_image001_jpg@01CB9212

The fact that so many Internet users visit a phishing website within such a short period of time means that blocking a phishing Web site - which is sometimes a cracked legitimate site - within this golden hour has become absolutely critical.

During the golden hour, our research suggests that:
• More than 50 per cent of stolen credentials are harvested
• Within five hours, more than 80 per cent are collated and become usable by cybercriminals
• The first 10 hours produce more than 90 per cent of the total credentials that will be stolen by any given phishing site

Therefore, blocking a phishing site after 5-10 hours is almost irrelevant.

A more effective model would prevent users from being directed to a phishing site and/or prevent them from entering their credentials if they do end up on a criminal site.

As an industry, our goal should be to reduce the time it takes for institutions to detect they are being targeted by a phishing attack from hours to within minutes of the first customer attempting to access a rogue phishing page. We also need to establish really quick feeds into browsers and other security tools, so that  phishing filters can be updated much more quickly than they are today. This is the only way to swiftly takedown phishing websites, protect customers, and eliminate the golden hour.

http://www.trusteer.com/blog

Source: Eskenzi PR Ltd.

This press release is presented without editing for your information only.

NHS Choices response to Facebook security issue is outrageous says Imperva

London, 2nd December 2010 - Yet another social networking `feature' of Facebook - this time apparently allowing Facebook users to be tracked when visiting sites, regardless of whether they clicked “Like”. This feature hit headlines due to privacy violations the feature raises when visiting the NHS Choices Web site.

According to data security specialist Imperva, although the feature raises concerns about social networking sites' ability to track their users on third-party sites, what is really outrageous about the saga is the response of NHS mandarins to the problem.

“The NHS page has included a script that is hosted on Facebook's server. When the browser is retrieving the script it delivers all Facebook related cookies from the browser up to Facebook. These are correlated to the Facebook identity of the individual accessing the NHS site.” said Amichai Shulman, Imperva's chief technology officer.

Then, he says, when this is combined with information from the "Referer " header (which contains information about the actual pages visited), it allows Facebook to track NHS visits of Facebook users even without clicking the `Like' button or being logged in.

But, says Shulman, when MP Tom Watson reportedly raised the security issue, back came the outrageous reply that the onus is on users to monitor their privacy on Facebook. Against this backdrop, that the NHS' bald statement that, when users sign up to Facebook they agree the service can gather information on their Web usage, simply does not hold up.

“It is outrageous that the NHS has put sole responsibility on the user while it is actually them who are the ones which are providing confidential information. Organisations need to take on some responsibility of privacy and security themselves rather than blaming it all on the users” concluded Shulman

For more on the NHS Choices/Facebook Web site privacy saga: http://bit.ly/g4wwVd
For more on Imperva: www.imperva.com

Source: Eskenzi PR

This press release is presented without editing for your information only.

USB Consumerism Out Of Control as 21% use 10 or more

Survey finds USB Consumerism Spiralling Out Of Control as a Quarter of workers use 10 or more

Organisations still fail to grasp the gravity of the problem, failing to control the use of these devices, and putting the health and security of their sensitive data at risk.

1st December 2010, London (UK): An online survey has found that USB Flash drive ownership has exploded with 100% of the 229 respondents having at least one such device - 54% possessing between 3 and 6 - and more than 21% owning as many as 10 or more.  While good news for vendors of these must-have items, the news may not be so welcome for security and compliance teams tasked with protecting the sensitive data residing on these omnipresent devices.  With over 85% of respondents confirming that their company allows the use of these removable media devices (and with many of those working where USB drives are banned confirming that they use them anyway), it is very concerning that more than half of the respondents confirmed their USBs were not encrypted, leaving the corporate information on them completely vulnerable if borrowed, lost or stolen!

Conducted by CREDANT Technologies - the trusted experts in data protection, the survey found that the majority of people (68%) share their USBs with family, colleagues or friends, often leaving any sensitive data exposed and in jeopardy.  52% of the sample couldn’t even remember what they had saved on their device which is worrying as 20% never delete the corporate data stored, even when they no longer require it.  Even more alarming is the fact that 34% admitting they don’t know, at any given time, where all their USB devices are. 

Unsurprisingly some respondents (almost 10%) admitted they had lost a USB device containing corporate data, yet fully 76% never reported the loss to their bosses. If it were discovered that adequate measures had not been taken to protect sensitive information, for example securing the data with encryption technology, these companies could be deemed to have breached one or more of the many data protection laws and regulations in place internationally, subjecting them to potentially heavy fines, expensive breach notification costs and significant negative publicity. 

Bob Heard, CREDANT’s chief executive officer and founder believes, “Companies are spending millions on their security and it could all be in vain if they fail to close this basic area of vulnerability.  If they have a workforce that are using USB storage media, blissfully unaware of the potential mayhem that these ubiquitous devices could potentially cause, no matter how much is spent the enterprise will never be secure. These small USB sticks can be, and often are, easily lost or stolen, thus leaving data, and those responsible for protecting that data, vulnerable..”

Another discovery of the study is that the increasing use of USB flash drives is just the tip of the iceberg, as 37% of the sample admitted to synchronising their iPhones, smartphones and iPods with their work devices. This practice potentially exposes their companies to a multitude of data risks and network disasters.

Bob concludes, “Many organisations are either failing to take the problem seriously or to implement and enforce the right security, work practices and education for their users to address this problem.  Unsecured data on removable media is a significant and growing concern and organizations need to start planning now on how to close this vulnerability before they suffer a very expensive, and embarrassing breach.”

To download all of the survey results visit: http://www.credant.com/campaigns/usb_survey/interactive

CREDANT Technologies is the market leader in endpoint data protection solutions. CREDANT's data security solutions mitigate risk, preserve customer brand, and reduce the cost of compliance, enabling business to "protect what matters." CREDANT has been recognized by Inc. magazine as the #1 fastest growing security software company in 2008 and 2007; was selected by Red Herring as one of the top 100 privately held companies and top 100 Innovators; and was named Ernst & Young Entrepreneur of the Year® 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel Capital (NASDAQ:INTC), and Cisco Systems (NASDAQ:CSCO) are investors in CREDANT Technologies. For more information, visit www.credant.com.

Source: Eskenzi PR