STE WILLIAMS

Cyber Security Preparedness Evaluations Developed by Retired CISO for U.S. Central Intelligence Agency Being Delivered via Agiliance RiskVision Cloud Service Washington and Sunnyvale, Calif. – October 18, 2013 – 2BSecure LLC, a global consulting firm focused on demystifying technology security risk, and Agiliance, Inc., the leading independent provider of Integrated Risk Management solutions for Governance and Security programs, today announced the launch of a free online Cyber Stress Test, which scores an organization’s cyber security risks in the face of real-time and sustained threats.

The Cyber Stress Test was designed by Robert Bigman, whose career spanned 30 years at the U.S. Central Intelligence Agency (CIA), with the last 15 years as its CISO. The Cyber Stress Test is based on his experience protecting some of the world’s most sensitive networks and quantifies an organization’s security risk posture across five categories – Program Governance, Security Organization, Policies and Standards, Technical Security, and Mitigation Procedures. The overall and category risk scores generated by the Cyber Stress Test provide a pragmatic benchmark and actionable insights for determining an organization’s cyber security preparedness including areas that need strengthening against threats.

The award-winning Agiliance RiskVisionT Managed Risk-as-a-Service (M-RaaS) is being used to implement the Cyber Stress Test evaluations. It presents users with a confidential, comprehensive, and secure survey of 79 questions that requires simple yes, no, or don’t know answers. Users can complete the test in one or multiple sessions, browse questions non-linearly by category, and save their partial answers at any time. Once submitted, they can view, share, and print accurate and persistent risk scores for overall and individual category results.

Organizations are encouraged to take the Cyber Stress Test before they fall victim to a debilitating cyber-attack, or to a regulator who tests them before they test themselves. According to the Ponemon Institute 2013 Cost of Cyber Crime Study, since 2012 cybercrime costs have risen 26% and the time it takes to resolve cyber-attacks has increased 33%. Independent research studies estimate the global cost of cybercrime for enterprises and consumers to be between USD 300 billion and USD 500 billion. Meanwhile, in November the UK Bank of England, Treasury and Financial Conduct Authority (FCA) will simulate a major cyber-attack on banks to assess the preparedness of the UK’s core financial services providers.

“The Cyber Stress Test was inspired by the Dodd-Frank Act Capital Stress Test given annually to major US financial services institutions,” said Robert Bigman, chief executive officer at 2BSecure. “After consulting with a wide range of CIOs, CROs, and CISOs in the commercial sector, we identified a large unmet need for a comprehensive, easy to implement security risk assessment service that provides visibility into an organization’s cyber threat preparedness from governance to mitigation. That is exactly what the Cyber Stress Test delivers.”

“You can schedule an audit, but you can’t schedule a cyber-attack,” said Agiliance president and chief executive officer Joe Fantuzzi. “We collaborated with Robert and 2BSecure to make it fast and easy for organizations to take the Cyber Stress Test using the Agiliance RiskVision cloud service. It provides a simple and secure way for any global organization to measure their risk posture and establish a baseline for knowing where and how they need to harden their cyber security defenses.”

Click here to see an example Cyber Stress Test report. Register here to test your cyber security defense readiness. Once registered, you will receive an email with a link to the Cyber Stress Test on behalf of and for the benefit of your organization.

About 2BSecure

2BSecure was founded by Robert Bigman upon retiring from a 30 year career at the Central Intelligence Agency. With over 25 years of information security experience, Robert served the last 15 years as the Agency’s Chief Information Security Officer. Receiving numerous awards, Robert built the model information security program in the U.S. Intelligence Community. Robert contributed to almost every Intelligence Community and U.S. Government information security policy and frequently briefed congressional committees and presidential commissions. For more information, please visit http://2bsecurellc.vpweb.com.

About Agiliance

Agiliance is the leading independent provider of Integrated Risk Management solutions for Governance and Security programs. Agiliance RiskVision is automating how Global 2000 companies and government agencies achieve continuous monitoring of big data across financial, operations, and IT domains to orchestrate incident, threat, and vulnerability actions in real time. Agiliance RiskVision customers demonstrate automation use cases within 30 days on-demand, and within 60 days on-premise, made possible by a configurable platform and applications, broad library of technology integrations, and vast domain and regulatory content. Agiliance RiskVision scales with businesses, effectively managing assets, data, people, and processes to achieve 100% risk and compliance coverage. Its real-time risk analysis leads to optimized business performance and better investment decisions. For more information, please visit www.agiliance.com.

Article source: http://www.darkreading.com/management/agiliance-former-cia-ciso-offer-cybersec/240162890

Dubai, United Arab Emirates, October 20, 2013 – Etisalat Group, the leading telecoms operator in the Middle East, Asia and Africa, today at GITEX Technology Week celebrated an enduring partnership with MasterCard that has brought award-winning technology to the market.

“Over the last few years, Etisalat has used GITEX as a platform to launch innovative solutions that are now being used by millions of people all over the world,” said Khalifa Al Shamsi, Chief Digital Services Officer at Etisalat Group. “We’re now looking at ways to build on this successful partnership with MasterCard using the technologies of tomorrow such as this innovative payment product we are showcasing today.”

To showcase their partnership in bringing cutting edge payment solutions to the market, Etisalat and MasterCard demonstrated a new solution for the highly anticipated Google Glass computing device to browse, select and pay for products and services[1]. Someday the two companies could utilise innovative machine-to-machine technology to bring it to the market. GITEX 2013 marked the first international demonstration of Google Glass by MasterCard as a next generation payments solution.

Google Glass displays information on a small display over the wearer’s right eye that looks like a 25-inch screen viewed from a distance of eight feet; it is expected to be available to consumers from next year. The new shopping and payment solution was developed by MasterCard Labs.

“With technology such as Google Glass coming to the market soon, MasterCard and Etisalat are exploring many more opportunities to build on a successful history of partnering that has already brought innovative solutions in mobile commerce to the market,” said Brian Lang, senior vice-president, Market Development, Middle East and Africa, MasterCard.

Over the past two years, the mobile commerce solution Flous, a digital wallet on mobile devices that can be used for a host of financial services including local and international money transfer and cash-free payment of products and services, won two of the telecoms industry’s most prestigious awards at the GSMA’s Mobile World Congress in Barcelona.

Flous was successfully launched in Egyptian market by Etisalat and MasterCard in conjunction with the Egyptian Banking Company earlier this year.

–The End–

Etisalat Group

Strong commitment to excellence and innovation has seen Etisalat become one of the world’s fastest-growing telecom groups, rapidly expanding across Asia and Africa. Its UAE operations, strategically located at the crossroads of East and West, enables Etisalat to be the major hub in the Middle East for Internet, voice, broadcast, roaming and corporate data services. Etisalat has been recognised as ‘Best Operator’ 10 times since 2006 and ‘Best Wholesale Provider’ four times in the last three years. Servicing 143 million customers in 15 countries Etisalat continues to reach out to new customers and markets.

About MasterCard:

MasterCard (NYSE: MA), www.mastercard.com, is a technology company in the global payments industry. We operate the world’s fastest payments processing network, connecting consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. MasterCard’s products and solutions make everyday commerce activities – such as shopping, traveling, running a business and managing finances – easier, more secure and more efficient for everyone. Follow us on Twitter @MasterCardNews, @MasterCardMEA, join the discussion on the Cashless Pioneers Blog and subscribe for the latest news on the Engagement Bureau.

Article source: http://www.darkreading.com/mobile/etisalat-and-mastercard-team/240162891

SAN FRANCISCO, Oct. 21, 2013 /PRNewswire/ — Clicktime.com, Inc., a leader in hosted timesheet and expense tracking software, today announced its partnership with OneLogin, an innovator in enterprise identity management, to provide integrated Single Sign-On (SSO) offerings including SAML-based authentication as well as Active Directory integration.

For users, SSO eases access to ClickTime by removing “yet another password” to remember. For corporate IT departments, access to SaaS apps like ClickTime is controllable from a central directory with OneLogin’s easy-to-use management tools. This also allows ClickTime to easily comply with customers’ multi-factor authentication or complex password requirements.

“ClickTime has always been easy to implement and use,” said Alex Mann, CEO of Clicktime.com, “and we’ve found a partner who makes directory management just as easy. OneLogin is simplifying integration between ClickTime and Active Directory. OneLogin even makes this service available to our Enterprise users at no additional cost. Together with our options for OpenID and Google Apps integration, we’re now able to offer the entire spectrum of SSO choices.”

“We welcome ClickTime to OneLogin’s growing family of SaaS vendors who understand that enterprises want to control access to their data in the cloud. Using SAML and OneLogin’s industry-leading directory integration, ClickTime’s customers can now provide users a seamless sign-in experience while at the same time centralizing access control and eliminating passwords,” said Thomas Pedersen, CEO at OneLogin.

Availability/next steps:

ClickTime Enterprise customers can take advantage of OneLogin’s Active Directory integration immediately and at no additional cost. Learn more about the OneLogin for ClickTime Free plan. Users needing to upgrade their ClickTime service should contact [email protected].

About Clicktime.com, Inc.

Clicktime.com specializes in developing user-friendly, business-grade web applications with a 15-year track record of reliability. Clicktime.com’s flagship Software as a Service (SaaS) product, ClickTime Web Timesheet, helps businesses in over 50 countries manage timesheet and expenses effectively. Clicktime.com provides time tracking services for Xerox, Aetna, American Express, Conservation International, and thousands of small and large organizations worldwide.

http://www.clicktime.com

About OneLogin

OneLogin is the innovator in enterprise identity management and provides the industry’s most comprehensive solution for managing user identities, both in the cloud and behind the firewall. OneLogin’s cloud identity platform comes complete with secure single sign-on for web, mobile and iPad, federated search, user provisioning, deep directory integration with real-time user sync, out-of-band multi-factor authentication, VPN integration and compliance reporting.

Article source: http://www.darkreading.com/applications/clicktime-partners-with-onelogin-to-stre/240162922

BURLINGTON, Mass. October 21, 2013 – Arbor Networks, Inc., a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, announced today that they have collaborated with Google Ideas to create a data visualization that maps global distributed denial of service (DDoS) attacks.

Google Ideas – a ‘think/do’ tank – explores how technology can enable people to confront threats in the face of conflict, instability or repression. Google Ideas used anonymous data from Arbor Networks’ ATLAS global threat monitoring system to build a data visualization that allows users to explore historical trends in DDoS attacks, and make the connection to related news events on any given day. The data is updated daily, and historical data can be viewed for all countries.

The Digital Attack Map was introduced today at the ‘Conflict in a Connected World’ summit, hosted by Google Ideas, in partnership with the Council on Foreign Relations and the Gen Next Foundation. The summit brings together experts, technologists and people with relevant experience from across a wide range of disciplines and backgrounds to address how technology can play a role in exploring trends, exposing threats and empowering people in conflict.

When Arbor Networks first began working with leading network operators in 2000, flood attacks were in the 400Mb/sec range. Today, they regularly exceed 100Gb/sec. The sheer size of the attacks is not all that has changed. Beginning in 2010, and driven in no small part by the rise of Hacktivism, we’ve seen a renaissance in DDoS attacks that has led to innovation in the areas of tools, targets and techniques. Today, DDoS is a complex threat that mixes flood, application and infrastructure attacks in a single, blended attack.

“The people at Google Ideas have really done an amazing job bringing Arbor’s global DDoS attack data to life,” said Arbor Networks President Colin Doherty. “The goal of this collaboration was to show what a global threat DDoS is and how DDoS can be used to suppress speech and threaten open access to information.”

World Leader in DDoS Prevention

Arbor Networks customers include the world’s leading Internet service providers and many of the largest enterprise networks in use today. According to a report published in June 2013 from Infonetics Research titled, “DDoS Prevention Appliance Market Outlook,” Arbor Networks was cited as top supplier of DDoS prevention solutions overall, as well as in the Carrier, Enterprise and Mobile market segments.

About Arbor Networks

Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier”, making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context – so customers can solve problems faster and help reduce the risk to their business.

To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.

Trademark Notice: Arbor Networks, Peakflow, ArbOS, ATLAS, Pravail, Arbor Cloud, Arbor Optima, Cloud Signaling, the Arbor Networks logo and Arbor Networks: Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brand names may be trademarks of their respective owners.

Article source: http://www.darkreading.com/management/arbor-networks-and-google-ideas-collabor/240162905

NEW YORK–(BUSINESS WIRE)–The number of companies falling victim to fraud has increased in the past year, according to the 2013 Kroll Global Fraud Report. Overall, 70 percent of companies were affected by fraud in the past 12 months, up from 61 percent the previous year, with an increase in every category of fraud covered by the study.

The report reveals that the globalization of business is increasing exposure to fraud, as businesses seek expansion into riskier overseas markets and use greater levels of outsourcing. The sharpest increase was in vendor, supplier or procurement fraud, suffered by one in five businesses (19 percent), up from 12 percent last year. Indeed, of those companies that fell victim to fraud in the past 12 months, one third (30 percent) experienced fraud perpetrated by vendors or suppliers while 11 percent suffered at the hands of joint venture partners.

In a year where several companies have been rocked by high-profile corruption scandals, the proportion of companies affected by corruption and bribery increased from 11 percent to 14 percent. Corruption is by far the most important element dissuading companies from doing business in certain markets, such as Africa, Latin America and India. Almost half (46 percent) of companies have refrained from expanding into a foreign market, citing corruption as the main reason. In fact, entry to new, riskier markets has increased the vulnerability of almost one in three companies (30 percent) to fraud.

Businesses now face a more diverse range of threats; those affected in the past year on average suffered from 2.3 different kinds of fraud each, up from 1.9 last year. The vast majority of respondents (81 percent) believe that their firm’s exposure to fraud has increased overall in the past 12 months, up from 63 percent in the previous survey.

Growing insider threat

The report reveals that overall, 72 percent of companies have been hit by fraud led by at least one insider, up from 67 percent last year. Of those victims of fraud, 32 percent had suffered at least one crime where the main perpetrator was in senior or middle management, 42 percent where he or she was a junior employee and 23 percent where an agent or intermediary was the main culprit.

However, the study also reveals that most fraud is discovered internally. In cases where the fraud was uncovered, over half (52 percent) were discovered by management and an internal audit played a role in 51 percent of cases, compared to just one in 10 incidents (10 percent) where an external audit contributed to its discovery.

Senior employee alertness is key to combating fraud. However, when senior employees are themselves the perpetrators, whistleblowers become a more important way of exposing wrongdoing. A whistleblower was involved in one in three incidents (32 percent) of all cases where fraud was uncovered and in 41 percent of cases that involved senior or middle management. Despite this, just 52 percent of companies reported that they have invested in staff training around fraud and the creation of whistleblower hotlines.

Tom Hartley, CEO of Kroll, commented: “It should come as no surprise to anyone whose job it is to combat fraud that the global incidence of fraud is rising. But the measure of a good company is not whether or not you’ve suffered a fraud, it’s how you prepare for it, how you deal with it and how you move on afterwards. Many of the clients we’ve helped deal with fraud over the last 12 months have, on discovering fraud, resolved the issue and moved forward with a better risk mitigation strategy including vendor screening, whistleblower programs and employee training. Most would say that they are now in a better position because of the fraud and the way they dealt with it. So it’s not just about avoiding fraud, which is almost inevitable, it’s also about how you respond.”

Cyber-threats: firms vulnerable to information theft

The study reveals that more companies are highly vulnerable to information theft (21 percent) than any other category of fraud and three quarters of businesses (75 percent) are at least moderately vulnerable to it. Information theft remains the second most common type of fraud, affecting more than one in five businesses over the past year (22 percent) and executives say that the complexity of their IT infrastructure is the biggest factor increasing their company’s exposure to fraud (cited by 37 percent of respondents).

This increasing exposure to fraud due to IT complexity is being exploited more by outsiders. As a share of all incidents of information theft, attacks by external hackers have almost doubled from 18 percent to 35 percent, and 17 percent of information theft victims suffered as a result of a hacker attack on a vendor or supplier, up from 5 percent last year.

However, like most frauds, information theft is typically an inside job. Of those who have suffered in the past year where the perpetrator is known, 39 percent say an employee was to blame.

Tom Hartley explained: “Cybercrime is a growing threat for businesses but many businesses are under-prepared for it. A third of them say they don’t currently invest in IT security and while companies that are planning to increase investment are focusing on technology, they are neglecting elements such as staff screening and due diligence on partners, clients and vendors. These processes are key to mitigating the insider threat, which often can’t be detected by anti-fraud technology or physical security.”

The seventh Kroll Annual Global Fraud Report includes a full, detailed industry analysis across a range of fraud categories and regions. To obtain a copy please visit fraud.kroll.com

Notes to editors

Kroll commissioned the Economist Intelligence Unit to conduct a worldwide survey on fraud and its effects on business during 2012/13. A total of 901 senior executives took part in the survey from a wide range of industries, including Financial Services; Professional Services; Retail and Wholesale; Technology, Media and Telecommunications; Healthcare and Pharmaceuticals; Travel, Leisure and Transportation; Consumer Goods; Construction, Engineering and Infrastructure; Natural Resources; and Manufacturing.

Respondents were senior, with 53% at C-suite level. Almost half (49%) of participants represent companies with annual revenues of over $500m.

Respondents this year included 25% from Europe, 24% from North America, 23% from the Asia-Pacific region, 14% from Latin America and 14% from the Middle East/Africa.

Please visit http://www.kroll.com/resources/reports/global-fraud-report/2013-2014/press-only/ for key findings and graphics, including a detailed look at the industries, regions and types of fraud covered in the report.

About Kroll

Kroll, the global leader in risk mitigation and response, delivers a wide range of solutions that span investigations, due diligence, compliance, cyber security and physical security. Clients partner with Kroll for the highest-value intelligence and insight to drive the most confident decisions about protecting their companies, assets and people.

Kroll is recognized for its expertise, with 40 years of experience meeting the demands of dynamic businesses and their environments around the world. Kroll is headquartered in New York with offices in 45 cities across 28 countries. The firm has a multidisciplinary team of nearly 4,000 employees globally. www.kroll.com

Article source: http://www.darkreading.com/end-user/kroll-global-fraud-report-reveals-signif/240162935

Top Business Process Misconceptions: What you need to know

https://webinar.darkreading.com/16618?keycode=xxxxx

Deeper Network Security: Protection Tips Revealed

Agile Service Desk: Keeping Pace or Getting out Paced by New Technology?

Thwart off Application-Based Security Exploits: Protect Against Zero-Day Attacks, Malware, Advanced Persistent Threats

Article source: http://www.darkreading.com/end-user/cyberoam-netgenie-launches-wireless-vdsl/240162936

In the real world of constrained budgets and limited personnel, prioritization of security resources is a must. Many departments prioritize practices based on the severity of vulnerabilities, the value of a target and the likelihood of a threat hitting said target to try and effectively spread their money. However, the flip side of that is to remember that the real world is also a connected one. And as many security experts can attest, enterprises often forget to account for how attacks against the vulnerabilities in less critical systems can jeopardize the crown jewels.

“Most companies focus their efforts on locking down vital assets, such as the infrastructure, servers, mission-critical applications, and work machines, and when assessing risk, put too much emphasis on these as opposed to other systems deemed not as vital,” says Vann Abernethy, senior product manager for NSFOCUS. “But we have seen attacks against these soft targets that either led to serious damage or were used as a way into the systems that were thought to be better protected.”

A great example of what it looks like when an organization chooses not to secure these incidental soft systems happened back in 2011 at the Hong Kong Stock Exchange (HKEX), Abernethy explains. HKEX ran a simple informational news site that wasn’t prioritized for protection because it was a low-risk system with no connection to trading platforms and seemingly no connection to the organization’s core trading functions. Nevertheless, a DDoS attack against this site actually kept a number of prominent companies from trading while that site was down.

[Your organization’s been breached. Now what? See Establishing The New Normal After A Breach.]

“The news site is where companies posted announcements to comply with disclosure regulations, and when those statements could not be posted, trading was halted,” Abernethy says. “So a site with minimal protection and a lower perceived risk value can cause several major stocks to go untraded when taken out – and result in a huge loss in revenue.”

It is a good lesson in how organizations have to exercise a higher level of thinking about potential threats to seemingly low priority systems. In that case the system in question was not necessarily connected to more sensitive systems in data. But often de-prioritized soft targets are ideal for attackers because these systems have back-end connections to other systems that IT staff may not be aware of or have forgotten about. Similarly, some soft targets may not necessarily be connected to sensitive systems but could still hold sensitive data due to lack of policies or lack of enforcement of existing policies. Take, for instance, test databases for development work—in many of these organizations these databases will contain real production data within them. But they’re not considered high-priority systems and don’t have near the levels of controls on them as production databases.

So how does IT find those systems that could prove to be soft targets for attackers? It starts with becoming more comprehensive in asset discovery and tracking—it’s a task that’s helpful not just for vulnerability management but many more security investments that need to be made, says John Walton, principal security manager at Microsoft in charge of the Office 365 security engineering team, who recommends using as many different sources of data as possible to put together an asset list, starting first with subnet base scanning and moving outward from there.

“So think about things like your log data, maybe netflow data or network routing information, your asset data in Active Directory and any other number of sources you may have available or could start collecting from,” he says. “Then really try to combine those different sources because the more you can identify the closer you can get to having a complete asset list.”

Even before developing that list, though, netflow data can also be particularly helpful for identifying existing compromises of seemingly low-risk systems connected to and endangering more critical systems.

“If you are seeing large and unexpected flows of data from an internal origination point to other computers on the network or to external addresses, this can indicate an attempt to exfiltrate data from your company,” says A. N. Ananth, CEO of EventTracker. “Netflow data is a useful way to spot these unexpected information flows.”

However, keeping tabs on netflow may only be addressing symptoms of a deeper problem. Part of the issue at hand is that organizations are assessing risks to their assets in a bubble, says John Pescatore, director of emerging trends for SANS Institute.

“There is generally no real connection to real world threats on how best to protect the business or the customer’s information,” he says.

He says that all too often organizations use a small imaginary number to estimate the probability of a security incident, a large imaginary number to estimate the cost of a security incident and then multiply those two numbers together to get a medium-sized imaginary number, says Pescatore, who says the exercise is purely done to tell auditors that they did an assessment.

Instead, he says it is important to home in on a controls-based priority list. This can be done by relying on a community of experts who can look at real-world threats and prioritize which security controls are most valuable in deterring those threats. Then prioritize those solutions that implement those controls with as much automation as possible to improve efficiency and effectiveness.

“Work your way down the priority list until you run out of budget,” he says.

Most importantly, though, organizations need to be comprehensive when seeking out IT assets eligible for these controls. While mission critical systems certainly deserve the most attention to details, security professionals must also keep an eye out for the fringes of IT infrastructure. Because it is there—in the places where high-priority and low-priority systems may be interconnected, where business processes create a tenuous connection between unrelated systems and where data lurks in unexpected places—it is that gray area where the biggest propensity for compromise could lie.

“Companies should take a very serious look at all assets and be very comprehensive in looking at the consequences of an attack,” Abernethy says. “Don’t overlook the mundane, because as the HKEX found out, it may very well be a critical risk area.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/avoiding-breaches-where-you-least-expect/240162928

ioControl – hybrid storage performance leadership

Sysadmin blog People are out to get you. Your business, your users, your systems and your data all have value to someone.

You could be targeted because you have something that someone specifically wants, or because attackers are hoping to find bank account details or email addresses to spam, or because they want your compute power for a botnet.

Few companies have the luxury of being able to dedicate one or more members of staff to security, but there are some easy layers of defence that everyone should have in place.

Security does not earn money so it tends to be something companies attend to after an incident. But remember you may very well be blamed for not having identifed the risks.

Black magic

A unified threat management solution is one defence option. This is a gateway that has black wizardry to protect you from spam, intrusions and viruses, as well as controlling content or network traffic.

It is one of those balance calls: you won’t stop everything (impossible) but for a reasonably small outlay you will be ahead of many people out there and become a less easy target.

This sort of device should alert you to something going on that you would normally not be aware of. For example, I have seen laptops plugged into a corporate network whose user had administrator access, clicked on a few dodgy websites at home and ended up being a spam relay box.

Seeing an alert come up warning of large numbers of connection attempts on port 25 to an overseas address is an easy way to catch this.

Ye of little faith

Endpoint security is another area where it might seem like you are dishing out cash for nothing.

Microsoft Windows 7 and below have this covered fairly well with Microsoft Security Essentials for your anti-virus needs and Windows Defender for spyware. Windows 8 has Windows Defender built in and does both anti-virus and anti-spamware.

One of the most common methods of getting something unwanted is via an infected USB. Blocking USB devices is of course one line of defence, but if you are not in a highly secure environment you will just annoy your staff, who probably don’t want to see or believe the risks.

I have seen malware that launches via the autorun.inf file, which can mean users are running the malware on every PC they decide to plug into.

Fear of phones

The latest threat on the block is mobile malware. Android phones are still the worst, hands down, so if you can possibly avoid it, don’t provide them to staff. iPhones, Windows phones and BlackBerrys are much safer in that regard.

Enforcing a PIN or password on devices is the most basic level of protection and should be employed wherever possible.

It is worth having a look at a mobile device management platform. It can report on what apps are installed on your mobile fleet, allow you to remote-wipe when someone leaves their phone in the back of a taxi, and can help identify devices that are not running the latest operating system version.

Knowing whose device is jailbroken is also a good thing. Remember the RickRoll worm? 

If you care about protecting your data when users are sharing it, don’t use open, free services such as DropBox. The ideal solution is something that can be hosted on premises (so you know where your data is), has optional security mechanisms (so you can control who sees the data), and has killable time-bomb links (so you can pre-determine when data should no longer be available).

A year after he left the company company-sensitive information was still being emailed to him

The rogue user is another danger area. I have seen a few in my time. One example: a staff member set all his emails to be forwarded externally, and a year after he left the company to work for a competitor, someone worked out that company-sensitive information was still being emailed to him.

At the other end of the scale is someone who left but knew another person’s password. Weeks after leaving the company he logged in via webmail and began abusing staff.

Flashing red lights and sirens should be going off in your brain about this. Policies prohibiting sharing passwords with other staff members and a regular forced change of password should avoid these situations.

Beware the mafia

Making sure that accounts are disabled as people walk out the door for the last time is a very small price to pay to avoid a potential high risk of damage.

It is also worth educating users with reminders and tips. It is obvious to us, but a random email asking for their login details will often have users happily clicking a link that goes to “http://yourcompany.russianmafia.com” and entering their company username and password.

An attacker who has targeted a staff member or company can do huge amounts of damage and companies of all sizes are at risk.”

These are just some of the basic approaches you should consider to protect everyone. You want to be thinking about them now rather than when it is too late. ®

ioControl – hybrid storage performance leadership

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/21/data_security/

ioControl – hybrid storage performance leadership

PR Newswire has been forced to reset its clients’ passwords following a security breach linked to the same hackers who smashed into Adobe earlier this month.

The hackers made off with the usernames and encrypted passwords of the marketing and press release distribution service’s customers, reports investigative journalist Brian Krebs.

If the passwords were cracked, perhaps by using rainbow tables to look for leaked hashes that corresponded with weak passwords, it might have been possible to upload false earning warnings or similar fake news in order to manipulate stock prices and profit from the resulting confusion.

Thankfully, there is no evidence that anything like this has happened.

Swiped usernames and encrypted passwords from PR Newswire were found on the same internet server that hosted source code stolen from Adobe – evidence that points towards the same hacking group being behind both attacks.

PR Newswire confirmed that the stolen data came from its systems before resetting users passwords and putting out an advisory note about the breach. Exposed data appears to be mainly confined to EMEA customers of the marketing service.

In a statement, PR Newswire said it is “conducting an extensive investigation” into the breach” and promised to bolster security to limit the odds of a repeat of the assault. It said its preliminary investigation suggests that customer payment data was not compromised as a result of the attack, but nonetheless apologised for the whole sorry affair:

We recently learned that a database, which primarily houses access credentials and business contact information for some of our customers in Europe, the Middle East, Africa and India, was compromised. We are conducting an extensive investigation and have notified appropriate law enforcement authorities. Based on our preliminary review, we believe that customer payment data were not compromised.

As a precautionary measure, we have implemented a mandatory password reset for all customers with accounts on this database. As a general practice, we recommend that our customers use strong passwords and regularly update them, not just on PR Newswire but on any website requiring login credentials. From an internal perspective, we continue to implement security improvements and additional protocols to help further protect user portals and customer and proprietary information.

Krebs was helped in his investigation into the PR Newswire breach by Alex Holden, chief information security officer at Hold Security.

“Misleading PR statements on behalf of major companies could disrupt stock markets, injure a company’s reputation, and affect consumers,” Holden told Krebs.

A statement by Hold Security sheds more light on the circumstances of the find of PR Newswire data on the hacked server:

The same group of cyber criminals responsible for LexisNexis, NW3C, and Adobe breaches also had stolen data that belongs to PR Newswire. Partial website source code and configuration data along with a database of PR Newswire customers was found on the same server where Adobe System’s source code was located.

Cleverly disguised as an image, an archive of PR Newswire was found on hackers’ repository server. The database date appears to be from March 8, 2013 but it is unclear yet if the breach had happened at the same time or at a later date as the archive was created on April 22, 2013.

While we are presently unaware of any deviant abuse of the stolen data, this breach casts a number of questions about the intentions of the hackers.

In an update to its statement, Hold Security said that an attack based on ColdFusion exploits was launched against multiple PR Newswire networks on 13 February. The theory is that this might be the attack that resulted in the breach.

This, at the very least, is an interesting coincidence because the (as yet unidentified) hackers behind the Adobe source code heist specialised in targeting vulnerabilities in the ColdFusion web application development platform, according to previous research by Krebs.

The journalists-turned-security investigators have linked the same attackers to hacks against top US data brokers, including LexisNexis and Dun Bradstreet as well as the the National White Collar Crime Center, a US-based non-profit organisation for the training of cybercrime investigators.

The breach against Adobe’s systems compromised the information of 2.9 million customers, as well as allowing unidentified hackers to access the source code of Adobe products including Adobe Acrobat, ColdFusion, ColdFusion Builder, and other unnamed products. Customer names, encrypted credit and debit card numbers, expiration dates, and other information relating to customer orders was all exposed.

Adobe has reset customer passwords as a precaution following the incident and followed up with notice to users, distributed by email.

In the wake of the hack, security firm Trusteer warned that hackers could potentially used the leaked code to develop zero-day exploits, a threat the IBM-owned firm’s products are specifically designed to protect against.

“The Adobe network breach puts organizations and users at significant risk,” writes Dana Tamir, director of enterprise security at Trusteer. “If the source code for Adobe Reader or other popular Adobe applications was stolen, it means that cyber-criminals now have the opportunity to search this code for new unknown vulnerabilities, and develop malicious code that exploits these vulnerabilities. You can expect that we will soon have a stream of new, nasty zero-day exploits.”

The scenario sketched out by Tamir is certainly not implausible but finding previously unknown vulnerabilities in complex software applications – even given access to the source code – is painstaking, laborious and skilled work. Few have the mindset or patience to carry this out. The hackers behind the breach almost certainly lack the necessary skillset: however, they might sell the source code to someone with the resources to look for security holes, perhaps even an intelligence agency of a nation state.

Previous source code leaks from the likes of Symantec and Cisco did not result in a noticeable increase in the volume of zero-day exploits affecting their products. However ,Adobe’s applications are a prime target for hackers so more effort might be put into finding holes in the leaked code than might otherwise be the case. Enterprise security firm Hold Security backs up Trusteer’s initial reaction that bad things were likely to flow out of the Adobe source code leak:

“Source code leak is THE STORY. It exposes Web Servers and PCs to new exploits,” it said in a Twitter update around the time that news of the initial hack of Adobe broke in early October. ®

ioControl – hybrid storage performance leadership

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/21/pr_newswire_hackers_adobe_link/

ioControl – hybrid storage performance leadership

A security researcher has suggested that Apple’s claim that its iMessage app is spook-proof and secure is “just basically lies”.

Cyril Cattiaux, who works at the research firm QuarksLab, made his claims during a speech to the Hack in the Box conference, which were quoted by PC World – the tech news site, rather than the British retailer.

In a detailed blog post, Cattiaux said that the public key cryptography used by Apple in its iMessages made them vulnerable to snooping.

He said: “The weakness is in the key infrastructure, as it is controlled by Apple. They can change a key any time they want, thus read the content of our iMessages.”

However, there is no suggestion that Apple wilfully misled its customers and it has not been accused of actually reading fanbois’ iMessages.

In June, Apple released the following statement which discussed the security of iMessage:

Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.

Apple’s iMessage is a text-messaging service which allows fanbois to send free messages over Wi-Fi. ®

ioControl – hybrid storage performance leadership

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/21/apple_accused_of_lying_about_spookproof_imessage/