STE WILLIAMS

CUPERTINO, Calif., Sept. 3, 2013 – Those who have ruined their reputations and damaged their careers after posting inappropriate material on social networks include politicians, movie and sports stars as well as teachers, police officers and even fast food restaurant employees. The problem of exposing too much information could continue to plague social media users, a possibility supported in the August 2013 poll by Cint USA and the global security software developer Trend Micro. According to the poll, 24% of the respondents said they have posted something they later regretted or removed, and 36% said they have seen something they regard as inappropriate on Facebook, Twitter or Google +.

While it may be too late for some, Trend Micro, a global leader in security software, has solved the riddle of social network privacy settings for Facebook, Twitter and Google+, which can help prevent life-ruining posts from ever happening in the first place.

“Privacy is a huge concern, and it all starts with making sure that we don’t have ‘I wish I hadn’t done that’ regretful moments,” says Akihiko Omikawa, Executive Vice President, Global Consumer Business at Trend Micro. “Guarding against identity theft, protecting against viruses and keeping families safe online come standard in Trend Micro security solutions. But if you don’t understand how to manage your social network privacy settings, no amount of security software will keep your online reputation protected. The first line of defense in enjoying your digital life safely is to get a handle on social media privacy. Trend Micro gives social media users a simple way to avoid harming themselves or ruining their reputations by sharing too much information with unintended audiences.”

Trend Micro has expanded its unique social network privacy technology, which identifies privacy settings that may leave personal or inappropriate information publicly available or vulnerable to identity theft. Trend Micro also gives users control over which apps can access biographical data, and who can tag and see photos. These features are critical today, considering only 24% of Facebook users change their privacy settings each month or more often, according to the same survey of social media users. The same poll showed that 27% of Twitter users and 30% of Google+ users have never checked their privacy settings and 34% of Twitter users and 39% of Google + users have never updated their privacy settings. Trend Micro’s robust personal privacy management tool now dramatically simplifies privacy settings on Twitter and Google+, and Facebook – for both Mac and PC. Facebook settings can also now be managed on-the-go via an Android app.

The social media privacy management tool is featured in today’s release of Trend Micro’s Titaniumtrade 2014 family of consumer security products. Titanium Security 2014 is a customizable security solution built on Trend Micro’s 25 years of leadership in Internet security.

Titanium Security 2014 solutions provide industry-leading, anti-virus and Web-threat protection that identifies and blocks dangerous links in websites, social networks, emails and instant messaging. It also detects spam emails containing phishing scams that can trick users into revealing private personal information. According to the August 2013 AV Comparatives report, Trend Micro Titanium offers the broadest combination of privacy and Web threat protections for Facebook, Google+, and Twitter across PCs and Macs among 31 security products reviewed (Social Network Protection Review, August 2013, AV Comparatives).

To help fight identity theft, Trend Micro’s password management feature in Titanium Security 2014 includes a secure browser to conduct safe online commerce that is specifically designed to support secure online banking. Based on users from the same poll, respondents have an average of 12 accounts requiring passwords, but are using only eight passwords among those dozen accounts. An identify thief can do more damage to a victim that uses the same password in multiple accounts.

Additionally included in Trend Micro’s customized solutions are robust parental controls to help families protect children from the dangers inherent to Internet use. Titanium Security 2014 empowers parents to restrict and filter their children’s online access, protecting them from inappropriate or harmful websites. In addition, the security solution includes a way to monitor kids’ behavior online – to help parents protect their kids from cyber bullying and encounters with online predators.

For Android smartphone and tablet users, Titanium Security 2014 includes the Facebook privacy management app within the Trend Microtrade Mobile Security. Mobile Security is designed to find a lost or stolen device, identify data-stealing mobile apps, back-up and restore data stored on a device, and remotely lock and wipe out data.

“Life is difficult enough without having to worry whether or not your reputation, your data or your identity is protected,” says Omikawa. “Trend Micro tackles this enormous challenge with Titanium Security 2014. This comprehensive solution provides users with all-in-one protection on PCs, Macs and mobiles devices for practically everything you do online, so you can enjoy your digital life safely.”

About Trend Micro

Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our solutions for consumers, businesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. All of our solutions are powered by cloud-based global threat intelligence, the Trend Microtrade Smart Protection Networktrade infrastructure, and are supported by over 1,200 threat experts around the globe. For more information, visit TrendMicro.com.

Article source: http://www.darkreading.com/privacy/live-to-not-regret-using-social-media/240160640

Recent news in the international media has revealed numerous Internet privacy concerns that definitely deserve attention and further investigation. This is why we, at High-Tech Bridge, decided to conduct a simple technical experiment to verify how the 50 largest social networks, web services and free emails systems respect – or indeed abuse – the privacy of their users. The experiment and its results can be reproduced by anyone, as we tried to be as neutral and objective as possible.

The nature of the experiment was quite simple: we deployed a dedicated web server and created secret and totally unpredictable URLs on it for each tested service, something similar to:

http://www.our-domain-for-test.com/secret/18354832319/sgheAsZaLq/

Then we used various legitimate functionalities (detailed in the table below) of the tested services to transmit the secret URLs, carefully monitoring our web server logs for all incoming HTTP requests (to see which services followed the secret link that was not supposed to be known and accessed by anyone).

During the 10 days of our experiment, we trapped only six services out of the 50. However, among those six were four of the biggest and most used social networks: Facebook, Twitter, Google+ and Formspring. The remaining two were URL shortening services: bit.ly and goo.gl.

If for the URL shortening services such behavior may be part of their legitimate functionalities, it should not also be the case with social networks such as Facebook and Twitter. Taking into consideration that some of the services may have legitimate robots (e.g. to verify and block spam links) crawling every user-transmitted link automatically, we also created a robots.txt file on our web server that restricted bots accessing the server and its content. Only Twitter respected this restriction, all other social networks simply ignored it, accessing the secret URL.

Below, you can find HTTP requests of trapped services that accessed the secret URLs:

Bit.ly:
IP: 50.17.69.56
User-Agent: bitlybot

Facebook:
IP: 173.252.112.114
User-Agent: facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)

Formspring:
IP: 54.226.58.107
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31

goo.gl:
IP: 66.249.81.112
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko; Google Web Preview) Chrome/22.0.1229 Safari/537.4

Google+:
IP: 66.249.81.112
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google (+https://developers.google.com/+/web/snippet/)

Twitter:
IP: 199.59.148.211
User-Agent: Twitterbot/1.0

Marsel Nizamutdinov, Chief Research Officer at High-Tech Bridge, comments: “The results of this experiment are quite interesting actually. The four trapped social networks justify their activities by “automated verifications”. However, it is technically impossible to verify what is really going on and how the information obtained on the user-transmitted URLs is being used. Today, quite a lot of web applications omit authentication and rely on temporary or unpredictable URLs to hide some content and, when users transfer such URLs via social networks, they cannot be sure that their information will indeed remain confidential. Unfortunately there is no way to keep the URL and its content confidential [if there is no authentication of course] while transferring the URL via social networks.”

Article source: http://www.darkreading.com/privacy/social-networks-can-robots-violate-user/240160622

With the G-20 Summit a little more than a week away, cyberattackers are using the conference as a theme as they target government and financial institutions.

According to Rapid7, multiple groups — potentially originating in China — are responsible for the attacks, including a prominent group known as the Calc Team or APT-12 that has been tied to an attack on The New York Times.

“Within the security community there’s the firm belief that the Calc Team is an espionage group operating from China, which originally stood out due to the use of a peculiar algorithm used to calculate the connection details to their Command Control servers (CC) out of an initial DNS request,” blogs Rapid7 security researcher Claudio Guarnieri. “[This] group has been tracked by researchers for years and is believed to be responsible of numerous attacks against government agencies, financial institutions and defense contractors.”

The recent attacks all use the upcoming G20 conference — scheduled for Sept. 5 and 6 in St. Petersburg, Russia — as a theme for the bait. The first of the ongoing G20-themed attacks tied to the group was detected in May, and featured a PDF document outlining a development agenda for the Russian presidency, as well as a second document entitled “Global Partnership for Financial Inclusion Work Plan 2013.”

“Both are clearly Windows executable files that try to disguise as PDF documents,” the researcher notes. “As commonly happen, no exploit has been used here and the attacker uniquely relied on social engineering the targets to open and execute the files contained in the archive. Upon execution, both these files extract an actual embedded PDF to the %Temp% folder and display them to the victim, in order to not raise suspicion.”

Earlier this month, two more attacks tied to the group using other G20-themed booby-trapped documents were detected, as well. Once the malware is on the system, it is then used to download additional malware and log the keystrokes of users. In order to intercept keystrokes, the malware constantly loops through an embedded list of keys and checks the state for each key with GetKeyState Windows API. Currently, the command-and-control used by the attackers remains active.

“Assuming that the chain of attribution to Calc is correct, it’s interesting to observe that despite major international exposure after The New York Times incident, the intrusion group/s behind these attacks is still operational and doesn’t seem to have been affected by the sudden attention received by newspapers and researchers,” Guarnieri blogs.

“Unfortunately we have no visibility into the result of the attacks and whether the operators managed to be successful, but it’s remarkable that despite the high profile of the average target of these espionage operations, the tactics and tools adopted are not as sophisticated as one would expect,” he adds. “As also pointed out by FireEye, the creators of the malware seem to be actively changing things around in order to avoid detection by network defense layers, which combined with the lack of exploitation involved, it leaves a large responsibility on the targeted user to be able to recognize the social engineering attempt and isolate the attack.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/g20-summit-becomes-bait-for-cyberespiona/240160484

Thieves broke into an office of the largest health system in Illinois last month and stole four unencrypted computers that contained personal information — including Social Security numbers and health insurance information — of 4.03 million patients. An administrative office of Advocate Medical Group was burglarized, according to the health care organization, and a criminal investigation is under way.

The break-in occurred at an Advocate Medical Group administrative office in Park Ridge on July 15; the stolen computers included the names, addresses, dates of birth, and Social Security numbers of patients, as well as some clinical data, including their physicians, diagnoses, medical record numbers, medical service codes, and health insurance data. Advocate Medical Group says no patient medical records were stored on the stolen machines.

“The most important thing is that this issue has no impact on patient care,” said Kevin McCune, M.D., chief medical officer at Advocate Medical Group. “Security is a top priority for our health care ministry. Nothing leads us to believe that the computers were taken for the information they contained or that any patient information has been used inappropriately.”

The incident marks one of the biggest health care breaches yet with the number of patients whose information has been exposed, according to Bill Barr, a development coordinator with the newly formed Medical Identity Theft Alliance (MIFA) and co-founder of the Smart Card Forum.

“It appears that it was just some computers behind locked doors that were [reportedly] password-protected. That’s not the strongest security people should be [employing],” Barr says.

Even more chilling is that the thieves now have a treasure trove of medical identification that could be rolled into medical ID theft “kitz” sold in underground forums, according to Barr. “They’ve got all of the information they need … to put together 4 million kitz,” he says. “To me, that’s a very serious situation.”

These medical ID kitz typically include bank account credentials, Social Security numbers, health insurance credentials, and phony driver’s licenses or other IDs, and sell for $1,200 to $1,300, according to Dell SecureWorks, which recently uncovered some of these scams.

Advocate Medical Group has notified patients whose data was stored on the stolen machines, and is offering free credit monitoring and ID theft protection. The organization also is beefing up physical security at the burglarized location, with round-the-clock security, and considering doing the same at other locations. “We have reinforced our security protocols and encryption program with associates,” the company said in its disclosure notice about the breach.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/4-million-patients-at-risk-after-compute/240160518

The fable of the Tortoise and the Hare has been passed on from generation to generation of children for over 2500 years. Most of us first hear it while curled up in our parents’ laps, or perhaps as one of our first story times at school. The tale, as most commonly interpreted, tells us that slow, steady, and determined beats impulsive yet agile and quick.

Which is, of course, absolute rubbish. Just ask Usain Bolt. Or stick a tortoise and a hare in front of a bear and see what happens. Go ahead, I’ll wait.

The security profession is entering what is most likely the most challenging period we have ever faced, as both a community and industry. The challenge isn’t from Chinese hackers, Russian cybercriminals, or the NSA, but rather from the decisions being made by the organizations we protect. Our infrastructure, architectures, creation, delivery, and consumption models are changing more rapidly and to greater extremes than ever before. More than the move to desktop computing. Greater than our adoption of the Internet.

I’m about to jump on the soap box for a bit and get all motivational, but before you think I’m all preachy, keep in mind that I don’t have anything personally invested in whatever decision you make, but this is sure as heck how I’m planning my own future.

Much of this is encapsulated in the concept of DevOps; the collapse of traditional development and operational silos to enable more agile and rapid delivery models. Powered by cloud and mobile computing, using concepts like “immutable servers” and continuous delivery, it really is a different way of creating, releasing, and supporting applications. Everyone from Netflix to staid financial institutions is adopting DevOps, to different degrees, and we are creating a generation of developers and administrators that are highly unlikely to go back to “old” ways of doing things.

DevOps evolved to support highly competitive Web-based properties. In some cases it translates to dozens of software releases in a day, often pushed from development to production directly by the programmers. But the techniques are also used for more staid applications, like programmatically managing the configuration of thousands of servers using tools like Chef and Puppet, far more effectively than our more-traditional configuration management tools, which are better oriented to workstations.

DevOps brings tremendous security benefits, especially in the area of resiliency. A server acting up? Don’t bother debugging, just kill it and replace it with a new version and zero downtime. Managing developer keys on thousands of servers? There’s a script and a secure data bag for that. System compromised? Quarantine and snapshot it with a couple command lines, then redirect everything to a new, secure server with completely different credentials, in under 30 seconds. We manage our infrastructure more dynamically with code, templates, and automation.

The problem is that the security profession and providers are, generally, not attuned to working in a model of continuous change. We rely on standards, scanners, and slowing the rate of change to allow us to understand and implement appropriate security controls. We do this using tools with user interfaces that require ongoing manual tuning. And all too few of us maintain our skills as programmers and administrators, especially when many of our best and brightest are drawn to offensive research and incident response.

I’ve been spending a lot of time the past few years talking with, and teaching, security pros about cloud computing, mobility, and the rise of DevOps. I am met with far too many blank stares. And when I go into some of these organizations, I realize that security is blinded from the implementation of many security functions, which DevOps is now managing on their own.

It isn’t that security professionals (and providers) aren’t keeping up with any particular technology, it is that we are falling behind a cultural, architectural, and workflow shift that is only going to become more dominant. Why? Because it works. Companies deliver faster, things break less, and when they do they are fixed more quickly and cheaply.

I’m a pragmatist. This isn’t happening equally everywhere, and the world isn’t about to end. This isn’t a call to arms to change the industry, nor a criticism that security “isn’t getting it.” We have so much on our plates we don’t have time to keep up with every new little trend.

But consider this a piece of professional advice. If you want a long, fulfilling, and successful career in security, it’s time to learn some DevOps skills and adapt to that operational model. The hare isn’t slowing down anytime soon, and there sure seem to be a lot more bunnies than tortoises out there.

Article source: http://www.darkreading.com/management/dont-be-the-tortoise/240160523

August 27, 2013, San Francisco, CA –– VMworld –– Xceedium, Inc., the premier provider of privileged identity management for hybrid-cloud environments, today announced it is extending Xsuite’s security and audit capabilities to VMware vShieldtrade and vCloud. Customers using VMware’s software-defined datacenter tools and its Private Cloud and Hybrid Cloud environments can leverage Xsuite to address essential privileged user security and compliance requirements.

Xsuite already protects guest systems running in VMware vSphere along with the VMware management console. Xceedium is extending Xsuite access control, single sign-on (SSO), and graphical session recording capabilities to vCloud Director, vShield Manager, and vSphere Web Client. Unlike other solutions, Xsuite provides protection for both host systems running on the VMware hypervisor, and the vSphere and vCloud management consoles.

“This announcement extends Xceedium’s leading position in privileged identity management for VMware hybrid-cloud environments,” noted Xceedium CEO, Glenn C. Hazard. “We are pleased to have worked so closely with VMware to deliver this solution to the marketplace. We intend to continue this collaboration and quickly integrate Xsuite with VMware NSX and vCloud Hybrid Services (vCHS) as VMware makes software-defined datacenters a strategic imperative.”

In the wake of the NSA Snowden breach and similar breaches at commercial organizations, protecting infrastructure from the risks privileged users and systems administrators pose has become increasingly important. It has also spawned additional regulatory scrutiny and new security requirements for multiple industries including: FedGov/FISMA (NIST 800-53 revision 4), Retail/PCI DSS, and Energy/NERC Critical Infrastructure Protection (NERC/CIP). Xsuite is specifically designed to help organizations mitigate privileged user risks and address these regulatory mandates.

About Xceedium

Xceedium is the leading provider of privileged identity management solutions for hybrid-cloud enterprises. Large companies and global government agencies use Xceedium products to reduce the risks that privileged users and unprotected credentials pose to systems and data. The company’s Xsuite platform enables customers to implement a zero trust security model. It vaults privileged account credentials, implements role-based access control and monitors and records privileged user sessions. With unified policy management, Xsuite enables the seamless administration of security controls across systems, whether systems reside in a traditional data center, a private cloud, on a public cloud infrastructure, or a combination of environments.

Xceedium solutions enable organizations to comply with security and privacy mandates such as: PCI DSS, FISMA, HIPAA, and NERC CIP. The company’s products provide industry-leading reliability, availability, and scalability, and are the most highly certified products in the market with designations including FIPS 140-2 Level 2, Common Criteria EAL4+, and the U.S. DoD Unified Command Approved Products List (UC/APL). For more information, visit: www.xceedium.com.

Article source: http://www.darkreading.com/management/xceedium-extends-privileged-identity-man/240160486

SAN JOSE, CA–(Marketwired – Aug 27, 2013) – Women may be stereotyped for liking shopping and shoes, and men for liking action flicks, but when it comes to the vast amounts of digital stuff we generate in the form of photos, videos and other content, how do the sexes differ? A recent F-Secure survey* shows that men pay more attention to how much content they have than women do, but women are sharing it in Facebook more frequently — and on top of that, there are also plenty of similarities between males and females.

When asked how much digital content in terms of photos, videos, documents and other files they have on their devices, women are less likely to know, with 46% of women to 23% of men saying they don’t know. Additionally, 23% of men say they have over 100 gigabytes of content, to 12% of women.

As far as backups, 77% of men claim to back up their content to 75% of women. Of those, men are slightly more likely to use an online cloud backup service than women, at 25%, to 21% of women. The rest use hardware such as USB devices and CDs. Men back up their content more frequently, at 33% taking backups at least once a week, to 25% of women.

It always comes back to Facebook

When it comes to where we upload that content, whether for storage purposes or just for sharing with friends, Facebook tops the list for both, but women use it more, with 39% of women uploading content to the social networking site at least once a week, to 34% of men. YouTube follows, and is slightly more popular with men, at 21% uploading content to it at least once a week, followed by 19% of women. For general Facebook use, women use the social network more than men, at 82% to 78%.

Content storage in online cloud services begs the question of security, and females are slightly more concerned (61 percent) about unauthorized access to the content they store in cloud storage and backup services or social networking sites than males (57 percent).

When Facebook users were asked about privacy settings, 23% of men and women agreed that they do not know how to configure their Facebook privacy settings to their desired level of privacy. And when asked about their children’s Facebook privacy settings, males and females were again equally concerned, with 57% concerned that their children may not have the appropriate security and privacy settings.

Multi-device access to content and services

It’s a multi-device world, and both genders agree that being able to access all of their content from any device would be useful. In fact, 64% of women and 63% of men say it would be useful to have all their content accessible on all their devices wherever they are. And 60% of men and 59% of women agree it would be useful to be able to manage in one place all the content from the varied online services they use.

F-Secure’s personal content cloud solution Content Anywhere, which it offers through mobile and broadband operators, allows consumers to store, sync, access and share their photos, videos, documents and other files safely anywhere, from any device. For more information, visit www.f-secure.com/content-anywhere.

F-Secure’s Safe Profile helps make sure your Facebook profile is really as private as you want it to be. Safe Profile finds out how much of your Facebook profile is potentially visible to strangers, and helps you better protect your personal information. To try Safe Profile, visithttp://safeprofile-tp.sp.f-secure.com.

*The F-Secure Digital Lifestyle Survey 2013 covered web interviews of 6,000 broadband subscribers aged 20-60 years from 15 countries: Germany, Italy, France, the UK, the Netherlands, Belgium, Sweden, Finland, Poland, the USA, Brazil, Chile, Colombia, Australia and Malaysia. The survey was completed by GfK, April 2013.

F-Secure – Protecting the irreplaceable

While you concentrate on what is important to you, we make sure you are protected and safe online whether you are using a computer or a smartphone. We also backup and enable you to share your important files. Our services are available through over 200 operators around the world and trusted in millions of homes and businesses. Founded in 1988, F-Secure is listed on NASDAQ OMX Helsinki Ltd.

Article source: http://www.darkreading.com/management/f-secure-finds-women-and-men-are-hard-to/240160491

Host-based antivirus solutions have continued to shift much of their pre-emptive detection technology into the cloud — reducing the burden on the beleaguered desktop operating system and promoting a global perspective of the threat. But in the wake of governmental Internet monitoring programs, more questions than answers are arising about who sees what, and precisely what do they do with this raw but likely confidential information.

I remember an incident about five years ago that raised more than a few eyebrows. A team had completed the analysis of a high-profile botnet criminal gang — enumerating all the key members, identifying their personal addresses, bank accounts, etc. — and had crafted a special report that we wanted to share with law enforcement. The problem was that, even as a compressed archive, the file was too large for the law enforcement team to receive as an email attachment. I’m sure most of us have been in similar circumstances, and IT teams all around the world ended up doing the same thing occasionally — we encrypted the file, uploaded it to our nonpublic website, crafted a special (i.e., custom) URL for the file, and emailed the URL to our key law enforcement contact. The officer then followed the link, downloaded the file, informed us that he’d safely downloaded the file, and we promptly deleted it from the website. All in all, it’s a fairly secure method of transferring large files — if a little cumbersome.

The interesting thing, though, was that after looking at the Web logs, it was noticed that the file was downloaded twice — once from an IP address associated with the law enforcement office, and the second time by an IP address in the Philippines. Not something that was expected, and definitely a little worrying at the time.

The cause of the second download from the mystery Philippines IP address lay with the desktop antivirus suite the law enforcement officer was running on his computer. He had had the “cloud-based” enhanced security features enabled, and essentially his antivirus product had intercepted the URL he had followed to download the file; since the URL was unknown and unclassified by the suite’s reputation system, it was submitted to the cloud for further analysis. So, while he was downloading the file, his antivirus provider was simultaneously downloading the file to its servers in the Philippines in order to classify the URL, and to also scan the large file with a more advanced mix of antiviral tools. Just as well the file was encrypted!

Rest assured, the law enforcement officer (and no doubt everyone he worked with) took quick steps to turn off this feature of their antivirus suite to prevent future slip-ups. Given the confidential nature of the files they may have been receiving on a daily basis and the URLs they may have been visiting or investigating at any point in time — “disclosure” of that information could have had a significant effect on many of the cases they were working on.

Fast-forward to today, and I think that most people will struggle to locate the settings within their antivirus suite that turn off the cloud-based submission system, and will probably find that their suite relies more on the cloud for protection than ever before. By turning off the cloud-based assistance, they’d likely have less local antivirus capabilities than products of five or more years ago.

I suspect that many corporate users can appreciate the sometimes problem of confidential and personal files being passed to the cloud, where some remote system or cluster of analysts will eventually peruse and pass judgment on its maliciousness.

Some additional questions you need to factor into the equation are how long those files will remain accessible, who can view the files, and whether the files (or metadata) are made available to third-parties.

If you take the time to read through most antivirus suite EULAs and software licenses, you’ll probably be hard-pressed to find the clauses pertaining to the data you submit to a vendor’s cloud. This will probably be concerning to the CIOs of most businesses out there. After investing in perimeter defenses and smart filters to prevent data leakage, here’s a route that you’ve probably contractually agreed to, but had no idea that you had.

While the egress of confidential files and their contents may be worrying, I’d be just as concerned about the URL reputation systems — and the Web links that each PC, laptop, or other antivirus protected device is browsing each day, which are, in turn, being sent back as telemetry data to the antivirus vendor. This is likely a rich dataset for outsiders trying to understand your business.

Think about the way your organization uses and accesses the Internet (in the office, on the road, and from home). New business deals, supply chain vendors, competitor analysis, internal resource URLs, etc. — all insight that can be garnered from the metadata easily enough. This is a dataset considerably richer than the likes of Google or Yahoo can piece together — because the host-based antivirus has visibility at a per-user, per-host, level.

In the wake of many of the NSA metadata collection revelations, it would be prudent to assume that the intelligence agencies of many countries would dearly like to have the data being harvested by your chosen antivirus suite — a dataset that you probably consented to providing when you installed the software package. Now factor into the equation that your chosen antivirus vendor is likely headquartered in the Philippines, Romania, Czech Republic, Russia, United Kingdom, Finland, or elsewhere around the planet, and you may be feeling a cold chill down the back of your neck.

I’m not saying that any of the antivirus vendors conspire with government agencies to share their collected intelligence, but if there’s one thing the recent revelations should make you appreciate, it should be that most governments have ample legal rights and privileges to obtain this information from the companies within their jurisdiction when they feel the need to. With that in mind, I’d advise CIOs and CSOs to carefully review their practice for cloud submissions and be prudent in their overall choice of antivirus vendor.

Gunter Ollmann, CTO, IOActive Inc.

Article source: http://www.darkreading.com/attacks-breaches/confidential-submission-to-the-antivirus/240160529

A team of former CSOs from Zale Corp., Deutsche Bank, The New York Times, Anheuser-Busch, State Farm Insurance, and other big firms has been assembled at Websense to offer free security strategy, assessment, and attack response support to enterprise chief security officers.

The new Office of the CSO group at Websense is led by former Emerson Electric and New York Times CSO Jason Clark. “It started with many of us as previous CSOs. So many CSOs of large companies are struggling,” says Clark, who says he was seeing this firsthand in his role as chief security and strategy officer at Websense after leaving his post as CISO and vice president of infrastructure at Emerson Electric.

“I noticed a major gap. I was being asked to come out and help them [CSOs] for an hour or two, and they weren’t aligning their security strategies with what the business threats were,” says Clark, who conceived of the Office of the CSO idea. “[So] I started hiring this team of all former CSOs from multiple companies that have practiced the craft.”

The CSO team doesn’t pitch Websense products, and its members say they steer clear of vendor-ease in order to maintain their integrity as impartial to allow them to return to enterprise CSO duties someday. “They wanted to help the community and will go back and be CSOs [again] at another time,” Clark says.

But the group still comes with the Websense moniker. Office of the CSO member Neil Thacker, the former head of information security for U.K. national lottery organization Camelot and Deutsche Bank, says he doesn’t get rewarded for clients that become paying customers, and the goal is to help the security community. Thacker, who is information security and strategy officer for Websense EMEA, says he took the gig at Websense because he likes educating and supporting security pros; he currently has a caseload of about 30 people.

“I’m very keen to keep my integrity as a security practitioner,” he says. “If someone is interested in Websense, I tell them to go to websense. com, and now let’s talk about the issues you’re facing. I just want to help the community.”

Still, the Office of the CSO obviously offers a savvy marketing opportunity for Websense, albeit indirect, security experts say. “This is very good and innovative branding and marketing for Websense,” says Mike Rothman, president of Securosis and author of “The Pragmatic CSO.” “If anybody can provide access to folks that have been there and done that before, I don’t see anything wrong with that.”

Rothman says the CSO team fills a gap for organizations that need help in an advisory role but don’t want to fork out the big bucks for CSO consulting services. It’s likely to be attractive to CSOs who may not have as much hands-on experience and know they need assistance, he says. “I think it’s going to cater to a CSO that’s mature enough to understand what they don’t know,” he says. “There is clearly a need out there for that kind of mentoring, an advisory shoulder to cry on … a ‘therapist.'”

The Websense CSO team offers free threat strategy assessment with a kill chain model exercise; security framework review using a threat simulation penetration test in a sandbox; a “toolkit” for CSOs that provides guidance on security success and training employees; and boardroom assistance, where the team offers communication strategies for aligning security projects with business plans and strategies.

But there are other free venues available for CSOs to share and learn from one another, such as industry ISACs and ISSA and other intelligence-sharing groups. “I would argue that these spaces are extremely valuable,” says Eddie Schwartz, CSO for RSA Security, an EMC company.

Schwartz says he meets CSOs from around the world who often share with him the challenges or issues they are facing. He says he tries to help them, but he also connects them to other peers who may be a better match for a particular issue. It’s all about free networking, information, and intelligence-sharing, he says.

“You find a lot of major vendors have that kind of thing going on,” he says. “It’s something we do.”

[Attacks out of China that hit Google, Adobe, Intel, and other U.S. companies was not only a wake-up call for businesses in denial about persistent targeted attacks and cyberespionage, but they also forced the chief information security officer (CISO) to step out of the corporate confines and reach out to peers at other organizations. See ‘Operation Aurora’ Changing The Role Of The CISO .]

Clark says the Websense Office of the CSO’s initial consultation is typically an hour-long conversation with the client, and then includes on-site visits as well. “We offer a threat modeling service … you tell me three things you are worried about, and we put on a whiteboard what the controls are in each stage,” Clark says. That could then become the client’s next investments, he says.

A newly anointed CSO from a Fortune 1000 firm, for example, reached out to the Office of the CSO group. His bosses had asked him for a pitch on why the company needed a CSO, an update on the current state of security — and a three-year security strategy for the company. “This guy was promoted to CSO — he had been with his company for 12 years,” Clark says. “He called us because he didn’t know who to call” for help on this, he says.

Just how long a freebie service can survive in today’s constantly changing security space is unclear. “We’ll see if it has any staying power,” Securosis’ Rothman says. “I think it’s a good concept, and it’s good for the industry.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/management/ex-csos-team-offer-free-security-help/240160528

Hamburg, 28. August 2013 – The German IT security specialist gateprotect has once again invested into the equipment of its next generation firewalls and is as of now offering all models with a new, more powerful hardware. The GPO series for comprehensive protection of small offices and home offices, the GPA series for the protection of medium-sized companies and the GPX series for larger networks have been equipped with the latest processors and more RAM. The new hardware architecture enables a significantly higher performance and more stability in all models and will protect company networks and data even more effectively at the same price.

“The requirements concerning IT security are continuing to increase. Since company networks are becoming more complex and more and more applications are being moved to the cloud, firewalls have to perform better and better. To be able to face these challenges even better and provide companies of all sizes and from all industries with reliable, easy-to-use security solutions “made in Germany” also in the future, we at gateprotect have once more significantly improved the performance of our hardware”, explains gateprotect’s CTO Stephan Ziegler. “Premium quality is important to us: Before delivery, each device goes through extensive performance tests at the manufacturer’s premises. During these tests, all relevant components are checked. For example, a 24-hour “burn-in test” is conducted in a climate chamber.”

Customers of small and medium-sized companies benefit most from the significantly increased performance of gateprotect firewalls: They receive the user-friendly, full UTM protection for their networks and data with the latest security features for blocking malware, safe surfing and with Application Control at the same price, but with a much better performance. The next generation firewalls of the GPZ series for enterprise solutions have already been available with new hardware since the end of last year.

Download this press release under: http://www.gateprotect.com

About gateprotect

gateprotect AG Germany has been a leading, globally acting provider of IT security solutions in the area of network security for more than ten years. These solutions comprise next generation firewalls with all commonly used UTM functionalities, managed security as well as VPN client systems. To minimize the risk of operator errors in highly complex security functions, gateprotect has developed the eGUI interface concept. The patented eGUI technology (ergonomic Graphic User Interface) and the Command Center based thereon for the configuration and administration of firewall systems for managed security service providers (MSSPs) increase the factual security in companies and allow for an efficient ongoing maintenance of the systems. Reputable companies and institutions in more than 80 countries worldwide are among the users of about 24.000 installed devices.

Since 2010, gateprotect has been listed in the renowned “Gartner Magic Quadrant” for UTM firewall appliances. The gateprotect solutions comply with highest international standards – thus, the firewall packet filtering core of the new development has been certified according to “Common Criteria Evaluation Assurance Level 4+ (EAL 4+)” by the Federal Office for Information Security (BSI) in March 2013. For the easy operability and comprehensive security of the UTM firewall solutions, gateprotect was the first German company to be honored with the Frost Sullivan Excellence Award.

Article source: http://www.darkreading.com/intrusion-prevention/gateprotect-firewall-gets-hardware-boost/240160555