Eva Chen, the CEO of TrendMicro, discusses her plans for tackling the next generation of IT challenges.
Eva Chen has spent most of her professional career building security vendor TrendMicro, which she co-foun...
CEO Chen Sets TrendMicro’s Sights on IoT Security
↧
↧
75% of Europe’s workforce will be mobile by 2018, IDC research reveals
New whitepaper sponsored by OKI Europe outlines impact of BYOD and growing mobile workforce, creating a critical need for secure ‘anytime and anywhere’ access Egham, 26 January 2016 – Three quarters of the Western European workforce will be mobile by 2018 and require the ability to access and process information quickly and securely in order to maintain and increase productivity, a new whitepaper from the analysts IDC has found. In addressing this changing environment, the IDC whitepaper states smart multifunction printers (smart MFPs) need to provide the option to digitise documents while safeguarding sensitive company data against any threats or viruses by providing secure printing from mobile devices such as tablets and smartphones. Titled: ‘Are your business processes stifling your market opportunity? Cost-efficient print and document management through smart MFPs’, the whitepaper was compiled by Jacqui Hendriks, IDC's Head of European Managed Print Services and Document Solutions research and consulting practice. In order to manage the continued increase in mobility, the whitepaper confirms that organisations need to have control over how people work from their own personal (BYOD or ‘bring-your-own-device’) and business mobiles. They must protect a company’s intellectual property while still allowing employees ‘anytime and anywhere’ access to maintain efficient working practices through the use of mobile print applications and configured data access.In 2013, an IDC European usage study on print services market trends found that a third of companies allowed their employees to use their own personal smartphones, laptops and tablets. When IDC asked SMBs about their opinions on business process efficiency, a high number agreed that they needed to improve their processes, with employee mobility being a strong driver in support of digitised processes.Confirming the role of smart MFPs in the modern business workplace, the whitepaper points out that: “Smart MFPs extend the utilisation of the device to a customisable digital transformation tool. They can act as a platform for growth by providing cost and time-efficient workflow solutions aligned with and in support of companies’ business objectives, such as improving compliance and security while supporting mobility and cost-cutting initiatives.” Tetsuya Kuri, vice president, OKI Europe Ltd, added: “BYOD has changed from being a business trend to business reality. The fact that smart MFPs can be configured to streamline workflow and simplify document distribution and management makes them an important asset in the management of BYOD and workforce mobility.”OKI Europe’s portfolio of smart MFPs include a range of powerful, smart devices that offer businesses the freedom and flexibility to print directly from smartphones, tablets and other devices, helping busy professionals to stay productive.For further information and to receive a copy of the whitepaper and infographic, visit www.okieurope.com/smartmfps/mobility-Ends-Notes to Editors: About OKI EuropeOKI Europe Ltd is a division of OKI Data Corporation, a global business-to-business brand dedicated to creating cost effective, professional in-house printers, applications and services which are designed to increase the efficiency of today’s and tomorrow’s businesses. The company is well-established as one of Europe’s leading printer brands, in terms of value and units shipped. For over 60 years OKI Europe has been delivering advanced printing solutions worldwide, introducing ground-breaking technologies that support the needs of businesses large and small. Our pioneering development of digital LED printing technology has placed OKI at the forefront of the market in delivering high-definition, eco-friendly printing devices.In addition to a vast portfolio of award-winning printers and MFPs, OKI Europe offers a range of services to help optimise print and document workflows. This, together with an integrated suite of software technologies and tools, can help businesses take control of their print and document costs in a secure environment, whether office based, mobile or in the cloud.Today OKI Europe employs approximately 1,000 people in 21 locations (sales offices and production sites) and is represented in 60 countries throughout the EMEA region. Visit www.okieurope.com for further information.OKI Data Corporation is a subsidiary of Tokyo-based Oki Electric Industry Co. Ltd., established in 1881 and Japan’s first telecommunications manufacturer. Media Contacts:OKI Europe Ltd: Pamela Ghosal: Pamela.Ghosal@okieurope.com, + 44 (0) 208 2192127Whiteoaks: Simon Moss: simonm@whiteoaks.co.uk +44 (0) 1252 727313Source: RealWire
↧
Zylpha Adds Integration To SharePoint, iManage, Civica And NetDocs
Legal systems innovator Zylpha (www.zylpha.com) has added four new software integrations with systems that are frequently used by both legal practices and local authority lawyers. The new integrations, with the company’s widely acclaimed document bundling technology, are for: SharePoint, iManage (formerly Worksite/ Autonomy), local authority solutions from Civica and NetDocs. Further integrations are also being planned for LEAP and an upgrade to the Iken case management connector. The new additions complement Zylpha’s existing range of successful electronic document bundling connectors. These include: Visualfiles/Solcase from LexisNexis, SOS Connect, TR Envision, Axxia FED, and FileStream. The announcement of the new integrations is seen as a clear reflection of market demand. As Zylpha’s bundling systems slash the time taken to create document bundles, significantly boost security and dramatically reduce costs, Zylpha has experienced a strong user demand for integrations with an ever wider range of frequently used systems. As Zylpha’s Head of Development Nigel Spicer says, “The increase in demand for our bundling systems, from both legal practices and local authority lawyers, has been quite dramatic. However, it soon became apparent that we were going to need to invest in a number of new software integrations to meet this burgeoning demand. This has led to the new integrations with SharePoint client side connector, Civica, iManage client side connector and NetDocs. Given that these latest additions are with some of the leading systems used in the legal sector, we expect the rapid spread of Zylpha’s document bundling systems to continue apace. In addition, the even better news is that we are still planning further integrations to come and that this will in turn see an increase in the number of developers we recruit over the course of 2016. ”For his part, Tim Long CEO of Zylpha added, “As the spread of electronic document bundling is now reaching mainstream proportions, we are finding that many practices and local authorities are seeing its use as a best-practice. The drivers for this are clear. Where once it took hours to produce, maintain or amend document bundles, it now takes just minutes. The costs of photocopying, physical storage and couriers are also eliminated at a stroke. The system’s ‘secure delivery’ methodology also means that the days of cases delayed for missing paperwork are now a thing of the past. “However, as we see more and more demand for these benefits, from customers and prospects alike, the pressures to offer integration with a wider range of systems has also grown. We have listened to these demands and invested in a major development programme to deliver the required integrations. This is though just one part of an overall development strategy at Zylpha and we are confident that these and other additions to our existing offerings will be warmly received by both legal practices and local authority legal services teams.”EndsAbout Zylpha www.zylpha.comHeadquartered in Southampton Zylpha is an innovative specialist offering tools for the legal profession including:Secure electronic document production and delivery. Court Bundling. Integration with the MOJ Portal. Links to agencies for AML and Identity Verification. The company, which was founded by Tim Long its CEO, has won widespread acclaim in both the legal and local government sectors for its systems that transform secure communications for court and case management bundles.For more information please contact: For Zylpha: Tim LongZylpha Ltd.T: 01962 658881M: 07917 301496t.long@zylpha.comwww.zylpha.comOrLeigh RichardsThe Right ImageT: 0844 / 561 7586M: 07758 372527leigh.richards@therightimage.co.ukwww.therightimage.co.uk Source: RealWire
↧
AdaptiveMobile expands product portfolio to secure multi-million user base on mobile messaging applications
New RESTful API enables the Company to bring carrier-grade security to messaging applications worldwide DUBLIN AND DALLAS, January 26th, 2016 – AdaptiveMobile, the world leader in mobile network security, today launched its Messaging App Security – a new product that enables messaging applications to secure their user base from increasing volume and sophistication of threats. Messaging applications – such as WhatsApp, Facebook Messenger, Viber and Kik – have experienced exponential growth over the past few years and are forecast to see a threefold increase in message traffic, from almost 31 trillion in 2014, to 100 trillion by 2019 globally. As users rapidly turn to mobile messaging applications, criminals are making use of proven techniques to exploit this increasing user base – sending phishing spam, eliciting money from scam messages and hacking devices to obtain personal information – making consumers vulnerable to attack and damaging the brand credibility of messaging applications.Expanding on its expertise in providing mobile security through carrier networks, AdaptiveMobile’s Messaging App Security offers a RESTful API to messaging applications, providing a secure messaging experience for users. Through advanced threat detection algorithms, user reputation analysis and traffic controls, Messaging App Security enables app providers to identify and block both new threats and those crossing over from conventional messaging. “As messaging applications and social platforms evolve and converge, they are increasingly looking to innovations to deliver value-add and differentiated services – such as Facebook’s launch of Uber in-app and WeChat’s expansion to offer its significant in-app features and e-commerce platform outside of China – making the need for a secure messaging environment more crucial than ever,” explains Rob Bamforth, Principal Analyst at research and analyst house Quocirca.“With this announcement AdaptiveMobile is bringing the power and intelligence of its security software to protect and enable the rapidly growing mobile app market, further cementing its position as a world leader in mobile security,” says AdaptiveMobile’s CEO Brian Collins. He continues: “Our carrier-grade Network Protection Platform protects over 1.3 billion mobile subscribers on a daily basis, and today we extend this expertise to IP-based applications facing the growing threat of abuse, delivering world class security either running as a cloud or on premise in customers’ networks.” AdaptiveMobile’s Messaging App Security product overview is available at http://www.adaptivemobile.com/products/messaging-security.###About AdaptiveMobile:AdaptiveMobile is the world leader in mobile network security protecting over one billion subscribers worldwide and the only mobile security company offering products designed to protect all services on both fixed and mobile networks through in-network and cloud solutions. With deep expertise and a unique focus on network-to-handset security, AdaptiveMobile’s award-winning security solutions provide its customers with advanced threat detection and actionable intelligence, combined with the most comprehensive mobile security products available on the market today. AdaptiveMobile’s sophisticated, revenue-generating, security-as-a-service portfolio empowers consumers and enterprises alike to take greater control of their own security.AdaptiveMobile was founded in 2004 and boasts some of the world’s largest mobile operators as customers and the leading security and telecom equipment vendors as partners. The Company is headquartered in Dublin with offices in North America, Europe, South Africa, Middle East and Asia Pacific. Press contact:ACSCom PR (USA)Anne Coyle, +1 857 222 6363adaptivemobile@acscompr.comAxiCom (UK)James Hayward, +44 (0)20 8392 4050adaptivemobile@axicom.com Source: RealWire
↧
Firefox 44 Debuts With Improved Security
Mozilla adds push notification support and provides 11 security advisories with its latest open-source browser release.
Mozilla came out today with its first Firefox browser release for 2016, providing new fea...
↧
↧
SafeBreach Simulates Attacks on Customers to Find Security Risks
Attackers use multiples types of tools and techniques to exploit an organization that SafeBreach automates in an effort to determine risk.
One way to know if a company is vulnerable to attacks is to try and breach it—safely. That's the goal of SafeBreach, which announced the official launch and general availability of its security platform today.
"SafeBreach is all about not waiting for a breach to happen," SafeBreach CEO and co-founder Guy Bejerano told eWEEK.
The SafeBreach platform runs what Bejerano referred to as the "hacker playbook," that is, the offensive knowledge of attackers. The hacker playbook includes all manner of techniques and actions, for example, attempting to exfiltrate credit card data, activating malware and trying brute-force password attacks. The SafeBreach platform automates the common techniques hackers use in an attempt to breach an organization and helps defenders identify potential risks.
The idea of testing an organization's readiness for an attack is often associated with the security discipline of penetration testing.
Itzik Kotler, CTO and co-founder of SafeBreach, emphasized that what his company's platform does is more than a typical penetration test in that it simulates both clients and servers. In a traditional penetration test, a security researcher will attempt to gain external access to an organization or application and has to wait for the systems to react.
"What we're doing in our simulation is we're triggering the reaction immediately," Kotler explained to eWEEK.
For example, with a brute-force password attack, the SafeBreach system simulation will know how many attempts it takes for the attack to be successful or if it will fail. The goal is to rapidly make a determination of an organization's risk. With a typical penetration test, user behavior is often the weak link that leads to exploitation. For example, with a phishing attack, the goal of the hacker is to get the victim to click on a malicious link that leads to some form of malicious Website or attack payload.
There is no need to wait to see if the user will click, Kotler said. Instead, the SafeBreach approach is not to care about the user action and see what would happen if the phishing email was clicked and whether the malicious link or Website could infect the targeted user or system, he added.
"Let's not wait for the user to actually click the link or open the malware," Kotler said. "Eventually, someone will open the mail and click on the link, so let's simulate this right now and see what happens."
While encouraging users not to click on potential phishing emails, organizations have enterprise controls in place that protect users and prevent malware exploitation. The right way to really see if the enterprise controls for attacker protection work is to test them, Kotler said. However, rather than conducting a live penetration test against a production environment, what SafeBreach uses isn't real malware that can harm an organization. Instead, SafeBreach simulates malware activity as well as the client and the security controller, he said. As such, there is no risk to the live production environment.
Among the common actions modern hackers take is to use an exploit kit with a collection of known vulnerabilities that a target victim may not have patched. SafeBreach tests the impact of an exploit kit on an organization by simulating both the user that could potentially click on an exploit kit link as well as simulating the actions of the exploit kit command-and-control server, Kotler explained.
"In running the simulation, we can see if any security controls are triggered—whether that's an IPS [intrusion prevention system], data loss prevention system or a firewall," Kotler said. "If a security control isn't triggered, then we have identified that there is a risk."
SafeBreach provides a high-level dashboard that identifies the risks. Clicking into the specific risks, the system provides detail on how SafeBreach was able to exploit a specific part of an IT infrastructure.
"Since we're looking at the entire attacker kill chain, from reconnaissance to data exfiltration, it's easier for the security person to patch what matters," Bejerano said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Why Your Enterprise Must Pay Close Attention to IoT Device Security
NEWS ANALYSIS: It's apparent now that Internet of Things security is laughably bad, but you can prevent your enterprise from being the butt of the joke.
The woman on the videoconference screen looked at me in...
↧
Internet of Things Security Problem Just Keeps Gettin Bigger
Recent reports about Webcams being readily accessible to anyone using an Internet port-scanning service shows why there has been little progress in securing connected devices as we move into 2016
Every year or so, the Internet rediscovers that unsecured webcams are out there, leaking ready-to-watch videos of babies, pets, bank customers and even the offices of the webcam makers.
This month, the ability of the Shodan port-scanning service to easily find webcams set off a kerfuffle in the media. Yet, the criticism is missing the point. It’s more worrisome that people are putting devices into their homes and businesses with little concern for the security and privacy implications, security researcher Dan Tentler, told eWEEK.
Tentler has discussed the lack of security on webcams and other devices connected to the Internet at multiple conferences, and occasionally posts interesting results from Shodan to his Twitter feed. The popularity of the devices and their lack of security is creating a burgeoning problem, he said in an e-mail interview.
“It says neither consumers nor vendors care about security, and it’s going to be an amazing amazing apocalypse,” Tentler said.
“Sooner or later people will have a dozen things in their homes that are publicly connected, with little to no security and bad guys will find a way to take advantage of that fact with some heavy [consequences].”
In a research report presented in May 2014, Tentler found seven Webcams models are currently accessible online, accounting for nearly a million devices. Finding them was not totally straightforward, as he had to fingerprint them using telnet, but a simple enough task for any hacker.
“With a million plus endpoints, they are an excellent cross section of the type of security you can expect from people that manufacture stuff for public consumption,” he said.
Since the number of connected devices is expected to grow quickly, the lack of security will become a greater problem. Business strategy firm Frost & Sullivan forecasts that the number of connected devices will reach around 22 billion by 2019, growing by more than 18 percent a year.
Connected cars alone will account for 24.0 percent of these devices and wearables will represent 17.1 percent.
The expectation is that many of these devices will not be properly secured. Security firms are already seeing the vulnerable devices as a potential market. In November, security firm F-Secure released its Sense smart-device security gateway, which scans traffic for possible malicious code or behavior. Startup Bastille aims to create products and services that will allow companies to detect the myriad of wireless 'things' that enter the workplace.
To improve security, both consumers and manufacturers have to take responsibility for the security of the devices, Tentler said.
“The security researchers are in the middle, like a marriage counselor, saying, ‘Look, you both have to do stuff. You can't just blame each other and do nothing,’” he said.
Device makers need to conduct security audits and stop shipping products with default passwords, Tentler said. The government needs to come down harder on companies that do not adequately secure their devices. Finally, consumers need to understand that connecting a device to the Internet requires them to take responsibility for it.
“I don’t care if you’re a plumber or a nun–you don’t buy a thing and connect it to the internet without taking some kind of risk,” he said. “You have to take 60 seconds to understand that risk.”
↧
ADLV Predicts Broader Use of Electronic Driver Checks in 2016 As Fleets Embrace Best-Practice and Road Safety
The ADLV (Association for Driving Licence Verification) www.adlv.co.uk is forecasting that best practice and road safety objectives will drive a greater fleet focus on the volume, frequency and type of electronic driver checks in 2016. Amongst the trends that the ADLV forecasts are: Greater Frequency Of Checking:In keeping with its recent marketing campaign, encouraging Fleet Managers to move to quarterly checks from annual ones, the ADLV is expecting that the average frequency of online checks will increase significantly. The figures are particularly important given the recent statistics highlighted by the Institute of Advanced Motorists (IAM). These show that 7,621 people are still driving with 12 points or more on their licence. A further 36,000 motorists are on the brink of losing their driving licence. Whilst these drivers have reached the threshold to receive a ban, they are still driving, endangering other road users. The ADLV believes that as most fleets move to biannual or quarterly checking, motivated by the general trend towards lower cost per check, the risk of fleet drivers carrying undeclared endorsements will be dramatically reduced. This policy has already received widespread acclaim from many of the UK’s largest fleets and the ADLV believes that this momentum will continue to gain pace across the course of the coming year. From a current base of 1.4 checks per driver per annum, the ADLV believes that the figure is likely to exceed to 1.7 checks per driver per annum in 2016. Increased Volume of Checks:Partly as a result of the increased frequency and partly as a result of the abolition of the paper license counterpart last July, there will be an overall increase in the annual volume of electronic checks in the coming year. The number of checks through the ADLV membership has been rising steadily over the course of this year it is expected that the total number will now increase to over 2.5 million in 2016, a growth rate of around 25% per annum.Wider Range of Data Available:The breadth and type of data available to Fleet Managers will also increase as the concept of ‘Know Your Driver’ spreads as a Best Practice. This will help tackle growing issues such as Right To Work in the commercial sector where the use of illegal workers is becoming a burning issue. Commenting on the forecasts, Richard Payne-Gill Deputy Chair of the ADLV noted; “2016 will be a tipping point for commercial electronic licence checking as Fleet Managers, HR Executives and Risk Assessors now understand the real potential of frequent electronic checking and the increasing breadth of datasets that are becoming available. This allows Fleets to set new standards of best practice on one hand whilst making a real contribution to road safety on the other. “Probably the most significant change will be the evolution of the data itself, including an increase in the number of datasets available. This is being driven by the demands from Fleet Managers themselves who see this new approach as benefitting both fleet management best practice and road-safety. It will also add to the confidence companies have that the right people are behind the wheels of their vehicles. Indeed the days of rogue drivers slipping through the net are now well and truly numbered.”endsNote To Editors: About the ADLV (www.adlv.co.uk)The Association for Driving License Verification has been established to promote and encourage best practice within the industry for the initial and continued validation of driver entitlement for responsible employers and road safety. The ADLV will both represent and regulate Members organisations in accordance with its rigorous Code of Conduct. The current list of ADLV members that Fleet managers can contact should they require driving licence checks is a follows:Admin Business Solutions, Descartes Systems UK Ltd, DriveTech (UK) Ltd, Drivercheck Ltd., DrivingMonitor, Fleet Claims Administration Ltd, GB Group plc., Jaama Ltd, Intelligent Data Systems (UK) Ltd, Interactive Driving Systems Ltd, Licence Bureau Ltd, Licence Check Ltd, Pinewood Technologies, Driver Hire Group Services Ltd.For further information please contact:Richard Payne-GillADLV07534 199236richard.paynegill@adlv.co.ukwww.adlv.co.ukor Leigh RichardsThe Right Image PR & Marketing Group07758 372527leigh.richards@therightimage.co.ukwww.therightimage.co.uk Source: RealWire
↧
↧
Datum Cloud Connect offers data centre clients direct connectivity to leading AWS and Microsoft Azure public clouds
FARNBOROUGH – 27 January 2016 – Datum Datacentres today announced the launch of Datum Cloud Connect to provide direct connectivity from its Farnborough data centre to major public clouds such as AWS Direct Connect and Microsoft Azure ExpressRoute.Datum’s Farnborough data centre is home to a diverse range of organisations who share a requirement for highly secure and resilient co-location to house and connect their business critical IT infrastructure. With the launch of Datum Cloud Connect, clients seeking cloud solutions can now derive additional benefit from secure, private connections to a hub of public clouds. Through Datum Cloud Connect, the additional resilience and flexible bandwidth delivers predictable high performance for organisational cloud strategies.Dominic Phillips, Managing Director, Datum, comments: “Datum Cloud Connect supports clients whose businesses demand additional levels of performance and reliability when connecting to public clouds. The high throughput, low latency secure connections link into AWS EU West and Microsoft Azure North Europe regions offering significant performance improvements over public Internet connections. Enterprise clients can access automated, provisioning of cloud services from multiple providers whilst network and cloud service providers can both aggregate traffic and reduce time to market for new offerings.” Part of the Attenda IT Services group, Datum’s data centres are trusted as secure environments for content, data and business critical IT to connect with a neutral choice of networks and cloud service providers. Datum built its co-location service to support a business outcome approach to data centre provision, working with both enterprises and service providers to deliver a highly secure, resilient data centre service that meets the needs of their business. Datum Cloud Connect adds another layer to the connection-rich nature of the data centre to further support hybrid compute and connected DR. About DatumDatum Farnborough (FRN1) Key FeaturesStrategic, London-edge, secure campus LocationPressurised free cooling providing Leading-Edge Environmental EfficiencySLA backed 100% Power AvailabilityEnhanced, Government-grade SecurityDynamic & Flexible support for High-Density deployments (up to 30kW per rack as standard)Carrier & Cloud NeutralComprehensive Accreditations including ISO 9001, ISO 27001:2013, ISO 50001, PCI DSS, DCA Class 3 Fully Operational, EU Code of Conduct for Data CentresHighly Resilient infrastructure design & operations to support business critical ITwww.datum.co.ukPress Contact:Lexie GowerT: 0845 5680123E: lexie.gower@datum.co.uk Source: RealWire
↧
Total IT shut down at Lincolnshire County Council over zero-day attack
Adult care details, as well as staff bank details, accessed in attack attributed to malware
↧
Lockr Managed Key Service for Drupal, WordPress Launches
Lockr, a hosted API and managed key service for Drupal is out of beta and now also available for WordPress.
Cellar Door Media announced that Lockr, a key management service for modern content management systems, is now available for Drupal and WordPress.
Lockr enables developers, agencies and site owners to better secure Web transactions by protecting encryption and API keys from organizations such as PayPal, MailChimp, FedEx, Amazon S3 and others.
Cellar Door Media ranks encryption and key management as key protections businesses require to operate today. Many businesses underestimate the likelihood and magnitude of a cyberattack, assuming that if they are not a major brand, they are likely not a target.
Yet industry surveys show that upwards of 90 percent of companies experience some form of security incident, with nearly half involving the loss of sensitive data—and costs for these attacks range from tens to hundreds of thousands of dollars.
The company argues that broad use of security technologies like SSL/HTTPS shows just how common it is for sites of all sizes to deal with sensitive data, yet SSL does nothing for security and protection of the actual Website and customer database.
"Our clients all require the best security possible to protect their brand, whether they be an innovative university like Stanford or an online enterprise like eBay," explains Esten Sesto, president of Project6 Design, a San Francisco bay area graphic design firm, in a statement. "Websites are particularly vulnerable, yet there's no easy or affordable way for us to lock down things like API keys—and if a hacker gets hold of the key for a third party mail service, for example, they can send fraudulent mail from a company's actual account. That's why we’re so excited about the protection afforded by Lockr: it allows us to maintain the integrity of these brands and leave everyone with peace of mind that their keys are protected."
By taking advantage of enterprise-grade key management technology from Townsend Security, Lockr's offsite key management provides security necessary to protect against critical vulnerabilities and help sites meet PCI DSS, HIPAA and other security requirements.
Lockr is available with hosting plans through Pantheon, with other leading service providers to be announced soon. To make it as easy as possible for site owners to try, Lockr is offering the management of the first API key for free, with additional keys starting as low as $5 per month.
"SSL/TLS are commonplace today and necessary for websites to securely receive user data, unfortunately that’s only half the story," said Chris Teitzel, founder and CEO of Cellar Door Media and creator of Lockr, in a statement. "Once the website has the data, they are responsible to protect it, yet many continue to leave their encryption and API keys out in the open without a key management system. Up until now encryption and API key management was only affordable to large companies and enterprises. We solved that by offering key management as a service, allowing any site, regardless of size, to easily protect users, data and their brand from hackers."
Lockr can scale based on a website's needs, with plans ranging from personal to enterprise. For businesses who need to meet compliance requirements—PCI DSS, HIPAA, FISMA, etc., Cellar Door Media offers Lockr for enterprise, with dedicated instances of Townsend Security’s FIPS 140-2 compliant Alliance Key Manager.
↧
New Complete Cloud-Based Security Solution from iSheriff
iSheriff Complete replaces point products for Web, email and endpoint security27 January 2016 – iSheriff, a leading cloud security company, today announced the release of iSheriff Complete, a comprehensive cyber security platform designed to provide 360-degree protection of an organisation’s devices and communication channels. iSheriff Complete is the industry’s first comprehensive cloud security platform to provide fully-integrated endpoint, Web and email security, delivered through a single Web-based management console with a single set of enforceable security policies.“In order to provide a secure network, a security manager must be able to see and control all communications in and out of that network,” said John Mutch, CEO, iSheriff. “iSheriff Complete provides superior malware protection and full control of Web, email and endpoint vectors, providing the only integrated cloud-based security platform available today. We deliver complete cyber security through the cloud, all controlled by a single, easy-to-use interface. iSheriff Complete implements security policies and schedules reports in minutes, so our customers can get back to running their businesses.”As a cloud-based platform, iSheriff removes potential malware and viruses before they ever reach the network by providing a ‘clean feed’ to customers for their email and Web traffic. iSheriff Complete is available now and includes:Endpoint, Web & Email Complete vector control and visibility is central to the iSheriff platform, which offers a tightly integrated security solution, unlike ‘best of breed’ point products that often do not work together. iSheriff Complete is designed to enforce common security policies across all vectors, as well as track users both on and off the network.Threat Detection Engine Working 24x7x365 to stay ahead of the latest cyber threats on a worldwide basis, iSheriff security operates around the globe, detecting new threats and developing and propagating new signatures in a matter of seconds.Active Response Console The console is designed to be easy to use, allowing organisations to control their entire cyber security system from one interface. Threats are displayed instantly, along with what actions have to be taken based on defined policies.“We’re in an age of fast-moving change and innovation powered by connected mobile devices and cloud computing, which has opened up the influence of technology to everyone, including criminals,” Mutch continued. “Cloud-based services and software of all varieties have been broadly adopted. By eliminating the need for complex and expensive hardware and software installation and offering scalable, per user pricing, cloud-based platforms open access to services that were previously cost-prohibitive for many businesses.” iSheriff is one of the leading companies providing effective security completely from the cloud. The company delivers the industry’s easiest to deploy and manage Software-as-a-Service (SaaS) solution for protection against today’s multi-vector threats and compliance challenges, combining the power, flexibility and ease of a cloud-based service, offering with a seamlessly integrated suite of critical technologies. For more information on iSheriff, please visit www.isheriff.com and follow the company on Twitter at @isheriffinc.About iSheriff iSheriff is a leading cloud-based, enterprise device security platform used by more than 3,000 organizations around the world. Our global cloud network, award winning security, and SaaS delivery model provide an integrated service to protect all enterprise devices – including laptops, servers, tablets, point of sale devices, industrial equipment and emerging “internet of things” technologies. Simply put, iSheriff delivers more powerful security that is easier to manage and more cost efficient than our competition. We are proud to be recognized by leading analysts and industry publications, including SC Magazine, Network Computing and IDC. In February 2015, Virus Bulletin's VB100 independent comparative testing named iSheriff the most effective solution against new and emerging malware.For more information on iSheriff, please visit www.isheriff.com and follow the company on Twitter at @isheriffinc.PR CONTACTPRPR for iSheriffPeter Rennison or Sam Morgan01442 245030pr@prpr.co.uk Source: RealWire
↧
↧
LANDESK Modernizes IT through Automated Unified Endpoint Management and Security Enhancements
Upgrades to Core Offerings Give Users Streamlined Workspaces, Automated Rollout Projects and Secure Mobile EmailBRACKNELL — January 27, 2016 — Furthering its vision to modernize IT, LANDESK today announced the release of LANDESK Management Suite 2016, LANDESK Security Suite 2016 and the introduction of LANDESK Mobile Security Suite 2016. These updates give users greater visibility, streamline security and increase automation to further empower users and simplify IT.“LANDESK Management Suite and Security Suite are at the heart of our business and technology strategy. The underlying technologies not only help IT manage and protect the devices in their environment, but they also provide a rich data set that our service management and IT asset management offerings leverage,” said Duane Newman, senior director of product management at LANDESK. “This gives IT unparalleled visibility into what is happening in the environment, and it provides the underlying capabilities required to take action when change is needed. The 2016 updates extend those capabilities to natively support mobile devices, to improve access and visibility and to provide more automation capabilities than ever before.”Unified Endpoint ManagementLANDESK brings users a truly unified endpoint management (UEM) experience with Management Suite 2016. This product now offers full mobile device management capabilities as part of its industry-leading client management solution, allowing organisations to manage devices, packages and workflows for PCs, Macs, Linux, Chromebooks and now iOS and Android devices — all from a single interface and a single server. This allows teams to gather device-related data, quickly assess what is happening in their environments and to streamline management workflows to automatically deliver the appropriate software to each platform. This simplified administrative workflow allows system administrators to target individuals or groups with specific policies or packages, with UEM capabilities that ensures each device gets the necessary changes and apps. For more security-focused organisations, the new LANDESK Mobile Security Suite comes as an add-on to the UEM platform.Expanded WorkspacesAs part of this movement to modernise IT, LANDESK has also improved and expanded the functionality of its Workspaces platform across the portfolio. These improvements empower organisations by providing an intuitive, role-driven experience that changes the way users interact with their tools, and offers a clean, simple user interface. This streamlined approach makes it easier to ensure devices are properly managed without impacting end users. In addition to other enhancements, Security Suite 2016 introduces LANDESK Workspaces for the Security Admin, which helps connect security and IT operations by providing a view, which highlights the security posture of the devices on the network, and helps prioritise remediation opportunities. It gives deep visibility into devices so admins can see what needs to be patched or where they may be vulnerable. Automated Rollout ProjectsLANDESK further empowers IT by providing features in Management Suite 2016 and Security Suite 2016 that automate the rollout process of both large and small software projects, including software deployments and patching. This feature simplifies repetitive software distribution projects by automating staged rollout processes to progress from smaller pilot groups all the way up to enterprise-wide distributions. It also improves project visibility with a built-in Gantt chart and automated emails, making project timelines simple to manage from within the tool. Secure Mobile Email, Application Wrapping, Secure Mobile BrowserLANDESK’s Mobile Security Suite delivers several advanced mobile technologies, including secure mobile email, which provides users with protected access to corporate email and any attachments from personal mobile devices, using the native email client for each device type. The solution also gives users secure access to content, such as calendars through the user’s preferred email application. Along with secure email, Mobile Security Suite also includes app wrapping, which secures corporate native applications and associated data from data leaks and possible malware exposure from end users’ personal applications. The suite also introduces secure web browsing for mobile devices, providing users with easy access to internal corporate websites and intranets without the need for a VPN or additional log-ins and passwords. To learn more about these new and enhanced offerings, please visit www.landesk.com/uem-security.About LANDESK SoftwareLANDESK, the global authority on user-centered IT, enables users to be their most productive while helping IT embrace the speed of change. Through the integration and automation of IT systems management, endpoint security management, service management, IT asset management, and mobile device management, LANDESK empowers IT to balance rapidly evolving user requirements with the need to secure critical assets and data. With offices located across the globe, LANDESK is headquartered in Salt Lake City, Utah. For more information, visit www.landesk.com.Copyright © 2016, LANDESK. All rights reserved.###Alex BrooksOctopus Group+44 (0)845 370 7024 landesk@weareoctopusgroup.net Source: RealWire
↧
Organizations Still Paying Breach Costs After Remediation
A new report from SANS Institute examines the costs that organizations deal with after they clean up from a breach.
Data breaches often result in myriad costs for victimized organizations and individuals. A new study from SANS Institute, sponsored by Identity Finder, found that even after organizations remediate the immediate cause of a breach, there will still be ongoing cost consequences.
Barbara Filkins, senior analyst at SANS Institute, wanted to take a different tact to the analysis of data breach costs than other reports, notably the Ponemon Cost of a Data Breach and Verizon Data Breach Investigations Report (DBIR). (The 2015 Ponemon Cost of a Data Breach report, sponsored by IBM, found that the average cost of a data breach is $3.8 million.) In Filkins' view, the other reports focus on the front-end costs of data breaches as opposed to what can be done to mitigate the damage after an attack.
At the top end, the SANS report found that 31 percent of the surveyed organizations incurred post-breach costs of between $1,000 and $100,000 as a result of a data breach, and 23 percent experienced costs of $100,000 to $500,000.
Looking at the root causes of the data breaches, 35 percent of respondents noted that a hacking or malware attack was the primary vector. The study also asked about how long it took organizations to fully remediate a breach, with 38 percent of respondents reporting it took three months or longer.
Going a step further, even after the breach remediation was considered to be complete, most respondents experienced residual issues, including potential litigation, fines and brand reputation concerns. Only 35 percent reported that they had no lingering effects after a breach was considered to be remediated.
As to why some organizations have no lingering effects, Filkins said it all has to do with the nature of the breach and the difficulty of understanding costs. There are some obvious items that are considered to be post-breach costs, including identity monitoring services, but when it comes to the lingering costs, it's not as easy to quantify the impact on brand reputation and stock prices, for example, she added.
According to Todd Feinman, CEO of Identity Finder, the path to helping minimize the costs of a data breach involves classifying data so that organizations understand where the risks are. The reality is that breaches are now a fact of life and it's difficult to prevent all breaches from happening, he said. Taking that as a baseline, Feinman suggests that just because there is a security incident, it doesn't necessarily have to turn into a large-scale data breach.
"If organizations want to minimize the costs of an attack or a data breach, you have to know where the sensitive data is and keep it as small a footprint as possible and make sure that it doesn't leave the organization," he said.
Identity Finder develops its own tool for data loss prevention called Sensitive Data Manager, which was updated this week to version 9.0. The new release includes improved data classification capabilities.
"There is no single technology, including ours, that is a silver bullet to prevent data breaches and related costs," Feinman said. "It's all about people, process and technology."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Wendy’s Investigates Possible Data Breach
The Wendy's Company fast-food chain is now trying to determine if some of its locations were affected by payment card fraud.
The Wendy's Company might be the latest household name-brand company to be the victim of a point-of-sale (POS) data breach. The quick-service restaurant chain is now looking into reports that some of its locations were affected by a breach.
In a statement emailed to eWEEK, company officials said that reports indicate fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some of its restaurants.
"We have been working with our payment industry contacts since recently learning of these reports and we have launched a comprehensive investigation with the help of cyber-security experts to gather facts, while working to protect our customers," Wendy's stated. "We also are fully cooperating with law enforcement authorities."
While the investigation is in its early stages, Wendy's is not yet able to fully determine the complete impact or scope of a potential breach. Though Wendy's has not yet made an official confirmation if a breach has, in fact, occurred, the company is providing some general guidance for its customers.
"As always, in line with prudent personal financial management, we encourage our customers to be diligent in watching for unauthorized charges on their payment cards," Wendy's stated. "Generally, individuals that report unauthorized charges in a timely manner to the bank that issued their card are not responsible for those charges."
If and when Wendy's officially confirms a POS breach of some sort, it will join a growing list of restaurants that have reported similar incidents in recent years. Wendy's might also get lucky as not all alleged POS breaches end up being confirmed. In January 2015, Chick-fil-a began an investigation into an alleged POS data breach. In March 2015, Chick-fil-A said its investigation determined that no POS breach had occurred.
Other restaurants, however, have not been as fortunate. In June 2014, Chinese restaurant chain P.F. Chang's confirmed that it was the victim of a breach. To minimize the immediate risk of the breach, P.F. Chang's had to resort to manually imprinting credit cards, instead of using its digital POS terminals. In October 2014, restaurant chain International Dairy Queen confirmed that its Dairy Queen ice cream chain and Orange Julius beverage locations had been impacted by a POS breach.
The Jimmy Johns breach, confirmed in Sept. 2014, was particularly noteworthy. In the Jimmy Johns incident, the blame was placed on third-party POS vendor Signature Systems, which provides payment systems to restaurants.
"Point-of-sale systems are the weakest link in many retail companies, so a breach at Wendy's isn't particularly surprising," Tod Beardsley, security research manager at Rapid 7, told eWEEK.
POS systems frequently feature out-of-date operating systems that are rarely patched and shared passwords across systems, and aren't often integrated with the usual set of IT security controls, he said, adding that POS systems typically store and forward the most valuable data for criminal organizations: credit card data. In Beardsley's view, POS systems often exist in a sweet spot of "vulnerable" and "valuable" from the perspective of attackers, which is why breaches are reported repeatedly.
"Retail organizations that have the most to lose from a breach should be empowered to have some serious conversations with their POS vendors to make sure that the fundamentals of security are solved in the short term," Beardsley said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Attacks on Ukrainian Power Providers Hold Lessons for the Future
NEWS ANALYSIS: The first known cyber-attack to cause a power outage shows that power companies will no longer escape damaging attacks.
On Dec. 23, a blackout hit the western part of Ukraine, affecting a region served by three power-generation centers. As the two power companies affected by the outage recovered, their support centers were inundated with fake phone calls, blocking legitimate customers from reaching the companies's staff. Within hours, officials for the power companies concluded that a coordinated attack on their information systems, including malware that deleted infected systems, was responsible for the outages.
Industrial control system (ICS) security experts have since confirmed many of the details of the attack. While the companies recovered within hours, the impact of the attack will take far longer to become apparent, Robert M. Lee, a SANS-certified instructor and ICS security expert, told eWEEK.
For more than a decade, security researchers have warned manufacturers and power companies that their networks are vulnerable. Yet demonstrations tend to have a much greater impact and could convince other cyber-attackers to focus on power companies, he said.
"The big lesson here is that someone crossed the threshold of having an actual cyber-attack—not just an intrusion, or malware on the network—but that someone actually brought down a power system through cyber means," said Lee, a former cyber-warfare operations officer for the U.S. Air Force. "That is an historic event, it has never occurred before, and there needs to be an international response by political leaders to talk about this because it sets a precedent going forward."
While security professionals have often warned about the vulnerability of critical infrastructure, attacks continue to be relatively rare. While a variety of cyber-focused actors have begun targeting ICS environments, the lion's share do not get past the front door. In its summary of incident response statistics, the ICS Cybersecurity Emergency Response Team (ICS-CERT) found that 69 percent of attacks in 2015 did not successfully gain access to any system within a critical-infrastructure organization. However, attackers are becoming more successful: 12 percent of attacks compromised control systems in 2015, compared with 9 percent in 2014.
"We've all known for years now the critical infrastructure has been vulnerable, but what has really made this an issue is the convergence of information networks connected to the Internet and the operational ICS networks," Ed Cabrera, vice president of cyber-security strategy at Trend Micro, told eWEEK. "Companies want remote support and they want real-time metrics for billing, for example, but that accessibility exposes the networks to attack."
While Ukrainian officials have blamed Russia for the attack—a likely scenario—there is no solid evidence of such a connection, according to the SANS Institute's Lee. In addition, while the attacker used a common malware program known as BlackEnergy, along with a component that wiped the hard drives of infected systems, that capability is unlikely to have caused the outage, he said.
Yet critical-infrastructure firms and political leaders should take some powerful lessons away from the incident.
1. Critical infrastructure will be a target
Attacks on critical infrastructure have generally fallen into three categories. Security researchers have demonstrated significant vulnerabilities in the technologies and systems on which critical infrastructure firms rely. Malware infections have disrupted the information networks and systems at critical-infrastructure firms. And a very small number of nation-state attacks, such as Stuxnet, have led to actual physical damage.
Most attacks fail to gain access to critical systems, but more than half of critical infrastructure firms surveyed by Trend Micro saw an increase in attacks against their systems in 2015. Only 7 percent saw a decline.
↧
↧
License Plate Scanning System Turns Police Into Debt Collectors
NEWS ANALYSIS: Texas police cars now use license plate scanners to hunt for court-fine deadbeats and they can take payment on the spot–with the vehicle data collected and held by a private company.
Texas passed a law just last year allowing police departments to install credit card readers in squad cars. The idea was to enable cops to collect unpaid court fines instead of arresting people for the unpaid fines.
Police in Kyle, Texas, are now automating the identification of court fine deadbeats using scanners that automatically read and process all visible license plates, according to a report on the Electronic Frontier Foundation (EFF) website.
The license plate readers, access to a database of license plate data and sophisticated software tools, are provided to the police by a company called Vigilant Solutions in exchange for an additional 25 percent fee. That's right: people can pay the court fine plus 25 percent more, all of which goes to Vigilant, a private company. To the police and courts, all this equipment is "free."
As police drive around the scanner reads license plates and pings an alert when it locates the vehicle of a court-fine scoff-law. Police pull the vehicle over and give the occupants the options of paying their unpaid court fines on the spot or going to jail.
If the scanner flags a parked car, the police can place a notice on the windshield that's like a ticket, but is really an order to go to the Vigilant Solutions' web site and pay the fine.
They're calling it a win-win-win situation. The court gets more fines paid. The jails get less crowded. And Vigilant gets paid a fortune—in user fees essentially—that are sought out and collected by the police.
But It gets worse. The police don't access Vigilant's database. Vigilant gets all the data from Guadalupe County, which is where the city of Kyle is located. Vigilant gets to keep and use the personal and legal data provided for what the EFF calls "nearly unlimited commercial use." Vigilant gets to keep and use the data even if or when the contract expires.
Meanwhile, the police are constantly scanning for plates. All license plates, not just the ones flagged as belonging to a scofflaw, are tagged with location, time and other data, and all that data is fed back into the Vigilant database.
This includes cars in traffic and also unoccupied parked cars. As the EFF points out, "the information can reveal personal information, such as where you go to church, what doctors you visit, and where you sleep at night."
Both the court and the police are funneling private and personal data on citizens to a private company, who is then using that data to get paid, riding on the back of court fines and enforced and collected by the police.
In other words, a private company using taxpayer-funded government agencies to harvest private data on the public and is getting paid to do it.
An awfully slippery slope
Needless to say, this whole arrangement is made possible by new technology.
This situation raises some critical questions. If today's technology makes it OK to use the police as debt collectors for the courts and to use government departments and agencies for the harvesting of personal data for a private company, what will tomorrow's technology enable?
For starters, it's clear that self-driving cars will enable this current scenario to be automated. Self-driving squad cars could drive around scanning plates and when they get a ping, pull over motorist.
A computer voice could then command a vehicle occupant to use an ATM-like kiosk on the outside of the car to pay their fine. If they refuse, the self driving car could follow the scofflaw while calling backup from human cops, who could then make an arrest.
Since that works so well, it makes sense for these self-driving cop cars to scan for other traffic violations, such as speeding, illegal left turns and tailgating.
↧
Legal Landscape Report Reviews The Issues Affecting The UK’s Legal IT
Legal systems innovator Zylpha (www.zylpha.com) and Converge TS (www.convergets.co.uk), the UK’s only dedicated Cloud computing provider for law firms, have launched a joint report on the issues affecting IT in legal practices. Called The Legal Landscape 2016, the report uses case management experience from firms and organisations that are currently investing in innovation to both drive efficiencies and boost client care. The many insightful contributions included come from: Anthony Collins, DAC Beachcroft, Genus Law, Olliers, Poole Alcock, South London Legal Partnership and Total Conveyancing Services.Amongst the key areas of concern that these organisations have for the year ahead, are: cybersecurity, agility and the digitisation of UK courts and online services. The contributors’ thoughts and opinions are summarised for each of these areas within the report. One of the report’s main findings is that many firms are now re-examining risk as cybersecurity takes centre stage in the press. As law firms are under obligation to protect client data by the Solicitors Regulation Authority (SRA) and the Information Commissioner’s Office, the processes for securing data and systems from cybercrime will be an unavoidable practice priority in 2016. The report highlights how ‘agility’ will also become increasingly essential as location becomes less important. As clients are demanding that law firms are able to provide them with access to legal services anytime and anywhere, the ability to work from remote locations at times to suit clients needs will become a prerequisite. This in turn will drive concepts like mobile working and BYOD.Another main theme of the report is the increased digitisation of the Courts and the growth of online services. Firms expect to see further improvements in processes and accessibility to case management files with more systems becoming electronic and digital in 2016. The government’s £700m investment in the Autumn Statement in November will also modernise the courts and justice system. Law firms will need to ensure they have the right electronic systems in place to be able to operate in this new world, although questions remain about whether it is the courts or firms that will be doing the ‘catching up’.Commenting on the report Tim Long CEO of Zylpha notes, “Our aim, in this joint report, is to look at the key issues affecting law firms’ IT and to record case management experience. In contrast to many other reports, which broadcast the agenda only of those who produce them, we aim to deliver an overview from some of the key protagonists of legal innovation, both in practice and in-house. In short, their views are a snapshot of the rapidly evolving world of legal process automation and we hope they will either underscore or inspire the efforts of others in the legal sector. The key themes to emerge from the research are a real portent of those areas where legal IT faces significant challenges. From Cybersecurity and Agility through to the digitisation of the Courts there’s a great deal here to define 2016 as a tipping point in favour of legal technology. My thanks go to the contributors for their candour and high quality input.”Converge TS Technical Director Andrew Taylor says, “2016 will be the definitive year for law firm technology and innovation. Improvements to IT security will be far greater as firms seek to offer greatly enhanced data security to win more contracts. In addition, the move to ‘IT as a service’ will signal a change in the future make up of the IT team with many viewing it as a cash flow friendly OPEX ‘operational’ cost rather than a CAPEX ‘capital expenditure’ one. ‘Paying per user’ will become a far more cost efficient method of delivering technology as firms look to scale IT as necessary to meet business objectives.”Those wishing to view a copy of the report online should visit: www.zylpha.com/legal-landscape-2016 ENDSFor further information on Converge TS please contact: Karen Gilbert (Marketing Manager) Converge TS on 0345 8724400 karen.gilbert@convergets.co.ukFor further information on Zylpha please contact: Leigh Richards, The Right Image on 0844 561 7586 / 07758 372527: leigh.richards@therightimage.co.ukNotes to editors: About Zylpha Headquartered in Southampton Zylpha is an innovative specialist offering tools for the legal profession including:Secure electronic document production and delivery. Court Bundling.Integration with the MOJ Portal.Links to agencies for AML and Identity Verification.The company, which was founded by Tim Long its CEO, has won widespread acclaim in both the legal and local government sectors for its systems that transform secure communications for court and case management bundles. Zylpha has recently been approved for G-Cloud 7.www.zylpha.comAbout Converge Technology SpecialistsFounded in 2006, Converge Technology Specialists (Converge TS) is the country’s only dedicated Cloud computing provider for law firms. Converge TS’s hosted and managed IT services are used by innovative law firms to drive productivity, enable flexible working and boost growth.www.convergets.co.uk Source: RealWire
↧
Firefox 44 Debuts With Improved Security
Mozilla adds push notification support and provides 11 security advisories with its latest open-source browser release.
Mozilla came out today with its first Firefox browser release for 2016, providing new fea...
↧
More Pages to Explore .....
