Tag Archives: security

UK Survey: Public Cloud Not Considered Safe Enough by 87 Per Cent of Businesses

City Lifeline, the central London colocation data centre, has found that private Cloud is the more popular choice for businesses, with 63 per cent choosing private over public. Although the results, which come from an on-stand survey carried out at this year’s IP Expo, also demonstrated a growing understanding of Cloud in general (only 4 per cent of businesses claimed not to understand it), 87 per cent felt that private was safer than public.

Roger Keenan, managing director at City Lifeline said, “With technology, security risks should always be considered, but they do not need to become obstacles. Our aim at this year’s IP Expo was to increase understanding of Cloud among businesses, so they can make the most of all it affords. Both public and private Cloud have merits, but security should not be a concern with either if you are working with a reputable provider”.

Although acceptance of the Cloud as a concept continues to increase, the Federal Cloud Computing Survey recently found that security was one of the top challenges facing businesses when they consider the Cloud. However, City Lifeline found that privacy and security issues surrounding the Cloud in general are quickly becoming a thing of the past, with only 37 per cent of respondents letting this stand in their way. 41 per cent of businesses believe there are no obstacles at all, so why is there such a discrepancy around public over private?


Swivel Secure Launches University Licensing in UK, North America

Tokenless authentication provider Swivel Secure today announced the launch of its university licensing scheme, which enables universities in both the UK and North America to secure their network infrastructures at a fraction of the typical costs, regardless of whether their data is stored in the cloud or on a virtual private network.

Under the terms of the scheme, Swivel Secure channel partners are able to offer free licences for Swivel’s tokenless authentication platform to a university’s student population, when full licences are purchased for staff members. The scheme enables budget conscious universities to add an additional level of security to their network infrastructure without the need for extensive additional investment.

In both markets, data and network security is a growing concern amongst university IT administrators. Compliance with strict data protection regulations, together with increasing demands from students to access the campus network from a range of different devices and applications, is creating a complex environment that is putting pressure on existing access controls. Additionally, many campuses are also looking to realise the cost savings offered by migrating to a cloud-based infrastructure, which raises fresh concerns about authenticating off-premise users of the campus network.

“Cloud is already an attractive cost saving option for universities and Microsoft’s recent offer of free university licences for Office 365 will undoubtedly encourage more campuses to adopt the model,” comments Chris Russell, VP Engineering at Swivel Secure. “But universities should tread carefully. The ubiquitous reuse of username and password combinations is a real threat to cloud security. Often, all a hacker needs to do is to obtain and reuse a student’s login details for, say, Facebook, in order to gain unauthorised access to the campus network.

“Universities need to be implementing an authentication solution that requires an additional piece of information so if a user’s password is compromised the network remains protected. Our new licensing scheme enables universities to secure their VPN or cloud-based infrastructures in this manner using the only tokenless authentication platform approved for the Microsoft Office 365 environment. Providing free licences to all students should put the technology within reach of most, if not all universities, even those working hard to contain additional costs.”

The Swivel authentication platform was first launched in 2003. It is now used by local government, the NHS, major global enterprises and hundreds of smaller businesses, in over 35 countries, to remotely access their business networks, virtual desktops and cloud-based applications. Offering the widest range of user deployment options according to Gartner, the Swivel authentication platform offers the choice of mobile apps, SMS and interactive voice response channels when full two-factor authentication is mandatory.


NorseCorp Launches Context-Aware Cyber Risk Intelligence Solution

NorseCorp, the provider of live cyber risk intelligence and solutions for businesses to reduce eCommerce fraud and secure their high-value data, today announced the launch of its flagship cloud security service, IPViking™. IPViking is the first solution to harness Big Data analytics of live Internet traffic to deliver contextually-aware and actionable cyber risk intelligence, a missing layer in today’s security technology stack that levels the playing field for developers and enterprises in their fight against cyber crime, hacking, and ecommerce fraud.

In recent years the security landscape has changed dramatically. Companies are now spending more money on security solutions than ever, while breaches and data losses continue to rise. Meanwhile the total cost of these breaches has also increased. A recent study of U.S. companies sponsored by Hewlett Packard and conducted by the Ponemon Institute indicates that the cost and frequency of cybercrime have both continued to rise for the third straight year, with the occurrence of cyber attacks more than doubling over a three-year period and the financial impact increasing by nearly 40 percent. The study also revealed a 42 percent increase in the number of cyber attacks, with organizations experiencing an average of 102 successful attacks per week, compared to 72 attacks per week in 2011 and 50 attacks per week in 2010.

“Today’s security solutions lack the dedicated computing power to process the massive volume of cyber threats, something that hackers have exploited for years,” said Tommy Stiansen, CTO at Norse. “Norse developed a unique system combined of global infrastructure hardware and powerful proprietary software to acquire live threat data, delivering to customers in milliseconds as actionable intelligence. Because of Big Data tools, GPU computational clusters and IPViking, companies can secure their infrastructure, network transactions and applications more effectively than ever.”

To address this challenging security landscape, Norse created IPViking, a SaaS technology and service that reduces strain on existing reactive security solutions, while increasing their effectiveness by providing live intelligence that is context-aware and adaptive to the continually changing nature of the Internet threat landscape.

IPViking does this in three ways:

  • True Big Data Analytics – The ability to continuously collect and
    analyze vast amounts of live Internet traffic and turn it into
    actionable insight and cyber risk intelligence supported by over 1,500
    criterion
  • Internet-Scaled Global Infrastructure – A purpose-built ultra fast
    private cloud infrastructure that delivers intelligence to businesses
    in milliseconds before a potential network connection can become an
    attack, massively scalable to meet the demands of enterprises,
    datacenters, managed security providers, public and private cloud
    providers, and ISPs.
  • Flexible RESTful and JSON APIs – IPViking enables enterprises and
    developers to easily add live context-aware and adaptive security
    intelligence to any website, app, or device via flexible APIs that
    support virtually all programming languages.

“To enable faster and more-accurate assessments of whether a given action should be allowed or denied, we must incorporate more real-time context information at the time a security decision is made,” said Neil MacDonald, “Using ‘Big Data’ to Address the Next Generation of Information Security Problems,” Gartner Symposium/ITxpo, October 21, 2012. “This is the heart of adaptive and context-aware security.”

As networking and security evolve toward new software defined architectures, IPViking gives enterprises and networking vendors the ability and flexibility to make intelligent risk weighted decisions and policy enforcement at the hardware, software, virtual machine, and cloud level via integration through new emerging standards such as OpenFlow.

”While security solution providers have developed increasingly complex solutions to help companies defend against today’s attacks and breaches, they’ve never been more vulnerable, said Sam Glines, Norse CEO. “The massive increase in the possible attack vectors resulting from the broadening of the online corporate footprint and the increasing costs of managing today’s complex security solution stack have placed unprecedented demands on CISOs and IT security staff. IPViking’s adaptive defense capabilities mitigate risks caused by today’s highly sophisticated attacks, as well as vacant or unenforced policies unpatched servers and software, and human error by providing millisecond awareness of harmful inbound traffic that today’s reactive security solutions miss.”


Swivel Secure launches in North America

Swivel Secure, a provider of tokenless authentication technology that is capable of securing Microsoft Office 365 as well as other cloud and virtual private network (VPN) remote access solutions, announced its expansion into North America and the opening of its first office in Seattle, Washington.

Swivel Secure is a UK network security solutions provider that has pioneered the development of tokenless, multi-factor authentication technology. The Swivel authentication platform, first launched in 2003, is now used in over 35 countries by governments and global enterprises in a range of sectors including healthcare, pharmaceuticals and logistics as well as in hundreds of smaller businesses around the world.

Swivel’s strategic entry into North America marks the launch of an aggressive channel expansion programme targeting value added resellers (VARs) in the Washington State area and beyond.

“The market for tokenless authentication is growing rapidly as US businesses start to take cloud solutions seriously,” comments Fraser Thomas, VP International, Swivel Secure, who is spearheading the US expansion and VAR recruitment programme. “Given that Swivel is an approved tokenless provider for Microsoft Office 365, a Swivel partnership will enable VARs to offer a compelling remote access proposition for businesses that are migrating to the cloud, together with those that are employing more traditional VPN solutions.”

The unauthorised access of sensitive corporate data is one of the biggest fear factors holding businesses back from migrating to the cloud. Securing a corporate infrastructure with multi-factor authentication means that business owners can be assured that only permitted individuals will be able to gain access to their corporate systems.


McAfee Launches New Data Center Security Suites

Image representing McAfee as depicted in Crunc...

McAfee today announced four new Data Center Security Suites to help secure servers and databases in the data center. The suites offer a unique combination of whitelisting, blacklisting and virtualization technologies for protecting servers and virtual desktops. These solutions provide optimal security for servers and databases in physical, virtualized and cloud-based data centers, with minimal impact on server resources which is a key demand for data centers.

“Performance and security are key concerns for servers in the physical, virtualized or cloud-based data centers,” said Jon Oltsik, Senior Principal Analyst, Information Security and Networking at Enterprise Security Group. “The new server security suites from McAfee, based on its application whitelisting, virtualization and blacklisting and AV technologies, provide an enhanced security posture while maintaining the high server performance needs of the data center.”

The suites offer customers the ability to protect their physical and virtual servers and virtual desktops with a unique combination of technologies in a single solution.

  • McAfee Data Center Security Suite for Server provides a
    complete set of blacklisting, whitelisting, and optimized
    virtualization support capabilities for basic security on servers of
    all types
  • McAfee Data Center Security Suite for Server–Hypervisor Edition
    provides a complete set of blacklisting, whitelisting, and optimized
    virtualization support capabilities for basic security on servers of
    all types and is licensed per Hypervisor
  • McAfee Data Center Security Suite for Virtual Desktop
    Infrastructure
    provides comprehensive security for virtual desktop
    deployments without compromising performance or the user experience
  • McAfee Database Server Protection provides data base activity
    monitoring and vulnerability assessment in a single suite, for all
    major database servers in the data center

“McAfee is leading the industry with these new solutions for protecting servers in the data center,” said Candace Worley, senior vice president and general manager of endpoint security at McAfee. “The combination of whitelisting, blacklisting and virtualization in a single solution, offers an optimal security posture for protecting servers in the data centers. These solutions address the need in the industry to offer solutions that provide the highest level of protection with minimal impact on the resources they are deployed on and in a wide range of customized licensing options.”

 


London City Lifeline Colo Gets ISO27001 Security Certification

City Lifeline, the central London colocation data centre, has today been awarded ISO27001 Information Security Management Certification. This accreditation confirms that City Lifeline’s security systems and processes meet the highest recognised international standards for physical security and information security.

Security, both of equipment operation and data integrity, is critical for all companies and organisations. When asked, organisations using data centre and colocation services consistently rate security as their number one priority. The internationally administered and recognised ISO27001 certification gives customers confidence that a data centre operates at the highest level of security and that it consistently delivers what it claims.

Commenting on the achievement, Roger Keenan, managing director at City Lifeline said: “We are thrilled to have been awarded the prestigious ISO27001 accreditation. Achieving ISO27001 took us over a year of hard work. All of our existing processes and procedures were reviewed and overhauled where needed and comprehensively documented. City Lifeline has always been strong on security and this new certification confirms that companies and organisations can trust and rely on us to keep their equipment and data 100 per cent secure.”

ISO27001 is an internationally recognized certification that sets out specific physical and information security standards, which must be continuously maintained by those to whom it is awarded.


LogRhythm Partners with VMware to Automate Regulatory Compliance in Virtualized Environments

LogRhythm today announced that it has partnered with VMware to contribute to its newly introduced VMware Compliance Reference Architectures, a set of resources including solution guides and design architectures intended to simplify compliance for business-critical applications in the cloud era. As part of this initiative, LogRhythm has published the LogRhythm Solution Guide for Payment Card Industry (PCI), an addendum to the VMware Solution Guide for PCI. The LogRhythm solution addendum is a QSA-reviewed guide that outlines how the company’s SIEM 2.0 platform complements existing VMware security capabilities to help customers assure PCI compliance when virtualizing mission-critical business applications with VMware vSphere®.

“Security and compliance are top concerns for organizations seeking to virtualize critical business systems such as PCI payment processing,” said Parag Patel, vice president, Global Strategic Alliances, VMware. “We’re committed to helping customers address these concerns on their journey to the cloud, and partners like LogRhythm extend our native security capabilities to make this possible. Through our solution guides, VMware and LogRhythm are delivering a validated roadmap that details how organizations can achieve PCI compliance in virtualized environments.”

LogRhythm’s SIEM 2.0 platform delivers the visibility and insight needed to detect, defend against and respond to increasingly sophisticated cyber threats, efficiently meet compliance requirements, and proactively respond to operational challenges. The company provides out-of-the box compliance solutions that enable organizations to meet their requirements for log data collection, review, archive, reporting, and alerting under mandates such as PCI, HIPAA, NERC-CIP, GLBA, Sarbanes Oxley, GPG 13, and other regulatory regimes. LogRhythm’s PCI compliance package features specific investigations, alarms and reports designed to meet PCI reporting requirements, and directly addresses or augments at least 80 individual PCI controls. With fully integrated file integrity monitoring, advanced multi-tenant support, robust reporting, and rapid search and drill-down capabilities, LogRhythm is an ideal solution for addressing PCI compliance requirements in virtual environments. LogRhythm can ensure that sensitive data, such as credit card account information, is not inappropriately accessed by shared virtual resources or unauthorized individuals. LogRhythm is field-proven in numerous deployments where the solution is being used to automate and assure regulatory compliance in virtual environments.

“We’re very pleased to have been selected by VMware to help address the compliance requirements of customers moving their critical systems to virtual and private cloud environments,” said Matt Winter, vice president corporate and business development at LogRhythm. “LogRhythm has a significant track record helping customers meet their regulatory compliance obligations in virtual, physical and hybrid environments. Our compliance capabilities dovetail well with VMware’s native security offerings to create a robust and comprehensive solution. With the VMware Solution Guide for PCI and LogRhythm’s addendum solution guide, organizations can have confidence that there is a detailed, validated path to maintaining PCI compliance in virtualized environments.”

The LogRhythm Solution Guide for PCI has been reviewed by Coalfire, an independent Qualified Security Assessor specializing in IT audit, risk assessment and compliance management, and is available for download on the LogRhythm website and VMware Solution Exchange.


New SafeNet Authentication Service Designed for Service Providers

SafeNet, Inc. today announced the immediate availability of SafeNet Authentication Service, a new cloud-based authentication service. The cloud authentication solution was designed and engineered specifically for the service provider environment and allows service providers to rapidly introduce authentication-as-a-service to their enterprise customers. By doing so, it enables service providers to increase their average revenue per user (ARPU), significantly reduce the cost and complexity associated with offering and implementing strong authentication, and strengthen their security and compliance posture.

SafeNet Authentication Service extends the company’s portfolio of two-factor authentication solutions, providing enterprise and government organizations with  choice and flexibility to best customize their authentication solutions to meet current and future security needs.

SafeNet Authentication Service’s automated, customizable cloud platform can reduce authentication-related operational costs through the elimination of manual tasks associated with the provisioning, administration, billing, and management of users and tokens. Service providers can manage their customers from a multi-tier, multi-tenant platform that is vendor-agnostic and will work with an organization’s existing token technology, enabling a quick migration to a centralized cloud environment with minimal disruption to end users. In addition, the service can be white-label branded and completely customizable to the service provider’s needs, enhancing the service brand and overall awareness. In addition, the platform is highly scalable, which enables service providers to accommodate a growing number of customers added to the service without requiring costly infrastructure upgrades.

Strong authentication has also become a major challenge for today’s “extended enterprise,” in which remote employees, partners, customers, and other third parties require access to an organization’s systems, applications, and data. With no infrastructure required, enterprises can quickly turn to service providers for SafeNet Authentication Service to simplify the implementation of strong authentication in this environment—providing “security without borders” from a fully automated, high-assurance, trusted cloud environment.

In addition, SafeNet Authentication Service enables service providers to free up their customer’s IT staff to focus on higher-value activities. By doing so, this automation facilitates real-time policy application to ensure regulatory compliance and improved business efficiency.

According to Chris Morales of the 451 Research Group, “The consumerization of IT, the adoption of mobile computing and SaaS applications, and the incipient growth of desktop virtualization places identity front and center of emerging security and management concerns. As identity assumes more centrality for IT (in terms of both industry and organizational function) in coming to terms with these trends, securing the integrity of the identity assertion, characterizing it in terms of risk assessment, and supplementing (or supplanting) user name and password comprise the initial set of security hurdles. Also, as enterprises and organizations assess the requirements for authentication against the cost and flexibility of the options available from incumbent vendors, authentication-as-a-service, and new form factors or channels such as smartphone tokens and one-time passwords delivered as an SMS have gained in appeal.”

SafeNet Authentication Service reflects the combined offering resulting from SafeNet’s acquisition of Cryptocard in March 2012. This new service combines SafeNet’s market-leading authentication solutions with Cryptocard’s innovative, scalable, and flexible platform.


Avira Launches 2013 Antivirus Security Software Line; Extends Protection from Computers to Consumers

Avira today announced the Avira 2013 product line, which includes Avira Free Antivirus, Avira Antivirus Premium 2013, Avira Internet Security 2013, and Avira Internet Security Plus.

The 2013 version of Avira’s Free Antivirus software adds 6 new security features making it the most comprehensive free antivirus products on the market. Avira’s premium products have 8 new features. These new features give consumers a more secure browsing experience by protecting them from Internet scams and threats, in addition to keeping their computers free of viruses and malware.

“With over 100 million users worldwide, our goal with Avira 2013 was to offer protection to people no matter what device they use, and we did that by adding many user oriented features to this release, making it the most feature-rich solution we’ve ever made,” said Sorin Mustaca, product manager and data security expert at Avira. “We’ve also kept the resources footprint small, so users will not notice any slowdown in computer performance.”

The following new features added to the Avira 2013 family of products are all designed to protect not just computer devices, but also computer users — wherever they are and whatever device they’re using:

  • Avira Protection Cloud – Avira’s leading cloud technology
    identifies malware faster by uploading suspicious files for instant
    analysis. (Available for paid users)
  • Browser Tracking Blocker – Gives users control over their
    privacy while browsing the internet by blocking trackers that gather
    data about your browsing activity.
  • Website Safety Advisor – Protects users from scams, phishing
    and suspicious sites by displaying safe, low-risk or high-risk icons
    on the search results and any webpage they visit.
  • Social Network Protection – Notifies parents and children of
    suspicious or worrisome activity on social networks (such as predators
    or your child being bullied online) so they can take appropriate
    action.
  • Android Security – Safeguards users’ Android phones and the
    valuable data it holds. Users can locate it when lost, lock it and
    even wipe the data remotely.
  • More Frequent Updates for Free Users – Avira Free Antivirus now
    updates every 6 hours instead of every 24 hours, giving users more
    current protection.
  • Network Folder Scanning – Shared folders like Dropbox and
    network folders are becoming more common, and with it comes the
    increased risk of spreading malware. Avira now scans network folders
    in addition local folders to keep computers free of infection.
    (Available for paid users)
  • No Advertising Pop-ups for Avira Free Antivirus Users Users
    who install Avira’s SearchFree toolbar will no longer have pop-up ads
    displayed to them. The SearchFree toolbar includes Browser Tracking
    Blocker and Website Safety. As always Avira’s paid products are
    without advertising, independent of toolbar installation.