Archivo de la etiqueta: security

Malware, Mandiant, Network security, Palo Alto Networks, Partnerships, WildFire

Mandian, Palo Alto Networks Partner for Malware Security

Mandiant has announced that it will team with Palo Alto Networks, a network security company, to integrate Palo Alto Networks’  firewalls and its WildFire malware prevention subscription with Mandiant’s recently announced product, Mandiant for Security Operation. Both companies will be presenting their solutions as participants at the RSA Conference 2013 in San Francisco from February 25th to 28th.

The joint solution from Palo Alto Networks and Mandiant provides a holistic approach to thwart advanced attackers by integrating malware detection and prevention capabilities on the network with the ability to resolve security incidents on endpoints. With this integration, Mandiant for Security Operations will automatically generate Indicators of Compromise (IOC) based on malware alerts generated by the Palo Alto Networks platform and identify which endpoints have been compromised. WildFire modern malware prevention service uses the inherent advantages of Palo Alto Networks next-generation firewalls to find new types of malware that have never been seen before across all applications – not just Web and email. To date, WildFire has discovered more than 70,000 new malware files that had not been identified by existing anti-malware solutions.

“Our mutual customers view this joint solution as a significant advantage to creating actionable insights to assess risk, prevent threats, and improve security,” said Chad Kinzelberg, senior vice president of business and corporate development, Palo Alto Networks. “We are also confident that this strategic partnership will continue to lead our industry in security intelligence for enterprise organizations.”

Mandiant for Security Operations is an appliance-based solution that utilizes a lightweight agent deployed on endpoints to enable security teams to confidently detect, analyze and resolve security incidents in a fraction of the time it takes using conventional approaches.

Palo Alto Networks offers a subscription service for WildFire, the company’s cloud-based modern malware prevention service. The WildFire service gives subscribers one-hour response times for the delivery of modern malware signatures, and integrated, on-box logging and reporting. The enhanced response time ensures that the damage caused by attackers using “zero-day” malware is mitigated for Palo Alto Networks customers.

“The tactics of targeted attackers and well-funded adversaries are constantly evolving,” said Mandiant’s Chief Technology Officer, Dave Merkel. “With the integration of the WildFire subscription malware detection service and Mandiant for Security Operations, security professionals will now be able to respond to threats faster and automatically investigate alerts from WildFire so they can confirm and resolve targeted attacks as they are unfolding.”

Conventional PCI, Intellectual Property, nCircle PureCloud, Network security, Patent, PureCloud

nCircle Gets Additional Patent for Their Security Services

nCircle today announced the award of its second PureCloud patent by the U.S. Patent and Trademark Office. nCircle’s intellectual property portfolio now includes 11 patents. nCircle’s patents cover a wide range of security innovations and represent the company’s significant, ongoing investment in security technology research and innovation.

nCircle PureCloud is a cloud-based security services platform that requires no hardware or software to be installed or managed. nCircle PureCloud dramatically reduces the cost and complexity of a wide range of security services — including vulnerability scanning, PCI scanning and web application scanning — making these practices easily accessible to small and medium businesses.

“Attackers are targeting smaller businesses that typically have fewer security resources than larger companies,” said Tim ‘TK’ Keanini, chief research officer for nCircle. “The breakthrough technology in nCircle PureCloud helps level the playing field by making enterprise class security tools accessible to all businesses, regardless of size.”

Data security, Health Care, Health Insurance Portability and Accountability Act, Medical, Protected health information, Webinar/Webcast/Presentation

How Tough are the Final HIPAA Privacy, Security Rules?

Online Tech is hosting an educational webinar on the new final HIPAA omnibus rule, No More Excuses: HHS Releases Tough Final HIPAA Privacy and Security Rules Thursday, January 31 at 2 P.M. ET. The webinar will discuss how the latest HIPAA modifications affect the healthcare industry and healthcare vendors.

Dickinson Wright’s Brian Balow will lead the No More Excuses webinar with April Sage, Director of Healthcare Vertical for Online Tech. On January 17, 2013, the Department of Health and Human Services released its long-anticipated modifications to the Privacy, Security, Enforcement, and Breach Notification Rules under HIPAA/HITECH.

These modifications leave no doubt that covered entities, business associates, and their subcontractors must understand the application of these Rules to their operations, and must take steps to ensure compliance with these Rules in order to avoid liability. To find out more about the webinar and register via GoToMeeting, click here.

Sin categoría

Data Security Concerns With Cloud Technology

Cloud computing in the 21st century promises to be what electricity was in the 20th century; cheap, plentiful and always available to compute resources to fulfill your every need. With any new technological advance however, there are always risks which could be exploited by those with malicious intent.

If you’re fortunate enough to have the resources within your organization to build and operate your internal private cloud, most of these risks would have been mitigated already as you still retain an element of control. Many other businesses are not in this position however, especially those in the small and medium sized sector, who are shredding documents to move to the cloud.

All of the security concerns we’ll be discussing below are not deal-breakers as such; the benefits of the cloud far outweigh any data security risks entailed in the transition to utility computing. As a decision maker, however, it is important to think about these issues before securely shredding everything and embarking on cloud migration, and finding out from prospective cloud providers how they will safeguard your data operations should be a key deciding factor on choosing your public cloud provider.

Data storage
Data should be securely encrypted when on your cloud provider’s servers, and also when in use and being processed by the cloud service. Forrester, a leading technology market research company, warns that few providers are currently able to guarantee data security and protection whilst it is being used within the application, and also what they do with the data after processing is complete.

Data transfer
Communications over the internet must be secured in any cloud transaction. On a browser, look for the “https” URL header when you connect to your cloud provider. In addition, always ensure traffic is authenticated and encrypted using industry standard protocols, developed specifically to secure internetworking, such as the Internet Security Protocol (IPSec).

Secure APIs
Also be aware of the software interfaces or application programming interfaces (APIs) that are employed in cloud services. The Cloud Security Alliance (CSA), an industry trade group, recommends learning about how your cloud provider integrates security throughout its offering, spanning activities such as monitoring and alerting services, data authentication and access control techniques.

Access control and data separation
You no longer have any personnel controls over people that have access to your data stored on the cloud provider’s servers. Make sure you consider the sensitivity of such data first to make sure that it is appropriate for release into the cloud. Gartner, a leading technology research and advisory company, also suggests asking for profiles of people who manage your data and the level of access they have.

AlienVault, AlienVault Unified Security Management, Amazon, Amazon AWS, AV-USM, OSSIM, Security engineering

AlienVault Unified Security Provides Security Visibility for Amazon EC2

AlienVault today announced its latest 4.1 release, which aims to resolve the biggest challenges associated with traditional SIEM solutions including cost, complexity and difficult deployments. AlienVault Unified Security Management (AV-USM) platform 4.1 simplifies and speeds SIEM deployments and provides intelligent security incident response guidance. AV-USM 4.1 also extends AlienVault’s best-of-breed security monitoring capabilities to Amazon EC2 to enable greater control over hybrid environments.

“Lack of security visibility and control is a primary concern when businesses move workloads to the cloud,” said Russ Spitler, VP of Product Management at AlienVault. “Traditional SIEM solutions are extremely limited in their ability to monitor cloud environments, leaving companies with siloed assets and glaring holes in their security risk posture. By enabling the AV-USM platform to monitor Amazon EC2, AlienVault customers can lower their costs, optimize their IT environments and get security wherever they need it to be, without sacrificing visibility in their own private datacenters or the public cloud.”

New features in the AlienVault Unified Security Management platform 4.1 include:

  • Support for Amazon EC2: “Instant-on” essential security
    capabilities match the elasticity of the EC2 cloud environment and
    enable unified security monitoring whether assets are in the cloud or
    data center.
  • Auto-Deploy: Automatically identifies potential data sources
    upon deployment with integrated discovery capabilities and removes the
    “guesswork” common with traditional SIEM deployments.
  • Dynamic Incident Response Templates: Extends SIEM functionality
    past the alert by providing customized, contextually relevant
    workflow-driven response procedures so that analysts know exactly what
    to do next.
  • Suricata IDS Profile: Provides an alternative to the SNORT IDS
    engine with enhanced threat detection, analysis and performance.

Based on the open source project OSSIM, the AV-USM platform combines more than 30 of the best security technologies and provides security analysts with five essential security capabilities including asset detection, vulnerability assessment, threat detection, behavioral monitoring and security intelligence capabilities in a single, unified solution and management console. The AlienVault Open Threat Exchange™ is the largest community-sourced threat database and intelligence feed, and is built into the AV-USM platform and OSSIM to provide security analysts with real-time collaborative defense.

“Since our business is completely built on IaaS providers, we need to find a way to get reliable security visibility in this environment,” said Fredrick Lee, Lead Security Engineer for Twilio. “A lot of traditional security solutions fall short when facing the challenges of deploying in the cloud. AlienVault USM provides a great way to deploy the security capabilities I find essential – IDS, vulnerability assessment, SIEM – quickly and completely.”

AlienVault has also launched a new documentation portal, the AlienVault Repository of Knowledge (ARK), which complements the support forum and provides access to interactive assets, product documents and how-to videos for the larger OSSIM community.

The latest version of the AlienVault Unified Security Management platform 4.1 is available now.

Information security, Payment Card Industry Data Security Standard, PCI DSS, Standards

Six Degrees Group Achieves PCI DSS Compliance

Six Degrees Group, a provider of integrated managed data services, today announces that following an official audit its datacentres and security systems are now fully compliant with the Payment Card Industry Data Security Standard (PCI DSS).

The confirmation of PCI DSS compliance complements Six Degrees Group’s ISO27001: 2005 certification for information security, which emphasises the Group’s commitment to protecting and securing clients’ data.

PCI DSS is a set of comprehensive standards for ensuring the security of financial payment data that was developed by the founding payment brands of the PCI Security Standards Council including Visa Inc., American Express and MasterCard Worldwide. As a result of this certification, Six Degrees is now on the approved global Visa Merchant register.

Mike Ing, group business operations director of Six Degrees Group, stated: “These standards globally govern all organisations that store, process or transmit cardholder data. Achieving this compliance provides our customers and prospects with the reassurance that Six Degrees Group is committed to the security and confidentiality of sensitive data by meeting the physical security requirements of the PCI standard.”

Data loss prevention software, encryption, Filesystem-level encryption, Virtustream, Vormetric

Virtustream Adds Cloud Database Encryption, Key Management

Virtustream today added software-based “data at rest” encryption to its cloud services portfolio through a partnership with Vormetric, a leader in enterprise encryption and key management. With this extra protection, Virtustream’s xStream cloud management software and Virtustream cloud IaaS services provide highly secure and compliant solutions that enable enterprises, governments and service providers to safely run mission-critical applications in private, public and hybrid clouds.

The company will now offer Vormetric’s database and file encryption solution to customers needing an additional layer of security to satisfy internal sensitive data policies and compliance mandates regarding business data. For enterprises required to comply with regulatory guidelines and compliance frameworks such as NIST 800-53, DIACAP, FedRAMP, FISMA, ICD503, G-Cloud, CSA Recommendations, ISO27001, HIPAA/HITECH, PCI, SSAE16/SAS70 and other industry standards, this new service provides a sophisticated approach to protecting highly sensitive data in the cloud. Virtustream’s new data encryption offering allows enterprises mandating full data life cycle encryption to take advantage of the cloud.

The addition of Vormetric Data Security adds to the enhanced security measures in Virtustream clouds which include layered physical/virtual security, cloud-to-cloud encryption, core servers equipped with new Intel CPUs that support Advanced Encryption Standard New Instruction Set (AES-NI) for optimal encryption efficiency, hardware-level authentication (Intel TXT), encrypted VPN (IPSEC and SSL), Key Escrow using Data Security Modules (DSMs), encryption in archive, GRC tools, two-factor authentication, and various additional security and compliance measures and reporting.

“File-level encryption is the most effective and flexible approach to cloud data security for enterprises concerned with regulatory compliance, protecting their IP and meeting contractual obligations around customer data,” said Bruce Johnson, vice president for worldwide sales and service operations at Vormetric. “By offering Vormetric Encryption through a pay-as-you-go model, Virtustream is providing comprehensive, built-in and transparent security for any database, that can follow customer data—whether it is in the cloud or a datacenter.”

As the Virtustream team evaluated security and encryption software to pair with its cloud solution, it found that many of the larger vendors focus primarily on end-user computing and encrypting whole drives, which only protects against specific threats and could not support a variety of deployment modes. Vormetric’s solution quickly emerged as the leader in enterprise class security, as it emphasized encryption at the file/folder level, transparently across all major database platforms. It also enables very granular separation of duties to allow for a variety of support models from zero client touch, to co-managed operations, to full key management by clients. Vormetric encryption ensures that there is no unauthorized data access from inside or outside an organization. In stress testing, Vormetric exceeded Virtustream’s performance expectations with a virtually indiscernible impact on application response time, excellent manageability and detailed logging of file access for Database Access Monitoring requirements (DAM) and Data Leakage Prevention (DLP) reporting.

Virtustream now stands as the first cloud provider to offer the Vormetric solution in a SaaS model with elastic, consumption-based pricing—services are priced per virtual CPU of each database server, as opposed to traditional perpetual licensing models.

“It can be challenging to get large enterprises to trust the cloud, so this partnership with Vormetric provides a significant security measure required to overcome that concern,” said Pete Nicoletti, director of security and compliance at Virtustream. “With Vormetric’s solution, we now have a database encryption security option suitable for customers who are required to comply with executive mandates or compliance frameworks but have not yet deployed encryption at their database or application layer. Adding this capability will make moving mission-critical data to the cloud a more feasible option for any enterprise looking for immediate risk reduction and cost savings.”

With this encryption service, Virtustream also offers and manages encryption of client databases at their location in the client’s datacenter before they even move the workload to the Virtustream cloud. This is a unique capability and allows customers that are concerned with protecting personally identifiable information (PII) and other sensitive information to achieve regulatory compliance and avoid potential data breach costs.

“By partnering with Vormetric, we are able to combine its nimble and powerful security solution with our cloud solution for increased data protection with high performance and low overhead,” said Mike Olson, vice president of operations and service delivery for Virtustream. “Together we offer customers a more secure, compliant cloud environment with reduced infrastructure costs, and increased performance and uptime.”

Hardware, SED, Solid-state drive, Storage, Toshiba

Toshiba Announces Cryptographic-erase, Self-encryption Features for New Enterprise SSD, Mobile HDD

Toshiba Corporation today announced new enterprise SAS solid state drives (SSD), mobile SATA hard disk drives (HDD), including self-encrypting drive (SED) models in both product categories, and new enterprise-grade SATA SSD supporting cryptographic-erase. Select drives will start to ship in January with other models following later in the first quarter.

PX02SMQ and PX02SMU series enterprise SED (eSED) deliver government-grade Advanced Encryption Standard (AES) 256-bit self-encryption and offer Trusted Computing Group (TCG) Enterprise SSC protocol self-encryption and cryptographic-erase support. These high-performance, 2.5 inch enterprise models with SAS interface, target high-end servers and data center applications and provide capacities ranging up to 1.6TB[1].

The PX02AMU value line of SATA eSSD models and the PX03ANU read-intensive line of SATA eSSD models, both for enterprise applications, feature cryptographic- erase for fast and secure media sanitization.

For mobile computing, the MQ01ABU***W series provides self-encryption, cryptographic-erase and TCG-Opal SSC protocol support in a slim 7mm height with up to 500GB[1] of storage capacity. The MQ01ABU***W series also supports Toshiba’s innovative Wipe technology, which adds security features that allows system designers to automatically cryptographic-erase sensitive user data if an unexpected host attempts to access the HDDs or if a defined number of authentication failures occurs.

Toshiba is also reportedly working on FIPS 140-2 certification[2] for select SED products to meet government-class security requirements.