Thursday, December 30, 2010
Friday, December 3, 2010
WikiLeaks incidents stoke IT security angst
Lack of security controls and processes can make corporate IT vulnerable to the leaking of sensitive data to sites like WikiLeaks
http://www.infoworld.com/d/security-central/wikileaks-incidents-stoke-it-security-angst-546Sunday, November 14, 2010
Wednesday, November 10, 2010
Security Solutions - Cloud Computing
Conventus has just returned from Symantec's Partner Engage 2010 conference in Las Vegas, NV, where Sarah Merrion, one of Conventus'Managing Partners, was quoted on her customers views regarding security solutions in cloud.
http://www.thevarguy.com/2010/11/04/symantec-partner-engage-2010-cloud-reality-check/
http://www.thevarguy.com/2010/11/04/symantec-partner-engage-2010-cloud-reality-check/
Tuesday, October 19, 2010
THREAT BULLETIN: Stuxnet
* The Stuxnet threat is significant because it’s the first time the world has seen a threat cross over from the cyber world to try and control the physical world.
* Stuxnet is able to infect Industrial Control Systems and change how they operate.
* The target could be anything from oil pipelines to water treatment plants to uranium enrichment facilities. It seems the authors are capable of monitoring inputs and changing outputs, which could mean this malware could lead to system shut-downs, explosions or the inability to control important Industrial Control Systems attributes like pressure and temperature.
* AV vendors are still seeing infected machines contacting the command and control server and have seen thousands of infections to date. About 60 percent of infected systems are in Iran.
* Stuxnet is highly sophisticated, leveraging four zero-day vulnerabilities.
Best practices:
o Identify critical infrastructure within your enterprise that may be at risk.
o Assess the state of infection/compromise on these systems and remediate.
o Audit current controls on possible means of infection of these system – meaning, look at all the various routes malware can take to infect a system and put proper controls in place to prevent infection.
* Stuxnet is able to infect Industrial Control Systems and change how they operate.
* The target could be anything from oil pipelines to water treatment plants to uranium enrichment facilities. It seems the authors are capable of monitoring inputs and changing outputs, which could mean this malware could lead to system shut-downs, explosions or the inability to control important Industrial Control Systems attributes like pressure and temperature.
* AV vendors are still seeing infected machines contacting the command and control server and have seen thousands of infections to date. About 60 percent of infected systems are in Iran.
* Stuxnet is highly sophisticated, leveraging four zero-day vulnerabilities.
Best practices:
o Identify critical infrastructure within your enterprise that may be at risk.
o Assess the state of infection/compromise on these systems and remediate.
o Audit current controls on possible means of infection of these system – meaning, look at all the various routes malware can take to infect a system and put proper controls in place to prevent infection.
Thursday, August 5, 2010
Thursday, July 22, 2010
Hosted Endpoint Free Trial
Is your current approach to endpoint protection enough to protect you from today's threats?
Security threats to your company’s endpoint systems (desktops, laptops, and servers) are growing in number and sophistication and can now evade many traditional security measures. Register for a free trial of Symantec Hosted Services’ latest service offering, Symantec Hosted Endpoint Protection and start experiencing the following benefits:
* Automatic security updates for all employee systems whether in the office or on the road
* Advanced technologies for antivirus, antispyware, firewall, and host intrusion prevention
* Web-based management console
* Identification of unsafe web sites in search results for laptops and desktops
* Security Audit & Customizable Reporting
At the end of the trial, we are confident you will wish to continue to safeguard your business with this easy to use solution for hosted endpoint protection. To begin your trial, please complete the below form.
http://www.messagelabs.com/root/hep_free_trial_conventus?pid=P444427
Security threats to your company’s endpoint systems (desktops, laptops, and servers) are growing in number and sophistication and can now evade many traditional security measures. Register for a free trial of Symantec Hosted Services’ latest service offering, Symantec Hosted Endpoint Protection and start experiencing the following benefits:
* Automatic security updates for all employee systems whether in the office or on the road
* Advanced technologies for antivirus, antispyware, firewall, and host intrusion prevention
* Web-based management console
* Identification of unsafe web sites in search results for laptops and desktops
* Security Audit & Customizable Reporting
At the end of the trial, we are confident you will wish to continue to safeguard your business with this easy to use solution for hosted endpoint protection. To begin your trial, please complete the below form.
http://www.messagelabs.com/root/hep_free_trial_conventus?pid=P444427
Tuesday, July 20, 2010
Microsoft looks into malware spreading via USB
Microsoft is investigating new reports that malware is propagating through USB devices, the software giant's Security Response Center said Thursday.
The attacks may be linked to an unknown vulnerability in Windows, Sophos' Chester Wisniewski said in a blog post Thursday. The flaw permits a malicious Windows shortcut file (.lnk) installed on a USB device to run a Dynamic Link Library (DLL), with no user interaction required. The DLL installs malware onto the machine.
Because of this, users who have disabled AutoRun, a Windows feature that allows files or programs to immediately run as soon the device is connected to a computer, are not protected.
"If you can execute malware even when AutoPlay is disabled, the risk is very high," Wisniewski wrote.
The exploits first were detected last month by Belarus-based anti-virus firm VirusBlokAda. According to the company, the malware on the USB devices installs two drivers, which serve as rootkits that hide the actual malware, making it nearly impossible to detect.
Malware that propagates via removable media is not new. The well-publicized Conficker worm used that vector to spread to millions of computers worldwide.
Thursday, July 1, 2010
Endpoint Security Gets Complicated
http://www.networkworld.com/news/2010/040110-endpoint-security.html?page=1
Monday, May 31, 2010
Symantec VeriSign Deal Could Add Value, Partners Say
http://www.crn.com/security/224900613;jsessionid=P1EXZTAVDYGSTQE1GHPCKHWATMY32JVN
7:51 PM EDT Thu. May. 20, 2010
7:51 PM EDT Thu. May. 20, 2010
Symantec (NSDQ:SYMC) channel partners are mostly optimistic that the acquisition of Verisign (NSDQ:VRSN)'s security business will ultimately yield value, while others express strong doubts in light of its serial encryption purchases and a botched Veritas merger.
Symantec announced a definitive deal Wednesday with VeriSign to acquire its identity and authentication business for $1.28 billion in cash, incorporating its SSL Certificate Services, Public Key Infrastructure, VeriSign Trust Services and VeriSign Identity Protection Authentication Service. Under the terms of the deal, which is expected to close in September, Symantec will acquire VerSign assets, including the majority stake in VeriSign Japan, subject to customary closing conditions such as regulatory approval.
The VeriSign acquisition gives the security giant market dominance in the SSL certificate space, which Symantec executives contend was one of the driving forces behind the deal. While perhaps not a significant revenue generator in and of itself, the acquisition would ultimately drive value by increasing cross-selling opportunities, executives said.
"We see a real opportunity to accelerate business because of the cross-sell opportunities," said Francis DeSouza, Symantec senior vice president of the enterprise security group. "A lot of the same people who buy SSL certificates from VeriSign are the same ones who buy critical protection from us."
DeSouza added that the acquisition would enable the company to integrate VeriSign's authentication technologies into its array of endpoint security and DLP products.
"It furthers us strategically. We believe going forward, security will be much less device oriented and much more around information and people," he said.
And some partners said that the acquisition is one that will likely provide a strong value-add for security solution providers, particularly as Symantec transitions from offering a wide breadth of point solutions to comprehensive suites.
Feris Rifai, president of San Francisco-based Bay Dynamics, said that he had hopes that the acquisition "will eventually mean more opportunity for us to partner on with Symantec and provide value" in light of previous channel-centric integrations with Altiris System Management and Vontu's DLP technology.
"I think it's good news," said Sarah Merrion, managing partner for Conventus, a Chicago-based solution provider. "It's just really solidifying our security message. Symantec is traditionally centered on point solutions, and now they're expanding their focus to protecting the data as it travels between those. It's another piece of the security puzzle."
Merrion added that VeriSign's identity and authentication component, which comprises its SSL Certification business, would become increasingly necessary as more end users relied on their own commercial devices for use in the workplace.
"When you think about ideas of combining SSL with Symantec Protection Center, verifying identifies on different devices, whether it's a smart phone or iPad, that's absolutely going to affect what we're recommending to customers," Merrion said, adding that customers wouldn't have to go to another security vendor to get SSL Certificatation and other authentication technologies.
Others, however, are scratching their heads and wondering if Symantec is going to have trouble swallowing VeriSign following the serial acquisitions of encryption companies PGP Corp. and GuardianEdge last month. The purchase raises suspicions with some channel partners, many whom haven't forgotten the 2005 Veritas merger.
In the past, Symantec partners have said that company is still feeling the residual effects of the numerous structural and integration issues that began after it acquired Veritas in 2005, and later when it embarked on an ambitious upgrade to merge IT infrastructure from both companies around Oracle (NSDQ:ORCL)'s ERP platform in November 2006. The combined company suffered most in the area of support, but was also inundated with purchasing and licensing problems after the company introduced new buying programs and changed its software licensing agreements.
"When I think back to the Veritas acquisition, that one threw me for a loop," Merrion said.
"Symantec has consistently shown that it takes them a long time to digest the companies they buy. They are still burping up remnants of the Veritas acquisition. And they just ate two encryption meals a few weeks ago. I don't have a real positive feeling about this," said Andrew Plato, President of Anitian Enterprise Security, based in Beaverton, Ore., via e-mail.
Meanwhile, Plato expressed strong doubts about the growth potential for SSL Certificates.
"SSL certificates are not exactly a business with massive profit potential," he said. "Low cost providers like Go Daddy and Comodo have shown that a $50 certificate is just as good as a $900 one from VeriSign."
Tuesday, May 4, 2010
New Adobe Flash Player could change how online banks fight fraud
A report from Gartner highlighted how the reliance on Flash cookies as an authentication mechanism to identify legitimate users and block unauthorized or fraudulent access may need to change with the release of Adobe Flash Player 10.1, scheduled for release later this year.
The updated version’s “Private Browsing” feature will make it easier for users to clear Flash cookies after a Web session. While the feature may be good for privacy, it may force online banks and e-commerce businesses to find something else to rely on for their authentication process. Said Gartner analyst, Avivah Litan:
“In my opinion, this is a big deal in the fraud world. Many banks, card issuers and online retailers rely in part on device identification to successfully detect fraud. And in many of these cases, the device identification they use is based on Flash local storage.”
Friday, April 16, 2010
Anatomy of a Breach
Todays IT Attacks: A Security Strategy to Protect Your IT Assets. Francis deSouza is the Senior Vice President, Enterprise Security Group, Symantec.
http://www.youtube.com/watch?v=w-x_1-zasnc
http://www.youtube.com/watch?v=w-x_1-zasnc
Wednesday, April 7, 2010
Acrobat PDF files can be used as viruses!
Are PDFs the next blocked extension for corporate users?
http://blogs.pcmag.com/securitywatch/2010/04/pdf_virus_demonstrated.php?
http://blogs.pcmag.com/securitywatch/2010/04/pdf_virus_demonstrated.php?
Subscribe to:
Posts (Atom)