Total Application Control (TAC): The best of whitelisting AND blacklisting…

As hackers get better at breaking into networks and compromising data, IT security experts continue to debate the best ways to defend their systems against highly targeted malware attacks. In the PCWorld article, “How to Stop Hack Attacks In One Easy Step: Whitelisting,” InfoSec pro Tony Bradley highlights some of the key differences between application whitelisting and traditional blacklist-based defenses. Let’s review those difference, but then I want to make the case for Total Application Control (TAC)–a blending of the best of both approaches.
On one hand, whitelisting stops all unauthorized applications from running, essentially blocking any malicious/unauthorized software from executing on all network endpoints–regardless of whether it was a previously known application/attack or a new, unknown one. But as Richard Stiennon observes, simple whitelisting can be too restrictive and potentially require too much administrative overhead to maintain. On the other hand, blacklisting stops known bad applications from exploiting a system, but lets programs execute on a system by default if they are not on the blacklist. This reactive approach means users can execute software, including malicious attachments, thereby leaving networks and data vulnerable until after a threat is identified. Blacklisting also forces a steady stream of patching requirements and fire-drill reactions that become a black hole of IT time and money (e.g., trouble shooting poorly functioning machines, reimaging and even purchasing new systems prematurely).
As the whitelisting versus blacklisting debate rages on, instead of focusing on the limitations or weak points of each technology, what we should really be discussing are the strengths that these two fraud detection super powers bring to the table — and when used together — can help organizations gain complete control over all applications across their enterprise. CoreTrace calls this Total Application Control (TAC). (Basically, we need to create the “Blue Ocean” strategy for endpoint security. If you are unfamiliar with the concept/book, check out: www.blueoceanstrategy.com.)
First, we need to clear some of the misconceptions that many still have, such as whitelisting being the same as “lockdown,” or that it doesn’t include cloud-based blacklists. The truth is, today’s leading application control solutions like CoreTrace Bouncer have evolved beyond straightforward whitelisting functionality. They’ve addressed the shortcomings around basic application whitelisting and blacklisting products by leveraging both technologies to provide the visibility organizations require to see all known good and bad applications in their environment. For a solution to achieve Total Application Control, it minimally needs to include three essential components:

1. Application Whitelisting: Whitelisting on all endpoints as the enforcement mechanism to ensure established policies are enforced and all unauthorized applications are prevented.

2. Change Management: The ability to seamlessly handle change (new authorized applications and upgrades) even in dynamic environments without impacting IT production or user productivity.

3. Cloud-based Whitelists… and Blacklists: Cloud-based reputation service to assign risk profiles to all applications, including identifying known-good applications and any known pieces of malware. “Cloud-based” is key phrase: use the information in a offline capacity, so as to not impact system performance with onerous scans.

I’ve often wondered if hackers are taking full advantage of the rhetoric that goes on between competitive security vendors, who despite having the same anti-malware objectives, continue to create a cloud of confusion throughout the industry that actually stalls innovation, and new proactive ways to defend networks against more dangerous modern malware. Maybe bringing longtime adversaries like whitelisting and blacklisting together to create Total Application Control is the last thing cyber criminals want to see. We certainly think so.
So stop debating and start controlling your systems with a blend of the top defense mechanisms. Move past confusion and into enlightenment and receive all the control and performance benefits of whitelisting with the reporting and compliance benefits of offline blacklisting.

by Toney Jennings

It’s a new platform… So why use an old (broken) security approach?

When it comes to protecting network endpoints against more cunning and deceitful modern malware attacks, deploying proven security tools to prevent malicious code from exploiting your system is job #1. Unfortunately, the cat-and-mouse game between IT security professionals and hackers is not easily won, if ever won at all. The key, of course, is to stay one step ahead of your adversary at all times.
That said, what continues to baffle me is the ongoing practice of re-applying beatable security technologies to evolving malware, and expecting a different outcome. Time and time again, we’ve seen how increasingly ineffective traditional anti-malware products like antivirus software are at stopping modern attacks.
More recently, we’re seeing how cyber criminals can rapidly rewrite code overnight to evade even the latest security updates. The article, “Apple’s malware detection update circumvented in 8 hours,” shows us how quickly malware developers are creating new variants that can bypass security updates mere hours after the update is available. But this doesn’t apply to Macs alone. I’ve also recently talked about the Microsoft security update that was out all but three days before hackers were conducting active attacks on the same patched vulnerability.
The way I see it, it’s wrong to apply a known broken security approach to any platform, but especially wrong to do so on new ones. Whether it is a Mac, Linux, tablet or smartphone, why on earth would you use an old, ineffective approach to secure a new platform?? Doing so puts your network endpoints and critical business data at risk, and it gives cyber criminals the upper hand.
Putting short-term fixes on long-term problems is not the answer. Instead of deploying reactive solutions and hoping for the best, we need to approach IT security with a proactive vision in mind. We need a solution that provides proactive security, minimal performace impacts and clear visibility / risk profiling of all applications installed in our environment. What we need are application control solutions like CoreTrace Bouncer.

by JT Keating

Lord of the Files – File Sharing Gone Wild

Who would have thought that the novel, Lord of the Flies, by William Golding, an English literature staple for English schoolchildren, was not only the idea behind the popular TV series “Lost”, but also provides important parallels to the story currently unfolding of enterprise file sharing gone wild. In the Lord of the Flies the attempts by the group of British schoolboys to govern themselves when stranded on a deserted island is in some ways akin to how business users are today attempting to govern their file sharing when deserted by IT.
The major themes of the Lord of the Flies include an exploration of the conflicts of civilization and the loss of innocence, both of which seem applicable to the current conflict of business user vs. IT in the world of enterprise file sharing. While the novel, and even the TV show, may be rather more graphic on the conflict of living by rules vs. savagery, valuing the good of the group vs. individual gratification and exploring law vs. anarchy perhaps some good lessons can be learned? Just how would Ralph, Jack, Simon and Piggy, the main characters in Lord of the Flies have handled file sharing?
Ralph, the elected leader of the group, the representative of order, civilization and productivity, thinks about how the boys should organize themselves and get to work to maximize their chance of survival and rescue. Is Ralph perhaps the CIO figure? Would Ralph, the CIO, be taking charge, implementing an enterprise file sharing solution so business users can not only survive and can get their jobs done, but also stay out of trouble.
Jack, the opposite of Ralph, the character representing savagery not civilization, demonstrates how he can use his savagery to control the boys who increasingly abandon civilization to follow him. Hmmmm… not sure about this Jack character, although we have all seen business users do things they shouldn’t.
Simon, is the character who just does what is right not because of Ralph or Jack’s influence, but just because he knows it is the right thing to do. This would be the business user every organization would like to have.
Piggy, the inventor and intellectual, uses his inventiveness to benefit the group. It is Piggy who initially finds a conch and blows it to bring all the boys together on the island and Piggy who makes a sundial so they can tell the time. Piggy, in the world of enterprise file sharing would have early on blown the conch he discovered, to alert IT and Security teams that they needed to work together to give business users a way to share files securely. Piggy would also be the one to design and implement the system.
So how does this story end? In Lord of the Flies, the boys are eventually rescued and returned to civilization, but not without some casualties. The adult who steps onto the island does remark that he would have expected better from British boys!
How does the story end in enterprise file sharing? I’m betting on the Ralphs and Simons of the world to give this story a happy ending.

by Paula Skokowski

Who would you bet on in the race between hackers and users?

No one will argue that deploying security updates is important, but a recent exploit showed the difference between having a patch available and actually implementing it (again). Today’s reality is that hackers are far quicker to exploit known vulnerabilities than users are to patch them.
In the article, “Hackers move fast to exploit just-patched IE bug,” Symantec reported that after Microsoft issued a patch for 11 bugs in Internet Explorer last week, active attacks were spotted on one of the “patched” vulnerabilities just three days later. Although the vulnerability has seen limited attacks at this point, it is another in a long line of examples that demonstrate why enterprises need multiple layers of protection–most of which truly need to be completely out of the hands of users.
What good are security updates if hackers can jump right back in and exploit the same vulnerability? Honestly, the impact of an unpatched vulnerability would be significantly less if the endpoint protection (specifically antivirus technology) was effective at stopping the payload. As is becoming more and more evident, this is not the case. Traditional antivirus solutions are continuing to fall further behind in stopping the growing volume of malware exploits and variants.
[Time for the shameless plug. You can exit now if you don't want to know how to help actually solve the dilemma.]
Rather than reactively patching or depending on blacklists to identify and stop the tens of thousands of new online threats that come along each day (60,000 a day, according to Gartner), organizations need to take a proactive approach to not only protect their endpoints from all known and unknown malware threats, but also gain total application control of their systems to allow only what they want to run on their networks at all times.
CoreTrace’s Bouncer application whitelisting solution does this by providing complete insight and control over all installed applications across a highly distributed environment. By combining total application control with advanced, non-intrusive self-defending mechanisms, Bouncer helps organizations stop all known bad and unauthorized applications from running on any endpoints–including those that exploit a known, unpatched vulnerability.

by JT Keating

iCloud, you Cloud, we all can Cloud. Let’s minimize data security risks, too.

Between this week’s high profile security vulnerability of free, cloud-based services and the recent iCloud announcement, the good, bad, and ugly of cloud deployments have garnered a lot of attention.
For the record, Accellion solutions are sold only to business and government organizations. Our customers have a choice in deployment options including, virtual or physical appliances, and public or private cloud. They can also have hybrid deployments.
No matter where you sit on the relative benefits of cloud deployments, the fact remains that employees are increasingly taking advantage of cloud-based consumer services to share confidential information and collaborate with people outside the organization, with little to no regard for corporate and IT security policies. These consumer-grade solutions allow individuals to share, send and sync files between devices, yet leave IT and security teams with no visibility into the sharing of enterprise data. With Apple iOS’ lack of a file system, iPad users are especially prone to using these applications.
Enterprises need to get ahead of the issue of how employees share information. Best practice requirements that cannot be met with consumer, dropbox-type applications include:
o Flexible deployment options
o Centralized IT administration and management
o Full audit and log capabilities
o Track and own your enterprise data
Bill French at iPadCTO sums it up best:

Box, DropBox, (and soon iCloud), represent the fast-food industry of document collaboration. Accellion is a sit-down restaurant complete with a five-course menu and even a chef in the kitchen who will customize your meal if you ask. And this restaurant has a really cool customer relationship feature that will tell you precisely what you and everyone in your party ate, when you ate it, and how many calories were in it. Oh yeah, and they serve outstanding espresso in an environment that’s pleasurable to have intimate conversations without the noise and distractions of a hyper-fast eatery.

As I mentioned, Accellion, unlike competing solutions, is sold only to business and government organizations and all customers have oversight of their cloud and on premise installations – including public, private, or hybrid cloud deployments. We let you make the choice.
We offer an enterprise solution that offers the control and flexibility that IT needs while keeping business users happy with an easy-to-use file sharing application that can be used anytime from anywhere.
For more information, read our latest white paper: Secure File Transfer and Collaboration in the Cloud: Maximizing the Benefits While Minimizing the Risks.

by Accellion

The next priority for CIOs...

The technology landscape is constantly changing. In the past year we have seen an insatiable consumer demand for mobile devices such as iPads and other tablets, as well as services like cloud computing. What was previously viewed as enterprise computing has been taken up by individuals eager to stay connected. This has led to what is now being known as the ‘consumerisation’ of technology in the workplace, whereby users bring their own devices.
At a conference in London this week IDC’s research director, Nick McQuire explained how consumerisation “presents a massive opportunity” to reduce upfront costs, aid innovation and increase productivity. However consumerisation also poses a number of challenges to businesses and a headache to security staff as they battle to secure boundaries and prevent data loss.
According to research by IDC, less than a fifth of businesses are estimated to have the software and skills in place to manage personal devices. And 41 % were worried about cost, while 37 % worried about management.
So how can businesses overcome the security issues bought forward by consumerisation? Organisations need to bring security out of the shadows and adopt flexible policies which can be integrated across the organisation. However taking an over-cautious approach when it comes to IT security can also cause problems. Stifling a company in red tape to such an extent that it becomes so constrained by its IT security that it is prevented from innovating or taking advantage of new and innovative technologies will not help it gain a competitive edge. As well as the issue of data security the main problem with consumerisation is the blurring of boundaries, as staff approach work security in the same way they would approach home security. The attitude to security at home can often be more lax and this may affect the level of professionalism usually taken towards security in the workplace. The key to overcoming this is education. By educating and explaining web and email policies staff can actively take on board the risks and adapt their behaviour in the long-term. As consumerisation looks set to stay businesses need to develop an appropriate approach to security to deal with it, this will undoubtedly need to become a priority for CIOs over the coming years.

by Clear Swift

Whitelisting: Only the first rung of the ladder to “Total Application Control”…

According to the article, “Top five strategies for combating modern computer security threats,” today’s surreptitious, very low profile cyber threats are exploiting any vulnerability they can to get malware onto a user’s laptop or computer. These computer viruses require organizations to proactively defend their networks from a growing volume of malicious software that can mutate within hours or even minutes to evade detection.
One of the recommended techniques for protecting computer systems from unauthorized and malicious software is application whitelisting. Clearly, we are biased, but we completely agree more with those across the industry (including the author of the article) who are recognizing the anti-malware benefits of application whitelisting over reactive blacklisting products.
Furthermore, we also agree with some of the cited shortcomings around basic application whitelisting technologies. For example, solutions must be able to prevent attacks that “subvert known good applications” like memory exploits. Solutions must also be able to handle dynamic environments without frustrating users or killing IT productivity–unless they are simply lockdown mechanisms for “static” environments like POS terminals, control systems and ATMs (though these systems are really less “static” than most would realize).
While these are valid concerns if all you are looking at is a whitelisting product, leading solutions like CoreTrace Bouncer have evolved beyond simple whitelisting and into “Total Application Control” (TAC) solutions. TAC solutions include enforcement mechanisms that prevent memory exploits and other attacks against authorized applications. TAC solutions also have trusted change mechanisms to address dynamic environments, provide intelligence about all installed applications and assess application risk via cloud-based reputation services. TAC includes learning/assessing what is in your environment, planning and establishing policies, and then enforcing those policies on the endpoint.
In short, application whitelisting at its core is an excellent anti-malware enforcement mechanism to protect endpoints from modern malware attacks. But it is only the first rung on the ladder to Total Application Control.

by JT Keating

If you can’t change user behavior, stop the payload…

For some time now, we’ve been hearing about how users often fail to install security updates for known vulnerabilities months, or even years, after a fix is available. As an IT security professional, this blows my mind because such practices create security holes that leave computers, and now corporate networks, susceptible to targeted cyber attacks. However, I am a realist: most users do not really think or care about security until something happens to them directly.
In the article, “Malware Authors Relying on Poor User Updating Practices,” cyber criminals understand this, and are taking advantage of users’ negligence around installing the latest security updates on their PCs. According to Ralf Benzmüller, head of G Data SecurityLabs, cyber crooks are not just targeting current security gaps, they also have their eye on unclosed vulnerabilities that for one reason or another have been disregarded by users.

“Even though an enormous number of program updates are being provided, users should not be fooled into deactivating automatic update functions. Not only does this apply to Java, but it should also apply in general to all browser plug-ins used and all applications installed on the PC.”

Ironically, experts at G Data SecurityLabs also said there has been an increase in the installation of unwanted software such as fake antivirus programs, known as scareware, that trick users into downloading what they believe is extra protection against malware but is really malicious code designed to steal personal data.
The dangerous combination of poor security updating practices and users getting fooled into downloading malware programs on their computers is giving hackers an edge in the cyber crime fight. While security vendors are working on creating more secure applications, I sadly believe that there will always be vulnerable applications in our networks. Because of this, businesses should focus on stopping the payload that is deposited. Once the payload is executed, that’s when the damage is done.
This is another reason to consider application whitelisting solutions. With application whitelisting, it doesn’t matter how the malicious code gets deposited — whether through opening a bad attachment, a drive-by from hitting a bogus website, or a vulnerability — because all unauthorized applications are prevented from running. If you can’t change user behavior, stop the payload.

by JT Keating

How many of your employees are taking their iPad or iPhone on summer vacation?

Leaving the office behind has always been a challenge for some, but the iPad is now making it even harder. As employees head to the beach, mountains, and island getaways how many husbands and wives are sneaking an iPad into their luggage?
In the past 12 months, with the introduction of the iPad, there has been a surge in the volume of users. According to information released by Apple for their investor community, close to 25 million iPads have been sold to date.
Many of these iPads are being used for business, and employees are taking advantage of free and low cost cloud-based collaboration solutions to solve their file sharing needs, without adequate security, tracking, or visibility for the organization.
When your employees and their partners are using free, unmanaged cloud-based services to share and sync files, you know your organization is at risk for a data breach, intellectual property theft or non-compliance. Well, actually, because they’re using these apps and you have no visibility into what they’re doing, maybe you don’t know how exposed your organization is to a data breach. Consider this instead: how many people in your organization do you think are taking their iPads on vacation with them this summer, and how many plan to access business information on their iPad? iPads are also attractive targets for thieves and can be accidentally left behind.
Accellion announced today that our native file transfer and collaboration application for the iPad and iPhone have been made available for download off of the App Store in iTunes just in time for school to be out and vacations to begin. Designed to work with Accellion Secure Collaboration, the Accellion Mobile Apps for iPad and iPhone are now available for download for free from the App Store in iTunes. Download the app, and know there’s one less thing to worry about before you go on vacation – of course getting caught doing work on vacation might still get you in trouble with your loved ones. We can’t help you there.

by Accellion

IMF, Citigroup, Sony Hacks – Security Lessons to be learned

What Do IMF, Citigroup, And Sony Hacks Share?Mathew J. Schwartz,
“Many organizations have been focusing on complying with regulations, rather than taking a top-down look at what most needs to be secured, security experts say.”
———————————————————————————————————————————————
I believe this article by Mathew is right on the money. Compliance does not equal security. It is time for organizations to understand that security is not just some incessant fly they can swat away and then forget until the next time it comes back. Many of these organizations are dealing with data so sensitive that release of it can bring down governments or ruin individual lives.
Security is not a once and done. It is an ongoing, layered process that must take into account all current and emerging threats, such as smartphones, iPhones, iPads and droids – all of which come Wi-Fi enabled – meaning they can create bridges into your network even if you have not rolled out wireless.
Information Week also has a great slide show of the ten largest breaches you might find useful:

10 Massive Security Breaches

by Della Lowe

58 Percent of Security IT Pros See Mobile Devices as Greatest Risk to the Enterprise

What’s the biggest risk on IT security peoples’ minds currently? According to ISACA, the not-for-profit IT security association, it is staff-owned mobile devices.
Survey respondents acknowledge the risks mobile devices pose, with 58% of respondents saying mobile gear, particularly tablets and smartphones, represent the greatest risk to the enterprise and 44% saying they are aware of corporate data being insecurely stored on such devices.
Rolf von Roessing, the association’s International Vice President, stated in an interview with InfoSecurity Magazine:

Protection and risk management are more important than ever, and they should be seen as a strategic imperative.

Do studies like this help you in your quest to move this “strategic imperative” up the food chain in your organization and lend it some urgency? Are your executives coming to you for advice on how to secure enterprise information on these devices? If not, how long do you think it’s going to take them to make it a priority?

by Accellion

Top Endpoint Security Stories for May 2011: More Trojans, infectious downloads, and… oh yeah, Zeus is on the loose

In the aftermath of major hacks on Sony PlayStation and Epsilon, businesses experienced an explosion of Trojans and other malicious software that Microsoft says now account for one in every 14 downloads. Also in May, it was discovered that the source code for the infamous Zeus banking malware is now freely available for cyber crooks to download. Does this mean more cyber attacks on banks are coming? Here are some of the top endpoint security stories for May 2011.

Complete Zeus source code available on underground forums

In May, a security researcher discovered that the complete source code for the advanced Zeus banking Trojan was leaked on the Internet. With the malware kit freely available to download from underground forums, cyber criminals interested in developing their own Zeus botnets can potentially launch attacks designed to steal money from legitimate online bank accounts, said Peter Kruse, a security researcher with CSIS.

“We can hereby confirm that the complete Zeus/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks.”

According to Tim van der Horst, a malware researcher at Blue Coat Systems, this lowers the bar for any cyber criminals to access high-quality malware and create Zeus copy-cat attacks. The fact that even inexperienced criminals could get their hands on the infamous banking code could also result in the distribution of more targeted Zeus attacks and variants across the Web.

Microsoft says one in 14 downloads is malicious

Today, downloading any new software, even from a friend, can potentially put your system at risk. That’s according to Microsoft, who reported in May that one in every 14 downloads is malware. The rise in malicious software has been spearheaded by more ambitious and creative hackers who continue to come up with more social engineering tactics, said Jeb Haber, program manager lead for Internet Explorer’s SmartScreen.

“You’re just seeing an explosion in direct attacks on users with social engineering. We were really surprised by the volumes. The volumes have been crazy.”

The range of social engineering attacks can vary from email messages that appear to be from a friend asking to download a video to fake antivirus warnings that look like they are coming from the operating system. Being tricked to download such programs infects the user’s machine with a malicious code. With social engineering threats on the rise, organizations and users alike need to continue educating themselves about new and evolving social engineering tactics designed to sneak bad code onto computers.

Private and public sector team up to educate SMBs on cybercrime

With an astounding 74% of small- to medium-sized businesses having experienced cybercrime over the past year, the Federal Communications Commission (FCC) announced plans to dedicate a portion of its website to educate SMBs about cybercrime, and what they can do to avoid becoming victims of evolving threats.
The effort is part of a collaboration between the FCC, the U.S. Chamber of Commerce and Symantec to provide the latest information and security tips on how small businesses can combat cybercrime.
According to the article, “Cybercrime Affects All Businesses, FCC Warns,” approximately 40% of SMBs have lost confidential data and were penalized with direct financial costs as a result of cyber attacks. The FCC also said the average cost per criminal incident against SMBs climbed to a record $188,242 in 2010.

Online businesses hit with steady climb in new malware

Last month, GFI Software reported that an average of 73,000 fresh e-threats were released each day in the month of April, accounting for a 26% increase in new malware over April 2010. Along with a steady rise in scareware and fake antivirus scams was a uninterrupted stream of Trojans that accounted for over 20% of all malicious programs found.
One of the things malware authors continue to focus on is prominent worldwide events. Black-Hat Search Engine Optimizations attacks are poisoned search engine results that exploit high-profiled events like the Royal Wedding and the Osama bin-Laden assassination to dupe users into clicking on bogus websites. This can result in malicious code being injected on a system.
These types of malware attacks can go beyond individual machines. For example, if a system is connected to a corporate network, the malicious code can be launched on a larger network, putting corporate data and other systems at risk. For organizations trying to protect their networks from such vulnerabilities, stopping the payload is key. Proactive fraud preventative techniques such as application whitelisting stops targeted malware by preventing the execution of any unauthorized application from running on a machine, no matter what criminal method a hacker uses to deliver the malicious code.
I appreciate you reading this month’s recap security blog. Be sure to regularly stop by to read and provide your thoughts on the important stories that impact the security industry.

by JT Keating

WIPS complements MDM security by blocking personal smart devices

With the explosive growth of smart devices in the enterprise, Mobile Device Management (MDM) is a hot topic among IT departments these days. In order to secure the network and protect sensitive data on mobile endpoints, many organizations are deploying tools to secure, monitor, and manage smart devices accessing their networks. Installing an MDM agent on mobile assets gives the IT department the ability to enforce VPNs, remotely wipe data off stolen/lost devices, and ensure that devices under management by the IT staff are running the most current and secure applications.
But is this really enough to protect you?
No. In today’s “BYOD” (bring your own device) culture, the reality is that personal smart devices will continue to attach to your network. These devices may not have your favorite MDM agents running on them, thus exposing your network and data to security threats again. Enterprises need a “gatekeeper” control to ensure that only approved devices with an installed MDM agent can attach to the corporate network. By adding a strong WIPS solution to your enterprise security portfolio, you will have the ability to enforce such control and complete your mobile security strategy.
A robust wireless IPS solution (WIPS) will detect, identify and locate unauthorized smart devices connecting to the network, generate a real time alert or even better – block those unmanaged devices from connecting in the first place. Better yet, a good WIPS will allow you to define your security policy by device type, VLAN, and location. For example, iPhones could be allowed to connect to the guest network for Internet access, but could still be blocked from accessing the internal network.
Watch this technical webinar for more information.

by Mike Baglietto

Accellion Q2 Customer Conference

We just wrapped up our second Accellion Customer Conference of 2011, and it was great to experience the energy of our customers. We had a large number of attendees and engaging questions regarding our current and future product portfolio.
During yesterday’s session, the Accellion team took the opportunity to deliver Secure Collaboration tips and tricks, show a demo of our Mobile Apps, and provide updates on how customers can upgrade to the latest solutions.
For those customers who attended, and took the opportunity to engage with the Accellion team, we want to thank you. For customers who missed it, you can visit the Accellion Forum to listen to a recording of the session.
If you are interested in learning more about our Secure Collaboration solution with Mobile Apps, please contact our sales team. We’d love to share with you how Accellion can help your organization securely collaborate with colleagues, vendors, partners, and customers.
We look forward to seeing you at the next conference.

by Nina Seth

Bouncer to be first whitelisting platform to achieve Common Criteria Evaluation Assurance Level 3+

I’m very proud to announce that the CoreTrace Bouncer application whitelisting solution is in the testing process to be certified to Common Criteria Evaluation Assurance Level (EAL) 3+. As we go through evaluation under the Canadian Common Criteria Evaluation and Certification Scheme (CCS), I’m completely confident that our platform will become the first application whitelisting solution to be certified to Common Criteria EAL 3+.
As a former Air Force Information Warfare Officer, I know the dangers today’s threat landscape poses to our critical infrastructure, government and military systems. The impact of more sophisticated, targeted attacks like the Stuxnet worm are intended to create damage well beyond financial losses; they pose a significant threat to public safety and our national security. As I continue to come across stories like, “Protecting Utilities from Imminent Threats,” and “Researcher blasts Siemens for downplaying SCADA threat,” I’m constantly reminded of the need for rigorous, independently validated solutions like Bouncer.
The Common Criteria certifications reflect extensive evaluations of the security features and capabilities of information technology and networking products in clearly specific, real-world operating environments. Considered a prerequisite in many government procurements in the U.S. and abroad, the certification process provides independent verification of the developer’s security test results, and evaluates the developer’s checks for vulnerabilities, the development environmental controls and the product’s configuration management.
Going through a more rigorous EAL 3+ testing, which is more extensive and methodical than EAL 2 certifications, provides an additional level of confidence and assurance that our customers need and deserve for protecting their critical systems and networks.
Our commitment to delivering solutions that meet or exceed the national security criteria set by the National Information Assurance Partnership (NIAP) is why we are pursuing Common Criteria Level 3+ Evaluation. Achieving EAL 3+ status will be yet another way we are proving the security worthiness of application control and whitelisting to protect critical systems and networks from more dangerous cyber attacks.

by Toney Jennings

Modern, *proactive* security suites: What are the “must have” components?

I know this will come as a shock to all security experts, but our systems and networks are constantly under attack by an ever-expanding list of malware that threatens just about everything we do online — from working and shopping to communicating and governing. It’s true that hackers never sleep, which means that every corner presents a potential danger each time we go online. If we aren’t adequately prepared to protect the systems we rely on and get ahead of more harmful, targeted attacks, we will continue to fall victim to evolving cyber crimes that are out to exploit our systems to steal sensitive and proprietary information for personal gain, corporate espionage or international deception. We need to move to a modern, proactive security suite.
According to the article, “Time for America to Get Cyber-Serious,” today’s cyber crimes go beyond draining personal bank accounts, but pose a threat to the freedoms, prosperity and security of all Americans. While the Department of Defense sees cyber attacks as a growing threat to the 3.5 million commercial computer systems they depend on to conduct military operations and protect our national security, online threats are a growing problem that’s not just limited to the public sector. Like the DoD, organizations everywhere are susceptible to malware attacks that target specific systems.
With government and private information networks increasingly under attack, a trend recognized in 2001 by the Government Accountability Office continues to hold up a decade later; the biggest difference is today’s online threats are more severe and potentially more dangerous than ever before.

Daily, DOD identifies and records thousands of “cyber events,” some of which are determined to be attacks against systems and networks. These attacks may be perpetrated by individuals inside or outside the organization, including hackers, foreign-sponsored entities, employees, former employees, and contractors or other service providers.

As the bad guys continue to come up with new ways to compromise our systems and network security, one of the ways we can get ahead of these evolving threats is to implement proactive solutions that stop the onslaught of new viruses and malware variants. Application whitelisting is one such solution that stops unapproved applications (like malware payloads) or memory attacks from running on a system, without requiring any advanced information about malicious threats.
You would expect an application whitelisting supplier to suggest the technology as a part of the new proactive defense arsenal– but what are the other ones? I would love to hear your opinions on the subject. What are the “must have” components that make up a modern, proactive security suite?
So, is it time to get “cyber-serious”? You bet it is. With new threats on the horizon, both the public and private sectors need to shed their dependencies on reactive solutions that cannot stop modern attacks. If we expect to stop the threats of tomorrow, we need to become proactive and make network endpoint security a priority today.

by JT Keating

Aberdeen Wireless LAN Report Tracks Impact of Smart Devices

A special Aberdeen Group report titled, “Wireless LAN 2011: Readying the Invisible Network for the Smart Revolution is the first industry study to track the impact of the rapid rise of smart devices on the WLAN.
The proliferation of embedded WiFi devices – smartphones, tablets, and Machine-to-Machine sensors (M2M) – and the explosion of wireless activity in and around the enterprise make maintaining a good security posture and meeting regulatory compliance requirements more challenging than ever.
According to Andrew Borg, senior research analyst, Wireless & Mobility for Aberdeen, and the report’s author, “A network is suboptimal unless network performance and security are both addressed. It isn’t enterprise class if it isn’t secure. As a consequence top-performing organizations are consistent in considering network security a high priority.”
This report is available immediately at no cost, courtesy of AirTight Networks.

 

by Mike Baglietto