APTs and Acquisition

You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with the proliferation of these sophisticated attacks? In a word, yes.

Once targeted attacks are developed and executed, the details often become easily accessible to cyber criminals at-large online. Translation? They grab the code and use it to attack you. We recently completed our annual State of the Endpoint report and it would seem IT departments everywhere are paying attention. The report hasn’t been released however one interesting data point to call out is IT administrators now consider APTs their “biggest headache.” (Watch for the release of our new State of the Endpoint report, conducted by the Ponemon Institute, the first week of December.)

The rise in APTs and of course malware in general is a serious concern. We won’t sit idly by and I urge you not to either. Recently, Gartner projected 50 percent of companies will deploy “deny all” technologies by 2015. This is a very strong supporting point for our recent announcement – the November 5 acquisition of CoreTrace Corporation, an innovative, Austin, TX-based application control software provider. We understand the threat landscape has evolved greatly and it will continue to. While we can’t predict the future of cyber crime, we can help our customers and the industry be as prepared as possible. Layered defenses that include application control is a very strong starting point.

The asset acquisition of CoreTrace will enhance our capabilities, portfolio of patents and other IP. We are now working to integrate key aspects of CoreTrace technology into Lumension® Application Control which is available via the Lumension Endpoint Management and Security Suite. For you, our customers and the industry, this means improved, advanced persistent protection in the fight against even the most sophisticated cyber attacks.

by Pat Clawson

(source)

Security Metrics - Truth In Data

I am thrilled to share theThreatPost articleI wrote about the top ten tips security teams should consider as they evolve their metrics-driven practices. If video is your preferred format, I also shared details about these tips in this short piece.

These are not huge revelations or commandments - instead a set of principles proactive security teams should consider as they get serious about making the most of their event data.

I am passionate about this topic - as are many others in the security field. Without taking a more methodical and sustainable approach to analyzing our security posture, we will be in a constant knife-fight with cyber-criminals and we won’t win that one.

In fact, I will soon be sharing some details about some research we did that highlights the challenges faced by most security organizations. Some of the results were surprising, but my biggest take-away is that security teams are not armed with the right tools or processes to confidently stay ahead of threats.

Keep your eyes peeled for that report and let’s continue the dialog about improving our security posture with greater intelligence.

by Joe Gottlieb

(source)

The True Cost of Google Drive

Today Google announced the launch of Google Drive, a cloud-based file storage and synchronization solution touting 5GB of storage for free. Google Drive just compounded the IT security nightmare already created by free unmanaged consumer file sharing services such as Dropbox, iCloud etc.

Unmanaged file sharing in business environments is never a good idea because of the heightened risk of data loss and exposure. In the case of Google, a company that’s built its legacy on extensive search engine and targeted advertising capabilities, you also have to question Google’s intentions with storing business information. Just how equipped is Google to handle confidential business data?

If this latest Google Drive announcement is leaving you confused about what to do for business file sharing, you’re not alone.

To help you navigate your way, we’ve outlined six questions to ask when considering a file sharing and storage solution for business use:

• Is this truly a solution for business? The rapid of adoption of free consumer file sharing services such as Dropbox and iCloud, by business users may have you wondering if the lunatics are running the asylum. But, your instincts are correct if you are wary of unmanaged cloud file storage for business use, If a file sharing solution doesn’t have IT administrative and management tools then it isn’t a business solution.
• Am I being locked in? Is the file sharing solution from a company trying to carve out a proprietary niche, forcing you to use certain operating systems, devices, or applications? In the case of Google Drive it is part of Google Apps, but native applications are not available for  iOS devices like the iPad.
• How will my information be used? Check the privacy terms carefully. Google must have a plan to make money from Google Drive customers somewhere, somehow, so carefully review Google’s privacy policy and their right to mine your valuable assets to their advantage.
• Can I track and view all file activities? If your organization is subject to any type of compliance reulation such as HIPAA, GLBA, SOX then you need to know what’s happening with your organization’s files, otherwise how are you going to demonstrate compliance.
• Can I set my own security and privacy standards? For business file sharing, you want to be able to establish customized policies and administrative controls related to file access, security, and storage – as strict or flexible as desired.
• What mobile devices and apps are supported? From Androids to iPhones, make sure that files can be synced and accessed via any device.

While “free” is certainly appealing, in the case of file sharing it always comes at a cost. A security breach from business file sharing could mean exposure of confidential financial statements, upcoming product designs, or employee health information, with implications for privacy and compliance violations and fines, lost revenue, loss of competitive advantage and damage to a corporate brand. For confidential business information, using free consumer file storage and sharing can be a costly mistake.

by Ryan Swindall

(source)

IT-Thinking Twice About the Cost of Free Apps

Most people treat their mobile devices as an extension of themselves. People text, share, and play their way into two year relationships with the devices they use on a daily basis. In the typical mobile device “relationship,” individuals downloaded an estimated 83 apps in 2011, according to Piper Jaffray and analyst Gene Munster. While that number sounds high, it boils down to about 1.6 apps per week.

Many IT professionals have noticed this trend and are concerned about the use of free consumer apps in the work place. It’s hard to imagine that last week’s discovery of the security hole in Dropbox’s mobile app, by U.K.-based iOS app developer Gareth Wright, eased concerns about mobile security. Wright reported the security hole in Dropbox’s native mobile app that could be used to access personal information. PCWorld also confirmed that Facebook andLinkedIn mobile apps had the same core vulnerability. Widespread use, combined with security vulnerabilities, of consumer mobile apps have IT managers concerned.

Consumer mobile file sharing apps serve a purpose for users that want a quick and easy way to share and store things like family photos, recipes, and videos. However, these un-managed file sharing apps should not be used to send enterprise data of any kind. The security hole that Gareth Wright found in the Dropbox app is an unfortunate example that consumer mobile file sharing apps aren’t architected with the privacy and security measures necessary for an enterprise.

How can organizations prevent employees from using these consumer mobile file sharing apps? The answer is easy. Don’t give employees a reason to use these apps in the first place. Providing employees with an easy-to-use, secure file sharing and syncing alternative from the start is a great way to prevent the use of consumer file sharing apps. Employees should be able to send, share, and access files securely, while IT administrators ensure they’re protected from malicious content. Empowering employees with a safe and secure mobile application is the first step in the process.

by Ryan Swindall

(source)

Not waving but drowning

Last week, experts told the US Senate it was time to assume that American military networks have been breached and that ramping up traditional fortress features like firewalls, AV and gateway devices was effectively a waste of time. Dr. Kaigham Gabriel, head of the Defence Advanced Research Projects Agency, compared current information and network protection efforts to treading water in the open ocean; all that blocking and locking did was slightly delay the inevitable.

This reality check dovetailed rather nicely with the release of Verizon’s annual Data Breach Report for 2012, which found that hacking was linked to almost all of the 855 incidents and 174 million compromised records the company investigated in 2011. Malware featured in 95 per cent of all stolen data incidents.

Hacking and malware have been exchanging places in the top three causes of data breach for years now. While there are plenty of tools out there doing a fine job of removing known threats using established methodologies, it’s becoming abundantly clear that this, on its own, is not enough to protect valuable information assets from falling into the wrong hands.

The reality is that focusing on inbound threats is outdated. As Dr. James Peery, head of Information Systems Analysis Centre at the Sandia National Laboratories in the US puts it, “We’ve got the wrong mental model here.” It’s time to focus on the content, not the threat; controlling access is all well and good, but protecting information is paramount.

If there’s one thing that the Data Breach Report underlines, it’s the reality that data theft and leakage come in a variety of flavours and vectors. Traditional, threat-focused methods are the equivalent of shooting in the dark. In today’s environment, it makes far more sense to protect your content and monitor it in the context of how you need to do business.

Knowing where and how your information is used and understanding the context within which users communicate empowers you to extract maximum value without putting information at risk.

Letting AV and threat-detection policies define your information protection stance is not only outdated, as 2011’s data leakage statistics suggest, it cannot protect your data. It’s time to stop treading water and start swimming.

by Nick Peart

(source)

Smart Mobile Devices — “Stress Test” for the WIPS of the Future

Traditionally, talking of wireless security in the enterprises we talked about embedded Centrio Wi-Fi, Linksys rogue APs, open source DoS tools, and compliance requirements (PCI, DoD, HIPAA). While these topics continue to be important today, the upcoming proliferation of the smart mobile devices is the new frontier for the enterprise wireless security to address. The inundation of smart mobile devices will result into new monitoring requirements, not hitherto discussed. These requirements would amount to ”stress test” for the WIPS and only the best of the breed can hold up. While the new monitoring requirements will be many and varied ranging from unauthorized BYOD to heightened rogue AP risk, in this post I wish to discuss some interesting and unique scenarios (numerous soft mobile hotspots, Nintendo chat blocking, wireless geo-fencing) I already encountered this year working with the customers.

Soft mobile hotspots in hundreds and thousands:

If the GoogleWiFi in the neighborhood of your office bothered you before as a network/security administrator because your employees could connect to it to bypass the Internet access policies; then there will be hundreds and thousands of GoogleWiFi’s soon on your premises. These are all the iPhones and Androids carried by your employees, which have mobile hotspot features in them. They can act as Wi-Fi access points and backhaul the traffic directly into 3G/4G network bypassing your enterprise firewall controls. To deal with them, your security system will need to have the following capabilities:

• The WIPS now needs to support mobile hotspot detection on multiple platforms. Earlier it used to be mostly the Window 7 laptops, which included the first consumer grade virtual AP capability. Now Apple iOS and Androids also provide this capability. And in the future, Windows 7.5 and Blackberry will have it too.
• The WIPS infrastructure will need to have capacity to address many simultaneous policy violations. This is  simply the effect of numbers, because order of magnitude increase in the triggers which catalyze policy violation means similar increase in the actual policy violations on a day to day basis.

Zero day scenarios requiring fast, automated response:

As Wi-Fi gets embedded in quite a variety of gadgets, some new and unique monitoring requirements will continuously emerge. I recently worked with an account which had such unique requirement: This was a rehabilitation and correctional facility, which wanted the WIPS to be able to block Nintendo chat. Nintendo devices support chatting application over Wi-Fi, with the proprietary modifications and optimizations to the 802.11 protocol to provide instant chatting. This was almost like a “zero day” policy enforcement requirement when I first examined it, because I realized Nintendo chat is not the standard .11 ad hoc network. Also, the chat uses just some bursts of packets, so quick blocking response was necessary (quite different from traditional connection blocking measures like “ping loss”). We put the AirTight SpectraGuard Enterprise WIPS up for this stress test. See the accompanying video to see for yourself how it fared in the test. While this may not be the mainstream or relevant monitoring requirement in many networks, it points to the real possibility of the emergence of the hitherto unknown (“zero day”) monitoring requirements in the future. To be future proof against the zero day scenarios, the security system will need to have strong foundations on the following fronts:

• Strong behavioral analysis logic, since signatures and thresholds can’t catch up with the evolving monitoring scenarios.
• Fast response time to threats, to tackle the new and optimized attack and policy violation triggers.

Wireless geo-fencing:

Empowered with Wi-Fi in the tablets and smart phones, people connect to networks from anywhere and everywhere. This presents a challenge in location based wireless policy enforcements. Earlier, it was as easy as turning off wireless on the machines which permanently resided in the no-wireless areas. Now smart mobile devices come in and go out. Recently, I worked with couple of customers intending to implement what they called “Wi-Fi geo fencing” (I like the term!). At the very basic, it means enforcing diverse Wi-Fi policies on the same wireless client depending on where the client is located. For example in one room, the client is allowed to connect to the guest AP, but the room next door can be strict no-Wi-Fi policy. So as the client moves from the first room to the second room, its Wi-Fi communication needs to block; but when it returns to the first room, it should be able to communicate over Wi-Fi. There are more scenarios like this, depending on the exact application. Faced with this application, I appreciated some unique strengths the security systems needs to exhibit to support such scenarios:

• Strong foundation for auto-location tagging for devices and ability to quickly detect change of location is necessary to determine the governing policy at any instant.
• Rich options for location based policy enforcement — in terms of device auto-classification and automatic prevention — are required to fine tune the Wi-Fi behavior to be enforced at each location.
• Finally, a thorough predictive RF planning complemented with some on-site surveys can help tighten the location zone boundaries.

Above scenarios are simply some examples pointing to the fact that wireless monitoring scenarios will continue to evolve and change in the future, particularly driven by the commoditization of Wi-Fi and proliferation of the smart mobile devices. If the WIPS you choose today has solid foundations for detection, prevention and location; you can be future proof against the new requirements that will prop up in your own network settings. With these foundations in place you can be secure today, and also tomorrow!

by Hemant Chaskar

(source)

Accellion Unveils kitedrive - Dropbox for the Enterprise

Accellion today announced Secure Mobile File Sharing solutions for enterprises, businesses and individuals that include kitedrive™ file synchronization capabilities to enable business users to be securely connected to their files anytime, anywhere. Accellion is filling an important business need by addressing security concerns related to BYOD, and the use of free consumer file sharing applications within enterprise organizations. Included within the Accellion Secure Mobile File Sharing solutions is kitedrive sync, a new file sharing capability from Accellion, that enables business users to synchronize files across devices, including iPad, iPhone, Android and BlackBerry, for secure anytime, anywhere access to information, while at the same time providing IT and Security teams management over mobile access to content.

“There are real security concerns with the use of free mobile file-sharing and synchronization platforms by business users who need anytime access to enterprise data,” said Chris Hazelton, Research Director, Mobile and Wireless at 451 Research. “In place of consumer-based offerings, IT needs to provide alternatives that offer control and management capabilities to protect confidential information. Providing these enterprise-grade services to government and business users, especially those in regulated industries, will ensure much-needed awareness and control of corporate data that moves across the multiple devices that employees use today.”

As a welcome enterprise-class alternative to free consumer-grade file sharing and syncing solutions such as Dropbox, Accellion provides enterprise, business and individual users with ease of use and simplicity in addition to increased security features, including most importantly IT and Security controls and management of users and privileges to address mobile security.

“The influx of personal smartphones and tablets into enterprise organizations is threatening information security as IT and Security teams scramble to address BYOD and Mobile Security,” said Yorgen Edholm, CEO of Accellion. “Balancing employee demand for increased mobile access while ensuring enterprise-class security and control is now possible with Accellion Secure Mobile File Sharing Solutions.”

“Everything we do is based on a collaborative, team-based approach, so we needed a solution that supported this philosophy,” said Noman Ahmed of Halsall Associates. “Now, we don’t have to think twice about how to share documents. Accellion is the go-to source for all external interactions. We are looking forward to implementing Accellion's new sync features especially with mobile devices."

The Accellion Mobile File Sharing solutions all include Accellion Mobile Apps and the new Accellion kitedrive sync capability that provides secure cloud storage, file sharing and sync for business users. In addition, the Accellion Mobile File Sharing Solution for Business provides secure collaboration features including secure workspaces, commenting, notifications, versioning, and secure uploads and downloads. Accellion Mobile File Sharing for Business can be seamlessly upgraded to the Enterprise solution allowing deployment of more advanced enterprise file sharing features including private, hybrid cloud deployment, LDAP/AD integration, SAML/SSO, DLP integration and Archiving.

• Accellion Mobile File Sharing for Individuals: Single user with 2GB cloud storage free
• Accellion Mobile File Sharing for Business: 5-500 users with 1,000GB cloud storage
• Accellion Mobile File Sharing for Enterprise: 500+ users with unlimited cloud storage (public, private, hybrid cloud) enterprise options include: Archiving, DLP Integration, SFTP, LDAP/AD integration

A New Angle on Content Control

American companies with 1000+ employees each hold more data than the U.S. Library of Congress; approximately 293 billion emails are exchanged globally every day while Facebook users share 30 billion pieces of content every month.

No one said information management and protection was easy. It’s human nature to want to break things down into more manageable pieces, but reducing data control and protection to an inbound threat issue is a classic case of shooting alligators when what you’re really there to do is drain the swamp.

Managing information in today’s business environment has become increasingly complex: Data leakage is a critical issue for CIOs. Companies are hitting the headlines for all the wrong reasons, and human error is one of the biggest culprits. With many organisations focusing on in-bound threats, there’s a genuine risk that vulnerability inside company walls will be overlooked. As Deloitte’s 2011 Global Security Survey has pointed out, ‘external attacks get most of the headlines, but internal security risks are just as onerous.”

It’s time for a new angle on content control.

Communications tools like email and social media have become an almost reflexive thing for end users – combined with easy access to sensitive information, it’s a heady mix that can spell trouble for those charged with preserving the integrity and security of data. Stopping and blocking might seem like the easiest route to take, but this doesn’t reflect the realities of the way we communicate and do business today. To really protect organisational IP and other high-value information assets, monitoring the data leaving the network is just as important as watching what’s coming in.

There’s no patch for irresponsible or careless behaviour, but you can control the consequences. Technology that recognises the difference between an innocent Tweet and potentially damaging data sharing can be automated to prevent users from engaging in risky behaviours without cramping their style as ambassadors for the company brand online. Similarly, context-aware content controls can help guard against accidental data leakage via email – either through automating the decision to encrypt any data that meets specific organisational requirements or inserting an extra “Are you sure you want to send that?” step into the email process when certain kinds of information are being shared.

As companies increasingly understand that inside risk is as serious a concern as outside threats, context-aware content management plays a key role in ensuring that threat doesn’t impede your capacity to communicate and get on with business. Tackling the obvious risks – i.e. shooting alligators – without addressing the broader issues of information explosion and human error (the swamp) is setting yourself up for failure. Sooner or later, you’re going to run out of bullets. And the swamp will still be there.

by Alyn Hockey

(source)

Don’t let BYOD turn into “BYOR” in your network

BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)!

Peep into history

This is similar to what happened 5 years ago when laptops started to embed Wi-Fi radios, but organizations had deployed only spotty Wi-Fi coverage, often of the experimental type. Employees would often not get adequate Wi-Fi signal in their offices and they would be prompted to bring in Wi-Fi access points of their own and connect them into the enterprise LAN jacks, often with unencrypted wireless links and with default wireless configurations. That is how the rogue AP threat of the unassuming user type came into being. Administrators became concerned that some open AP showing up on the Wardriving maps of their area could in fact be connected in the corporate networks that they manage. This history can repeat itself with BYOD!

Employees can install rogue APs for unrestricted smartphone use

The BYOD user, frustrated with the smartphone usage controls on the managed Wi-Fi access points, may bring in a personal access point and plug it into the enterprise LAN jack to be able use the smart mobile device in the office without restrictions. Not only will this result in the violation of the corporate smartphone use policy, but as a side effect, will expose corporate network to outsiders through the rogue access point. The urge to connect rogue access point can be even more in the no-Wi-Fi environments.

Visitors can install rogue APs for high-speed, free Internet for their smart mobile devices

Another trigger to install rogue APs could come from visitors, contractors, maintenance personnel, etc. on the enterprise premises, who may want to connect their smartphone devices to the Internet and may install their own APs on the enterprise network without administrator knowledge or permission. Of course, the smartphones can work on the 3G/4G network, but the user experience is way too good with Wi-Fi and it is free. Apple even sells a product called AirPort Express which is 802.11n Wi-Fi access point not larger than size of a power plug, designed for plug and play portability, and use with iPhones, iPods and iPads. Anything Apple sells, does get used a lot; I don’t think there can be any debate about that.

Retail networks

Highly distributed nature of retail networks makes security monitoring difficult. The local staff at the store locations will invariably carry smartphone devices on them (iPhones, gaming consoles, etc.) and thus will be incented to use them despite the corporate policy. Such staff can install rogue APs in stores on retail networks, thereby violating corporate policy and also adversely affecting PCI (Payment Card Industry) compliance which has explicit requirements for the rogue AP prevention.

BYOD security as a whole has many aspect to it, ranging from installing security agents on the IT assigned smartphone devices to deploying access controls in the Wi-Fi infrastructure to prevent personal mobile devices from connecting to the managed Wi-Fi network assests. However, the more difficult you make it to use smartphone device on the enterprise facility through the managed Wi-Fi network, the bigger catalyst it is for rogue APs to be installed on the network. Hence, effective rogue AP detection and containment also becomes an important component of the comprehensive BYOD security.

by Hemant Chaskar

(source)

Accellion, BoxTone, in a “Healthy” Partnership

Until recently, the thought of doctors using a mobile device to remotely monitor the health condition of a patient sounded like a work of science fiction. In fact, the potential benefits that mobile devices could provide the healthcare community have been discussed since the late 90s. With the recent innovation of powerful and easy to use mobile devices and innovative apps it was only a matter of time until the medical community joined the mobile revolution.

The uses of mobile technology in the healthcare sector seem limitless. The ability for medical professionals to access apps that provide up-to-date information about medical news, tools, procedures, and trends across multiple specialties keeps medical pros well informed. The ability for a doctor to send patient x-rays to a specialist for diagnosis using a mobile device or writing and then sending a prescription to the patient’s pharmacist is remarkable.

Currently, there are 17,000 healthcare applications available in the major app stores. Unfortunately, as more and more traditional healthcare providers join the mobile revolution they are using unmanaged, untracked, free file storage and file sharing apps, in direct violation of federal mandates such as HIPAA. The increased use of mobile devices, file sharing, and collaboration across multiple devices, tablets, and applications has healthcare IT professionals searching for secure solutions.

The idea of securing patient data anywhere, anytime is one of the reasons why Accellion announced a partnership  with BoxTone today. Linking the BoxTone EMM solution with Accellion’s secure file sharing solution ensures healthcare IT can instantly secure, manage and support thousands of mobile employee devices and apps, while retaining complete control over access and security of confidential document- and file-based patient information.

Healthcare professionals can learn more about the secure mobility solution offered by BoxTone and Accellion in Las Vegas at HIMSS 2012 Booth 12928 Kiosk #13 on February 20-22 in the Mobile Health Knowledge Center.

by Ryan Swindall

(source)

BYOD and WPA2 – not made for each other

As the BYOD (Bring Your Own Device) tide rises, the  network and security admins wonder if their existing Wi-Fi infrastructure security will hold on. In particular, will WPA2 with PEAP, which is pretty much the norm for the Wi-Fi infrastructure security in the enterprise networks today, continue to be adequate? WPA2 with PEAP is simple enough, still strong enough, and has served the enterprise Wi-Fi security needs very well in the past several years. The forthcoming BYOD revolution however pops a new challenge for WPA2 and will require additional thinking on part of the network and security admins about how to complement PEAP to address some of the BYOD security issue. This new challenge comes from the ease with which people can bring in personal mobile devices on the enterprise premises and connect them to the WPA2 enterprise Wi-Fi network without administrator knowledge or help.

Quick rundown on how WPA2 with PEAP works

In WPA2 with PEAP, the security handshake starts with the authentication server sending the server certificate to the client. The client is “supposed” to check the validity of the certificate to ensure that it is connecting to the legitimate network. If you check your Windows laptop PEAP configuration, the certificate check is ensured by selecting the “validate server certificate” checkbox. After the server certificate check passes, the client and the server establish an encrypted TLS tunnel between them. Once the encrypted tunnel is up, the client sends username and password to the server to get entry into the network.

PEAP certificate check is no requirement for personal mobile devices

With respect to the description above, if you did not check the “validate server certificate” option in the Windows PEAP configuration, the server certificate check is ignored. Then, it is also not essential to put in the server CA certificate in the client for the certificate checking. With the smart mobile devices also, the certificate check option is off by default. In Android, the default value for the certificate is ”unspecified” (and the device does not even throw any warning about it) and in iOS you have to simply accept a warning indicating that the certificate verification has not been done (who looks at the warnings anyway, particularly those which one doesn’t understand). The result? Users can simply put in their WPA2 usernames and passwords (which they know from their laptops) in any personal Android, iPhone, or any other device for that matter, and connect that device to the enterprise Wi-Fi. No need to call help desk! It is not a good idea to allow indiscriminate connections of personal mobile devices to the corporate networks assets, there can’t be much disagreement about that.

WPA2 can be complemented with “device identification” to solve the above problem

WPA2 can give good user authentication capability, but does not give device identification capability. Hence, when the users log in using their credentials on different devices (including the personal mobile devices), WPA2 can’t stop them from connecting. You will need ability for the device identification in addition to the user authentication to solve this problem. With the device identification capability in place, administrators can then set up policies on what devices the users can connect from and block personal mobile devices from connecting to the WPA2 network, even if users copy credentials from the IT assigned authorized devices to the personal devices.

Device identification in AirTight WIPS and AirTight Wi-Fi access points

AirTight Networks WIPS and Wi-Fi access points both provide the ”device identification” capability. They can fingerprint the device behavior attempting connection to the enterprise Wi-Fi and identify the type of the device. Now administrator can set up policy rules on what devices to allow and what devices to block. On any blocked device, administrator can do drill down including location tracking and then decide to leave it blocked or put in the allow list. This facilitates monitoring and controlling personal mobile devices attempting connection to the enterprise Wi-Fi network and nicely complement WPA2.

by Hemant Chaskar

(source)

The information management payoff

If Metcalfe’s Law shows that the value of any communications network increases in direct proportion to the number of connected users, Murphy’s Law suggests it’s only a matter of time before one of those connected users does something to compromise the integrity of the information being exchanged.

One significant lesson to be learned from any data breach incident is the high cost of human error. In too many cases, failure to comply with information privacy legislation or the leaking of sensitive data boils down to any organisation’s capacity to get a firm grip on exactly who is handling their data – and why.

Incredible as it may seem, many organisations seem to have tighter control over the processes for re-stocking their global stationery cupboards than they do for how, when, why and by whom sensitive information should be used and shared. Small wonder, then, that CompTIA’s IT Security in the Workforce study found that one in five organisations say they ‘definitely’ experienced sensitive data loss in 2011, with 32 per cent saying it was ‘likely’ that they had done so.

Nailing down all your company’s information seems like an onerous task. But there are simple steps any organisation can take to reduce the risk of human error without shutting down communications. In the case of misdirected email – a leading cause of data leakage - organisations can use deep content inspection and true file type analysis to establish the sensitivity or integrity of any information before allowing it to be exchanged. Based on company-defined policies and settings, certain types of information can be encrypted automatically, without requiring any intervention by the user.

Organisations can take the extreme approach of configuring email gateways to quarantine all outbound email, forcing users to think twice before and after they’ve hit the send button. Or they can inject flexible controls into the equation and only quarantine mails that match specific criteria, such as those with attachments, messages containing credit card numbers or going to certain addresses. By diverting potentially sensitive content to a personal message manager portal, senders can review messages, releasing them only when they’re absolutely certain it’s appropriate.

These approaches do add an extra step to the email sending process, but it’s a short one and the payoffs in terms of data protection are significant. As the UK’s Information Commissioner’s (ICO) head of enforcement, Stephen Eckersley, has said, “One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.”

Just this week, it was revealed that the ICO has issued over £1m in fines for data breaches since April 2010. New EU directives on data privacy will see penalties of up to 2 per cent of global annual turnover for organisations that breach data regulations. Globally, some of the world’s most respected brands have found themselves in the spotlight for all the wrong reasons; financial penalties aside, the reputational damage that follows in the wake of a data breach can linger long after any fine has been paid.

That’s a heavy price to pay for an errant click of the ‘attach file’ or ‘send’ button.

by Nick Peart

(source)

Customer Spotlight: Pepperdine University Gives Accellion Top Marks

Accellion In Action: Pepperdine Secures Copier Files

When Pepperdine decided to implement a university-wide copier replacement program, the mission was to make staff and students’ lives easier. With 90 copiers across four campuses, individuals could scan documents as needed, convert files to PDFs, and send them to an email account. Sounds great, right? But, the big question facing IT was – just how secure is the process?

For Pepperdine, all documents needed to be properly encrypted, keeping financial and other personal information out of the wrong hands and enabling the university’s clinics and counseling centers to comply with HIPAA regulations. But, the encryption needed to happen behind the scenes, as the university recognized that if the new copiers weren’t easy to use, they simply wouldn’t be used by students.

With Pepperdine already using Accellion Secure File Transfer to send and receive large documents – powering much of the university’s communications – the university decided to also use Accellion to support its copier rollout. How? Users simply scan desired documents, the Accellion SMTP Satellite forwards the file attachments to the Accellion appliance, and once users return to their PCs, they’ll have a secure link waiting with the scanned items. Users don’t have to do anything new – a huge perk. Plus, with all documents sent through the appliance, the built-in security aligns with the university’s HIPAA compliance practices.

“When you have an IT solution in place that can be used to support and secure other key business operations, it’s a huge win,” said Michael Lucas, CTO with Pepperdine University. “Our users know – and like – Accellion Secure File Transfer, so extending the product to our new copiers was a no brainer.”

Click here to read the full case study

by Ryan Swindall

(source)

Video: Stopping Reflective Memory Injection

Today’s cyber attackers have added a new weapon into their arsenal: a sophisticated memory attack known as “Reflective Memory Injection”. Reflective Memory Injection goes beyond traditional memory exploits like skape/jt to easily compromise and own a victim computer.

Most security professionals today know that CoreTrace Bouncer provides advanced threat protection based on its adaptive application whitelisting technology. But Bouncer goes well beyond simple whitelisting–including extensive memory protection capabilities.

At CoreTrace, we believe actions are always better than words. So I recorded a video that shows how an attacker would use Reflective Memory Injection to compromise a victim computer, then demonstrates how Bouncer automatically prevents the attack.

Take a look and feel free to let me know if you have any questions.

by Greg Valentine

(source)