Internet & Web Security Review

SonicWALL SSL VPN Series Named 2010 Editors' Best Award Winner by Windows IT Pro Magazine

2010-11-23T13:22:00.000-08:00

SonicWALL, Inc., the leading provider of intelligent network security and data protection solutions, today announced that its SonicWALL SSL VPN Series was named a gold medal winner of the "2010 Editor's Best Awards" in the Best Hardware (Appliance) category by Penton Media's Windows IT Pro® magazine. A Secure Remote Access (SRA) solution, SonicWALL's SSL VPN provides a single, centrally managed gateway that helps increase the productivity of the mobile workforce by granting them access to secure content on the go. Last week, SonicWALL announced the availability of the SSL VPN 5.0 for its Secure Remote Access (SRA) 1200 and 4200 SSL VPN appliances. The new firmware release from SonicWALL introduced High Availability and Layer-7 Load Balancing, providing customers remote access availability while allowing for flexible, fast growth.

"Today's mobile workforce needs secure access to more resources from more remote devices and platforms than ever before," said Patrick Sweeney, vice president of product management and corporate marketing at SonicWALL. "Our SSL VPN appliances deliver unprecedented access to mission-critical applications. We are pleased with the great momentum of this market over the last twelve months. This award is testament to both the impact of the technology in the industry and our commitment to best-in-class engineering and products."

BT Ethical Hacking Center Validates Significant Security Advances of Federated Networks' ASL Protocol

2010-11-22T10:34:00.000-08:00

Federated Networks announced the BT Ethical Hacking Center recently confirmed that Federated Networks’ ASL protocol eliminates pervasive vulnerabilities inherent in the known limitations and weaknesses of current SSL implementations. In independent testing, Federated Networks’ new ASL protocol thwarted serious network-centric security attacks such as phishing, pharming, DNS Poisoning, and proxying, or more generally all forms of man-in-the-middle (M-I-M) attacks.

“We are very pleased to have an ethical hacking firm of the caliber and pedigree of BT to validate the threat mitigation properties of the products, solutions and security technologies that are part of the FN Connect Secure Architecture,” said David Lowenstein, chief executive officer of Federated Networks. “The bottom line is that security products should secure while also being secure, and these validations are an important first step in corroborating the efficacy of our solutions.”The testing is the first in a series of ethical hacking vulnerability assessments to be performed by BT to evaluate Federated Networks’FN Connect SecureArchitecture, which comprehensively secures consumers, enterprises and governments wishing to protect their private and confidential data from networked software’s most pervasive threat vectors.

Sophos Named Winner in Security Category of CRN Tech Innovator Awards

2010-11-20T13:03:00.000-08:00

Sophos Endpoint Security and Data Protection – its comprehensive malware and data protection endpoint solution – has been named the Security Category winner of the CRN Tech Innovator Awards. The award – honoring Sophos for both technology innovation and commitment to its channel Partner Program – was presented to Matt Fogelgren, Sophos’s director of North American channel sales at the Xchange Tech Innovators Conference on November 12, 2010 in Las Vegas.

“Innovation is the cornerstone of all we do and the engine that drives the IT market. The technologies we rely on and consider commonplace today, started on the backs of engineers and scientists in a R&D lab years ago,” said Vice President, Editorial Director for Everything Channel Kelley Damore. “We applaud this year’s winners for the hard work, vision and commitment to providing innovative solutions to our industry and solution providers.”Sophos continues to develop feature-rich threat and data protection solutions that are easy to deploy and manage. In June 2010, the company incorporated Sophos Live Protection technologies into its flagship Sophos Endpoint Security and Data Protection offering. This new cloud-based architecture arms customers with the industry’s most extensive combination of real-time threat protection and real-time feedback to security and application policy settings. Sophos Live Protection simplifies the rollout of proactive protection for employees inside and outside the office, providing them the protection needed against today’s fast-moving threats such as hijacked websites and targeted malware attacks – without adding additional IT security management overhead.

SonicWALL Secure Remote Access Solutions Awarded FIPS Certification

2010-11-19T15:57:00.000-08:00

SonicWALL announced its Aventail E-Class Secure Remote Access (SRA) solutions, the SRA EX6000 and the SRA EX7000, have earnedFIPS 140-2 certification from NIST (National Institute of Standards and Technology and CSE (Communications Security Establishment). To receive this certification, SonicWALL successfully underwent the rigorous FIPS certification process for both its software and hardware. Unlike competing products that require an additional hardware module or custom software builds to be FIPS compliant, the E-Class SRA appliance hardware and software have been designed to meet current security needs of enterprises and government agencies without the need for additional hardware modules or custom software builds. The SRA EX6000 and the SRA EX7000 now join a large number of SonicWALL products in receiving FIPS140-2 Level 2 certification.

"By achieving FIPS 140-2 Level 2 certification, the E-Class SRA line now joins the Network Security Appliance and TZ Series product lines in meeting the cryptography standard used by governments and industries worldwide," said Matthew Dieckman, product line manager at SonicWALL. "SonicWALL is dedicated to meeting demanding government security standards today and tomorrow. We offer our customers hardened security products that are well suited for the industry."

Tenable Network Security Advances to Evaluation Phase of NIAP Common Criteria Certification Phase

2010-11-19T13:30:00.000-08:00

Tenable Network Security has advanced to the evaluation phase of Common Criteria certification, a security evaluation required by government procurement departments worldwide. Common Criteria certification is an international standards program managed in the U.S. by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) and is designed to help government organizations select secure commercial IT products. It is also considered valuable by potential customers in the private sector.

The NIAP CCEVS maintains a “Validated Products List” and a separate list of products that are “In Evaluation”. Tenable currently holds Common Criteria certification for the SecurityCenter 3 management suite. Products “in evaluation” are those security-enhanced products that are in the process of being evaluated by a NIAP CCEVS Common Criteria Testing Laboratory (CCTL) under CCEVS validation procedures and can be found on the NIAP CCEVS web site.Tenable is working toward Common Criteria's Evaluation Assurance Level 2+ (EAL 2+) for its latest major release, SecurityCenter 4. This level of certification assures customers, in and out of government, that Tenable’s solutions have gone through a rigorous testing and analysis process and conform to IT security standards sanctioned by the International Standards Organization.

Patton-VCORE-Qtags Alliance Delivers Real-Time Security and Surveillance Package

2010-11-17T15:30:00.000-08:00

Patton has joined forces with VCORE and Qtags to deliver a comprehensive real-time situational awareness and security package. Providing modern tools for deterring crime and fighting terrorism, the three-party system enables governments, industry and business to save lives, protect critical infrastructure and preserve valuable assets. Streaming live video, audio and global positioning over a standard 3G/4G (or private) wireless network, the unified system—dubbed Total Fusion—transforms mobile-borne assets into "eyes" whose view is displayed in a real-time virtualization.

Ideal for event security, public safety, VIP protection, asset protection, and counter-terrorism operations, the three-party system packages Patton’s Visuality™ Mobile Video Surveillance products in a fully-integrated solution, incorporating VCORE’s fourDscape® four-dimensional browser and Qtags’ GuestAssist™ SMS/web-based notification platform. Patton’s Visuality™ delivers real-time streaming video from up to four mobile cameras with digital audio and global positioning—plus local data recording and storage. Visuality™ encrypts and securely transmits live situational awareness data to command and control over a standard cellular network.

Verdasys Partners with Fidelis Security Systems to OEM Fidelis XPS™ Network Security Solution

2010-11-16T12:30:00.000-08:00

Verdasys and Fidelis Security Systems announced an agreement in which Verdasys will OEM Fidelis’ award-winning network security solution, Fidelis XPS, to deliver a complete solution that integrates Fidelis XPS into the Verdasys Digital Guardian EIP platform.

"Anti Data Leakage (ADL) is not just about identity information (PII) or stopping stupid [and never was] and the market is beginning to recognize this. I liken Information Protection to painting a three story house. Many ran out and purchased an eight foot step ladder. As they go to paint the top two floors, many offerings simply lack the architecture to scale," said Joshua Corman, Research Director of Enterprise Security at The 451 Group. "The Verdasys vision is to deliver an integrated and comprehensive information protection solution that goes well beyond ADL, by addressing the enterprise wide challenges of securing data touched by internal users, poor process, third parties, and talented, persistent adversaries. Smart partnerships, OEM agreements and integration plans with HB Gary’s Digital DNA and Fidelis XPS show their focus on addressing diverse data risks.”This agreement enables customers to acquire and implement an integrated solution consisting of Fidelis XPS network appliances and Digital Guardian EIP in a single offering from Verdasys. The integrated solution will provide visibility and control over critical data across the global enterprise including sensitive information at rest, in use and in motion, along with proactive and flexible controls to mitigate data loss risk. This extended EIP solution also includes fully integrated email, file and removable media encryption as well as ediscovery and data forensic capabilities. In addition, Fidelis XPS will be fully integrated into the Digital Guardian Policy and Reporting Engine.

AppSec Launches Database Security and Vulnerability Resource Center

2010-11-15T12:06:00.000-08:00

Application Security, Inc. (AppSec) launched its comprehensive database security and vulnerability portal, www.TeamSHATTER.com. “TeamSHATTER.com is a destination site for database administrators, CIOs, CISOs, IT and security executives, and anyone interested in the latest database vulnerabilities.” Addressing the fact that IT and security personnel now must visit multiple online sites to get a comprehensive view of database security news, TeamSHATTER.com has been designed to consolidate all pertinent data security information at a single portal. TeamSHATTER.com offers the most up-to-date intelligence on database security best practices and access to the industry’s most comprehensive knowledgebase of database vulnerabilities. In addition, the site provides access to the latest news, recently reported data breach information, white papers, and threat updates from AppSec’s own Team SHATTER (Security Heuristics of Application Testing Technology for Enterprise Research.)

One of the sites most useful features is its database vulnerability Threat Finder, built on the TeamSHATTER knowledgebase. The knowledgebase is updated as new threats surface and is comprised of database security controls, allowing users to search for relevant database vulnerabilities and security misconfigurations by database type (Microsoft SQL Server, Oracle, IBM DB2, Lotus Domino, MySQL, and Sybase), risk level, category and CVE-ID.

Tenable Network Security Releases Upgrade to Nessus 4.4 Vulnerability Scanner

2010-11-12T13:37:00.000-08:00

Tenable Network Security released Nessus version 4.4 for general availability. Tenable’s Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture With the release of Nessus 4.4, Nessus users that subscribe to Tenable’s ProfessionalFeed will gain access to a new web-based option for the scheduling of scans. Scan scheduling in Nessus is very flexible and is driven by scan policies stored directly on the server. It is now possible schedule one time and recurring scans. Tenable has improved the reporting capabilities within Nessus 4.4 to aid in analysis of vulnerability scan results. Nessus users will have access to new HTML-based executive summary and detailed summary reports. Nessus 4.4 is available as software (32-bit and 64-bit binaries for every major platform), virtual appliance and physical appliance.

“We are very pleased to announce the release of Nessus 4.4,” said Renaud Deraison, Chief Research Officer of Tenable and author of Nessus. “Tenable continues to improve the value of Nessus for our customers by extending the usefulness, functionality and speed of the world’s most popular scanner without increasing its cost.” Tenable’s Research team is a dedicated group focused on the development of security checks for publicly disclosed vulnerabilities. The Nessus Plugin database is updated on a daily basis and all the newest plugins can be retrieved via the automatic update feature of Nessus or updated manually. ProfessionalFeed subscriptions for Nessus 4.4 are required for all commercial use of Nessus. Scan scheduling is only available through a ProfessionalFeed subscription.

Norton Online Family Premier Launches With New Video Monitoring

2010-11-10T16:10:00.000-08:00

Norton by Symantec announced the availability of Norton Online Family Premier, providing additional new features such as online video monitoring, 90-day histories and automatic usage reports. Developed by Norton with the guidance of prominent Internet safety, parenting and child behavior experts from around the world, the Premier version makes it even easier for parents to foster communication with their kids about safe online behavior. Norton Online Family Premier is available at an introductory promotional price for a one year subscription at just $29.99. The basic version of Norton Online Family continues to be available for free.

Norton Online Family Premier retains all of the features of the basic version, including clearly organized browsing histories, social network profiling (name, age, email address), instant message chat monitoring and the ability to block specific websites or types of websites that may be inappropriate to visit. With the Premier version, however, a new video monitoring feature lists videos that have been watched on YouTube and other top video sharing sites, and lets parents quickly view snippets of each video from within the dashboard itself. A recent study showed that, visiting video sites is the third most popular online activity after social networking and playing games. Norton Online Family Premier tackles this increasing use of viewing videos and provides parents with the technology to monitor it and know that their kids are watching content that’s appropriate for their age.

e-DMZ Security’s Extended TPAM Capabilities Address PCI DSS v2.0 Compliance

2010-11-10T15:10:00.000-08:00

e-DMZ Security announced that recent enhancements to its Total Privileged Access Management (TPAM) suite have been included specifically to help retail and other enterprise customers meet the Payment Card Industry Data Security Standard (PCI DSS), including version 2.0. According to the PCI Security Standards Council (PCI SSC), “version 2.0 is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants.” Many areas of “clarification” focus on separation of networks, separation of duties and the handling of remote vendors and service providers. e-DMZ Security has been helping large and small enterprises across all markets close open audits and achieve PCI DSS compliance for several years. As TPAM continues to advance, many features, functions and capabilities align with meeting the access control, authorization and audit requirements demanded under PCI DSS v2.0.

Security Innovation Announces Availability of High-Performance SSL for Robust Internet Security

2010-11-09T12:10:00.000-08:00

Security Innovation today announced performance statistics for its NTRU encryption algorithm, providing further proof that adopting end-to-end encryption for web applications can be cost effective. This data comes on the heels of the release last week of Firesheep, a Firefox add-on that exposes the prevalence and simplicity of session hijacking vulnerabilities in websites. Firesheep was developed by Eric Butler, a freelance web application developer and Ian Gallagher, a Sr. Security Engineer at Security Innovation. The duo presented Firesheep to an eager audience at the ToorCon security conference, and demonstrated session hijacking flaws in both Facebook and Twitter.

“Session hijacking is particularly dangerous in an open wireless network setting, such as in a public coffee shop” says Gallagher of Security Innovation. “Cookies are frequently issued on Web sites and freely accessible in clear text view over the network, making these attacks easy to carry out. We created Firesheep so that organizations can find and eradicate security flaws and reduce user risk.” Firesheep makes it easy to demonstrate and understand the impact of session hijacking, an attack in which a victim’s web session is stolen and used to impersonate the victim on a web site. This is a serious attack, but one that can be prevented with end-to-end encryption using technology such as SSL.

“Organizations that offer Web sites have a responsibility to protect the private information and credentials of users who depend on their services” said Ed Adams, CEO of Security Innovation. “Security Innovation is committed to helping organizations improve security measures and pleased to support the research work of our employees, such as Mr. Gallagher, as well as Mr. Butler in this regard.”

Blue Coat PacketShaper Appliances Deliver Intelligent Control with Classification of Web Applications

2010-11-08T14:12:00.000-08:00

Blue Coat Systems announced that Blue Coat®PacketShaper® appliances can now deliver instant awareness of Web applications and content, enabling organizations to stay ahead of the rapidly evolving Web with minimal IT effort. With the industry’s first “classification by URL category” functionality, PacketShaper appliances provide intelligent control that can immediately manage new Web applications and content without requiring updates or new policies.

“Today, HTTP traffic is increasingly business related, yet most organizations do not have visibility into this traffic type, making it impossible to distinguish between business-critical Web applications and those that could be harmful, not to mention all the Web content in between like social networking and video,” said Cindy Borovick, vice president of enterprise communications infrastructure and datacenter networks at IDC. “Companies must be able to clearly differentiate Web traffic in a way that is fine-grained and can scale with the growth of new content and applications.” PacketShaper appliances can now utilize the cloud-based Blue Coat WebPulse™ service, a community of 70 million users that provides comprehensive Web awareness through shared information, to understand and categorize Web applications and content in real time. This integration with the WebPulse service enables PacketShaper appliances to categorize tens of millions of Websites and billions of URLs into 80 logical and manageable categories, allowing organizations to collectively manage and apply policies to similar content.

Bomgar Announces Results of Symantec Security Assessment

2010-11-08T13:01:00.000-08:00

Bomgar Corporation released the results of its most recent Symantec Security Assessment. During a four-month engagement, Symantec put the Bomgar Appliance through a rigorous Product Penetration Assessment to evaluate the application’s components and related environment against established security best practices. The test is designed to model specific attack scenarios, identifying vulnerabilities and determining what, if any, resources could be compromised through attacks on confidentiality, integrity or availability. Passing the Symantec Security Assessment for the third time in five years, the Bomgar Appliance is designed and implemented with security best practices in mind.

“Remote access continues to be one of the top attack pathways for data breaches caused by hackers,” said Nathan McNeil, co-founder and VP of product strategy at Bomgar, citing the recent 2010 Data Breach Investigations Report by Verizon Business. “Our customers have a responsibility to keep their customers’ and employees’ data safe; therefore we have a responsibility to take every possible step to ensure data security. Participating in the Symantec assessment year after year is part of our commitment to provide the most secure remote support solution on the market.”The Bomgar solution equips IT support organizations with clientless, remote control access of end-user systems, enabling IT to deliver tech support anytime, anywhere.

Javelin Strategy publishes new "Online and Mobile Device Identification" report

2010-11-04T14:40:00.000-07:00

Javelin Strategy & Research has published its new "Online and Mobile Device Identification: Is Your Online Authentication Security Strategy Ready to Go Mobile?" report. Device identification is a relatively inexpensive authentication process that provides a low to medium layer of protection with high ease of use for consumers. But is this online security strategy ready to go mobile? In this report, Javelin reviews the advantages and disadvantages of device identification and its ability to extend from online to mobile authentication. The need for better account authentication in financial services, retail, medical, social networks and gaming is urgent and growing. While mobile threats are still nascent, online attacks on nationwide financial institutions are increasing. At the same time, more consumers are purchasing smartphones and are also connecting to online and mobile sites through their mobile devices. Security vendors reviewed are Digital Resolve, 41st Parameter, Iovation, RSA and ThreatMetrix.

ZTE to Receive US Security 140-2 Cryptographic Algorithm Validation Program (CAVP) US NIST

2010-10-29T12:29:00.000-07:00

ZTE Corporation has received validation from the National Institute of Standards and Technology (NIST) for Federal Information Processing Standards (FIPS) in regards to 140-2 Cryptographic Algorithm Validation Program (CAVP) in wireless infrastructure equipment. ZTE is the first Chinese telecom provider ever to receive the NIST FIPS 140-2 security validation. After ZTE selected a cryptographic library as part of its unified platform, a FIPS validation process was then conducted by ATSEC, an accredited laboratory in the U.S. under the National Voluntary Laboratory Accreditation Program (NVLAP). Cryptographic libraries are commonly used on ZTE’s wireless infrastructure products for security purposes and feedback showed ATSEC was pleased to see ZTE pass a strict set of tests in a very short period of time.Falling under the Federal Information Security Management Act (FISMA), NIST is the federal technology agency that works with the industry to develop and apply technology, measurements, and standards by issuing Federal Information Processing Standards (FIPS) certificates.

As the latest certificate stands (version FIPS140-2), any product with a cryptographic module being purchased in the U.S. requires FIPS validation from NIST. Mr. Yan Liu, managing director, ATSEC China, said: “The success of ZTE’s FIPS CAVP validation indicates the high assurance of the algorithm implementations on these products and ATSEC will continue to work with ZTE on FIPS CMVP testing and validation.”

PCI Security Standards Council Releases Version 2.0 of PCI-DSS and PA-DSS

2010-10-28T12:28:00.000-07:00

The PCI Security Standards Council (PCI SSC) has released version 2.0 of the PCI DSS and PA-DSS. Reflecting input from the Council’s global stakeholders, this latest version is designed to provide greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants. Version 2.0 becomes effective on January 1, 2011.

Version 2.0 does not introduce any new major requirements. The majority of changes are modifications to the language, which clarify the meaning of the requirements and make understanding and adoption easier for merchants. Key revisions serve to reinforce the need for a thorough scoping exercise prior to assessment in order to understand where cardholder data resides; promote more effective log management in securing cardholder data; allow organizations to adopt a risk-based approach when assessing and prioritizing vulnerabilities that is based on their specific business circumstances; and accommodate the unique environments of small merchants to simplify their compliance efforts.The updated standards were the main topic of discussion at the Council’s Annual Community Meetings in Orlando, Florida and Barcelona, Spain where, in the last stage of the lifecycle process, stakeholders had the opportunity for final review of the standards. More than 1,500 people from 600 organizations around the world participated in these gatherings, adding to the thousands of pieces of feedback the Council received from merchants, banks, processors and the PCI community throughout the development process.

eriFone and RSA to Deliver Comprehensive End-to-End PCI DSS

2010-10-27T13:23:00.000-07:00

VeriFone Systems and RSA will form a strategic partnership to market their end-to-end encryption and tokenization solutions as an integrated payment security offering to be branded VeriShield Total Protect.

“Until today, merchants have had to navigate among a variety of technical offerings in order to protect customers and meet compliance requirements for credit card transactions,” said VeriFone CEO Douglas G. Bergeron. “RSA and VeriFone are combining to solve this problem and let merchants focus on meeting customer needs, not mastering security protocols. VeriFone’s and RSA’s industry pedigrees create a gold-standard offering that processors and merchants can unify around as a single, stable answer to their security concerns.”When implemented, VeriShield Total Protect will use industry-proven security technology and leverage electronic payment systems deployed in the majority of merchants world-wide to provide a consistent, consolidated approach to protecting payment card data from end-to-end, both pre- and post-authorization. In addition to proven technology, the goal of the strategic partnership is to bring extensive implementation and business enablement resources to processors to ensure successful deployment of the service within their infrastructure and sales channels. This will ensure broad availability and a deployment model that offers the greatest degree of risk reduction and PCI DSS scope reduction.

Symantec Publishes the October 2010 MessageLabs Intelligence Report

2010-10-26T14:04:00.000-07:00

Symantec has published its October 2010 MessageLabs Intelligence Report. Analysis reveals that targeted attacks have increased significantly since they were first discovered five years ago from one to two attacks per week in 2005 to 77 attacks per day in October 2010. For the first time, targeted attacks hit the retail sector hardest this month where they increased from a steady monthly average of .5 percent of all attacks over the past two years to 25 percent in October characterized by a retail organization that was the intended recipient of three waves of highly targeted spear phishing attacks. In October, 1 in 1.26 million emails comprised a targeted attack. Typically, between 200 and 300 organizations are targeted each month with the industry sector varying. Over time, the same individuals are targeted but using different exploit methods. For example, in October, an average of 5.4 users was targeted within each organization. “While targeted emails by nature are sent in low volumes, they are one of the most damaging types of malicious attacks,” said MessageLabs Intelligence Senior Analyst Paul Wood. “We have seen a constant influx of targeted attacks over the past six months with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month. Although the number of unique attack exploits being deployed has diminished slightly, the number of attacks used by each exploit has increased.” In October, the number of targeted attacks aimed at businesses in the Retail sector rose considerably above the monthly average of 1 in 1.26 million, increasing the likelihood of an attack by a factor of almost 6.3 times. Moreover, the number of attacks against the retail sector jumped to 516 in the last month, compared to just seven attacks per month for much of 2010 marking the first time the retail sector had been the focus of a targeted attack campaign in recent years.

Juniper Networks Unveils Security Solution for Remote Access Across Virtually All Mobile Devices

2010-10-26T13:25:00.000-07:00

Juniper Networks introduced the Junos® Pulse Mobile Security Suite, comprehensive security software for protecting mobile devices and defending your mobile life whether they are used for work, for play, or both. The Mobile Security Suite is part of the broader Junos Pulse platform and is the only integrated solution on the market to provide both security and secure connectivity for virtually all mobile devices. The software suite includes anti-virus, personal firewall, anti-spam, loss and theft prevention, and monitoring and control services. It enables enterprises to provide employees secure access to corporate applications and e-mail on mobile devices, while keeping business data and networks safe. It also lets service providers deliver a worry-free mobile experience to consumers and enterprises who routinely store sensitive information on their smart phones. Junos Pulse Mobile Security Suite also provides peace of mind for parents who wish to protect their children from inappropriate contact and exploitation.

"It's no secret that personal mobile devices are quickly becoming the defacto means for access to corporate networks, making them one of the most valuable, but also most vulnerable portals to sensitive personal and professional information," said Mark Bauhaus, executive vice president and general manager, Service Layer Technologies Business Group at Juniper Networks. "For the first time, using our Junos Pulse Mobile Security Suite, consumers and businesses have a way to fully protect and secure their mobile work and lifestyles, opening up new applications and opportunities for the entire mobility market."

BullGuard Launches Internet Security Suite 10

2010-10-23T11:46:00.000-07:00

BullGuard announced the US release of the next generation of its flagship security suite - BullGuard Internet Security 10. “We’ve taken BullGuard to the next level, introducing technology that positions BullGuard as the end user champion in the fight for digital liberation. We continue to push the envelope to deliver advanced technology to everyday users and serve it up in a user-friendly and intuitive design,” said Claus Villumsen, BullGuard’s CTO. To fight the increasingly sophisticated viruses being released, BullGuard has introduced ‘Behavioral Detection’ into its antivirus engine. “Behavioral Detection spots viruses long before traditional virus detection, based on the behavior of the virus. The technology enables BullGuard to catch 65% more malware than traditional reactive virus detection programs. Behavioral Detection brings our Antivirus engine to the very forefront of virus detection with radical technology and outstanding catch rates, effectively wiping the floor with the outdated, free security software, that many users rely on,” Villumsen said.

Secure Vantage Technologies announces SVT Audit Manager 4.0.2

2010-10-22T14:05:00.000-07:00

Secure Vantage Technologies (SVT) announces SVT Audit Manager 4.0.2. This release delivers on SVT’s commitment to customers to simplify, automate and optimize IT security auditing enabling our customers to transition auditing from a disruptive event to a non-event. SVT’s comprehensive real time monitoring and alerting controls allow customers to quickly and easily determine if there has been a breach in their Windows environment or if compliance policies are at risk of violation. Audit Manager monitors and alerts on Group Policy settings and changes, Windows security activities, and extends security monitoring and alerting to critical applications reducing security risks by responding immediately to security breaches when they occur. Included with the new release of Audit Manager comes a variety of base reports designed to meet your IT governance, risk and compliance needs (IT GRC). These reports provide an intuitive and automated auditing resource for regulations such as ISO, SOX, COBIT, PCIDSS, FISMA & NIST. Bundled with the base reporting, is the data miner which provides a live window into your ACS data. This dynamic view into your centralized security repository filters out noise and allows quick time to the information you care about.

SVT Audit Manager 4.0.2 comes complete with all the tools you need to provide compliance evidence on demand. The Archiver/Loader, ACS Integrity Manager, and a SYSLOG Gateway bring full functionality supporting company policies effortlessly. The Archiver stores ACS data based on your short or long term policy requirements while the Loader gives the ability to recall that data at any given time allowing you to report against it. Finally, the Integrity Manager monitors your ACS infrastructure and provides comprehensive information of that infrastructure. The SVT Audit Manager portfolio provides your organization a complete solution independent of its IT GRC maturity and significantly reduces IT GRC audits from weeks to days and from days to hours allowing business to be conducted as intended.

GFI Software to Migrate Network Security Inspector Technology Users to GFI LANguard™

2010-10-21T13:32:00.000-07:00

GFI Software announced that current Network Security Inspector users will be migrated to GFI LANguard 9.5. In addition to the improved remediation and patch management capabilities, customers of Sunbelt Network Security Inspector (SNSI) will continue to enjoy the valued features and performance that they have come to expect and know.

“GFI LANguard has significantly more functionality than the Sunbelt Network Security Inspector product, and hence, customers are receiving a tremendous value in this transition,” said Alex Eckelberry, general manager of the security division of GFI. Existing users of SNSI will automatically be upgraded to GFI LANguard V.9.5 beginning in October and will be issued new license keys. GFI LANguard performs network scans using vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments. When a network, including any virtual environment, is scanned, GFI LANguard allows administrators to analyze the state of their network security and take action before it is compromised. This more robust offering will continue to provide small and medium enterprises an extensible, powerful and cost-effective solution normally afforded to only the largest enterprises.

IBM Launches New Cloud Security Infrastructure and Services

2010-10-20T15:40:00.000-07:00

According to IBM's Institute for Business Value 2010 Global IT Risk Study, cloud computing raised serious concerns among respondents about the use, access and control of data: 77 percent of respondents believe that adopting cloud computing makes protecting privacy more difficult; 50 percent are concerned about a data breach or loss; and 23 percent indicate that weakening of corporate network security is a concern. As the study illustrates, businesses see the promise of the cloud model, but security remains an inhibitor to adoption. While an information technology (IT) foundation pertains to all cloud computing, providers and users do not generally rely on one generic model for data security. Both cloud providers and users should consider a variety of factors, including the kind of work a client wants to do in the cloud and the mechanisms and controls used. For example, clients who have collaboration tools and email work in the cloud should think about access and policy controls, while clients focused on healthcare in the cloud should be concerned with data isolation and encryption. To help meet these specific needs, IBM's cloud security experts work closely with clients to address their individual concerns and provide the appropriate services and offerings. This process includes evaluations of the security positioning of planned or existing cloud implementations as well as recommendations for various security strategies.

eCert Announces Investment Of Up To $8m From Warburg Pincus for Email Security Platform

2010-10-20T14:58:00.000-07:00

eCert, Inc. announced that Warburg Pincus will invest up to $8 million to support the company’s continued rapid growth. “This investment by Warburg Pincus is a major vote of confidence in eCert’s leadership in the emerging market for email fraud prevention,” said Kelly Wanser, CEO, eCert. “eCert’s goal is to restore trust and safety to electronic communications for consumers and brands. This funding, together with the unparalleled industry expertise and access to growth capital from Warburg Pincus, will provide eCert with the means to extend its protection service across financial services, government, healthcare and major brands, and expand our reach across ISPs and email security platforms.”The investment in eCert by Warburg Pincus recognizes the value of eCert’s Email Domain eCertification^TM service, which counts Google, Yahoo!, and numerous major financial institutions and brands as partners and users. The funds will accelerate eCert’s expansion of the Trusted Email Registry for Financial Services, a platform established by the Financial Services Technology Roundtable (BITS) and the Financial Services – Information Sharing and Analysis Center (FS-ISAC), to protect the email traffic of U.S financial institutions.

eCert’s Email Domain eCertification™ service monitors email traffic, prevents fraudulent online communications from reaching an end user’s inbox and enables trusted delivery. Since launching this year, eCert now protects more than 100 million consumers and $50 billion in brand value for ISPs, financial institutions and major brands. Patrick Severson, a Managing Director at Warburg Pincus, said, “eCert provides a critical security platform for protecting the most widely used, and vulnerable, part of the Internet. This early investment by Warburg Pincus represents our recognition of eCert’s leadership and success in servicing the world’s largest financial institutions and service providers. We look forward to working with Kelly and her team to help them achieve the company’s vision of reducing the damage caused by email fraud to businesses, governments and consumers.”