Cyberoam

Sourceforge Wiki Page Filled with Search Engine Spam…

2009-11-07T10:35:00.004+05:30

Sourceforge.net has a wiki subdomain which allows solution providers to add their own relevant content. In a recent security incident, spammers filled the user-generated wiki page with keywords and links to pornography sites, therefore leveraging the popular domain and its subdomains to rank the sites higher in search engine results.

As revealed in the Cyberoam threat trends report for Q3 2009, the above incident could have as easily involved malware hosting sites which puts the users of collaborative, open source environment such as wikis at great risk from unknown external threats.

WebCat, Cyberoam’s automated site categorization engine, with its extensive site database of 82+ categories offers protection to visitors against such threats since it categorizes the internal pages in addition to the home URL.

Among other incidents, spammers are continuing to stick to major news events such as the current financial crisis and the debate around health care reform in the US. Some of the more creative examples used include a letter from the “F.B.I.” promising to help recover money for 419 scam victims. Financially squeezed recipients are more likely to fall for such tactics especially during a recession.

The use of legitimate file sharing services such as Google spreadsheets has prompted traditional spam filters to trust these sources. In this particular example, pharmaceutical spammers encrypted the end key (a unique combination of letters/numbers) of the acceptable Spreadsheet URL “http://spreadsheets.google.com/pub?key=” to bypass spam filters so that they would fail to detect when the key is malicious.

Another version of pharmaceutical spam was related to Facebook with its familiar blue-header, designed to fool spam filters that may not properly identify image-based spam.

This quarter also saw spam levels reaching a record high of 97% in July averaging around 80% for most of the quarter. For the 2nd quarter in a row, Cyberoam saw spikes in email-borne viruses with delayed detection time between 6 to 90 hours for major anti-virus engines. Two particular viruses named Mal-Bredo A and Mal Behav-340 saw the highest number of attacks with more than 10,000 and 1900 distinct variants respectively!

Read the complete threat report

Cyberoam iView salutes Open Source Community on Software Freedom Day!

2009-09-19T11:05:00.003+05:30

September 19 is the Software Freedom Day! Cyberoam iView salutes the spirit of open source on this day as communities worldwide celebrate the contribution of Open Source software and its use for the benefit of the public.

The day holds significance for us because we recently launched Cyberoam iView, our open source logging and reporting solution. With help from the open source community, we plan to deliver a cost effective and efficient logging and reporting solution to organizations.

If you have not already downloaded the beta version of Cyberoam iView, you may download it now from http://sourceforge.net/projects/cyberoam-iview/ and see for yourself how iView can help you achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance.

Cyberoam iView launched!

2009-09-18T19:53:00.003+05:30

Cyberoam iView – the open source, intelligent logging and reporting solution, has been launched! Cyberoam iView provides organizations network visibility across multiple devices to achieve higher levels of security, data confidentiality while meeting the requirements of regulatory compliance.

With its web-based GUI, Cyberoam-iView offers a consolidated view of the entire network activity. Organizations can view information across hundreds of users, applications and protocols on a single dashboard in addition to identity-based usage information that allows administrators to enhance security levels. Further, identity-based bandwidth, application usage reports and more enables organizations to manage their resources efficiently.

Cyberoam iView is currently integrated with industry’s leading UTM/Firewall solutions Cyberoam, SonicWall, Fortigate and the popular HTTP Proxy, Squid. Integration with more software and appliances is coming soon!

To know more about Cyberoam iView, please visit www.cyberoam-iview.org

It’s Open Source. It’s freely downloadable.

Cyberoam in Visionaries Quadrant of Leading Analyst Firm’s Magic Quadrant for SMB Multifunction Firewall for 2009

2009-08-21T14:47:00.001+05:30

Cyberoam was positioned as a ‘Visionary’ by Gartner in its July 2009 Magic Quadrant for SMB Multifunction Firewalls. The worldwide SMB multifunction firewall market is forecasted by Gartner to grow at CAGR of 20% to 25% through 2012.

In this highly competitive market, according to Gartner Analysts, Adam Hils and Greg Young, "Differentiation comes in the form of integration among security features, licensing flexibility, management console/reporting, and pricing."

The recognition holds greater importance for us in the light of increasing awareness about insider threats and their subsequent loss to organizations. Cyberoam’s Identity-based security solution enables organizations to know “who is doing what” in their network, securing them against internal as well as external threats. Cyberoam continues to be the first to address customer’s critical pain points and is committed to offer advanced and high performance security.

Parent Proxy Authentication, IP-MAC Binding and more – Cyberoam Enhancements

2009-08-20T17:16:00.003+05:30

From offering RBL spam filtering for first level of spam protection without the anti-spam subscription to higher levels of protection against hackers through IP-MAC binding, parent proxy authentication and DHCP relay support, Cyberoam has released key enhancements to enhance security levels.

RBL-based Spam Filtering without Anti-Spam Subscription: To continue to protect Cyberoam customers who have not taken the anti-spam subscription, we are now giving the first level spam protection based on RBLs with the appliance purchase. However, to receive protection from rapidly emerging threats and new spam techniques that are on the rise, we recommend that customers take the advanced spam protection through Recurrent Pattern Detection that comes with the Cyberoam anti-spam subscription.

Parent Proxy Authentication: This is applicable in Head Office-Branch Office scenarios where branch office is required to ask for authentication from Head Office before serving requests. This is to ensure that the parent proxy server located at Head Office allows all incoming branch HTTP traffic while preventing unauthorized access.

IP-MAC Binding: This anti-hacking feature by Cyberoam ensures that the DHCP server can specifically assign the reserved IP address to the client MAC address. The pairing of IP and MAC prevents a user from logging in through a different device to bypass security rules. Hackers too would be unable to gain access to the corporate network over an external client device using an internal IP address, as the traffic does not even reach the firewall.

DHCP Relay Support: DHCP relay support enables the deployment of DHCP in multi-segmented networks. By default, DHCP messages can be broadcast only within the segment and not across the multiple segments of the network. Configuring Cyberoam as a DHCP relay agent enables the internal client to convey messages across multiple segments in the network and forward it to the main server.

Cyberoam Uncovers Hotel Reservation Scam Emails Based in Senegal

2009-08-19T10:38:00.010+05:30

Do you think you’re informed and smart enough not to fall prey to one of those scam emails that promise you millions in a will left by some distant relative who died in Africa? Or, some US soldier in Iraq’s call for distress?

Well, an overwhelming majority of us would indeed ignore and delete such emails. But, for the occasional scam victim, they actually lead to huge monetary losses, emotional and physical harm and a real chance of identity theft.

Cyberoam recently reported an extremely well-organized hotel reservation email scam based in Senegal with operatives afield as far as the United States. These scammers contacted recipients by cleverly disguising themselves under the credentials of a make-believe international humanitarian organization called “Global Aid Organization” (G.A.O) and used actual hotels based in Dakar, Senegal to extract money from unsuspecting victims.

According to Cyberoam investigation, the modus operandi of the scammers was to invite potential delegates to an international conference on human trafficking in Dakar, Senegal between 24th-27th August, 2009. In order to lure victims, they used the ruse of a previous all-expenses paid vacation in Washington DC, United States between 17th-20th August, 2009. Recipients were also told they wouldn’t get a US visa without first making a down-payment for the hotel reservation in Senegal

For this purpose, they asked victims to furnish various passport details for Visa applications such as passport ID, name as in passport, photo etc. – such private info is extremely useful for organized crime syndicates that are behind fake passports. The scammers used additional information such as hotel tariff cards, registration forms, phone numbers and websites to convey their genuineness. Little did they realize, Cyberoam was able to compile enough evidence to call the fraud and expose them using following evidence:

Their websites which seemed genuine, were actually hosted on free sub-domains such as xu.am and 4-all.org, both regularly used by spammers. In addition, they used free webmail services such as mail.com and ikiz.net, that are too extremely popular with scammers.

When called to verify their “Washington DC” phone number in the US, it was clear they were lying as the area code used, 516, belonged to Nassau County, Long Island, New York.

The email IP addresses of the Washington, DC-based charity G.A.O. were traced down to Dakar, Senegal. Besides, one of the email sender name fields – “Faid herbeeda" faidherbedakarhotel@ikiz.net contained a spelling typo.

There was huge mismatch in currency rates used for Hotel tariff card shown in both Euros as well as Senegal’s currency, CFA. Whereas 1 Euro is pegged at 655.97 CFA, the tariff card described 65.000 Euros as equivalent to 43.000 CFA.

They sought to bring delegates to the US by petitioning the embassy in their host country for an H2B visa which happens to be an “employment” visa, not one used for attending conferences.

The most important observation for Cyberoam in the whole scam was the accuracy of Wire transfer details for receiving money. But, as expected, the beneficiary turned out to be an individual and not any real organization called G.A.O. Also, no such organization could be traced on search engines since their website itself was fake.

Email recipients will do good by always staying away from any such email that involves funds transfer or request for information on passport or other identity documents. It’s very difficult for anti-spam engines to block emails that use subject headers such as international humanitarian causes and hotel reservation bookings, both of which are commonly used by legitimate organizations as well.

Cyberoam receives First ICSA Labs Certification for Active-Active High Availability Firewalls

2009-07-10T10:40:00.003+05:30

“Security solutions that meet the stringent conditions imposed by ICSA Labs during testing for Active-Active High Availability are robust and are capable of handling the demanding situations they face in corporate networks.

Cyberoam has satisfied ICSA Labs’ criteria in attaining the certification. Cyberoam customers can use this product with a high degree of confidence, knowing they are using a product that has been tested by a well-established third party: ICSA Labs. ” – Brian Monkman, Firewall Program Manager, ICSA Labs.

For over a decade, ICSA Labs, an independent division of Verizon Business, has been one of the most reputed authorities for research, intelligence, and certification testing of security products.

In becoming the first and only UTM appliance to attain ICSA Labs certification for firewalls with High Availability Active-Active capability, Cyberoam UTM has now truly established itself at the forefront of the enterprise network security domain.

What this means for Cyberoam
The ICSA Labs certification comes at a time when Cyberoam is making significant inroads into enterprises, with key deployments providing security at the perimeter as well as at data centers and DMZs in these large networks.

With the ICSA Labs’ certification, it is established that Cyberoam customers are using a UTM product that adequately meets the rigorous testing conditions imposed by ICSA Labs, proving its strong credentials in the enterprise network security market. With its patent-pending identity-based security, gigabit throughputs, and high levels of granularity, Cyberoam secures large and complex enterprise networks from internal and external threats, delivering true security continuity.

What this means for Enterprises
Online threats to government and enterprise-level corporations hold serious
implications for national and corporate security, since they hold vast amounts of sensitive data. As targets of increasing terrorist and foreign spyware and hacking attacks, these organizations cannot afford to have security downtime.

In becoming the first security appliance to receive ICSA certification for HA
Active-Active, Cyberoam UTM becomes the only certified solution that guarantees secure, continuous and efficient access to business-critical applications, information, and services.

In the enterprise segment, Cyberoam focuses on key verticals such as government, including defense and central-state departments, public sector entities as well as telecom, banking and finance sectors.

Cyberoam’s ‘Accelerator Series’ Offer Breakthrough Performance

2009-05-19T14:05:00.002+05:30

Speed is what every organization is after – speed that doesn’t come at a cost. Cyberoam has recently launched ‘Accelerator Series’ UTM appliances, CR50ia and CR100ia, that combine breakthrough network performance with comprehensive network security for SMEs. With gigabit throughput, the appliances offer almost five times higher firewall throughput and twice the IPS throughput in comparison to the existing models, delivering high security and value for money to SMEs.

The new and sophisticated web applications like Web 2.0, social networking sites and SaaS, have made organizations soft targets of network security threats. CR50ia and CR100ia revolutionize network efficiency and provide accelerated security with throughputs that are far superior to competitors.

With the rise in insider threats, control over the user and visibility into user activity has become critical to ensuring network security in SMEs. Cyberoam’s ‘Accelerator Series’ enables them to protect their networks against new and blended attacks by giving complete user visibility and unprecedented degree of user controls that lead to high flexibility and ease of management. Given the high throughputs in ‘Accelerator Series’ appliances, administrators can ensure high security while maintaining high performance in SMEs.

The Conficker pandemic continues to hurt Internet users!

2009-05-14T16:32:00.004+05:30

- A quick update on cyber attacks hitting the news in Q1, 2009

The Conficker worm and its variants A, B and C can give any marketer a run for his money when it comes to reaching maximum people in minimum time. Conficker today affects 15 million users worldwide! Here’s a quick look at the modus operandi of each one of these. The Conficker A worm exploits a vulnerability in Microsoft Windows, gets into the system and generates a list of 250 random domains. The infected system then communicates with the domains until it finds the one that has been set up with a payload with further instructions. Conficker B passes from one computer to another through network shares and USB devices. The deadliest of the lot, Conficker C invalidates the security solution within the system and blocks security update websites, making it difficult to fight back against it. Adding teeth to its menace is the fact that it generates 50,000 domains every day!

Other growing trends in the Internet threat scenario in Q1 2009 were phishing attacks using social networking sites like Facebook and Twitter. Phishers exploited communities of friends and their sentiments through direct messages that asked for money or personal and financial information. The popular tech site, ZDNet, was exploited in the last quarter by emails that recommended a technology article as a Google doc by ZDNet’s Tech Update service. The hyperlink in the email led to an advertisement for International Rx.

ISPs continued to suffer the brunt of cyber miscreants, who modified their tactics by targeting one ISP at a time rather than sending large numbers of emails to many ISPs, to avoid detection and blacklisting.

Spammers continued to borrow legitimacy of popular websites by stealing images from genuine websites to avoid detection by traditional image spam filters. They created fake landing pages to extract personal information.

Spam levels averaged 72% of all email traffic throughout the quarter with loan spam topping the list of spam topics. An average of 302, 000 zombies were activated each day during this quarter with Brazil reported as the biggest hub of zombies.

Check the detailed report on Internet Threat Trends in Q1 2009.

V-Day Spam Recipients help perpetuate the Spam – Survey Results

2009-03-05T11:34:00.001+05:30

A recent survey by Cyberoam on Valentine’s Day Spam has brought out some interesting insights.

While 56% of the respondents confirmed that they received V-day Spam mails on their personal addresses, an equally high 46% confirmed receiving spam mails on their corporate mail addresses. A huge number of respondents admitted to opening the spam despite knowing that it was from unknown sources and was potentially dangerous.

At 37 %, a significant number confirmed that they would forward the spam from unknown sources, raising the overall security risk to users and organizations alike.

Dating mails are the biggest spam threat at 60%, way ahead of health and medication.

It turns out that spammers are cashing in on user preference for online purchase of flowers, chocolates and other gifts.

A whopping 62% of the respondents confirmed clicking on spam that promised “free” gifts. Similar patterns emerged for V-day pictures and videos.

In conclusion, we advise mail recipients and website visitors alike to be extremely cautious during periods such as V-day when spam creates havoc. The fact that a mail is from a known person does not make it a good mail – the original message could have been part of spam that is being forwarded.

Download the report as a PDF

Cyberoam UTM introduces on-appliance SSL VPN

2009-03-03T13:09:00.002+05:30

I am pleased to announce that Cyberoam now offers SSL VPN to customers on its patent-pending UTM appliances.

Given the widespread mobility among employees and corporate networks opening up to partners and customers, SSL VPN I’d say is a must for any organization that wants to deliver Anywhere – Any Device secure remote access. Looking at the fact that road warriors and telecommuters are accessing corporate networks from multiple locations – homes, airports, client networks, public kiosks and that they are not limiting themselves to a single client-installed device – accessing the corporate network over not just laptops, but home computers, PDAs and cell phones, the need for easy web-based, client-less SSL VPN speaks for itself. And then, there’s the matter of partners and customers who require access to the corporate extranet, sometimes more.

It’s a matter of pride that we have launched the SSL VPN along with the VPNC certification – a confirmation that the Cyberoam SSL VPN works with a wide variety of web portals, browsers and dynamic websites and the SSL client provides a true network extension experience.

No cumbersome client installations that aren’t just expensive, but time-consuming. And well nigh impossible when you think of partner and customer access.

With its web-based and client-based access, the Cyberoam SSL VPN allows secure access to internal applications through any endpoint device from any location, by any authorized person. It achieves this by focusing on the ‘user’ and not the ‘device’ for authentication. The real benefit from Cyberoam SSL VPN is that it is platform, device and location-independent. Further, it ensures that corporate firewalls do not block remote access, ensuring business continuity.

At the same time, Cyberoam’s identity-based access policies allow administrators to limit access to certain applications or offer full access based on the user identity and work profile.

There’s also the option of full and split tunneling. While split tunneling ensures tunneling and encryption of traffic to the corporate network, full tunneling secures normal Internet traffic too, routing the remote user’s Internet traffic through the SSL VPN tunnel. Sensitive corporate emails can be sent from airport kiosks, hotspots and other public locations without fear of network sniffers accessing the sensitive information.

But, when it comes down to the basics for UTM customers, it’s a matter of choice. Organizations that invest in UTM appliances do so for their high efficiency, effective security and ease of management. But with most UTM appliances providing only IPSec VPNs, organizations are forced to function within this limitation or look for dedicated SSL VPN appliances defeating the purpose of a UTM.

The basic premise on which UTMs are deployed is one of comprehensive security in a single appliance. When we provided SSL VPN on the Cyberoam UTM, it was to meet the secure remote connectivity requirements of SMEs and enterprises over the UTM platform – delivering what is expected of a UTM.

I want to know more

Security Savvy on Valentine's Day - A Survey

2009-02-13T16:16:00.003+05:30

Valentine’s Day is here, and malware authors are at it again. Take this short Valentine Day Spam Survey and download the report – Valentine’s Day is Here Again – Be Warned.

For the 2009 Valentine’s Day, Waledac is doing the rounds. Once you open the URL in the spam mail, you’d be redirected to a site with love graphics on the Valentine Theme. You would then be enticed to download a Valentine kit to prepare a present for a loved one, which installs in the PC as the new Waledac variant.

Infected machines send an alert back to a host machine, providing location and other information about your now infected machine, and attempt to find other IP addresses to continue spreading. Waledac of 2009 is commonly dubbed as the new Storm of 2009 – but it hasn’t reached the same level and size as Storm did in 2008.

The full report is free for download once you complete the survey. Thank you in advance for filling the survey.

Cyberoam UTM introduces new appliances - 200i and 300i

2009-02-09T11:10:00.004+05:30

Customers are increasingly demanding UTM products that give high throughput performances at much lower costs. Bridging the gap between performance and price requires constant improvisation in the existing UTM architecture, which can be done only by introducing value-added products that better match the selection criteria of customers

For Cyberoam’s CR range of UTM appliances, this feat has been made possible with the introduction of multi-core aware architecture in its new series of appliances, CR200i and CR300i. This new technology allows parallel execution of multiple network sessions possible, helping CR appliances realize gigabit throughputs. Check performance details

In fact, Cyberoam ranks among very few UTM providers that have high gigabit port density with 6 GBe ports along with high Gigabit firewall throughput. This, along with inclusion of latest hardware with dual-core CPUs, gives Cyberoam UTM products a significant advantage in delivering high throughput yields. Another key advantage of Cyberoam’s multi-core software architecture lies in its flexibility to update the software design against new network attacks

CR200i and CR300i appliances allow Cyberoam meet the requirements of small and medium enterprises by delivering high value for money.

Shutdown of Disreputable Web Server leads to drastic fall in Global spam

2009-02-05T16:08:00.004+05:30

The Cyberoam Q4 2008 Email Threat Trends Report, prepared in collaboration with its partner Commtouch, has brought some interesting trends for our observation.

Spammers and Malware-distributors, who were so far having a field day propagating junk e-mails, got a rude shock when one of their favourite spam webhosts, Calif. based McColo, was pulled off Cyber-space after repeat complaints by web users. As illustrated in the graph, the impact of this event was tangibly felt worldwide, with continuously declined Spam activity for three weeks beginning Nov 11, in which global spam levels plummeted to 59% from average figures of 90% earlier.

Another major development was the frenzy on Barack Obama, lasting during the entire US election-Obama inauguration episode. Spammers started sending junk emails promising anything from Obama-related merchandise to news stories such as “Obama Sex Scandal”, delivering TONS of malware and blended threats in the process. The phenomenon of using celebrities, in general, to send spam got a boost due to the emergence of new international sources for zombie computers, such as Brazil.

Spammers have continued in their efforts to use reputed sites and tools like web-based emails and Google Docs to spread malware. A very popular social interaction site, Classmates.com has been uploading “plug-in downloads” into user computers, to later strike as deadly Trojans.

Web 2.0 media in the categories of pornography and Leisure/Recreation are lately, seeing a resurgence in user generated content turning into vectors for carrying malicious codes. Last but not the least, image-based spam ranging from Chinese/East Asian language characters to junk content written in non-English European languages continues to be a major pain in the neck for email users and organizations who feel frustrated and overwhelmed by the sheer volume of such spam outbreaks.

2009 – 3 Drivers behind Internet Threats

2009-01-17T13:44:00.010+05:30

With the onset of 2009, Cyberoam predicts the following security trends that should play a decisive role in enabling CISOs to recognize potential threats and vulnerabilities in their enterprise, and prepare their security accordingly.

Guerilla warfare tactics are of course the most used tactics in the cyber criminals’ mission to hurt an enterprise. But 3 key drivers will dominate 2009 threats.

1. Economic downturn - Commercial Threats
2. New infrastructure and its emerging vulnerabilities - Commercial Threats
3. Ideological threats - Terrorism

1. Economic Downturn
Times aren’t good. The downturn is leaving users vulnerable to threats ranging from phishing attacks with false job promises, bogus mortgage loan offers, cheap housing and healthcare and retirement plans, to rise in insider threats due to corporate lay-offs.

2. Where Infrastructure is Heading
Mobile connectivity, new online applications and developments in IT infrastructure throw open new vulnerabilities that will be utilized by attackers before these are secured. This includes mobile and iPhone malware, Web 2.0 vulnerabilities, cloud computing, SaaS and more.

3. Cyber-Terrorism
Growing ideology in the name of religion and nations will increase attacks on a nation’s entities. Government institutions and key private sector entities lead the list of targets including power and utility companies, banks and financial institutions, etc.

To Conclude
Since rising guerilla warfare involves good planning and targeted execution, using security solutions that detect the patterns of threats, can recognize the user and integrate user identity comprehensively with network security can contain threats in 2009.

Cyberoam Receives 5 Star-rating from SC Magazine, UK

2008-12-20T11:10:00.004+05:30

“Cyberoam makes an impressive entry into the UK market with a family of appliances offering a fine range of security features. The policies and user identity security make it flexible.” That’s what SC Magazine UK stated while giving a 5 Star rating to Cyberoam.

This is the 3rd such rating Cyberoam has received from SC Magazine, the other 2 being from SC Magazine USA earlier this year. Rather that give a brief, I decided the best approach is to quote SC Magazine itself. So here it goes.

Everything You’d Expect in a UTM Solution
The appliance offers everything you'd expect to see in a UTM solution with features including firewall, anti-virus, anti-spam, intrusion prevention, web content filtering and IPsec VPNs. User authentication options are extensive as you can use Active Directory, NT domain, RADIUS or LDAP servers and the appliance maintains its own database of users and groups. Systems can also be identified by their IP address, you can maintain IP address pools and even tie users to specific systems where they are only allowed to log in from an assigned address or a pool.

Web Console – A Tidy Affair
The main web console is a tidy affair and offers a useful startup wizard that helps you pick the operational mode, assign IP addresses to the interfaces and set up email notifications. The HTTP proxy can be configured with custom ports if required and there's also a pharming protection option that will stop users being redirected to dodgy websites.

Policies go Deeper
Cyberoam's policies go much deeper, as they can be applied to selected groups or individual users. Each can have their own web filtering, internet access and bandwidth policies but you can also apply their own web access times plus upload and download data transfer restrictions. For the latter, you can apply daily, weekly, monthly or yearly limits. During user policy creation you can view each policy in a pop-up window so you don't need to keep swapping across different screens.

Anti-spam Options are Plentiful
You can apply a global policy to all users and then fine tune it with custom policies for specific users and groups. Advanced features provide plenty of choices for what to do if spam is detected. You can have different policies covering attachment sizes, mail sources and message header content plus four different options based on the appliance's spam scoring system. If one of these is triggered for SMTP you can quarantine, drop, reject or tag the subject line, while for POP3 you can only accept a suspect message or tag it.

For anti-spam testing we left the appliance chugging away in the background on its default settings where it filtered our live email. At the end of the test we reported a 97 per cent efficiency with no false positives.

If you’d like to read the entire review - http://www.scmagazineuk.com/Cyberoam-CR100i/Review/2662/

Elitecore Bags IT Leader of the Year Title from ZDNet Asia with its product - Cyberoam

2008-12-16T14:14:00.002+05:30

In real life or in business, innovation drives leadership. Ditto what Elitecore has done through its identity-based Cyberoam UTM appliances. And precisely why ZDNet Asia recognized Elitecore as the IT Leader of the Year under its ‘Most Promising Asian TechnoVisionaries’ award.

Cyberoam’s unique user identity-based capabilities coupled with its pioneering efforts in incorporating the advantages of multi-core processors that allow its appliances to offer exceptional performance at affordable price, have helped Elitecore Technologies bag this award.

Convergence - Information and Physical Security

2008-12-04T10:39:00.008+05:30

Although executives and CEOs include protecting data, assets, people and premises among others when describing security, life’s different when it comes to information and physical security. Mark Willoughby said it right in Computer World when he wrote that information security is from Venus and physical security is from Mars.

Either one working in isolation leads to half security measures. And if each believes that the other has little to offer to their own domain, they are mistaken. What is needed for convergence is a first look at the type of organization. This determines the basics of convergence needed.

Closed Entry Organizations – Generally, when we refer to security in our discussions, it is to these - and they include all corporations and any organization that has a good amount of physical entry check. Here again, the factors that drive convergence differ depending on the vertical, say, healthcare, power & utilities, banking and finance, sensitive institutions like NASA, ISRO, etc.

Open Entry Organizations – Generally ignored in our security discussions, these are institutions which remain open to the general public with just a reasonable physical entry check. Yet, today the world has changed, terrorism is a daily reality and reasonable security is not enough security. Hotels, retail industry, educational institutions, government offices, where people can walk in with little obstruction need to be turned into less open ones. Unlike closed space institutions, since the public walking into these institutions constitutes anywhere from 70 % to 90 % of members / employees, strong validation is needed and the first that comes to mind is the national identity proof – social security, passport, etc.

Global / National Scale – Countries too are moving towards this – well-known example being USA. USA strengthened its homeland security by introducing biometrics at the time of visitor entry into the country and not relying only on physical passports.

Convergence brings about not just greater security of information assets, but greater security of the individuals and the institution itself – both in the intangibles like brand image and tangibles of physical destruction.

What information and physical security converge around is the user identity – the binding factor that brings them into a single seamless line. It is ultimately the user data that you are collecting and collating to gauge who is a member and who is not in case of closed entry institutions or who is harmful and who is not in case of the others.

But bringing the 2 together is not just a matter of bringing in technology. Obstacles like cost and knowledge gap need to be addressed, but more importantly, of bringing the human resources of two disparate departments that have little in common to work together.

It’s great to note that some institutions are beginning to do just that and looking at the role of a Chief Risk Officer as a central authority. Needless to say, this initiative succeeds when driven top-down.

This was part of the panel discussion titled “Converging Information and Physical Security – A Holistic Approach” which I was part of at the NASSCOM security conference in Hyderabad, India.

Flexicurity – The Balance between Business Security and Business Flexibility

2008-11-20T14:20:00.005+05:30

The balancing act of a CIO is between business security and business flexibility. Too low or too high security and it turns out to be high on the threat factor or high on unproductivity – the result of inflexible blanket policies. So CIOs are after Flexicurity – the perfect balance between security and flexibility.

And Identity has everything to do with achieving Flexicurity.

That’s because threatscape has changed. External threats are targeting the individual user for financial gain – it’s organized crime out there; as for internal threats, employees, former employees, partners, suppliers and customers are making up the bulk of it, having their finger in 83 % of insider threats, according to IDG. Hackers constitute just 33 %. The data overlap is because there are times when both are involved – eg., when an insider falls victim to a hacker’s attacks.

So today, guarding your network is not a question of guarding your walls, but of knowing your users and controlling them from within. Considering that security incidents led to financial losses in 42 % cases and intellectual property theft in 35 % cases in the same survey, it is cause for serious concern.

And then there are regulatory compliance requirements which require strict access control mechanisms and audits. On the enterprise front, branch offices require as much security as the head office does to control security incidents. And that can be an expensive affair if one tries to replicate the head office security infrastructure. Integrated security appliances are the solutions for remote offices in particular and in many cases at head offices too, but one needs user visibility into branch activity too.

So identity has become the fulcrum that can balance business flexibility and security. Without identity, one ends up laying down blanket policies that are too strict or too lenient. And IP address-based reports, it is like searching for the needle in the haystack. With user identity in place, administrators can not just create policies based on the user’s work profile and hierarchy, but also view reports with the username. That gives a complete and instantly actionable picture of activity and threats.

This reality is what we are presenting at the IDG conference - CIO–09 The Year Ahead from 21-24 November in Singapore.

When the going gets tough, the tough get tougher!

2008-11-18T11:21:00.002+05:30

It’s a race between the bad guys and the good guys. The bad guys, read cyber attackers, are constantly throwing new challenges for the good guys, read security solution providers like Cyberoam. And the race is getting tougher by the day as the bad guys are employing sophisticated techniques that can easily fool innocent users and at times, many a security solution.

At Cyberoam, we constantly come up with product enhancements and new features through new Version Releases to keep our customers’ security up to date and far ahead of attackers’ grasp. The latest Cyberoam version includes a much-wanted feature –User/MAC binding that would bind a user to a computer and thus prevent unauthorized network access by abusing someone else’s network rights. In fact, Cyberoam is the only security solution that can bind a computer’s MAC address directly to user identity, delivering greater network security and data confidentiality to enterprises.

Cyberoam’s GUI is now available in Chinese and Hindi languages to improve user experience in two of the largest and fastest growing markets in the world. We plan to support more such languages in our coming versions.

Cyberoam’s Threat Free Tunneling (TFT) technology scans all VPN traffic for malware intrusions, spam and content, enabling enterprises to offer a threat-free, remote access tunnel to their mobile workforce. Enterprises will be able to set identity-based policies for VPN Internet browsing and can restrict VPN access to specific networks, IP address, services and users.

Cyberoam has upgraded its Active-Active High Availability feature to minimize single point of failure and offers efficient, continuous access to critical applications, information and services in enterprises.

The latest version of Cyberoam appliances is about enhanced identity-based security, high appliance reliability, meeting the demands of our global customers! We will be back with more very soon.

Insider Threats & Higher Security in the Financial World

2008-11-14T14:40:00.008+05:30

Phishing and pharming have been around a while although that’s not to say customers know all about them or know enough not to fall for them. Financial institutions are educating customers and are bringing in security practices with virtual keyboards and the like.

Within their own walls, institutions are aware of insider threats. But what’s of significance is that attackers are using multiple modes from start to completion of the attack. I came across a case recently where money was transferred by an expatriate in USA to his account in India. Within hours of transfer, the maximum allowed limit at the ATM was withdrawn. It would have gone on till the amount was cleaned - luckily though, he checked within hours, informed the bank and the account was sealed with the bank taking responsibility.

Attacks are not performed entirely online. Attackers are using online methods to track and keep tab on accounts - kind of Waiting for the Moment. But the final act can come via phone, ATM or any possible way to complete the financial fraud.

This combination of online and physical acts makes security for the institution difficult since audits can only reveal the reconnaissance element. Most institutions aren’t exactly watching this information carefully. It takes an attack before forensics come into picture to figure out who was doing the reconnaissance. And that’s too late.

Every insider has an actual work pattern – and a needed work pattern based on the work responsibilities. A wide gap in the two or a significant deviation in the actual work pattern ought to get the institution’s hackles up with controls kicking in instantly. Now that’s possible with integrating identity tightly with security rather than let identity do its job while security performs its own. Not enough in today’s insider world.

Similarly, on the customer front, one needs to understand the customer’s pattern of functioning – significant deviations must create alerts. They can be on a range of parameters like – times of withdrawal, amounts, locations where ATMs, debit or credit cards are used and more. And if it is online share trading, the amount, transactions, in a day, week and so on. Such intelligence both within their walls and on the customer front is the current needed step.

Our CEO, Hemal Patel will be at the FSI World Congress, Singapore from November 18-19, speaking on insider threats and higher security in the FSI World. If you aren’t going to be at the event, watch this space for post-event highlights.

2 Things of note about Attackers and How their Minds Work

2008-10-23T12:53:00.005+05:30

1. How does the user’s mind work?

2. How does the security mind work?

Answer these questions and you have an insight into how the attackers’ mind works. And where they are headed.

1. I am the customer.

I love celebrities. Love is not far off the mark. Come Independence day, Christmas, elections, storms off the Pacific or just about any day of significance, I am more likely to click a lot more links related to the occasion than not. And let’s not forget doomsday announcements. I can’t keep my finger off “The World’s coming to an End” links. And then there are gruesome videos. That’s human psychology at its best. And that’s just what attackers are preying on.

Come morning, I was out to protect myself against threats. It’s ironic though that just when I am trying to up my defenses, they are down. I am likely to click a link in an “authentic” mail that asks me to do so to download the latest, most secure-to-date version. And what more ubiquitous than Microsoft and its IE7. Well, attacks lurked right around these protective download corners.

2. I am the security solution.

I don’t want too many false positives. But with zombies and botnets dropping off their IP address within a day of birth – about 55 % die their death within a day. And if we are referring to Germany or China, it’s 79 and 78 % - taking on legitimate sources, content, sites, URLs to bypass me, I could be in trouble. ‘Cause if I’m dependent on the source IP address to judge if a mail is spam or not, I am more likely than not to be off the mark. All this and more is in the Q3 2008 Email Threat Report released by Commtouch.

So what’s the learning?

If you don’t have a content filtering and anti-virus or anti-malware solution working with the anti-spam, your network is functioning without the second and third levels of protection.

Think of the worst possible loophole of your users and your security solutions, that’s where attackers will strike. Remember Murphy’s Law – Whatever can go wrong, Will go wrong. If you sit tight, hoping the loophole is going to go away on its own, it won’t. Watch your users, understand their patterns and their thinking, educate them – that reduces your gaps by well over a half. For the other half, deploy unified security, that’s Unified Threat Management to give your network multiple layers of protection against blended threats.

And one last point. CAPTCHAs aren’t a deterrent anymore. Webmails are easy to create now on the automated route and as fast as you shifted a load of them into junk, many times more were created last quarter.

Click here to download the full Q3 2008 Email Threat Report.

Cyberoam Wins Frost & Sullivan’s 2008 Asia Pacific Emerging Company of the Year Award!

2008-10-18T10:37:00.004+05:30

Cyberoam’s focus has always been unidirectional – to invest time and intellect on R&D to bring innovative features to fore. While we have been doing our job and delivering what our customers need for their network security much ahead of our competitors, agencies worldwide have been noticing us! Frost & Sullivan, the prestigious global consulting group, recently declared Cyberoam as the winner of the 2008 Asia Pacific Emerging Company of the Year Award for Network Security.

The criteria that helped Cyberoam bag this award are its unique identity-based security that effectively controls user-targeted external threats as well as insider threats, architectural flexibility, targeted vertical focus, product innovation and R&D – all holding equal weight in bringing this award our way! According to Frost & Sullivan, our effective use of sales and marketing resources and high technical superiority has given us a strong foothold in the market. And I can tell you that not just having the right resources but channelizing them in the right direction is something that has kept us on the right side of the winning line!

Our best price/performance ratio in the industry with the recent enhancement of our appliances with multicore technology also contributed towards this award coming our way.

Our single-minded focus on satisfying the security needs of our customers has paid in the long run, in terms of market share and respect from customers and industry bodies. And I am sure it is the way to go in future too!

Cyberoam SSL VPN Plus

2008-09-17T10:29:00.005+05:30

The Third-Generation VPNs from Cyberoam!

Whether it is retail chain stores submitting point of sale data or accessing the central network for pricing and inventory data; customers, suppliers, distribution channel and others accessing CRM, ERP and related applications in manufacturing concerns; or banks and financial institutions offering the convenience of online transactions to customers – organizations are trying to give easy, yet secure access to corporate data to remote users and branches.

IPSec VPNs have been doing the job of offering secure remote access for sometime now, without giving performance a beating. However, with IPSec VPNs, it’s either full access to all resources or no access, giving rise to serious security concerns. Not just that, there’s also the cumbersome and expensive task of deploying VPN clients on remote devices not to speak of the impossible task of doing it on a customer device. SSL VPNs came to the rescue, offering controlled and client-less access to users. However, for long, performance suffered with SSL VPNs, keeping enterprise loyalties with IPSec VPNs.

Cyberoam’s newly launched SSL VPN Plus appliances – the third-generation VPNs –complete the enterprise wish list for extending critical data and applications on their network to branch offices, road warriors, telecommuters and guest users. Enterprises can now get high performance, client-less access, high end-point security and granular network access controls for remote access with Cyberoam.

Cyberoam SSL VPN Plus appliances support 10 to 2500 users and are compatible with the most popular enterprise platforms – Windows®, Mac OS and Linux®. Automatic re-connection between user and gateways and high availability clustering ensure that network failures and timeouts ensure continuous access to critical applications and data, resulting in high levels of business productivity. Granular user-access controls help enterprises stay compliant with regulatory requirements like GLBA, HIPAA, PCI-DSS, Sarbanes Oxley, and others.

For more information about Cyberoam SSL VPN Plus Appliances, visit us at Booth 1017, September 17-19, The Javits Center, New York.

Why Identity?

2008-09-06T10:42:00.004+05:30

The knowledge of identity can be powerful. I know how much enterprises can gain from Cyberoam’s identity-based security solutions. They get the muscle to have total control on their employee activities in the network. Cyberoam’s identity-based security features hit the limelight recently, when it helped in solving Ahmedabad’s most gory terror blast trail.

An email warning about the terror blasts in Ahmedabad on July 26, 2008, was sent to a TV channel. It was found that the mail was sent from Waghodia Dental Institute in Baroda, Gujarat. As the Institute had installed Cyberoam’s UTM appliance, a team of our engineers immediately came together with the Ahmedabad Police to trace the sender of the email. Unfortunately, the institute had not activated Cyberoam's identity-based security facility, which is patent pending and unique to Cyberoam security appliances. Had they done this, they could have easily identified the sender by his username.

In this case, the Cyberoam team analyzed the network reports and was able to zero in on all the websites that had a similar IP address range as the one traced in the email. The website, abdultaiyeb.com, was thus discovered, which is a web-based proxy service used by terrorists. The reports revealed the institute’s internal lab department was used to send the email.