Archive for ◊ 2009 ◊

LogRhythm Log and Event Management Appliances Certified for Common Criteria Validation
Monday, December 21st, 2009 | Author: admin

BOULDER, Colo., Dec 15, 2009 (BUSINESS WIRE) — LogRhythm, the company that makes log data useful, today announced that its SIEM 2.0 solution, which integrates log and event management, file integrity monitoring, and endpoint monitoring & control, has been approved by the National Information Assurance Partnership (NIAP) for entrance into the Common Criteria Certification process.

LogRhythm appliances will be certified for Common Criteria, one of the most stringent and globally recognized standards for IT security products.

Common Criteria will bolster LogRhythm’s existing support for leading federal, military, and intelligence agency certifications and requirements. The LogRhythm solution has already achieved U.S. Air Force Certification & Accreditation, and is capable of operation using FIPS 140-2 validated cryptography.

Common Criteria is a framework that provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner. Common Criteria was developed by the governments of Canada, France, Germany, the Netherlands, the UK, and the U.S., and unifies several pre-existing standards. It enables companies selling computer products for the government market, especially for deployment by Defense or Intelligence agencies, to only have to meet one set of requirements.

“LogRhythm is the only SIEM 2.0 solution that combines log and event management with file and endpoint security capabilities required to meet the most demanding security environments like those of Homeland Security, The Department of Defense, and Intelligence Agencies,” said Chris Petersen, co-founder and CTO of LogRhythm. “Common Criteria validation, combined with our U.S. Air Force certification and support for FIPS 140-2 validated cryptography helps us better serve these critical customers worldwide.” About the Common Criteria Evaluation The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have established a national program, the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) for the evaluation of information technology internationally. The Common Criteria process is a result of multi-national efforts designed to assure the security and trustworthiness of IT products that are part of the national information infrastructure, both in the public and private sectors.

The SAIC Common Criteria Testing Laboratory is performing the test and evaluation of LogRhythm’s hardware and software for conformance with Common Criteria. For additional information, please see the Common Criteria website at http://www.niap-ccevs.org/in_evaluation/.

About LogRhythm LogRhythm provides enterprise-class SIEM 2.0 Technology — log and event management, file integrity monitoring, and endpoint monitoring & control in a single integrated solution — that empowers organizations to comply with regulations, secure their networks, and optimize IT operations. The company received the 2010 SC Magazine Innovator of the Year award, 2009 SC Magazine Readers Trust Award for best SIEM solution, is a Colorado Company to Watch for 2009, a finalist for the 2009 Red Herring 100 Award, and received the SC Magazine 2009 Best Buy for digital forensics products. LogRhythm is privately held and based in Boulder, Colorado with European Headquarters in Maidenhead, England, and Asia Pacific operations in Hong Kong. For more information visit: www.logrhythm.com.

SOURCE: LogRhythm CONTACT: Marc Gendron PR Marc Gendron, 781-237-0341 marc@mgpr.net Copyright Business Wire 2009 -0- KEYWORD: United States

http://www.cnbc.com/id/34428551/

Category: Log Management  | Leave a Comment
Guardium Fuels Customer Momentum for IBM
Thursday, December 03rd, 2009 | Author: admin

Guardium Fuels Customer Momentum for IBM Database Software by Mitigating Risk and Lowering Operational Costs

Supports Data Center Consolidation with Expanded Support for IBM DB2, Informix, Cognos Software and IBM i and System z Operating Systems with z/VM and Linux

WALTHAM, Mass. (April 15, 2009)Guardium, the database security company, today announced continuing customer momentum for its database security solutions safeguarding IBM database software.  The world’s leading organizations in financial services, government, retail, manufacturing, healthcare and other industries have selected Guardium and IBM software to better manage and protect their enterprise data. 

With today’s news, Guardium also announced sweeping support for a broad range of IBM server platforms and database software products.  The support helps organizations mitigate risks by protecting sensitive databases across the enterprise from both internal and external threats, while reducing IT costs with centralized security policies for heterogeneous infrastructures.  It also supports data center and server consolidation initiatives by providing continuous, real-time monitoring controls that reduce the risk of concentrating critical data on shared infrastructures.

In addition, the company announced that it recently became the first database security company to achieve IBM Information On Demand Specialty accreditation.

In the February 2009 report “Market Overview: Database Security,” Forrester estimates that over 70 percent of all threats to databases come from inside the enterprise, and that database administrators spend less than 5 percent of their time on database security.  Insider threats are difficult to detect and block because privileged users typically have unfettered access to sensitive data.  In addition, according to a recent IBM report , SQL injection attacks were up 134 percent in 2008 and have replaced cross-site scripting as the predominant type of Web application vulnerability, with attacks spiking to 450,000 per day during 2008.

Guardium‘s scalable enterprise platform streamlines operations with a single unified set of security policies – for IBM DB2, Informix, Microsoft SQL Server, Oracle, Sybase, MySQL and Teradata – without performance impact or changes to databases or applications.  In addition, Guardium allows customers to:

  • Protect against data leakage by looking for unauthorized access to sensitive tables and sensitive data in query results.
  • Ensure data governance by preventing unauthorized changes to critical data values or database structures.
  • Discover sensitive data in databases, for compliance with privacy requirements such as PCI-DSS and NIST 800-53.
  • Enhance database security postures with automated vulnerability management and configuration auditing.

Guardium’s solution uses real-time, policy-based monitoring to immediately identify unauthorized or suspicious activities, without relying on traditional DBMS-resident logs that can easily be disabled by privileged users.  In addition, Guardium S-GATE™ is the industry’s only solution for blocking administrators from viewing or changing sensitive data in heterogeneous DBMS environments.

Customer Momentum
More customers are choosing Guardium and IBM software including: 

  • Financial Services: 3 of the top 4 global banks, one of the top cardholder brands, one of the largest U.S. mutual fund companies and a NYSE-traded financial services company with four data centers managed by IBM Global Business Services.
  • Government: Critical government agencies in the U.S. and other geographies worldwide.
  • Retail & Hospitality: 2 of the top 3 global retailers and a major office supply brand.
  • Manufacturing: Customers include a top 3 auto maker, top 3 aerospace manufacturer, global beverage brand and global consumer food company.
  • Health Care: Major health care providers and Blue Cross-Blue Shield organizations.
  • Energy: Some of the world’s largest utilities and energy companies including National Grid.

“The integrity and confidentiality of our ERP, financial and customer data are paramount to our company and enable us to serve our millions of customers safely, reliably and efficiently,” said Cindy Peluso, director of information security, National Grid. “We have selected Guardium’s real-time database monitoring and compliance automation solution to help us meet our compliance goals for database monitoring.”

Expanded Support for IBM Database Software and Operating Systems
Guardium has added support for some of the most popular IBM database platforms including:

  • IBM DB2 UDB 9 for z/OS, building upon the company’s previously announced Guardium for Mainframes product.
  • IBM DB2 for IBM i, bringing advanced protection to IBM’s mid-range integrated platform.
  • IBM DB2 9.5 for Linux, UNIX and Windows, in addition to previous support for DB2 8 and 9.
  • Cognos 8, for which Guardium now identifies fraud and other unauthorized activities via application-layer monitoring.  This is in addition to previous support for enterprise applications such as SAP, PeopleSoft and SOA applications developed for IBM WebSphere Application Server and other middleware platforms.
  • IBM Informix 11.5, supplementing previous support for Informix 9, 10 and 11.
  • System z Red Hat Enterprise Linux and SUSE Linux Enterprise Server for System z, providing coverage for all major DBMS platforms running in the IBM z/VM hypervisor.

“IBM is helping companies address the challenges of managing huge volumes of data with its Information Agenda approach to quickly transform data into a strategic asset, and, in turn, make smarter business decisions,” said Boris Bialek, program director for IBM Data Management.  “Guardium’s enterprise database security and real-time monitoring technology supports this approach by enabling organizations to simplify and unify their infrastructures with the safety and assurance that they’re not increasing their risk posture.”

Enabling Data Center Consolidation by Enhancing Controls to Mitigate Risks
Many organizations are consolidating data centers to reduce operational costs and “go green.” These initiatives often leverage advanced virtualization technologies, such as z/VM with Linux, to create a more flexible infrastructure. 

This approach requires additional controls because it concentrates risk.  Privileged users with access to the shared infrastructure – such as DBAs, developers and outsourced personnel – must be prevented from viewing confidential data in databases.  This is challenging because traditional network security technologies and DBMS-resident controls cannot protect data from administrators.  Monitoring privileged users is also important because attacks, such as SQL injection, frequently result in the external attacker obtaining privileged access.  Implementing fine-grained access policies is also required for key regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS), NIST 800-53 and SAS 70.

Guardium reduces cost and complexity by replacing manual, time-consuming log-based processes with centralized and automated controls.  In a commissioned case study conducted by Forrester Consulting on behalf of Guardium, Guardium’s solution delivered a risk-adjusted ROI of 239% with a payback period of less than 6 months for a F500 global manufacturer with SAP, Siebel and 21 other key financial applications running on IBM DB2 and Oracle on IBM AIX, and Microsoft SQL Server.

Information On Demand Certification
Guardium has become the first database security company to achieve IBM Information On Demand Specialty accreditation based on its demonstrated skills, technical solution reviews and proof of market success with IBM customers.  The company previously achieved IBM Advanced Industry-Optimized status for Financial Markets by demonstrating successful implementations with IBM customers in the financial services industry, and has been a member of IBM’s prestigious Data Governance Council since 2005.

“Real-time database monitoring and data-level access controls help enterprises with three of their top pain points: preventing data leaks, assuring proper data governance and reducing operational costs,” said Guardium CTO Ron Bennatan, Ph.D., IBM Gold Consultant and author of Implementing Database Security and Auditing.  “Guardium gives all IBM customers – including mainframe and iSeries customers – unprecedented visibility and control over their data access activities, without the risk and complexity of traditional log-based approaches.  Working together, IBM and Guardium provide customers with proven technology leadership that helps them migrate to next-generation architectures without increasing their risk posture.”

Guardium leveraged IBM’s Innovation Centers to develop and test these platform enhancements.  Guardium’s latest innovations will be demonstrated at the RSA Conference 2009 in San Francisco, April 21-23 (Booth #544).

About Guardium
Guardium, the database security company, delivers the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of enterprise data.

The company’s enterprise security platform is now installed in more than 450 data centers worldwide, including 3 of the top 4 global banks; 3 of the top 5 insurers; 2 of the top 3 global retailers; 15 of the world’s top telcos; 2 of the world’s favorite beverage brands; the most recognized name in PCs; a top 3 auto maker; a top 3 aerospace company; and a leading supplier of business intelligence software.

The company has an alliance with Oracle, Microsoft, IBM, BMC, EMC, Accenture, McAfee and ArcSight, with Cisco as a strategic investor, and is a member of IBM’s prestigious Data Governance Council and the PCI Security Standards Council.

Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise platform that both protects databases in real-time and automates the entire compliance auditing process.

Guardium and S-GATE are trademarks of Guardium, Inc.  All product and company names herein may be trademarks of their registered owners.

Category: DataBase Security  | Leave a Comment
IBM Acquires Guardium
Thursday, December 03rd, 2009 | Author: admin

IBM Acquires Guardium

Helps Organizations Safeguard Critical Enterprise Data

ARMONK, N.Y., November 30, 2009—IBM (NYSE: IBM) today announced it has acquired Guardium, a market leader in real-time enterprise database monitoring and protection. Guardium’s technology helps clients safeguard data, monitor database activity and reduce operational costs by automating regulatory compliance tasks. Guardium is a privately held company based in Waltham, Massachusetts. Financial terms were not disclosed.

Trusted information lies at the center of today’s business transformations. To succeed in today’s dynamic business environment, organizations must unlock the value of critical information stored in silos within and outside of the organization, while still safeguarding it from unauthorized access or changes.

The acquisition of Guardium will enable IBM clients to maintain trusted information infrastructures by continuously monitoring access and activity to protect high-value databases against threats from legitimate users and potential hackers. It will also help clients streamline compliance processes for ever-changing industry and government mandates with centralized and automated controls for all major platforms.

The combination of IBM and Guardium technology will help organizations safely realize the promise of business analytics and use trusted information to drive smarter business outcomes. Designed for cross-platform environments, Guardium’s technology identifies patterns and anomalies in data access and usage allowing organizations to maintain the integrity of their data and turn it into a strategic business asset. The monitoring capabilities of Guardium’s technology also detect fraud and unauthorized access via enterprise applications such as an organization’s ERP, CRM or Data Warehousing solutions.

“Organizations are grappling with government mandates, industry standards and business demands to ensure that their critical data is protected against internal and external threats,” said Arvind Krishna, general manager, IBM Information Management. “This acquisition is another significant step in our abilities to help clients govern and monitor their data, and ultimately make their information more secure throughout its lifecycle.”

The Washington Metropolitan Area Transit Authority (Metro) operates the second largest rail transit system in the United States and transports more than a third of the federal government to work. Washington Metro needed to safeguard sensitive customer data and simplify compliance with the Payment Card Industry Data Security Standard (PCI-DSS), without impacting performance or changing database configurations. With more than 9 million credit and debit card transactions yearly, Metro is classified as a top-tier Level 1 merchant by the PCI-DSS standard. With Guardium’s technology, Metro gained granular visibility into all database transactions, allowing them to protect the privacy and integrity of their critical data and identify potential fraud in their ERP/HR system.

According to the recent IBM Global CIO Study, one in three business leaders frequently make decisions based on information they do not trust or do not have. With renewed focus on transparency and accountability, businesses and government agencies cannot afford to make decisions based on data that has been compromised. To succeed, organizations need to maintain a vigilant real-time watch on database access to protect enterprise data and comply with regulatory requirements such as HIPAA and the European Data Protection Directive, the U.S. federal government’s NIST 800-53 standard and industry mandates such as the PCI-DSS.

“Guardium gives clients unprecedented visibility and control over their data access activities while taking advantage of automation to deliver rapid return on investment,” said Ram Metser, chief executive officer of Guardium. “The combination of IBM and Guardium provides clients with a comprehensive solution for safeguarding critical enterprise information and preventing fraud without the complexity of traditional approaches.”

This acquisition extends IBM’s business analytics strategy, including the range of offerings available through IBM’s recently-announced Business Analytics and Optimization Consulting organization with 4,000 consultants, a network of analytics solution centers, and an overall investment of more than $12 billion in organic growth and acquisitions.

IBM will integrate Guardium within IBM’s Information Management Software portfolio which has more than 35,000 experts dedicated to helping clients use information as a strategic asset to transform their business. This marks the 28th acquisition to support the Information Management initiative.

For more information about IBM Information Management, visit http://www-01.ibm.com/software/data/information-on-demand/.
For more information on IBM Analytics: on Twitter, Business Analytics & Optimization Press Kit and Analytics: How it Works on YouTube.

###

IBM, Information on Demand is a trademark or registered trademark of International Business Machines Corporation. For a list of additional IBM trademarks, please see www.ibm.com/legal/copytrade.shtml

All other company, product or service names may be trademarks or registered trademarks of others. Statements concerning IBM’s future development plans and schedules are made for planning purposes only, and are subject to change or withdrawal without notice

http://www.guardium.com/index.php/pr/923

Category: DataBase Security  | Leave a Comment
PCI DSS checklist: Mistakes and problem areas to avoid
Friday, November 27th, 2009 | Author: admin

Neil Roiter, Senior Technology Editor
11.25.2009

The Payment Card Industry Data Security Standard (PCI DSS) has been a world-changing experience for many midmarket businesses, retailers and credit card processors that previously had little or no regulatory oversight for security.

“PCI has been their baptism,” said Steve Alameda, principal consultant of Data SafeGuard of San Francisco. “It’s one heck of a way to get baptized.”

Consultants who devote part or most of their activities helping smaller organizations — mostly those with Level 3, 4 and some Level 2 requirements for self-assessment — share some of the difficult lessons learned in the trenches.

Lesson 1: Don’t Underestimate PCI
Astonishingly, there’s anecdotal evidence that some smaller companies are still unaware they must comply with PCI. Level 4 merchants, those processing fewer than 20,000 transactions annually, are slower to get the word.

Assuming your business is not in that situation, you’re facing requirements that are growing increasingly demanding. Self-Assessment Questionnaire D, which most covered organizations are required to complete, is far more detailed than what the questionnaire originally required in 2007. Most companies often turn to consulting help for a variety of reasons:

  1. Lack of knowledge about their own environment. Small companies are wrapped up in doing business, not doing security. Once they realize what they have to protect and all the ways they might be exposed, light bulbs go off.
  2. Inability to comprehend the requirements. Few small companies have security people and most have, at most, a small IT staff that lacks the time and/or expertise to understand and complete the assessment.
  3. The requirements sink in. Organizations start out doing a self-assessment, then realize as they proceed they may have bitten off more than they can chew.
  4. Nobody wants to get it wrong. No one wants to go to the president and tell him/her that after all the time and money spent, the company is still not compliant.
  5. Companies think they have adequate security to meet the requirements. To most small businesses, that’s desktop AV and a firewall.

((Content component not found.))

This may also mean underestimating cost. Companies that do their homework, either internally or in combination with outside help, will have a realistic expectation of what they’ll need to spend in terms of manpower, technology and services. For example, while they have AV and a firewall, chances are they have never given a thought to purchasing log management, IDS or file integrity-monitoring tools, let alone a Web application firewall.

Also, small companies, unlike enterprises or smaller organizations in heavily regulated industries, are not accustomed to refreshing equipment, such as point-of-sale systems, every few years. In many cases, they need to either upgrade or replace older equipment to become or remain compliant.

Companies do not, typically, anticipate they will have to make some fundamental changes in the way they do business. It’s not a matter of tacking on security, even for the little guys. You may, for example, store credit card information in Excel spreadsheets. Now you need to convert all that information into databases and protect them.

“It’s one of the hidden costs of PCI. I can’t tell you how many businesses we walk into where they have paper records — a warehouse of credit card receipts that’s intermixed with invoices, etc.” said Seth Peter, CTO of Minneapolis-based consultancy NetSPI. “One big area where companies underestimate costs is how do you stop doing that and how do you go back and clean it up?”

“They feel their environment is in pretty good shape, and don’t think they’ll need to make many changes,” said Data SafeGuard’s Alameda. “Then the reality hits that there will be a lot of changes.”

Lesson 2: Learn PCI Problem Areas
PCI presents a laundry list of prescriptive data security requirements, many of which can be a challenge to smaller companies, but some are more likely to be especially problematic.

Encryption: The PCI requirement that stored credit card data must be encrypted can be a formidable challenge. Face it: Many large enterprises have flinched at encryption projects. The reason is not the encryption itself — that’s relatively easy. But key management, with all its complexity and administrative overhead, and concern about recovering data if keys are lost, is another matter.

The PCI practitioners we spoke to said most of their clients — somewhat to their surprise — had some encryption in place, but mostly in one-off situations where they could more or less set it in place and forget it. With PCI, the requirements become more complex and companies need to turn to products that simplify key management or seek outside help to manage it for them.

Policy: Midmarket companies are unlikely to have anything resembling a comprehensive security policy, unless they are already in a highly regulated industry, such as financial services. PCI Requirement 12 says that companies must maintain a policy that addresses information security. Sounds simple on the face of it, but when you dig into the details, this is really a complex set of requirements that impact many aspects of the business. It addresses all the other PCI requirements, and how to ensure that your employees and partners adhere to them.

This is a complex area because it touches all areas of the business and requires attention to things such as change management policy, which may be foreign to smaller businesses.

The best advice is to start with a set of base policies that can get companies through and build from there. There are good resources, such as the SANS Institute, that provide policy templates organizations can use as a starting point.

“We help companies to set policies specific to their environment and general enough to work with and expand,” said Michael LaBarge, president and CEO of Datassurant Inc. of Reston, Va. “It gives them a starting point to improve their security posture, checks the box, and gets them on the right road.”

Application security: Section 6.6 of version 1.2 of PCI DSS now requires either application code review or a Web application firewall (WAF). Even large enterprises have been slow to adopt strong application security in code development, application security assessments or even Web application firewalls.

Most companies, lacking the expertise for internal reviews, have opted for WAFs, but the requirement has come as something of a shock to small businesses. Small organizations can consider outsourcing if they can find a service provider at a reasonable price.

Lesson 3: PCI Compliance is Continuous
PCI ain’t over when it’s over. It’s very common for companies that don’t have a well-developed compliance program to put a lot of time and intense effort into PCI compliance, then be let down. They’re setting themselves up for a lot of unnecessary and redundant work when the next year’s assessment comes around.

Compliance often requires changing some basic business practices. Once a company is compliant, processes that were laid out are not followed through, because they cease to be urgent priorities, and management may have little appetite for changing operations.

In addition, if your smaller company is typical, the effort put into achieving compliance is taking people away from their day jobs. That means everyone is playing catch-up with responsibilities that have been neglected, and lose focus on compliance. That underscores the point that compliance processes need to become part of normal business operations, not simply a stack of “to-do tasks.”

Finally, roles and responsibilities at small companies are not clearly defined. Duties are not documented and may change quickly if the person who usually does it gets pulled off to do something else, is out sick or goes on vacation. If it’s not mission-critical for the business, it might not get done.

http://searchsecurity.techtarget.co.uk/tip/0,289483,sid180_gci1375428,00.html?track=NL-988&ad=736946&asrc=EM_NLT_10083467&uid=5392292

Category: Network Security  | Leave a Comment
2010- A Security Odyssey
Thursday, November 26th, 2009 | Author: admin

By David Bell
Nov 25, 2009 5:30 PM

NetIQ’s David Bell presents his predictions for the IT security industry in 2010.

As yet another year draws to a close, it’s natural for any industry to glance back over the past 12 months and then wonder what the future holds. For IT security professionals, 2009 has been a year of manipulating constricted budgets to properly secure the enterprise against an ever-expanding network of threats.

Virtualisation and cloud computing have well and truly exploded, bringing with them a fresh breed of nasties for businesses to fend off. Compliance initiatives have continued to dominate our radars, especially in the credit card and online banking spaces where the challenge of securing customers’ electronic data has become a major focus in the boardroom.

In an effort to be one step ahead of whatever is on the horizon, it’s time to start asking what’s in store for 2010. Here are three predictions based on my discussions with customers out in security land: 

1. The slow rise of automated fraud detection
As financial institutions face ever more devious threats, automated fraud detection has been positioned as the next big thing. While it makes sense to automate information-gathering and event responses where possible, the technology is still too complex to be effective.

Part of the challenge is a lack of integration between security technology and processes. Fraud is typified by a complicated set of activities that cross many different elements of the organisation. The effectiveness of automated fraud detection programs is still a few years away because security programs lack the necessary maturity and information flow between technologies and operational silos.

I see more immediate value in the ability to monitor abnormal activity from privileged users, which could signify a potential breach.

2. Keeping your data secure AND accessible
The second trend that will continue into 2010 is the focus on securing critical data and the need to ensure the availability of that data to support business operations. Organisations have become very concerned with the security of large database management systems. These databases often hold particularly sensitive data, and require highly-specialised Database Activity Management technologies to administer and audit their access.

Protecting critical data, such as customer information, from being exposed in a breach has become the number one priority for organisations, and that will continue to be a main concern. Government legislation, industry mandates, and corporate best-practices all demand a data-centric and integrated security program. The real challenge for security teams over the coming year is how to take their existing investment in a broad range of security technologies and build a defence around sensitive, and therefore valuable, data stores.

3. More to compliance than security

Nearly every organisation is faced with the pressure of regulatory compliance. This is forcing security teams to provide far greater visibility into organisational risk, and for a larger number of stakeholders, than ever before.  There are more and more people within the business who now expect to see the results of the security team’s efforts in a form that is easy to understand. In 2010, this expectation will continue to drive a need for greater capabilities to measure risk and exposure, and to be able present that information in layman’s terms to stakeholders, particularly board members.

The challenge here is that board members see this investment and expect the money spent to benefit the business overall; they equate compliance success with good security. As security teams strive to demonstrate compliance to regulators and business stakeholders, they will also have to educate senior executives about the reality of security as an ongoing process. Technology and its threats evolve at such a rapid pace that a part of your network that’s secure today could easily be at risk tomorrow.

Onwards and upwards
These three predictions are intrinsically linked: in 2010 database security will be the defining goal of security and compliance teams. The visibility of breaches has reached the highest levels of the organisation, and the desire to avoid costly and embarrassing data violations has become something that everyone, from the CEO down, now takes seriously.

Data is the lifeblood of global businesses, and the costs of breaches are simply too high – we will have to adapt to a more managed, policy-driven and secure workplace. While 2009 was a year devoted to the security of newer technologies such as cloud computing, we should anticipate that the coming year will focus on the processes and policies surrounding data security and compliance. From awareness training, to policies on mobile computing, to greater scrutiny of user activity – process-driven security strategies will be key to protecting the reputation and ‘crown jewels’ of every enterprise.

David Bell is a Systems Engineer at NetIQ.

http://www.securecomputing.net.au/Opinion/161362,2010-a-security-odyssey.aspx

Category: Network Security  | Leave a Comment
Massive T-Mobile UK security breach involves insiders
Thursday, November 19th, 2009 | Author: admin

By Robert Westervelt, News Editor
18 Nov 2009 | SearchSecurity.com

T-Mobile U.K. said Wednesday that an employee was to blame for stealing possibly millions of customer records and selling the data to competitors.

T-Mobile informed Britain’s Information Commissioner’s Office (ICO) of the data security breach. The data included customers’ contract renewal information, including customers’ contract expiration dates. T-Mobile said the data was sold to “third parties.”

“The number of records involved runs into the millions, and it appears that substantial amounts of money changed hands,” the government body said in a document submitted to the Ministry of Justice.

The U.K. Data Protection Act prohibits the selling of data without prior permission from the customer. The ICO said in its report that it believes T-Mobile competitors used the information to call customers prior to the expiration of their contracts and offer them deals with a new operator.

The T-Mobile U.K. data breach highlights the problem of insider security threats, especially during an uncertain global economy, which has resulted in layoffs and mergers. A recent survey of 1,900 senior executives conducted by Ernst & Young found that 75% of respondents were concerned with the possibility of reprisal from employees. But many are having a difficult time doing anything about insider security threats. Less than half (42%) were weighing the risks and only 26% were taking steps to address insider threats.

“A lot of the focus has been on external hackers, but if you look at the data from organizations including Forrester Research Inc. and Gartner Inc., over 75% of data breaches are the result of insiders,” said Thomas VanHorn, vice president of global marketing at Application Security Inc, a database security vendor based in New York, N.Y.. “There are more fears out there in part because of the dire economy.”

While focusing on improving hiring practices and monitoring employees could help guard against employee reprisals, security experts say companies can conduct regular entitlement reviews to ensure that only employees that need access to certain data get that access. Database activity monitoring and log management are also areas where companies can improve their security practices and guard against a breach, VanHorn said.

“Typically we encounter companies that think they know where their sensitive data is, but when we go in companies often make the discovery of databases they never knew they had,” VanHorn said. “It could be at a remote office or a test database, but discovery is a real important first step.”

After getting complaints from customers, T-Mobile said it immediately began investigating the breach. T-Mobile worked with the ICO to identify the source and said it and the ICO were collecting evidence and planned to prosecute those involved.

“While it is deeply regrettable that customer information has been misappropriated in this way, we have proactively supported the ICO to help stamp out what is a problem for the whole industry,” T-Mobile said in a statement.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1374722,00.html

Category: DataBase Security  | Leave a Comment
Cisco MARS shuts out new third-party security devices
Sunday, November 15th, 2009 | Author: admin
Focus on supporting Cisco devices; some claim it’s beginning of end for Cisco Security MARS as multivendor offering
By Ellen Messmer , Network World , 11/06/2009

Cisco has finally publicly acknowledged it won’t add support for new third-party devices to its security information and event monitoring appliance, ending months of speculation about the future of its Monitoring, Analysis and Response System. Some claim it’s the beginning of the end for MARS as a multi-vendor SIEM device.

“MARS customers can expect non-Cisco network device data and signature updates to continue for currently supported third-party systems, but no new third-party devices will be added,” Cisco declared in a statement, noting that “Cisco MARS continues to focus on supporting Cisco devices for threat identification and mitigation.”

MARS is used by about 4,000 customers and Cisco is regarded as the largest SIEM vendor. Cisco had been privately briefing at least some of them on its intentions to effectively freeze third-party device support, but until now had refrained from a public statement.
Since SIEM equipment is typically used to consolidate alert and event data from multiple vendor sources, the fact that MARS won’t be supporting any new non-Cisco equipment suggests customers must now consider migrating from it if third-party vendor support is their chief concern. Analysts from Gartner and Enterprise Strategy Group are advocating that very thing.

“Cisco deserves credit for coming clean on MARS support,” said Jon Oltsik, analyst with Enterprise Strategy Group (ESG). “That said, rumors of product, customer support and field sales have been circulating for more than a year. In the future, I would hope that Cisco would be more forward and clear on its product plans and address issues like these in a timely manner. The priority here must be on improved security and not proprietary business agenda.”

Cisco’s SIEM competitors this week have eagerly grabbed at the topic of Cisco MARS freezing third-party support because of a Gartner research memo published Oct. 29 in which analyst Mark Nicolett stated, “Cisco has quietly begun informing its customers of a decision to freeze support for most non-Cisco event sources with its [MARS].”

In the research note Nicolett said, “Although Cisco has not formally announced its intention to exit the SIEM market, the Cisco sales force is encouraging its MARS customers to find an alternative for log collection and event analysis of non-Cisco event sources.”

In Gartner’s view, the effect of all this is that MARS can no longer be viewed as a viable SIEM for anyone looking for third-party vendor support in the future. “Organizations that need support of non-Cisco event sources should plan to move to a viable SIEM solution,” the Gartner research note states.

Nicolett says he issued the research note because of what he initially picked up from discussions he happened to have with Gartner customers using MARS, not Cisco directly, though Cisco did confirm the change in strategy when asked about it.

Since Cisco had been included in Gartner’s influential “Magic Quadrant report on SIEM this spring, when Cisco had provided “no hint of change in strategy,” Nicolett says he thought it important to immediately inform Gartner clients on what he had found out.

MARS has never been particularly wide in its support for third-party security devices, Nicolett says, but now it can no longer be considered in that role for the future. Gartner isn’t going to go back and revise the SIEM Magic Quadrant, but its Oct. 29 research note has to be considered its current findings when it comes to MARS as a SIEM for other than Cisco-related gear.

“That note seems to have caused a lot of concern to MARS customers,” says Rick Caccia, vice president of product marketing at ArcSight, a SIEM vendor that supports 300 products, including MARS, with a connector toolkit for 1,500 others. Cisco is considered the largest SIEM vendor in the market, but Gartner “threw a bomb in the market with that note,” Caccia says.
Category: Log Management  | Leave a Comment
Logrhythm News Release
Sunday, November 15th, 2009 | Author: admin

Reigate and Banstead Borough Council Implements LogRhythm to Comply with CoCo and Improve Network Reporting Forensics

Maidenhead, 5 August 2009  Reigate and Banstead Borough Council is implementing a log management, log analysis and event management solution from LogRhythm, the company that makes log data useful.  The new solution is being implemented so that the Council can sign up to the government’s Code of Connection (CoCo) as well as dramatically streamline how it reports on network activity for forensic and audit purposes.

Reigate and Banstead Borough Council is responsible for 127,000 residents and covers an area of 129 square kilometres.  Like all councils in England and Wales, Reigate and Banstead must sign up to a Code of Connection (CoCo) before it can connect to the UK Government Connect Secure Extranet (GCSx) – a private wide area network for secure communications between connected government organisations.  As CoCo has specific requirements on how log data is stored, managed and accessed, it triggered Reigate and Banstead to review how the Council processes its log data.

Until now, if Reigate and Banstead wanted to access its log data, searches would have to be done manually across a large number of servers which was incredibly time consuming.  Implementing an automated system would not only tick the CoCo box but would also significantly reduce the time taken to search log data and produce network activity reports.

Ian Machen, project manager, Reigate and Banstead Borough Council explains:
“When it came to choosing a log management solution, we consulted a number of local authorities who had recently gone though the selection process.  LogRhythm was the name which cropped up over and over again.   Not only were we drawn towards LogRhythm on the recommendations by our peers, but it was one of the few suppliers which could interface with our Novell-based network.   Additionally, LogRhythm’s ability to produce standard reports for CoCo and PCI seemed an obvious time-saving advantage. Finally, during the initial discussion with LogRhythm, we found that the solution met all of the day to day requirements laid out by our security manager.”

LogRhythm will be used in Reigate and Banstead’s ICT department by the security manager, their deputy and two IT administrators to monitor the Council’s firewalls and assist with intrusion detection. 
Ultimately, LogRhythm will span the Council’s entire IT infrastructure where it will alert on suspicious behaviour, particularly around users logging in and out of the network, password control and web access.
By providing Reigate and Banstead with an unprecedented view of its network – LogRhythm will enable the team to identify a single point of reference from which it can drill into and identify any problems so that they can be acted on immediately.

Machen concludes:
“Even though we’re in the early stages of implementing LogRhythm, we keep seeing new ways in which the solution can assist us beyond ticking the compliance box.  The company has been extremely responsive and professional in developing the solution further as we identify these new opportunities.  As such, LogRhythm is set to offer a high return on investment and we’re looking forward to having the solution up and running to bring maximum benefits to the Council.”

Ross Brewer, vice president and managing director, LogRhythm EMEA adds,
“As with so many LogRhythm customers who purchase the solution for compliance purposes, the moment implementation commences, the more applications users see for it beyond regulatory requirements.   CoCo may be the trigger to purchase LogRhythm in the short-term but the added value that it brings can result in huge efficiency savings and improved operations across the board.”

Category: Log Management  | Leave a Comment
Leading Political Think Tank Selects LogRhythm to Defend Against Online Attacks
Sunday, November 15th, 2009 | Author: admin

Center for American Progress Chooses Log and Event Management System to Monitor Threat Activity and Protect Sensitive Data

BOULDER, Colo., Aug. 11, 2009 – LogRhythm, the company that makes log data useful, today announced that the Center for American Progress (CAP), an influential progressive political think tank, has selected its flagship product to protect sensitive data against frequent online attacks. The LogRhythm integrated log and event management solution continuously monitors activity across CAP’s network – firewalls, web servers, e-mail servers, and more – to detect and alert on potential security threats as well as operational problems that can lead to down time. 

CAP is a progressive research and educational institute dedicated to promoting a strong, just and free America that ensures opportunity for all. CAP works to find progressive and pragmatic solutions to significant domestic and international problems and develop policy proposals that foster a government that is “of the people, by the people, and for the people.” Given its high profile and influence in the US and abroad, CAP’s IT infrastructure is often the target of outside attacks and attempted security breaches. CAP turned to LogRhythm for its ability to monitor all four corners of the institute’s network and provide actionable insight that enables its IT staff to proactively address security and operational issues.

“We get many cyber attacks against our network and considered several different solutions including network traffic control, intrusion detection systems, etc., to manage our threat envelope,” said Steve Heibein, Vice President of Technology for the Center for American Progress. “What we discovered was that we needed a security information management system to make sense of all our existing logs and security information.  We selected LogRhythm to secure as well as optimize our network systems.  Our IT staff is now able to be proactive, because we actually see what’s going on both from the 30,000-foot and in the trenches views, and can easily switch between the two on the ‘fly’. A key decision factor in selecting LogRhythm was the sophistication of its analysis capability in combination with the simplicity of the user interface.”

Heibein explained that after a comprehensive evaluation of leading log management and security information event management (SIEM) solutions, CAP selected LogRhythm for its out-of-the-box usability, comprehensive feature set, ease-of-use, and rapid time-to-value. Compared to competing products, LogRhythm demonstrated an unparalleled ability to answer complex questions without the need for costly configuration or customization.  CAP is deploying LogRhythm to centralize security and operations management, and to monitor and investigate exceptions, trends and error conditions across its network.

“The Center for American Progress’ IT network is a high-value target for political attacks and information spying,” said Andy Grolnick, CEO of LogRhythm.  “The decision by CAP to deploy LogRhythm as the backbone of its IT security and operations command and control infrastructure is a powerful endorsement of our technology. Our ability to work out of the box and perform both log and event management sets us apart in head-to-head evaluations like this one.”

Category: Log Management  | Leave a Comment
LogRhythm Named Most Innovative Product of 2009
Sunday, November 15th, 2009 | Author: admin

Colorado Software and Internet Association APEX Awards Recognize Log and Event Management System

BOULDER, Colo., June 11, 2009 – LogRhythm, the company that makes log data useful, today announced that its flagship product has been named the most innovative technology product of 2009 by the Colorado Software and Internet Association (CSIA) as part of the 9th annual APEX Awards. More than 80 companies were nominated for this year’s APEX awards, which recognize industry leading technology companies and professionals based in Colorado. Winners were selected by a panel of industry experts and announced at a special award ceremony in Glendale on Wednesday night. 

The APEX award is the latest in a string of high profile industry recognition for the company and its log and event management product. Last week LogRhythm was placed by Gartner Inc. in the visionaries quadrant of the Security Information and Event Management Magic (SIEM) Quadrant report for 2009. Earlier this year, the LogRhythm product was selected as SC Magazine’s Reader’s Choice winner for Best SIEM solution, and the company was named a Colorado Company to Watch for 2009 by the Colorado Office of Economic Development and International Trade. LogRhythm was also a finalist for the 2009 Red Herring 100 Award.

“The APEX award is especially gratifying because it is voted on by experts in the software and information technology industry,” said Chris Petersen, co-founder and CTO of LogRhythm.  “This award adds to a mounting body of evidence that demonstrates LogRhythm is not only one of the leading technology innovators in the state of Colorado, but also in the IT sector. Our focus on building an all-in-one solution that makes it easy to use logs as the lynchpin for protecting networks and data, and meeting regulatory compliance mandates, is winning accolades from industry experts and end-users.”
 
LogRhythm has received funding from three leading Colorado-based investors – Access Venture Partners, Colorado Fund, and Croghan Investments, as well as Grotech Ventures, which has a significant presence in the state.

About CSIA
CSIA is Colorado’s Technology Association and works on behalf of the entire technology industry in Colorado; providing connections, insight, advocacy, and competitive edge programs and services to help technology companies succeed and prosper. CSIA is involved in legislative issues and public policy to ensure this large industry is represented.  CSIA also provides a number of annual programs, events and connections to support business success.  www.coloradotechnology.org.

Category: Log Management  | Leave a Comment
« Previous Entries