The Security Detail

May 29, 2012  12:14 PM

This Is No Mere Password Stealer, It’s a Data Siphon

Tony Bradley Tony Bradley Profile: Tony Bradley

Andrew Brandt of Solera Networks, sent the following comment regarding the ‘Flame’ malware:

“From what I’ve read, this is like no Advanced Persistent Threat anyone has ever encountered. Flame has been engineered, from the ground up, to steal valuable information over a prolonged period by means of techniques the crimeware makers could not be bothered with. Weighing in at a massive 20MB, the Flame Trojan and its various downloadable components represent an entirely new threatscape not only for businesses but for governments and nongovernmental entities: Any organization, with any valuable information traversing its network, could be a target. Businesses, law enforcement, elected officials, militaries, NGOs — you are all potential targets. Until the security community can build a greater pool of knowledge about the functions of the malware and the motives of its creators, we all remain at risk. This is no mere password stealer, it’s a data siphon.”

April 6, 2012  10:19 AM

IT Security Lessons that Australia Can Teach Us

Tony Bradley Tony Bradley Profile: Tony Bradley

This is an article written by Paul Kenyon, COO of Avecto, on how the Australian Defence Signals Directorate could teach IT security professionals a thing or two when it comes to operating system and application whitelisting plus privilege controls. It is shared with permission.

The Australian economy – under the respected guidance of its 27th Prime Minister Julia Gillard and her federal team – is carving out a name for itself in the IT security arena.

Whilst this may sound surprising, it comes against the background of Australia’s (as a country) relative youth and the fact that the country has around 22 million citizens: big enough to make its weight felt in international terms, but small enough to be flexible in the modern world of IT matters.

A key example of this is the country’s Defence Signals Directorate (DSD) – Australia’s equivalent to the US Department of Homeland Security – which has analysed some of the attack techniques used by cybercriminals and come up with four main methods of blocking them.

And the Australian government – moving swiftly in response – has started rolling out these techniques across its government IT infrastructre, reportedly to great effect.

The 3rd and 4th techniques centre on the idea of whitelisting, that is, forcing public sector computer users to install only approved (whitelisted) applications and only allowing similarly approved – and risk analysed – emails to be viewed.

This means that, on their office computers, government employees can only access their corporate email and browse a limited number of Web sites, which, in turn – means they have a far less chance of infecting their PCs than `civilian’ Internet users.

Alongside its controlled software and Internet usage approach to IT, the Australian government has also been highly pro-active in quickly patching high-risk security vulnerabilities in both the operating systems and software that its many computers run.

Based on an analysis of its Internet usage during 2010, in fact, the Australian DSD concluded that at least 85 per cent of the targeted cyber intrusions that it responded to during the year could have been prevented by following these four main mitigation strategies.

These four strategies are just part of a 35-point strategy report – Strategies to Mitigate Targeted Cyber Intrusions ( – which found that, although resistance to the idea of patching operating systems and software was low, the costs involved on the financial and staff training side of things were still quite high.

That’s not to say that staff response to the report’s recommendations – which included the control over both portable and data devices – was entirely positive. The report’s authors found there was a high degree of staff resistance to the idea that their access to USB sticks and other forms of low-cost data storage were to be restricted.

Despite this, there are signs that staff are now realising that these data security requirements are a normal part of doing business in the public sector and will therefore be the normal IT methodology – both now and in the future.

If we contrast this IT security methodology to that seen in the government and public sector here in the UK – where the emphasis is very much on cost saving, rather than taking a draconian approach to effective security – it can be seen that there is considerable scope for security problems with many UK government departments being encouraged to go down the open source (freeware) route.

There is, of course, nothing wrong with using open software over commercial applications, but most experts agree that at least some of the cost savings accrued from going down the open source route should be re-invested in other aspects of computing security, not least in ensuring those applications are secure enough for general usage.

Unfortunately for computer users in the UK, there are signs that the audit requirements laid down by current governance rules can still be counter-productive in the longer term, as employees are still free to source – and use – just about any software application they wish.

Put simply, where Australian public sector workers are effectively told what operating system and software they will be using in the workplace – and IT governance/security staff can plan and accommodate accordingly – their UK counterparts are allowed carte blanche (within reason) to decide the software they wish to use.

IT purists might argue that this makes for a more efficient IT user base in the UK public sector when compared to their Australian colleagues, but there are real reasons behind the Australian mandate on what operating system and software you can – and cannot – use.

A clear example of this lies in the use of SCADA – Supervisory Control And Data Acquisition – computer control systems seen at the heart of many industrial automation and control systems.

First developed in the 1960s – and really coming into their own with the arrival of the first PCs in the 1980s – SCADA-driven systems are typically found in industrial systems such as energy power plants, electricity supply grids, chemical plans and many other industrial systems that require a high degree of computerised control – but also require total, 100 per cent, systems availability.

This is Mission Critical with a capital M and C. Many businesses claim their IT processes are mission critical, but SCADA control systems are often critical to national infrastructures.

If the national electrical grid goes down, for example, it can cost industry many tens of millions of pounds per hour and – in the case of hospitals, air traffic control systems and the like – can actually place people’s lives in jeopardy.

Despite the fact that a growing number of PC users in the private and public sector are migrating – or have migrated onto – the Windows 7 platform, most SCADA-based systems use a robust and ruggedised version of Windows 98, a 16-bit version of Windows dating back to the late 1980s.

The reason for this apparent luddite approach is quite simple: by using a stable and unchanged operating system which has been fully updated and completed its lifecycle, SCADA-based systems can have their operating system loaded into firmware.

This means that, although there is no equivalent of Microsoft’s `Patch Tuesday’ update programme for Windows 98, cybercriminals cannot easily subvert the code of SCADA-based system, since the firmware-based operating system is fixed – and cannot be updated.

This fully-embedded firmware approach is fairly unique to SCADA-based operating systems, but helps one to understand that a highly controlled operating system and software environment – as mandated under the Australian DSD’s diktat – has a far lower risk of subversion than the free-for-all software approach see in the cost-cutting UK public sector.

Here at Avecto, whilst we understand the impetus behind moving to open source software that a growing number of UK government departments and allied public sector agencies are moving towards as part of their cost-cutting strategy, this does not mean that the Australian ideas enshrined in the DSD report cannot also be applied here in the UK.

This is because the principle on which our security offerings are built is Windows privilege management – namely the control over who has access to specific applications running on the corporate IT platform, as well as the underlying data.

This means, for example, that if the admin team only run their control and security software from within the network perimeter on known PCs, then access to those applications can be locked down to specific on-network computers.

Then, even if a set of admin account credentials are compromised by hackers, they cannot use those credentials from the Internet – they would still have to gain physical access to the terminals used by the admin staff.

This is a similar belt-and-braces approach being adopted by a growing number of banks for online account access. Not only must users present the right credentials, but they must also authenticate themselves using the appropriate hardware token.

Back in the land of securing Windows-based computers, meanwhile, and it is interesting to note that a second report from Australia’s DSD Implementing the DSD’s Top Four for Windows environments ( ) – the conclusion is quite unequivocal:

“Minimising administrative privileges is an exercise in the principle of least privilege. In a properly designed, administered and maintained environment there is no requirement for any user to have administrative privileges on their day-to-day account. In addition there should be no account which has both administrative privileges and access to networks outside of the organisation, such as Internet or email services,” it says.

“When properly planned and executed, minimising administrative privileges can have significant flow on benefits to the stability and consistency of the computing environment, simplifying administration and support of that environment,” it adds.

Does this sound vaguely familiar? It should – it’s effectively a summary of the reasoning and principles surrounding the use of SCADA-based computer systems that run our critical infrastructures.

And whilst I’m clearly not advocating the use of the inflexible embedded operating system approach seen on SCADA-based platforms, I think there is considerable scope for the Australian DSD’s report recommendations to be deployed in UK corporate IT departments.

As well as reducing the risk profile of company IT systems, they would also greatly assist in the number of support calls need in a typical major corporate – which is something that will make the bean counters happy.

And that’s no bad thing when you think about it…

February 29, 2012  7:52 PM

Are DDoS Attacks Part of Competitive Online Business Strategy?

Tony Bradley Tony Bradley Profile: Tony Bradley

Distributed Denial of Service (DDoS) attacks are a competitive weapon of choice for unscrupulous online businesses, according to independent research conducted by Corero Network Security. The research conducted with IT directors in 200 mid- to large-sized enterprises in the United States found that unfair business practices trumped “hacktivism” as the reason cited for DDoS attacks.

Conducted by Vanson Bourne, the research poll showed nearly two-thirds (63%) of IT directors were highly concerned about the threat of a DDoS attack with more than a third (38%) of the companies hit by at least one attack in the last 12 months.

Contrary to the widespread belief that ideological and political motivation are the driving forces behind DDoS attacks, more than half (52%) of the companies surveyed that had been victims of a DDoS attack blamed “competitors looking to gain a business advantage.”

In contrast, ideology was blamed by enterprise IT directors surveyed for only 20% of the DDoS attacks.

“Hacktivists are a threat to anybody who touches on public policy, privacy around the internet and of late anybody in law enforcement, but the average business will never find itself in the sights of groups like Anonymous, whereas every business has competitors,” said Richard Stiennon, chief research analyst at IT-Harvest.

“These new low and slow application-layer attacks are ideal for competitors seeking to disrupt business activity,” Stiennon said.

Unfair business advantage was cited as the leading source of DDoS attacks reported by victim companies in each vertical surveyed: Financial Services (62%), Retail (47%) and Manufacturing (46%).

The research found that financial extortion, the threat of DDoS for ransom money, was the least frequent motive for DDoS attacks, with enterprises citing it 12% of the time.

“As businesses grow increasingly dependent on the Internet to reach customers and interact with partners and suppliers, so the attackers grow more sophisticated in their means of attack,” said Neil Roiter, director of research, Corero. “This research reveals that enterprises across verticals are justifiably concerned about being targeted by DDoS attacks, and they should be particularly wary of the new low and slow application-layer attacks, which appear to be legitimate and fly under the radar.”

February 29, 2012  7:48 PM

How Would New EU Data Protection Laws Impact Compliance?

Tony Bradley Tony Bradley Profile: Tony Bradley

Tufin Technologies today announced the results of a survey assessing how the recently announced updates to EU Data Protection legislation will impact IT compliance efforts. 42% of the 100 network security managers sampled by the firewall management software provider said the proposed changes led to increased risk awareness within their organization; 34% stated that their attitude towards Continuous Compliance had changed as a result, and 54% believe that automating audits would reduce the organization’s risk of violating the law.

“While 29% of respondents have partially automated compliance audits, those processes that are not automated run the risk falling out of compliance the moment after the auditor signs off on the audit,” said Shaul Efraim, vice president of Marketing and Business Development for Tufin Technologies. “Many of our customers experienced that scenario when they first began their PCI DSS compliance efforts. Organizations that use our software to automate the firewall audit process report they have much more control over the aspects of PCI DSS that we address, which aids their ongoing compliance efforts. Tufin’s automation can deliver the same value to any organization that will need to comply with future changes to EU data protection and privacy laws.”

Tufin executed this survey in response to the January 2012 announcement by European Commissioner for Justice that outlined plans to enhance data protection rights for individuals across Europe and increase the responsibility and accountability of organizations handling records containing the information of EU citizens.  If adopted, the new legislation would apply to all organizations that do business in Europe.   The draft guidelines reflect a growing concern about the way in which personal details are captured, handled and stored in today’s highly complex information age. Proposed changes include severe fines of up to 2% of revenues for privacy violations and a requirement that, under certain circumstances, organizations report privacy breaches to authorities and affected individuals within 24 hours of the breach being noticed.

Tufin asked respondents what they felt was best way to reduce the risk of a fine due to non-compliance.  Feedback from survey respondents was just as interesting as the statistical data: one IT security professional said that good company security standards would assist in this regard, while another professional favored a strict compliance strategy, with “data security awareness program across the organizations – and online monitoring of compliance checks – helping in reducing the risk of fines due to non-compliance.” Another IT security professional was in favor of even more draconian penalties, pressing for legislation that directly (financially) penalizes staff for actions that cause a breach.

February 29, 2012  7:43 PM

ProofPoint Integrates Security-as-a-Service with Box Cloud Storage

Tony Bradley Tony Bradley Profile: Tony Bradley

Proofpoint announced a new integration with Box to offer enhanced security, compliance and control over documents shared via Box.

“At Box, we’re committed to providing a secure enterprise collaboration experience,” said Chris Yeh, vice president of platform at Box. “Our integration with Proofpoint delivers an advanced layer of governance capabilities that ensures businesses can successfully share and access their most trusted information.”

The Box integration is part of Proofpoint’s ongoing strategy of extending advanced data protection capabilities beyond the enterprise firewall to help organizations monitor and control the flow of information across all major data stores and communication channels.

“Box is one of the first cloud-based file sharing and collaboration vendors to step up to the plate when it comes to protecting enterprise customers’ data and providing the controls demanded by today’s regulatory environment,” said David Knight, executive vice president of product management and marketing at Proofpoint.

The newest addition to Proofpoint’s integrated suite of on-demand data protection solutions, Proofpoint Enterprise Governance is an enterprise information governance solution that gives organizations the ability to monitor and control the flow of information across all major data stores and communication channels, including end-user laptops and desktops, enterprise email systems, file sharing systems, and collaboration solutions (such as Microsoft SharePoint and IBM Lotus Domino). The new integration with Box allows Proofpoint Enterprise Governance to monitor shared folders in Box and detect, track and manage document versions that reside in Box.

Writing in the February 13, 2012 report, Cloud Archiving Markets Consolidate as Vendors Announce Acquisitions, Sheila Childs, research vice president for storage technologies and strategies at Gartner, Inc. said, “Organizations are increasingly becoming interested in applying broader information governance policies to a set of data that goes well beyond email, including file system content (in the data center and external to it), collaborative content, IMs and social content.”

Proofpoint Enterprise Privacy provides data loss prevention, regulatory compliance and encryption capabilities, providing an easy and cost-effective way for organizations to prevent leaks and loss of sensitive data across both email and the web — including all of today’s popular social media platforms (such as Facebook, Twitter and LinkedIn) and web-based email.

Proofpoint Enterprise Privacy can filter both email traffic and web communications — applying the same advanced detection capabilities and enforcing the same policies to guard against data loss and compliance violations across all of today’s popular communications channels.

Via integration with the Box platform, Proofpoint Enterprise Privacy can now apply data loss prevention (DLP) and compliance policies to files that reside in Box, enabling a variety of new capabilities. For example, when a user attempts to upload a file to their enterprise’s Box deployment, Proofpoint Enterprise Privacy intercepts, scans and enforces policy, utilizing a web proxy server which supports ICAP.

Box integration features — including governing synch-folders and enforcing DLP policies — are available today.

Pricing and Availability

Proofpoint Enterprise Governance and Proofpoint Enterprise Privacy are available now. The solutions are priced on a per user, per year basis with subscription costs depending upon the size of deployment. Contact Proofpoint for a detailed quote.

February 29, 2012  7:38 PM

RSA Chief Rallies the Troops: Time to Improve Trust in Our Digital World

Tony Bradley Tony Bradley Profile: Tony Bradley

In his RSA Conference 2012 keynote address, Art Coviello, Executive Vice President of EMC and Executive Chairman of RSA, The Security Division of EMC (NYSE: EMC), called on the industry to rethink traditional methods of security – imploring security leaders, vendors and practitioners to rapidly advance security strategies beyond signature and perimeter-based defenses and to work together to develop and adopt new intelligence-based approaches to information security.

Coviello noted that up until recently, IT security has succeeded in making the internet safe enough to transform the world, but times are changing, and trust in the digital world is in jeopardy.

“New breeds of cybercriminals, hacktivists, and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value,” said Coviello. “With increased speed, agility and cunning, attackers are taking advantage of gaps in security resulting from the openness of today’s hyperconnected infrastructures and the industry’s slow response to recognize the potency of the emerging threat landscape.”

Coviello remarked that security systems must evolve from the current patchwork of controls serving up too much data and not enough intelligence to models that provide advanced monitoring capabilities, high-speed analytics and intelligent controls.

“Our mindset must shift away from playing defense and tracking meaningless individual events,” said Coviello.  “We need the capability to sift through massive amounts of information lightning fast, creating predictive and pre-emptive counter-intelligence to spot the faint signals that may be all that’s visible in a sophisticated, stealthy attack.”

In his keynote, Coviello observed that the security industry has been going through “hell” over the past year with the recent epidemic of attacks.  Referring to the attack on RSA in March of 2011, Coviello stated, “Never has our responsibility to you been as firmly etched in our minds. We have a sense of urgency as never before to take the lessons we learned first-hand, and the privileged insight we obtain from other attacks to use them to drive our strategy, our investments and product roadmaps. In the final analysis, we hope that the awareness from our attack will strengthen the sense of urgency and resolve of everyone.”

Coviello called for the industry to rally together to take the following actions:

·        Change how we think about security. The security industry must stop thinking linearly, “…blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this,” Coviello said.

·        Transition to intelligence-driven security systems that are risk-based, agile, and contextual. Organizations must do a better job at evaluating risk from the inside out and the outside in – combining both broad and deep understanding of their material assets and internal environments with a wide range of external intelligence sources.  Security frameworks must be based upon agile, predictive analytics and continuous monitoring. Finally, organizations need to develop systems that provide real-time access to the entirety of relevant information via advanced, Big Data-based security systems driven by the power of multi-source intelligence in order to achieve a contextual understanding of threats.

·        Collaborate and Share information. The IT industry must do a better job of sharing its collective intelligence in real time “for the benefit of all,” Coviello said. This is already beginning to happen, as grassroots networks of likeminded communities are sharing security intelligence as never before.

·        Train a new generation of security analyst to combat the rising tide of Advanced Attacks.  The new breed of analyst must have analytical and intelligence skills, ‘big picture’ thinking, people skills, a focus on offense (not just defense), and the ability to react with speed and precision.

“We are in combat with a host of adversaries and it’s time for us to fight back with creativity and innovation,” Coviello concluded. “By doing so we can ensure that the balance of control of our digital world remains in the hands of security practitioners.”

February 29, 2012  7:35 PM

PhoneFactor Extends Multi-Factor Authentication to Android

Tony Bradley Tony Bradley Profile: Tony Bradley

PhoneFactor today launched the Android version of its authentication app for smartphones and tablets. The PhoneFactor App was initially unveiled late last year for iPhones and iPads, adding a third method of securing account logins and transactions using a phone. PhoneFactor’s completely out-of-band authentication platform also includes phone call and text message options.

By adding support for Android devices, the PhoneFactor App now ensures that iOS users are not the only hip people “App Authenticating” around the office, house, coffee shop, or wherever their busy lives takes them. Smartphones and tablets have become an extension of daily life for hundreds of millions of people worldwide. Using these same devices to provide multi-factor authentication – a function that has become a must-have security tool in nearly every industry – is preferred by users over carrying security tokens and more convenient than certificates that requires the user to be on their work or home computer.

The PhoneFactor App is extremely easy to use. It works by pushing a notification to the user’s smartphone or tablet. Instantly, an alert pops up on the user’s device. The user simply taps “Authenticate” (or enters a PIN and taps “Authenticate”) in the PhoneFactor App to verify account logins and transactions. To report fraud, the user simply taps the “Report Fraud” option instead to block the attacker and alert the company’s fraud response team.

The PhoneFactor App works anywhere the user’s mobile device is connected to either a cellular or a Wi-Fi network. This means users can “App Authenticate” anywhere, including on a plane in the air – definitely increasing the cool factor for both iOS and Android users.

“Smartphones and tablets are the multi-tool of today’s professional generation. Busy hyper-taskers use them for everything from checking email and paying bills to remotely performing complex and high risk job tasks. The PhoneFactor App makes multi-factor authentication second-nature for them,” commented Tim Sutton, PhoneFactor CEO. “We’re glad that Android is now available so that everyone can experience App Authenticating.”

February 29, 2012  7:30 PM

Can You Defend Your Network Against a DDoS Attack?

Tony Bradley Tony Bradley Profile: Tony Bradley

Arbor Networks, today introduced a new version of its Pravail Availability Protection System (APS) which protects enterprise networks from availability threats — specifically, application-layer distributed denial of service (DDoS) attacks. In addition to enhanced visibility, control and reporting, Pravail APS v.2.5 includes enhanced protections for critical services such as SSL and content delivery networks.

According to a recent report from Infonetics Research titled, DDoS Prevention Appliance Market Outlook, Arbor Networks was cited as “the dominant leader for DDoS prevention” overall as well as in the Carrier Transport and Wired Broadband, Enterprise Data Center and Mobile market segment.

Arbor Networks understands that enterprise networks are exposed to a growing variety of DDoS attacks ranging from flood attacks to smaller, more difficult to detect application-layer attacks that target email, web services, e-commerce and Voice over IP (VoIP). Attacks are becoming more sophisticated yet easier to perpetrate. As a result, enterprise network operators around the world are experiencing outages due to DDoS more frequently and with more severe consequences to their businesses than ever before.

“In the Pravail APS, Arbor’s taken our carrier-class DDoS attack identification and mitigation technology and put it in a purpose-built solution for the enterprise data center. In today’s complex threat landscape, application-layer attacks must be dealt with at the network perimeter, before they overwhelm existing security devices like Firewalls and IPS and certainly before they impact critical services like SSL,” said Arbor Networks President Colin Doherty.

Global Threat Intelligence and Automatic Updates
Anonymized traffic data from 100+ customer networks plus a global honeypot sensor network form the core of Arbor Networks ATLAS Internet monitoring system, which powers all Arbor Networks solutions including Pravail APS. ATLAS data enables Arbor Security Engineering & Response Team (ASERT) to develop a globally-scoped view of malicious traffic traversing the backbone networks that form the Internet’s core. When a new botnet or application-layer attack is detected, an attack signature is created, distributed via the ATLAS Intelligence Feed (AIF) and installed in Arbor’s Pravail APS product.

The AIF enables enterprise IT teams to leverage the global threat intelligence of the ATLAS data set together with the daily threat analysis of Arbor’s researchers, saving significant time by eliminating the need to manually update the latest attack detection signatures. Most importantly, this integrated, automated threat intelligence enables customers to quickly stop DDoS attacks before they impact critical business services.

SSL Protocol Attack Protection
Today, Secure Sockets Layer (SSL) provides the necessary security and encryption for enterprises and their customers to safeguard sensitive transactions and email over the Internet. As enterprises increasingly rely on SSL for their mission critical communications it becomes a more significant target for DDoS attacks. To ensure the availability of SSL-powered services, Arbor’s Pravail APS now delivers DDoS protections for SSL regardless of the application – HTTPS, POP3S, SMTPS, etc. Pravail APS blocks SSL DDoS attacks with ASERT-designed protections that guard against malformed traffic, attempts to continually renegotiate connections and other advanced attacks that aim to disrupt service availability.

CDN and Proxy Support
Traditionally, enterprises that employ  CDNs and proxies have had limited options for availability protection because many DDoS mitigation solutions overly rely upon blacklisting of the attackers’ IP addresses. Because CDNs and proxies hide the IP address of clients, unsophisticated solutions would block all connections from the CDN or proxy – both legitimate traffic and attacking hosts – when a DDoS attack was identified. This mitigation approach essentially completes the attack for the attackers.

Pravail APS now supports CDNs and proxies to work within all enterprise environments without forcing a network re-design to accommodate availability protection. Arbor Networks relies on both global visibility and advanced security research to continually update its security content. The advanced anti-DDoS protections designed by ASERT enable Pravail APS to deliver effective availability protection with and without blacklists. Enterprises that rely on CDNs and proxies no longer have to sacrifice business needs for proven security.

Enhanced Visibility, Control and Reporting
Confidence in DDoS protection comes from viewing blocked attacks and service availability. Pravail APS v2.5 provides the user with confidence to deploy in-line by providing details on what specific hosts were blocked and why. The interface and reporting validates that valid traffic isn’t blocked and easily whitelist hosts that should not be blocked.

February 29, 2012  7:27 PM

Kerio Control 7.3 Helps Businesses Prepare for IPv6

Tony Bradley Tony Bradley Profile: Tony Bradley

Kerio Technologies today began assisting organizations with the upcoming transition from IPv4 to IPv6. As the Internet community phases in the new protocol, Kerio Control 7.3, a comprehensive UTM security appliance, will allow organizations to securely test IPv6 traffic over their corporate networks.

Kerio Control 7.3’s automatic support for IPv6 means that in a few clicks, it becomes an IPv6 router for the network. It currently acts as a stateful firewall for IPv6 traffic, and will soon add IPS, antivirus, web filtering, bandwidth management, and Kerio StaR reporting support for IPv6 traffic so organizations can be ready when the ISPs are.

“The time is now to start with IPv6. Things like the continued growth of the cloud have created a fresh demand for IP addresses and it is always a good idea to begin testing technology that you will eventually have to support,” said James Gudeli, vice president of business development, Kerio Technologies. “For Kerio, our IPv6 support will continue to grow and Kerio Control 7.3 will enable those interested in expanding the use of and testing IPv6 to do so securely.”

Although most ISPs don’t yet support IPv6 without VPN tunneling, they’ll eventually have to. The move is not only inevitable, but an opportunity for solution providers to advise their clients on the transition.

“Kerio Control 7.3 will allow us to be at the forefront of the IPv6 discussion and have our clients well prepared,” said David Anderson, owner, Tomotechi, a Kerio Preferred Partner located in Houston, TX. “The question I often hear about IPv6 is ‘Where do I start?’ and I think Kerio is offering a logical and secure answer to the question.”

Kerio Control 7.3 is ideal for organizations that demand robust network protection, traffic analysis, and user-based reporting. In addition to IPv6 support, additional new features include full Web administration via the iPad, emailed Kerio StaR (statistics and reporting) reports and daily IPS blacklists updates.

Kerio Control UTM is available in a wide range of form factors, including a hardware firewall appliance, bootable ISO firewall software appliance, virtual appliance for VMware or Parallels, or Windows Server software.

The Kerio Control software server license starts at $265 USD and includes 5 users. Additional users are $26 each. Hardware appliance pricing starts at $1,000 USD for the entry-level Kerio Control Box 1110 with 5 users, which includes Sophos gateway antivirus and Kerio Web Filter. Kerio includes VPN clients for all users in the price. Kerio’s VPN client is available for Windows, Linux and Mac.

Kerio Control is available for download immediately with a 30-day unrestricted evaluation period. Visit for more information.

February 29, 2012  7:23 PM

Voltage Security Announces Voltage Security Mobile Plus

Tony Bradley Tony Bradley Profile: Tony Bradley

Voltage Security, today announced Voltage Security Mobile Plus, the company’s comprehensive initiative to extend its existing mobile security solutions to protect the new generation of mobile devices, applications and data. Driven by the massive global consumption of mobile devices, and the recent dramatic adoption of tablet computers by the broader workforce, Voltage is building on its leadership in data-centric protection for business-critical sensitive data, wherever it is and wherever it might go.

According to Forrester Research, “Mobility will drive new data-killing initiatives. The advent of the extended enterprise and the ease of accessing corporate information anytime, anywhere, and on any device will create new pressures on security teams to encrypt data. Mobile devices are easy to lose and easy to steal. Enterprise-level encryption is the best hope for securing data on these devices.” (Ref: “Killing Data”; report issued by Forrester Research, Inc. January 30, 2012.)

“The Voltage Security Mobile Plus initiative builds on our leadership in delivering data-centric encryption to the largest companies in the world,” said Mark Bower, vice president of product management at Voltage Security. “We are taking our expertise in data-centric security, and our encryption and key management leadership, and building a comprehensive set of data-centric mobile security solutions for email, files, data and payments security.”

Current mobile security solutions focus on creating boundaries within the devices where data can be stored and accessed. When encryption is used, it is typically non-user friendly, non-application specific, lacking granular policy controls and relying on antiquated key management that requires massive investment to scale.

With Voltage, the data itself is protected so that it can move between applications and devices without disrupting existing processes and user experience. Voltage solutions use Voltage Identity-Based Encryption™ (IBE) to deliver simplified stateless key management, scalable to millions of users with minimal overhead investment. Voltage IBE is proven as the foundation of Voltage SecureMail™, one of the most widely-used secure email solutions globally, with roughly 50 million users worldwide and approximately one billion IBE secured business emails sent in 2011.

Voltage Format-Preserving Encryption™ (FPE) is a widely-adopted Voltage technology for protecting sensitive information at the data level, while permitting applications to function with that data in the cloud or on mobile devices. This data-centric information protection technique is already in use in numerous global enterprise data protection deployments and with leading cloud-based payment processors. Voltage is now extending it to mobile payments.

Voltage Security Mobile Plus initiative
The Voltage Security Mobile Plus initiative will protect mobile data in the following ways:

·         Protect emails accessed by mobile devices:
By providing granular data security policy control to internal and external messages, 100% push secure email, comprehensive user authentication, and a non-disruptive user experience, Voltage will provide new levels of email mobile security. The first product with this capability is targeted for Q2 2012 release.

“We have long been a pioneer in providing mobile email security solutions. Very early on we integrated our award-winning Voltage SecureMail with the Blackberry Enterprise Server (BES) and now many of the world’s largest firms rely on it every day—firms sending secure emails to millions of recipients,” said Bower. “Our ever-expanding global customer base includes many of the world’s largest banking, telecom and healthcare organizations.”

·         Protecting sensitive business data and files:
Protecting sensitive data in files, databases and applications is becoming an even bigger challenge for enterprises with the adoption of cloud storage for streamlined collaboration. The natural pairing of mobile devices — especially tablets — to cloud services puts even more data at risk. The Voltage Security Mobile Plus initiative will extend the data-centric approach already protecting unstructured and structured data from the desktop to the mobile device. A seamless user experience is enabled by Voltage’s unique IBE technology by removing complex key management, while Voltage FPE provides end-to-end data encryption while enabling full use of the protected data in business processes and applications. Whether it’s PCI regulated data or sensitive personal information, the issues are the same; if it’s not protected, it’s at risk of compromise. The Voltage SecureData and Voltage SecureFile solutions address this risk with mobile capabilities planned for later in 2012.

“We have seen plenty of FUD (Fear, Uncertainty, and Doubt) about mobile security. And the concern isn’t totally misplaced. Those crazy users bring their own devices (yes, the consumerization buzzword) and connect them to your networks. They access your critical data and take that data with them. They lose their devices (or resell them, too often with data still on them), or download compromised apps from an app store, and those devices wreak havoc on your environment. Let’s call this situation what is: escalating anarchy,” wrote Mike Rothman, president of Securosis in a recent blog post1. “Many organizations use MDM to enforce configuration policies, ensuring they can wipe devices remotely and routing traffic device traffic through a corporate VPN. MDM provides an essential set of security and management controls. But it’s clearly not a panacea, so you need broader capabilities to bridge this mobile security gap.”

·         Protecting transaction data captured at any new mobile payment method/device:
Within the Voltage Security Mobile Plus initiative, Voltage SecureData Payments is available and shipping on an immediate basis for implementation in most mobile payment devices. The Voltage SecureData Payments POS SDK provides end-to-end encryption to reduce PCI scope and merchant risk. Already adopted by six of the largest payment processors in the world and leading payment device manufacturers, Voltage SecureData Payments is the choice of large and small merchants to reduce PCI costs and audit scope without the complexity of legacy approaches.

Voltage SecureData Web, also available now, secures desktop and mobile web e-commerce payments for card-not-present transactions, end-to-end, from browser to acquirer. Voltage SecureData Web reduces PCI audit scope and breach risk, and provides major benefits to merchants embracing a secure and seamless customer shopping experience.

“Elavon takes a comprehensive approach in helping our merchant customers protect cardholder data at every point in the transaction lifecycle: in use, in motion and at rest,” said Rob McMillon, vice president, Global Security Solutions, Elavon. “Extending the data-centric encryption model to mobile devices addresses that critical need, and further helps businesses mitigate the costs and complexities associated with PCI compliance validation.”

“Voltage technology is already integrated with Ingenico’s Telium platform. Our customers enjoy the security and ease-of-use in our devices. Now that we are adding mobile solutions to our product lines, the integration of Voltage Security’s payments toolkit on mobile devices offers some of the most secure mobile payments options to merchants. A data-centric approach to payments security is a win-win for reducing risk and audit scope, which is essential in mobile data security,” said Greg Boardman, senior vice president, Products and Development, Ingenico.

For more information on the Voltage Security Mobile Plus initiative and Voltage mobile solutions, please go to

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: