April 2008 Entries
PCI Council issues statement on Web application security as June 30 closes in - April 23, 2008
Tampa Florida - Responding to a wave of criticism and confusion surrounding the imminent deadline for a new section of the PCI Data Security Standard regarding Web application security, the PCI Security Standards Council on Tuesday released documentation intended to clarify the requirements for securing Web applications.
The clarification is meant to settle some of the confusion regarding the pending enforcement of PCI DSS Requirement 6.6 , which covers application firewalls and code reviews.
Security practitioners and industry observers had criticized the language in the new requirement, saying that it was unclear whether organizations needed to perform a code review and deploy a Web application firewall, or whether one or the other is sufficient. The new document explains that companies can do either the code review or install the application firewall, but that the council would ideally like to see them do both, states Brian McCarthy Security Expert and PCI chapter member.
"The intent of Requirement 6.6 is to ensure Web applications exposed to the public Internet are protected against the most common types of malicious input. There is a great deal of public information available regarding Web application vulnerabilities," the council wrote in its guidance. "Proper implementation of both options would provide the best multi-layered defense. PCI SSC recognizes that the cost and operational complexity of deploying both options may not be feasible. Further, one or the other option may not be possible in some situations. However, it should be possible to apply at least one of the alternatives described in this paper and proper implementation can meet the intent of the requirement." Products like the Barracuda Networks Web Firewall is the simplist and most affordable way to get into complience quickly.
For organizations considering the application code review option, the PCI SSC laid out some more detailed information on what qualifies as a code review. For example, the new guidance defines such reviews as being "dynamic and pro-active, requiring the specific initiation of a manual or automated process." The four options for code reviews that meet Requirement 6.6 include:
Manual review of application source code
Proper use of automated application source code analyzer tools
Manual Web application security vulnerability assessment
Proper use of automated Web application security vulnerability assessment tools
As for the Web application firewall, the PCI SSC specifies that the firewall be "a security policy enforcement point positioned between a Web application and the client end point." That's a fairly broad definition, and the new guidance further broadens it by saying that the firewall can be either a dedicated appliance or a software application running on a server. The software version comes with is own challenges unlike a Barracuda Networks Web Firewall.
However, the council is careful to say that simply deploying one of these protection methods is not enough to guarantee compliance with Requirement 6.6. "Note that compliance is not assured by merely implementing a product with the capabilities described in this paper," the guidance says. "Implementing a [Web application firewall] is one option to meet Requirement 6.6 and does not eliminate the need for a secure software development process."
The Deadline for 6.6 is due to go into effect on June 30 2008.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words:Â Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
LendingTree's Poor Security Practices are the cause for Data Breach - April 23, 2008
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
University of Miami given Failing Grades for Data Security - April 20, 2008
The Universities of Miami and Virginia acknowledge lost data on stolen tapes and laptops
The University of Miami and the University of Virginia are the two latest organizations to be rocked by data breaches after the theft of sensitive data affecting tens of thousands of people.
Miami Florida - Details of the University of Miami’s security snafu are starting to emerge after officials confirmed yesterday the theft of backup tapes containing medical data and Social Security numbers on some 47,000 people.
In a statement released Thursday, the university explained that the theft occurred when a case of tapes was stolen from a vehicle in downtown Coral Gables. The vehicle had been contracted by a “private off-site storage company," though officials but did not reveal the identity of the firm involved.
Anyone who has been a patient of a University of Miami physician or visited one of the university’s medical facilities since Jan. 1, 1999, is likely to be included on the tapes, according to officials.
Information contained on the stolen media includes names, addresses, Social Security numbers, health information, and, in some cases, credit card and financial data.
”We felt that in the best interest of the physician-patient relationship, we should be transparent in this matter,” said Pascal Goldschmidt, dean of the University of Miami’s Miller School of Medicine, in a statement, adding that he is confident that patients’ data is safe.
The tapes were written in a “complex and proprietary format," making it unlikely that a thief could access the data, according to the university. When the theft occurred last month, officials also brought in security specialist Terremark to work out whether data could be accessed from a similar set of backup tapes.
”Because of the highly proprietary compression and encoding used in writing the tapes, we were unable to extract any usable data,” said Christopher Day, senior VP of Terremark’s Secure Information Services group, in a statement.
At least one Security Consultant Brian McCarthy of Sencilo Solutions disagrees, "Mr. Day is flat at not telling the truth, the backup software is a free download via Symantec, as for the hardware I'd suggest he visit E-Bay to place a bid for a LTO tape reader". What Mr. Day should of been doing is recommending encryption technologies to his client, rather then filling them with false promises of security, states McCarthy. The only way to guarantee that the data is protected is to use encryption, say Mr. McCarthy.
Law enforcement agencies are currently investigating the theft, although Miami is not the only university dealing with the consequences of stolen data.
The University of Virginia also hit the headlines this week following the theft of a laptop from one of its employees. The laptop contained information on more than 7,000 staff, students, and faculty, according to media reports.
Local Charlottesville newspaper The Daily Progress reports that the laptop, which contained a file with names and Social Security numbers, was stolen from an undisclosed location in Albemarle County.
This is not the first time that the University of Virginia has been struck by a data breach.
Last year a hacker broke into the university’s network and accessed the records of 5,735 faculty members, prompting the school to call in the FBI to work on the case alongside the university police and its IT workers.
The University of Virginia did not respond to Byte and Switch’s requests for comment on the stolen laptop, although the local Albemarle County Police Department is said to be investigating the theft.
Research released today by analyst firm AMI Partners reveals the staggering scale of data breaches experienced by U.S. firms, with up to 86 percent of medium-sized American businesses reporting some form of security breach or data loss in the last 12 months.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Affordable Web Site Firewall for PCI Compliance to SMBs - April 19, 2008
Barracuda Networks Launches Barracuda Web Site Firewall -- New Barracuda Web Site Firewall Offers Complete Protection Against Site Vulnerabilities, Extends Affordable PCI Compliance to SMBs
Miami Florida - Barracuda Networks Inc., the worldwide leader in e-mail and Web security appliances, today launched the Barracuda Web Site Firewall product line, the industry's most cost-effective Web application security appliance. The Barracuda Web Site Firewall leverages the capabilities of the award-winning Web Application Controller product line acquired from NetContinuum in September 2007. Targeted at businesses of all sizes requiring Web application security and PCI compliance, the Barracuda Web Site Firewall starts at $4,999.
"Hackers are increasingly taking advantage of Web sites that do not have ample protection against major Web application attacks, and many of these sites belong to small and medium businesses," said Stephen Pao, vice president of product management for Barracuda Networks. "Until now, Web application security products have largely been targeted at large enterprises that have expansive IT budgets, leaving SMBs without an affordable option. The Barracuda Web Site Firewall delivers a powerful, easy-to-use solution for the 'rest of us.'"
By harnessing the same powerful protection offered by the Barracuda Web Application Controllers, the Barracuda Web Site Firewall secures Web sites against data theft, denial of service or defacement. As a full proxy, the Barracuda Web Site Firewall blocks or cloaks attacks, such as SQL injections, cross-site scripting attacks or buffer overflows, while preventing outbound sensitive data leakage. To minimize ongoing administration associated with security, the Barracuda Web Site Firewall automatically receives Energize Updates for the latest policy definitions, security updates and attack definitions. In addition, the Barracuda Web Site Firewall features the same user interface and management framework common to all Barracuda Networks products, including the Barracuda Spam Firewall and Barracuda Web Filter.
The Barracuda Web Site Firewall product line integrates varied degrees of traffic management capabilities, including SSL offloading, hardware-based SSL acceleration and load balancing, which increases both performance and availability of the applications. "Once again Barracuda is leading the way in affordable data protection", say Brian McCarthy CEO and Security Expert for Sencilo Solutions based in Orlando Florida.
Affordable PCI Compliance
In addition to ensuring the integrity and availability of a business' Web site, the Barracuda Web Site Firewall also enables Payment Card Industry Data Security Standard (PCI DSS) compliance for mainstream businesses that use their Web site or other Web applications to conduct retail transactions with customers.
"The Internet has enabled small and medium businesses to operate on a global scale, making it imperative that these businesses also have a means with which they can secure transactions containing credit card or other personal account data with customers all over the world," said Pao. "With the Barracuda Web Site Firewall, businesses can afford a comprehensive set of technologies designed to protect against unauthorized access to this sensitive information."
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
And the winner is........ - April 19, 2008
Leading Network Security Publication Honors Barracuda Spam Firewall and Barracuda IM Firewall at Annual Awards Gala
Jacksonville Florida – Barracuda Networks, Inc., the worldwide leader in email and Web security appliances, today announced that its Barracuda IM Firewall and Barracuda Spam Firewall were recognized by SC Magazine at the exclusive SC Magazine Awards Gala, held last week in conjunction with the annual RSA Conference. The Barracuda IM Firewall was selected for the Reader’s Trust Award for “Best IM Security Solution,” and the Barracuda Spam Firewall was awarded the 2008 SC Magazine Excellence Award for “Best SME Security Solution.”
As part of the Reader’s Trust Awards competition, SC Magazine readers representing IT’s most knowledgeable security professionals selected the Barracuda IM Firewall from among the industries’ finest solutions.
“We are truly honored to have been selected for these prestigious awards,” said Dean Drako, president and CEO of Barracuda Networks. “Knowing that the Barracuda IM Firewall was voted on by the readers of SC Magazine, is especially gratifying because we believe that many of those readers are also our customers, and we appreciate their continued support.”
Barracuda Networks and other 2008 SC Magazine Excellence Award winners were marked for distinction by a panel of 17 leading chief security officers from major corporations and large public sector organizations. The Barracuda Spam Firewall was selected for its excellence in protecting both small and medium enterprises.
“The Barracuda Spam Firewall was designed to be easy-to-use, powerful and affordable for businesses of all sizes,” said Drako. “To be recognized by this distinguished panel of security experts as the best overall SME security solution is an incredible honor for us.”
“In awarding the 2008 SC Magazine “Best SME Security Solution” Award, our judges have recognized Barracuda Networks as a key ally in their mission to safeguard businesses, customers and critical data in North America,” said SC Magazine Editor Illena Armstrong.
The awards highlight and showcase the best solutions, services and professionals while recognizing achievement and technical excellence in the information security industry. With more than 600 entries submitted in thirty categories, the 2008 SC Magazine Awards proved to be the most competitive in the program’s eleven year history.
The Barracuda Web Filter was also listed as a finalist for the Reader’s Trust Award for “Best Web Filtering Solution.” More information and a detailed list of categories and winners can be found at www.scmagazineus.com/awards.
About SC Magazine
SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Magazine Awards, SC Directory, SC Magazine Newswire and SC Magazine IT Security Executives Forums.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
So many E-mail Attacks - So little Time! We have the Answers - April 19, 2008
Virus-laden spam, targeted attacks and user ignorance make IT pros' jobs harder; here's how to cope.
Miami Florida - Mike Larsen has taken great pains to be able to sleep at night, confident that the e-mail systems at his workplace are being maintained and that the wall separating those systems from spam and phishing attacks still stands. But, as at many organizations, the wall guarding the e-mail systems at Larsen's company—travel agency Groople—is constantly under siege, with the attacks getting more brutal. "As Groople has grown, I have seen the volume of e-mail-based attacks skyrocket," said Larsen, the company's manager of IS. "It soon overburdened our e-mail gateway, and I was forced to implement new systems and software to handle the huge increase."
Vendors and enterprises alike are faced with a new e-mail threat landscape, where spam is increasingly laced with malware and targeted attacks have become more common. IT pros have a lot to consider—both in terms of technology and best practices—as they deal with the growing e-mail security challenge. According to Larsen, Groople grapples with about 1 million e-mails each month, 76 percent of which are either blocked by Barracuda Networks quarantined as spam. About 5 percent of spam messages get through to Groople in-boxes, he said.
To avoid this messaging traffic overburdening the network, the company went to a load-balanced e-mail gateway environment earlier this year. Larsen said he made sure security was woven into the gateway's fabric.
"Our entire e-mail infrastructure is architected in conjunction with our security infrastructure … to maximize the use of multiple layers of protection," Larsen said. "An attack must make it through several separate layers to get onto a user network. Any company that looks at e-mail as simply a business tool is blind. E-mail is a significant security threat to all businesses and should be addressed aggressively."
The New Threat Landscape
According to researchers at Symantec, one in every 617 spam messages now contains malicious code. "In the past, a message was either spam or a virus. … A single verdict was usually sufficient to catch it or remedy the situation," said Angelos Kottas, senior manager of product marketing for Symantec Messaging Security. "But what we're seeing as a trend is spam that also has malicious code embedded in it, so that a simplistic approach might not catch it."
In MessageLabs' monthly Intelligence Report for March, the company reported that it found one in every 169.2 e-mails containing a virus and one in every 228.7 e-mails containing a phishing attack. The report goes on to say that some of these attacks were targeted—aimed at specific people in various organizations. "We've been seeing a sharp increase in [targeted attacks]. On average, we will intercept about 30 targeted Trojans per day," said Mark Sunner, chief security analyst at MessageLabs. "In December 2005, that average would have been about two per week."Spam is clearly increasingly being used as an attack mechanism, infecting machines so they can be used in botnets to send more spam, said Gartner analyst Peter Firstbrook. While only one in every 150 to 200 e-mails may contain a virus, a much higher percentage of e-mails include a link to a malware-infected site.
"Sharing threat intelligence is one reason to have a coordinated SMTP and Web gateway," Firstbrook said, adding that, for many organizations, the lack of a secure Web gateway capable of filtering malware is a glaring hole in their defenses.
Many Means to Security End
Only a few weeks ago, a targeted e-mail attack reached the in-box of a county employee in Arlington County, Va. David Jordan, the county's chief information security and privacy officer, recalled that a password dump program had been hidden within an e-mail attachment. However, because the employee had received security awareness training, she did not open it. "The employee knew better than to open the attached file," said Jordan. "She simply forwarded the suspect e-mail to the technology services help desk."
The county uses Symantec Client Security, and Jordan said the system likely would have neutralized the malicious program even if the user had opened the attachment. Nonetheless, he cited the incident as an example of the importance of living in a constant state of vigilance from a security and employee education perspective.
"One of my missions is to make sure employees are educated and to empower them to be responsible and accountable for safe computing practices," he said. "For instance, I personally meet with every new hire during the training process to ensure individuals are aware of online threats and the county's security policies, which include Web and e-mail usage. Additionally, we conduct ongoing training and awareness initiatives, such as publishing weekly newsletters and alerting employees to the latest scams and e-mail threats via the county's SMS [Short Message Service] text alert system."
Indeed, no technology can protect an organization if users are not properly educated about the do's and don'ts of Web security, said Kevin Hewitt, network administrator for Stevens Aviation.
"Here at Stevens Aviation, we alert all of our users on any new possible threats," Hewitt said. "We do this to protect our network but also to help our users avoid these issues at home. In the event we send out an e-mail within the company to inform our users of new issues, we also include an FAQ section to review and remind our users of ways to avoid being scammed, infected or exploited."
Stevens Aviation opted for a software as a service approach to e-mail security with Webroot's E-mail Security SAAS. The aviation company receives about 120,000 e-mail messages daily, of which about 93 percent is spam, Hewitt said. The SAAS model, he added, saves bandwidth and allowed the company to eliminate a server that had been acting as the company's internal spam solution. Hewitt offered several e-mail security best practices, and he advises businesses to choose enablement over blocking when it comes to Web mail, allowing users to access Web-based accounts instead of their work e-mail for all personal transactions.
But letting employees access Web mail doesn't come without risks—and not just in terms of employee productivity.
In MessageLabs' Intelligence Report for February 2008, researchers noted that 4.6 percent of all spam originates from Web mail-based services. The researchers also found that the proportion of spam from Gmail increased twofold, from 1.3 percent in January to 2.6 percent in February. Yahoo Mail was the most abused Web mail service, responsible for sending 88.7 percent of all Web mail-based spam.
"I think some companies would just take the view, ‘We're not allowing Web mail because in theory it could be a bullet hole in your security,'" said Sunner, the MessageLabs security analyst. "If you think about it, if you've got a mail gateway, you've probably got some form of content filtering, some level of anti-virus protection. You'll be doing something almost certainly these days to protect your corporate e-mail system. So, having done that, if you allow access to Hotmail [for example], of course if someone then receives a virus in their Hotmail account and they go and access it, they completely blind-sided all the mechanisms you did put in place."
E-Mail Security or Content Security?
In an era of data breaches and insider leaks, a conversation about e-mail security is about more than just spam and malware—it is also about DLP (data leak prevention). In fact, the focus of enterprises has shifted more toward overall content security, said John Thielens, vice president of technology at Tumbleweed Communications.
"To [solve content security problems] today, you need to buy products from six or seven different vendors—a Web filter, an e-mail filter, a content analysis suite, a file transfer product, an endpoint protection suite," Thielens said.
DLP products offer a more comprehensive approach, with their content monitoring, data classification and policy enforcement capabilities.
The DLP market saw a number of acquisitions last year, and the technology is making its way into the enterprise market. However, many companies have been slow to deploy the technology, which helps to prevent the loss of sensitive data by stopping, for example, an e-mail including a Social Security number from crossing the mail gateway. In the report released last November "Extending Intellectual Property Protection Beyond the Firewall," analysts from Enterprise Strategy Group found that only 17 percent of the 109 respondents were using network-based DLP appliances at their organizations.
The ability to block classified data before it leaks out via e-mail can be a key element in e-mail security. But before investing in DLP, companies should first understand what their sensitive data is and what their business needs are, according to analysts. The risk of focusing too much on a block-and-allow approach is that employees—ultimately the last line of defense in security—will simply circumvent whatever protections are put in place, Thielens said.
"Think of the content management problem as a bubble in a long balloon animal. If you squeeze the controls around that bubble, the air just moves to the left, to the right," he said. "If you lock down e-mail, people start using files and Web and instant messaging. If you take this blocking mentality, you're always in catch-up mode.
"Instead, think about enablement, and tell people, ‘We're going to put some defensive controls that block the wrong ways of doing things in place, but we're also going to give you ways where you know how to do business with your content.'"
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing PCI Visa Email e-mail exchange
GSA Army Contract awarded to Expand Networks beating out Riverbed Steelheads - April 18, 2008
Orlando Florida - Expand Networks recently announced that General Dynamics C4 Systems (GDC4S) and the United States Army awarded the Warfighter Information Network – Tactical (WIN-T) Increment 2–3 TCP Performance Enhancing Proxy (PEP) contract to Expand Networks. Expand Networks is porting the Accelerator Operating System to General Dynamics’ WIN-T hardware platform. The Expand PEP will operate in a mobile ad-hoc environment where dynamic outbound links are created and broken frequently, thereby providing the Warfighter with maximum communications efficiency on the move as well as at the halt. According to GDC4S, WIN-T is the U.S. Army’s on-the-move, high-speed, high-capacity backbone communications network, which links ground level warfighters with commanders and the Global Information Grid, the U.S. Dept. of Defense’s worldwide network-centric information system. WIN-T is a critical enabler of LandWarNet, the Army’s far-reaching effort to transform into joint, network-centric, knowledge-based warfare. The network provides a lucid operational snapshot for theater combatant commanders by using true satellite on-the-move capabilities, robust network management and high-bandwidth radio systems to keep mobile forces connected, communicating and synchronized at all times. (For more information on WIN-T, refer to: http://www.gdc4s.com/news/detail.cfm?prid=197) “Expand Networks has long and widespread experience with national security communications programs at sea, on land and in the air,” said Howard Teicher, Expand Network’s Vice President for Public Sector & Satellite Markets. “Operating enterprise-class applications over low bandwidth-high latency satellite links demands a dynamic, robust WAN Optimization capability to satisfy the users’ performance requirements. Porting the Expand Accelerator Operating System to the Army’s WIN-T architecture demonstrates the power and flexibility of Expand’s technology and our ability to deliver high performance mobile communications, while saving taxpayer resources.” Positioned by Gartner, Inc. in the “Leaders” quadrant in their Magic Quandrant for WAN Optimization 2007 Report, Expand’s complete WAN Optimization solution will be available on the WIN-T blade to increase throughput, accelerate application performance and interoperate with other communications nodes equipped with Space Communications Protocol Standard (SCPS- TP) Acceleration devices. The Expand PEP mitigates the effects of latency and ensures that tactical networks deliver maximum performance. GSA Since its initial 1999 rollout in the Defense Information Systems Agency (DISA), more than 9,000 Expand Accelerators have been deployed in networks throughout the US government and in all branches of the United States Military. Battle-proven in Afghanistan and Iraq with the U.S. Army and Marine Corps, Expand accelerators are also deployed in U.S. government enterprise networks, such as the Treasury Department’s Office of the Comptroller of the Currency.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/network-application-acceleration.php About Us Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Expand Networks, Barracuda Networks, and HP. Its technical expertise is known throughout the networking and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines. Key words: Riverbed vs Gartner Magic Quadrant WAN Acceleration WAN Optimization Application Acceleration Wide Area Networks WAFS, all in one remote office backup juniper networks blue coat systems f5 silver peak citrix ipanema exinda stamede certeon packetee cisco compare
New Secure Access Appliances Offer Best-In-Class Performance, Scalability and Redundancy; Enabling High-Performance Businesses to Maximize Remote Access - April 12, 2008
Fort Lauderdale Florida -- Juniper Networks, Inc. (NASDAQ: JNPR), the leader in high-performance networking, today announced the next generation of its industry leading Secure Access (SA) SSL VPN platforms–the SA 2500, 4500 and 6500 appliances. The new Secure Access appliances provide enterprises and service providers with best-in-class performance, scalability and redundancy to ensure fast, reliable and secure remote access to applications and services for even the most complex and demanding secure environments.
Today's high-performance businesses are required to provide anytime, anywhere access to mission-critical applications in order to maintain business productivity and ensure operational continuity. IT organizations are under continuous pressure to provision uninterrupted instant access across an increasingly distributed environment securely and cost-effectively. Juniper's next generation of Secure Access SSL VPN appliances enable high-performance businesses to deliver anytime, anywhere access of corporate resources and applications to their remote and mobile employees, customers, and partners. They offer investment protection by providing a single platform to handle remote access to web applications, terminal services, client/server applications, and for the rising use of mobile devices. They also dynamically grant access to various types of traffic depending on each user's role and as a result, deliver tremendous flexibility and granularity.
"Providing reliable anytime, anywhere secure access to our remote users is critical to our success," said Mark Starry, manager of IT infrastructure and security at Concord Hospital. "Juniper's feature-rich, scalable Secure Access SSL VPN appliances will enable us to address our remote access needs with confidence as our business evolves and grows. We consider Juniper Networks to be a strategic vendor to meet our business goals."
Greater Real-World Performance and Ease of Ordering Experience
Unlike other vendors, Juniper has a proven track record in delivering the most innovative and extensive feature set on its SSL VPN platforms, as measured by real-world performance testing. The SA 6500 features one of the industry's most advanced high availability and flexibility options for the most complex and demanding secure enterprise and service provider environments. Based on real-world testing, the SA 6500 delivers double the capacity of the previous Secure Access generation with support for up to 30,000 concurrent users on a single four-unit cluster. The Secure Access platforms also support a wide array of mobile devices and cross-platform support, including devices running Microsoft Windows, Apple Mac OS and Linux.
Juniper has also taken steps to ease the ordering experience for customers and partners. Juniper is reducing the number of licensing SKUs associated with these new models to simplify ordering and configuring Secure Access appliances. Juniper has achieved this by integrating certain licenses that previously were optional into the baseline license. With this more efficient licensing scheme, a customer or partner will need to order less SKUs to configure a Secure Access appliance and as a result, spend less time during the ordering phase.
The scalable security platforms use SSL, the universal security protocol found in all standard Web browsers. SSL effectively eliminated the historic requirement for client-software deployments, doing away with changes to internal servers and costly ongoing client maintenance and desktop support. The SA 2500, 4500 and 6500 provide extensive end-to-end layered security and include endpoint client, device, data and server layered security controls. These advanced features provide interoperability with diverse endpoint security solutions from third-party vendors that conform to the Trusted Network Connect (TNC) standard.
"Juniper remains the industry's preferred choice for secure remote access in high-performance networks because we continue to deliver new advances in enterprise-wide access control that align with the evolving requirements of our enterprises and service provider customers," said Sanjay Beri, vice president, Access Solutions, Juniper Networks. "Our next generation of Secure Access SSL VPN appliances offers unmatched levels of flexibility and scalability that enable organizations to lower costs and maximize business productivity and continuity."
The Juniper Networks Secure Access appliances, which have earned numerous industry accolades in the SSL VPN market since its first products shipped in 2001, represent the market's leading SSL VPN product line. Enterprises and service providers worldwide have selected the Juniper Networks SSL VPN to help them increase efficiency and productivity. Juniper Networks also continues to be the only SSL VPN provider to have completed the most, independent security audits–supporting its goal to deliver secure networking solutions. The SSL VPN appliances have passed rigorous security audits by Information Security Partners, LLC (iSEC Partners) and Cybertrust®, Inc.
Pricing and Availability
The Juniper Networks SA 2500, 4500 and 6500 appliances are available today through Juniper Networks and its global network of reseller partners. The list price for the new appliances start at US $4,995 with 10 concurrent users for the SA 2500, US $16,895 with 50 concurrent users for the SA 4500, and US $43,995 with 100 concurrent users for the SA 6500.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint
EMC leading the way in disk-based security with new encryption capabilities - April 12, 2008
Hialeah, Florida -- EMC Corp., a provider of information infrastructure solutions, announced Tuesday new data encryption capabilities for storage-devices that protects information at rest from unauthorized access or the unauthorized removal of a disk drive or array from a secured environment.
The new EMC PowerPath Encryption with RSA integrates EMC PowerPath path management software with encryption and key management technology from RSA, the security division of EMC. Now, customers deploying EMC Symmetrix and EMC CLARiiON storage systems can benefit from a consistent security strategy and deployment in and around the data center and across the IT stack with central management and automation of encryption keys.
With this integration, EMC continues to execute and deliver another proof point of its commitment in providing information-centric security in the infrastructure. PowerPath Encryption with RSA is part of a series of announcements made this week at the RSA Conference.
Leveraging EMC PowerPath software, with more than 600,000 licenses deployed, EMC PowerPath Encryption with RSA encrypts and decrypts data at the host, as it is sent to and from the array. The solution protects against unauthorized access or inadvertent loss of un-protected information via malicious attacks and spoofing of Fibre Channel hosts, and makes information inaccessible in the event of physical theft of media from the data center.
The new encryption solution uses RSA Key Manager for the Datacenter, an easy- to-use, centrally administered encryption key management system that can manage encryption keys at the database, file server, and storage layers. It is designed to simplify the deployment and ongoing use of encryption throughout the enterprise, and helps ensure that information is properly secured and fully accessible when needed at any point in its information lifecycle.
"Improving the level of information protection using encryption helps companies comply with internal, private and government standards, including the Payment Card Industry Data Security Standard (PCI DSS), an applicable compliance standards," says Brian McCarthy President of Sencilo Solution in Orlando Florida, and Enterprise partner for EMC. The PCI DSS applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data. As of the end of last year, any organization that accepts payment card transactions must be in compliance with the standard and PowerPath Encryption with RSA can form a foundation for meeting that standard.
Heidi Biggar, Analyst, Enterprise Strategy Group (ESG), said, "Recent ESG studies indicate that securing data independent of where it resides or how it's stored is a critical customer requirement. While important for organizations of all sizes, EMC PowerPath Encryption with RSA can yield immediate security benefits for those heavily regulated industries, such as public sector, financial services, retail and healthcare, by making sure data is inaccessible in the event of loss or theft. With this announcement, EMC delivers another solid proof point in how storage and security can work hand in hand."
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM
Best Practices for Backup, Archive, Recovery and E-Discovery - April 12, 2008
St. Peterburg Florida -- Many IT administrators at small and medium businesses (SMBs) are facing a new budget cycle as the New Year dawns. One of the items which many are considering investing in is data protection technology. Most have experienced an explosion in the amount of data requiring protection while not experiencing an equivalent increase in their IT budget. Additionally, the responsibility of complying with new governmental and industry regulations for data retention, archiving and electronic discovery has fallen squarely in the lap of IT staffs which stretches their budgets further.
Data Protection Has Become More Complex
Data protection used to be an easier proposition. You could simply designate a system as the backup server, install some backup software, attach a tape library and start backing up production servers to it. But, with the advent of critical production applications, server and storage virtualization, critical data stored on desktops and laptops, and increased recovery time and recovery point objectives (RTO and RPO) data protection has become much more complex.
Companies Must Now Do More with Less
It is easy to say that organizations must be more current and comprehensive in their backup, recovery and archiving procedures. Yet, few companies have the luxury of being able to assign the resources to address all these tasks optimally. The reality is that most organizations now count on increased productivity to drive profits. This means accomplishing more with fewer resources.
New Data Protection Technologies Abound
For companies looking to improve their data protection technology and procedures, there are a bewildering number of point solutions and possible combinations for data protection and archiving to be considered. It was not long ago when the backup solution was based on one piece of software. Now organizations must decide on all the hardware, too, including the compatible and scalable nature of each piece. In addition, they must consider a number of capabilities: disk-to-disk backup, VTLs, replication, snapshots, CDP, de-duplication, sophisticated archiving, email archiving, data encryption and security. Many options exist and many more are coming.
Deciding on a Solution – Conventional Approaches Do not Meet Today’s Requirements
Traditional solutions for data protection, email archiving and SAN storage are too complicated. There are too many parts to manage and consider: software, hardware, disk, tape, network, SAN – the decisions are overwhelming. Once the technology decisions have been made, the pieces have to be put together which can take weeks or even months.
Total Solution Appliance Solves Many Problems
Now, more than ever, organizations need the best products available to provide them with effective data protection. A new approach for companies to consider for their storage and data protection is an all-in-one, automated solution preconfigured to address all data storage and protection functionality, usually called an “appliance.”
Organizations piecing a solution together will need to work with several companies. Each will have a comprehensive and in-depth view of what their specific product can do to address a particular problem. These vendors, however, do not have a total view of the organization’s requirements and are not able to address the entire problem. When buying individual components, an organization makes a huge trade-off. Buyers search for components optimized for their specific function; not for a best-of-breed total solution. This time-consuming purchasing process involves a complex set of comparisons to work with compatible vendors. An appliance vendor, by contrast, picks the best and most compatible components and takes ownership of them. Most SMBs will only solve their backup problem once. The appliance vendor has solved the same problem hundreds of times.
When a company purchases an appliance, it forgoes the relationship with the individual component vendors. Thus, an appliance vendor is motivated to install a reliable product because they will have to support it! The “data protection” appliance vendor will have a more holistic view of an organization’s problem and is more concerned that the entire data storage and protection solution works to satisfaction.
Upgrading an appliance is also simpler for the end user. When an organization upgrades, it can be sure that all components remain compatible with each other. With an individual components solution, an upgrade often results in an entire system overhaul. Finally, a data protection appliance allows a company to buy the capacity and capabilities it needs now and expand the appliance as the company’s requirements grow. The business dictates the functionality of a storage solution, rather than the reverse.
The conventional integration of a component approach requires manual integration and diagnostic activities that consume both human and system resources. An appliance addresses this problem by providing a pre-integrated simple-to-install solution. This is a benefit for all companies but is particularly useful for SMBs that normally have only a few minutes a day to address any one problem.
Selecting an Appliance Solution
Below is a short laundry list of things to consider when evaluating a data protection appliance:
Easy to purchase, install, manage and support.
Optimizes backups, archives, restores, disaster recovery and electronic discovery to meet corporate RTO and RPO.
Complies fully with regulated retention policies.
Efficiently uses media.
Automates daily functions and reduces administrative hours.
Provides an adaptable and scalable foundation for future data protection and storage needs.
In sum, organizations must look beyond the conventional approaches and toward recovery solutions packaged and implemented with appliance approaches that incorporate the best in component technologies. To do less will probably assure being an early casualty of the tremendous data changes coming in the 21st century.
The new PowerPath Encryption with RSA yields a number of advantages compared to other encryption technologies, such as gateway products, including easier deployment. PowerPath Encryption with RSA can be added to environments and is transparent to hosts, applications, replication, and backup infrastructure. It also offers built-in high availability, as the PowerPath Encryption with RSA provides a management appliance that is configured in redundant pairs for no single point of failure, compared to alternative solutions that need multiple appliances to provide high availability.
The new PowerPath Encryption with RSA also offers better scalability and centralized management. PowerPath Encryption with RSA provides encryption at the host and centralizes key management with RSA Key Manager for the Datacenter, which can support tens of thousands of hosts compared to other solutions that need additional appliances to meet growth requirements and cannot be centrally managed. It also offers better Flexibility, as the PowerPath Encryption with RSA gives users the ability to choose the LUNs (logical unit number) or volumes they want to encrypt.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM
