headtop

Compliance

Leaking sensitive information can pop the balloon on your company's reputation. DLP tools can mitigate incidents and offer insight into where data lives. - February 12, 2008

It's the call you've feared. The phone rings at 9 a.m. on a Sunday. You're the CISO of a medium-sized retailer, and weekend calls aren't all that unusual. But within 30 seconds of picking up the phone, you know your weekend, if not your job, is over. One of the customer service managers accidentally emailed an Excel file of all the clients acquired last quarter to an external distribution list while trying to send it to his personal Gmail account to work on over the weekend. Worse yet, the file contains full credit card and verification numbers.

The really bad news? You recently signed off on your self-assessment for your Payment Card Industry Data Security Standard audit and affirmed that you don't keep card numbers in an unencrypted format. No one told you about the nightly database extract the customer relations team runs with the credit card number as the primary key. Your external audit is scheduled for next month, making this about the worst time possible for an accidental disclosure. It's not like you can blame this one on evil hackers.

This situation is hypothetical, but it illustrates the pressures companies are under. Data protection grows more critical every day as our sensitive information faces increasing scrutiny from regulators and business partners. It's no longer just a matter of keeping the bad guys away from data. Businesses now are expected to handle it responsibly, often in accordance with contractual or legal requirements. Yet the average organization typically has little idea of where its sensitive data is, never mind how it's really being used. 

Over the past five years, a new category of tools emerged to address this problem, Q1 Labs. Data loss prevention (DLP) products help companies understand where their sensitive data is located, where it's going, how it's being used, and can sometimes enforce protective policies. "The technology may not always stop evil hackers, but it offers considerable help in protecting a business from internal mistakes and in cost-effectively managing compliance", states Brian McCarthy CEO and Security Expert for Sencilo Solutions of Orlando Florida.

Knowing where sensitive content is located protects the organization and may reduce the time and cost of audits; a company can prove that its data is appropriately secured and show real-time controls to detect violations. By gaining considerable insight into how data is communicated internally and externally, odds are that an organization will identify a number of risky business processes--like the above nightly database dump and use of personal email accounts. It also gains the ability to prevent accidents and eliminate bad habits, like improper use of USB drives. DLP won't make you compliant, but its combination of risk reduction, insight and potential audit cost reduction is compelling.

Yet while DLP tools have significant potential to reduce an organization's risk of unapproved disclosures of sensitive information, they are among the least understood and most over-hyped security technologies on the market. Organizations that take the time to understand the technology, define their processes and set appropriate expectations will see significant value from their DLP investment, while those that make snap purchases or set their expectations inappropriately high will struggle with this powerful collection of tools.
 
DEFINING DLP
DLP is one of a dozen or so names for this market; others are information leak prevention and content monitoring and filtering. To further complicate matters, data loss prevention is so generic a term it could easily apply to any data protection technology; everything from encryption to port-blocking tools is hopping on the DLP bandwagon. While early tools were tightly focused on preventing data leaks on the network, the market is rapidly evolving toward robust solutions that protect data in motion on the network, at rest in storage and in use on the desktop, all based on deep content inspection and analysis.

So DLP is a class of products that, based on central policies, identify, monitor and protect data at rest, in motion and in use, through deep content analysis. Other defining characteristics are:


  • Broad content coverage across multiple platforms and locations

  • Central policy management

  • Robust workflow for incident handling

  • It's important to recognize that DLP solutions are very effective at reducing the risk of accidental disclosures or data leakage through a bad business process, but offer minimal protection against malicious attacks. A smart internal or external attacker can easily circumvent most DLP tools, but the risk of inadvertent exposure is usually greater than that of a targeted attack.


GETTING STARTED
Long before contacting DLP vendors, set expectations and decide what content needs protection and how to protect it. Pull together a project team with representatives from major stakeholders including security, messaging, desktop management, networking, human resources and legal, and define protection goals, including content and enforcement actions. This is when you set expectations; educating project members on what's realistic with DLP can help avoid pitfalls that derail deployment.
These protection goals help determine required features. They'll establish needs for content analysis techniques, breadth of coverage (network/storage/endpoint), infrastructure integration, workflow, and enforcement requirements. You can decide if you need a full suite, dedicated DLP solution or just the DLP features of an existing product. Then, translate these requirements into an RFI or draft RFP and start contacting vendors.

Most organizations find that content analysis techniques, architecture, infrastructure integration and workflow are the top priorities in selecting a product.

CONTENT ANALYSIS
The most important characteristic of DLP solutions is content analysis. This allows the tools to dig into network traffic and files, unwrap layers (like a spreadsheet embedded in a PDF in a .zip file) and identify content based on policies. While every product uses different content analysis techniques, they tend to fall into a few categories that also use contextual information, such as sender/recipient, location and destination.

Content description techniques use regular expressions, keywords, lexicons and other patterns to identify content. They include rules/regular expressions for pattern matching, conceptual analysis involving pre-set combinations of words and rules to match a specific concept like insider trading, and pre-set categories such as personally identifiable information (PII), HIPAA and PCI.

Content registration techniques rely on content you provide the system that then becomes a policy. They include full or partial document matching using hashes of files to identify content; database fingerprinting by hashing live database content in combinations to identify matches; and statistical techniques that use a large repository of related content to identify consistencies and create policies.

All the leading products can combine different analysis techniques into a single policy to improve accuracy.

The content analysis technique will directly determine what products make the short list, but make sure to account for future needs. Although most of the market--90 percent by some estimates--is focused on protecting PII, about 30 to 40 percent of those organizations are also interested in protecting unstructured data. They start by using DLP to protect PII to reduce their compliance risk, and then slowly add other content, generally trade secrets and intellectual property, once they get comfortable with their tool.

The last major component of DLP solutions is endpoint agents to monitor use of data on the user's desktop. A "complete" agent theoretically monitors network, file and user activity such as cut and paste, but few real-world tools provide full coverage. Most products start with file monitoring for endpoint content discovery and to detect (and block) sensitive data transfers to portable storage. Rather than completely blocking USB thumb drives to protect data, an organization can use these tools to restrict file transfers based on content.

Endpoint DLP tools are starting to add more advanced protection, such as limiting cut and paste, detecting sensitive content in unapproved applications such as certain encryption tools, and automatic encryption based on content. Over time, they will increase the type and number of policies they can enforce and integrate more deeply into common endpoint applications.

ARCHITECTURE & INTEGRATION
DLP architectures are defined by where they protect the content: data-in-motion network monitoring, data-at-rest file storage scanning, and data-in-use monitoring of the endpoint. Full-suite solutions include components for each of these areas, while partial suite tools cover only a portion, such as an endpoint DLP tool with an email-only gateway.  There also are single-channel products and non-DLP tools that bundle some DLP features, like an email gateway that can block messages with credit card numbers. In the long run, most organizations--especially large enterprises--will prefer full-suite solutions, but partial-suite and DLP-as-a-feature tools often meet tactical needs where complete coverage isn't necessary.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

A Guide to Practical PCI Compliance - February 9, 2008

With all the doom and gloom about how difficult and costly PCI is supposed to be, the reality is that PCI compliance is attainable and sustainable, if you follow these tips.

Myriad merchants find themselves at the end of the PCI compliance barrel and are spending significant amounts of time, money and effort in achieving PCI compliance. Advice from companies that have been there can help smooth your path.

Organizational Maturity
"One of the biggest mistakes organizations make is jumping into their PCI remediation effort without first understanding their company's gaps. It's crucial to realize that every organization has a different maturity level when it comes to technology and compliance. Without first knowing what level you are at, taking a "one size fits all" approach to fixing PCI will spell disaster", states Brian McCarthy the President of Sencilo Solution a Orlando Florida based Security firm with offices in Tampa and Jacksonville.

"A pre-compliance assessment is imperative and enables you to understand what your PCI compliance effort will entail. The output is a document identifying gaps between your current state and what the PCI DSS (Data Security Standard) requirements necessitate", cites McCarthy.

Some of the items covered in our pre-compliance assessment will include:


  • Review of IT infrastructure; PCI-relevant application architecture, policies, procedures and processes; overall network design

  • Gap analysis

  • Network vulnerability scanning

  • Risk analysis

  • Mapping business flows to technology flows


Sencilo provides assistance in determining your current state by providing a PCI Assessment Questionnaire (SAQ). The SAQ is divided into six sections focusing on a specific area of security. After completing the SAQ, we will have a good idea of which controls and tools are in are in place.

  • Cross-Organizational Interaction

  • PCI requires the whole organization to play nicely together; too many organizations have different IT groups that have developed their own fiefdoms and act in semi-autonomous states. PCI doesn't support such an approach—it requires different groups to collaborate whether they like it or not.

  • Success with PCI is dependant on how the numerous groups work together and maintain reasonable expectations.

  • How well this is executed has a direct impact on compliance. The best way to ensure understanding is to set effective ground rules at the beginning of the compliance effort.


Vendor Remediation Support
"One of the biggest mistakes organizations made is using older software and hardware that isn't PCI-compliant. Similar to preparing for Y2K, getting vendors to ensure their products comply with PCI can be a significant issue. How much of an issue depends on your importance to the vendor and the importance of PCI to the vendor, says McCarthy.  "We offer a full suite of PCI-compliant products and services, from companies like Barracuda Networks, Symantec and Q1 Labs

For more information please call us at (407) 265-6293 or visit us at www.sencilo.com

enVision Data Loss Prevention Encryption and Key Management RSA Barracuda Q1

Barracuda Networks Launches First Enterprise-Class Web Application Controller for SMB Market - February 9, 2008

Barracuda Application Gateway NC 500 AG Offers Robust Web site Application Protection at an Affordable Price

Campbell, Calif., Feb. 7, 2008 – Barracuda Networks, Inc., the worldwide leader in email and Web security appliances, today launched the Barracuda Application Gateway NC 500 AG, the first and only enterprise-class Web Application Controller available for small and medium businesses.  Ideal for SMBs on a tight IT budget, this is the first appliance to fully secure Web applications and ensure compliance with regulations, such as Payment Card Industry Data Security Standard (PCI DSS) for $10,000.

“We are essentially bringing plug-and-play PCI compliance to the mass market,” said Stephen Pao, vice president of product management for Barracuda Networks.  “Until now, most businesses in the SMB space were facing very expensive and time-consuming audits of their Web infrastructures in order to achieve PCI compliance.  Further, these audits would be required every time the organization makes a change to their Web applications, so it is very possible that such costs could very quickly overwhelm a business.

“With the Barracuda Application Gateway NC 500 AG small and medium businesses will no longer have to worry about the recurring costs of application source code audits and instead they can achieve PCI DSS compliance without breaking the budget,” added Pao.     

As the June 30, 2008 deadline mandating e-commerce businesses of all sizes be compliant with requirement 6.6 of PCI DSS quickly approaches, many SMB organizations have been left with no choice but to prepare for very expensive and very detailed custom application code reviews.  The Barracuda Application Gateway NC 500 AG now provides these organizations with a cost-effective and powerful solution that will protect and maintain their Web infrastructure as well as satisfy PCI DSS requirements.

Comprehensive Web site Protection
The Barracuda Application Gateway NC 500 AG brings the same award-winning protection from Web site threats, such as unauthorized access, data theft, denial of service or defacement, offered in the full Barracuda Web Application Controller line.  The Barracuda Application Gateway NC 500 AG secures against all common Web application threats including SQL injections, cross-site scripting attacks, session tampering and buffer overflows.  Operating as a full proxy the Barracuda Application Gateway NC 500 AG inspects both request and response traffic, providing the capabilities to not only block inbound attacks, but also to shield SMB business Web sites from hackers and to filter outbound traffic, preventing sensitive data leakage, such as Social Security and credit card numbers.  In addition the Barracuda Application Gateway NC 500 AG integrates traffic management capabilities including caching, compression and load balancing, enabling Web application security as well as an increase in performance and availability of the applications.  Incorporating these features into the Barracuda Application Gateway NC 500 AG eliminates the need for multiple devices on the network, which ultimately brings down the user’s total cost of ownership.

The Barracuda Application Gateway NC 500 AG is the first model to be added to the Barracuda Web Application Controller product line since Barracuda Networks completed the acquisition of NetContinuum, the leading provider of Web Application Firewalls, in September 2007. 

“One of our goals in acquiring NetContinuum was to deliver industry-leading capabilities to a set of customers who had previously been unable to deploy Web site security solutions,” said Pao.  “With the launch of the new Barracuda Application Gateway NC 500 AG we are combining Web application security, traffic management and SSL acceleration into an easy to use and affordable solution for protecting Web sites of all sizes.”

Pricing and Availability
The Barracuda Application Gateway NC 500 AG is currently available and priced at $10,000. International pricing varies by region. For more information, visit http://www.sencilo.com/security-web-application-controllers.php

About Barracuda Web Application Controllers
Barracuda Web Application Controllers, including both the Barracuda Web Application Firewall and Barracuda Application Gateway, protect Web sites from attackers leveraging protocol or application vulnerabilities to instigate unauthorized access, data theft, denial of service or defacement.  Designed to deliver comprehensive Web security, Barracuda Web Application Controllers act as a proxy for Web traffic to insulate Web servers from direct access by hackers, enforces data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS), and secures Web sites against the top 10 major Web vulnerabilities compiled by Open Web Application Security Project (OWASP).  Available in two models, the Barracuda Web Application Firewall provides Web applications and Web services with complete protection against malicious attacks.  The Barracuda Application Gateway, also available in three models, enhances the powerful Barracuda Web Application Firewall to integrate traffic management capabilities for increased performance and availability. 

About Barracuda Networks Inc.
Barracuda Networks Inc. is the worldwide leader in email and Web security appliances.  Barracuda Networks also provides world-class IM protection, application server load balancing and message archiving appliances.  More than 50,000 companies, including Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, NASA and Europcar, are protecting their networks with Barracuda Networks’ solutions.  Barracuda Networks' success is due to its ability to deliver easy to use, comprehensive solutions that solve the most serious issues facing customer networks without unnecessary add-ons, maintenance, lengthy installations or per user license fees.  Barracuda Networks is privately held with its headquarters in Campbell, Calif.  Barracuda Networks has offices in eight international locations and distributors in more than 80 countries worldwide. 

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

Discovering Data, then Protecting It - February 3, 2008

Sencilo Solutions will be launching a data discovery and risk assessment service as compliance continues to drive interest in the space.

"Along with the forth coming product we will be launching a new consulting service to help companies discover confidential data as well as gauge and manage risks", say President and Security Expect Brian McCarthy.

Our company is leaning on its many years of experience in the data protection and data activity monitoring space with the new Discovery Service, an offering aimed squarely at helping businesses find sensitive data, identify risks posed by current operating procedures and develop plans to tighten those loose-ends.  Early last year one of our insurance clients called us in to assist them with a SEC order to produce records from 2005.  Our client asked us to provide them with tool so that no data was over looked on their 8 tera-byte EMC SAN, and over 900 desktops and mobile computers.  The request was for file data along with e-mail and databases, "leave no stone un-turned," said their CIO. 

We see the market for consulting services is driven largely by regulations such as the Payment Card Industry Data Security Standard and the Gramm-Leach-Bliley Act. Most companies are unable to address this requirement because they don't have the tools to find and classify private data, officials at Sencilo said. The lack of visibility into critical data assets can equal significant risk of data theft, data breaches and unapproved data access, officials contend.

"Over the years with the proliferation of data centers, databases, applications and data; not to mention acquisitions and mergers; enterprises have data scattered all over the company," said Bill Parrish, vice president of product management at the data auditing vendor. "It's very difficult to keep track of all of the different repositories and data, let alone know what's happening to the data."

Our partner Barracuda Networks recently reported last June launched its IT Risk Assessment service, found that 26 percent of the 323 IT professionals surveyed expect a regulatory non-compliance incident at least once a year. The study also examined 75 security and availability incidents and found 59 percent came down to a failure of processes.

"On one side, the bigger impact on IT performance is training and awareness, but on the other side, it tends to be the least implemented control by many organizations out there," said Samir Kapuria, managing director of Barracuda Advisory Services.

As part of Sencilo's service, consultants work with client companies to develop remediation plans after issuing a risk assessment report. The findings include an overall risk score, as well as risk profiles for all users and applications that access the sensitive data. But the core of the service revolves around finding the sensitive data and determining how it is being used. To do that, the company leverages partner's data monitoring technology.

"This is the first time that we've offered a service like the Discovery Service. However, we have provided database auditing and security consulting to our customers for several years," Parrish said.

"As a matter of fact, it was during customer engagements that we uncovered the need for a discovery service. Our customers were struggling to get a better handle on where their data was located and how it was being used."

ABOUT US
Today, leading companies rely on Sencilo’s innovative approach to protect their mission-critical data. We deliver a comprehensive portfolio of professional and fully-managed on demand services that support the complex storage, data protection, assessments, design, installation, business continuity, disaster recovery, security and compliance needs of our customers. With hundreds of customers Sencilo is unique in its ability to solve the industry's most difficult storage and security challenges.

Sencilo has continuously led the industry in service innovation by simplifying and automating tasks traditionally needed to manage multi-vendor enterprise storage and data protection environments. By outsourcing this essential business requirement, our customers reduce costs, optimize performance, and increase visibility over their storage and backup solutions, enabling them to refocus scarce IT resources in Tampa, Miami, Jacksonville and Orlando.

Call us at (407) 265-6293 or visit us at www.sencilo.com

 

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

Financial services firm hacked - January 31, 2008

Financial services firm Davidson Companies this week said an intruder had broken into its network and gained access to a database containing the personal information of its clients.

"Despite our efforts to safeguard client information, a computer hacker using sophisticated techniques illegally accessed a database and obtained access to confidential client information," said William Johnstone, Davidson's president and CEO, in a prepared statement posted on the firm's Web site. "All of us at Davidson are acutely aware of the uncertainty, stress and inconvenience associated with the potential compromise of personal information."
Davidson, based in Great Falls, Mont., and with more than 930 employees, has sent letters to its financial services clientele informing them of the incident and urging them to take various steps to lower the risk of identity theft.

The company said it is offering its clientele a one-year enrollment to Experian’s Triple Advantage three-bureau credit-monitoring service at the company's expense to help them begin the process of regularly reviewing their credit records for abnormalities.

A Davidson spokesperson was not immediately available to respond to questions.  Sencilo Solutions CEO and President stated, "this is not a uncommon of a fact, for Davidson to admit to a breach, shows that companies are now coming forward do to new State laws."  "Now Davidson will spend a lot of money for putting back the pieces, but adding new technology including Intrusion Detection products and services".  "Had they been more proactive they would of avoid public embarrassment, lost of client trust and a certain future class action suite, say McCarthy. 

Sencilo offers a comprehensive suite of Security products and services that help you assess, design, and execute your network and applications in the most secure and cost-effective way. From security audits and virtual private networks to enterprise firewall implementations. Call us today for a independent check-up on your network and information security, you will be glad you did!  Don't wait wait Davidson Financial. 

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

Server and Storage Virtualization: A Complete Solution for High-Availability and Recovery - January 26, 2008

Server virtualization is an important step toward improving overall IT efficiency. Virtual machine technology reduces the complexity and management of disparate server hardware and OS platforms. Nonetheless, server virtualization is only one component in a truly virtual enterprise infrastructure. Another critical component is storage virtualization.

Similar to server virtualization, storage virtualization creates a logical layer of storage from physical storage devices. The full benefits of server virtualization can only be realized in combination with a virtual storage layer that works in conjunction with and complements the virtual server layer. For example, dynamic virtual machine failover, a key benefit of leading server virtualization solutions, can facilitate disaster recovery. It is incomplete, however, without dynamic storage failover, a storage virtualization feature. Implementing storage virtualization, in other words, extends the benefits of an investment in server virtualization and builds upon them, providing simplified storage management, improved storage utilization and application performance, a bullet-proof disaster recovery solution, and a diminished need for proprietary vendor solutions.

Business Drivers for Storage Virtualization

The business drivers for storage virtualization are much the same as those for server virtualization. CIOs and IT managers must cope with shrinking IT budgets and growing client demands. They must simultaneously improve asset utilization, use IT resources more efficiently, ensure business continuity and become more agile. In addition, they are faced with ever-mounting constraints on power, cooling and space.

Key Benefits of Storage Virtualization

Storage virtualization provides companies with tools to address the underutilization of resources and the poor economics of silo-based storage, as well as the flexibility to respond to changing business requirements. In a storage virtualized environment, organizations achieve the full benefits of consolidation, improved resource usage and comprehensive disaster recovery. Storage virtualization also dramatically reduces power and cooling costs.

The Intelligent Network Switch: A New Approach to Storage Virtualization

Intelligent network switches with built-in storage management services, have changed the virtual storage paradigm from a model of expensive proprietary vendor lock-in to one of low-cost open support for total storage flexibility. Open storage virtualization enables IT managers to improve overall storage utilization by allowing capacity from any storage array to be combined in centrally managed, virtual storage pools. IT managers can dynamically reduce capacity for applications that are not growing and reuse that capacity for those which are. This can eliminate the need to procure new storage or, at a minimum, delay acquisition.

Intelligent network switches also enable organizations to easily link storage hardware and software solutions from multiple storage vendors, removing the burden of proprietary vendor lock-in and simplifying tasks such as data replication, mirroring and data migration. For example, when a storage network is comprised of disparate systems, even from the same vendor, data migration is time-consuming and application-disruptive. In a typical scenario, the application is taken offline, data is moved to tape and then restored. Intelligent integrated network switches permit data to be migrated in real time, from any storage array to any other storage array, without taking applications offline. Storage virtualization utilizing intelligent switches provides non-disruptive online migration that eliminates downtime and greatly reduces administrators' involvement in data or server migration.

Other benefits include a common set of management, provisioning and replication tools that lower the total cost of ownership (TCO) by reducing the number of tools and people necessary to manage storage and eliminating the requirement to purchase multiple licenses for every storage device.

The Value of Incorporating Storage Virtualization with Server Virtualization

Storage virtualization complements server virtualization by providing easy, centralized management, flexible provisioning, and improved disaster recovery. With disaster recovery, storage virtualization enables one storage system to fail over to another storage system with minimum disruption. However, with most storage virtualization solutions the failover is not instantaneous and manual intervention is required. Therefore, the benefit of overall instantaneous system recovery is lost. A network-based intelligent switch architecture, as depicted in the illustration below, addresses this discrepancy between the server and storage, providing instantaneous failover.

Intelligent Switch Architecture 

 

 

 

 

 

 

 

 

 

 

 

 

In the event of a complete disaster at one location, the virtual server there fails over to the server at the remote location without any interruption. If the primary storage system is affected by the same disaster, the other dynamically responds to the virtual server. This ensures zero hours RTO (recovery time objective) and zero hours RPO (recovery point objective).

The new generation of open virtualization solutions delivered via an intelligent switch with storage management services provides enterprise-class disaster recovery without the expenses imposed by proprietary storage architectures. Other benefits of storage virtualization include the ability to store multiple copies of virtual machine images for high availability and the ability to simplify physical storage infrastructure upgrades. Storage virtualization and server virtualization work together to solve the complex equation of a truly virtual infrastructure.

Conclusion

Server virtualization is changing the face of the server world with simple and effective tools to deploy and manage virtual servers. The same is now true for storage virtualization, using intelligent network switches that allow IT managers to realize more complete value from their virtual infrastructures. By enabling more efficient use of resources, eliminating vendor hardware and software dependencies, delivering seamless disaster recovery, and offering an attractive TCO, intelligent network switches with integrated storage services provide the best approach to storage virtualization. Combined with server virtualization, this new evolution allows customers to deploy a comprehensive virtual IT infrastructure, with virtual servers and virtual storage used to overcome the limitations of their physical counterparts.

Sencilo Solutions specializes in Business Continuity and Disaster Recovery with experience consultants with a combined experience of 25 years, working with companies of all sizes.  We can be reached at (407) 265-6293 or visit us at http://www.sencilo.com

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland, Cape Canaveral

Other Projects: DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar CX4 Primary Storage Data Compression Storwiz

 

Disk Storage or Tape Data Indexing and Classification Services - January 26, 2008

Miami, Florida -  Sencilo Solutions announced this week that is will add another Compliance related service for businesses throughout Florida, that of Indexing and Classificating network information.  "Explosive data growth across the enterprise continues to present significant challenges for IT managers and their companies", say Brian McCarthy, President and Co-founder of Sencilo. "All manner of structured and unstructured data grows exponentially while management faces increasing demands to discover and protect that information," continues McCarthy.  Flat budgets and overloaded IT departments struggle to contain escalating costs, mitigate risks and meet service level agreements in the face of these new demands.

Our Tape Data Indexing and Classification Service streamlines the identification and collection of electronic evidence. The tool-based service is application and infrastructure independent, and easily integrates into the existing online disk environment. It addresses online data and maintains an accurate view of historical and current data assets.

The service is scalable to billions of documents, and delivers the most comprehensive and accurate search results available today. It delivers a comprehensive index of all enterprise data assets, comprising only five percent of the original data with no data copies, and provides an easy-to-use search platform with Internet-type querying capabilities to support any e-discovery initiatives. Key benefits include:


  • Onsite service delivery with no impact to production operations; or, offsite at our secure, state-of-the-art facilities

  • Rapidly process large volumes of tapes or disks, and billions of files and emails

  • Turns the storage arrary or tape library into a searchable repository that is immediately searchable, including both full content and metadata

  • Allows users to select the files to restore and the system automatically generates a request to the administrator with all relevant information


For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

Report: SPAM Accounts for 90-95% of All Email - January 26, 2008

In 2001, spam accounted for an estimated 5% of our email. In 2007, it clogs our inboxes to the tune of 90-95% of all email sent, according to a new report released today by Barracuda Networks. Barracuda, a leading vendor of spam filtering technology, based their analysis on the over 1 billion emails that the company's software scans each day. The year-over-year increase appears to indicate the failure of the US federal CAN-SPAM Act, which was passed in 2004 when spam only accounted for about 70% of all email sent.

Last month we reported on a study from research firm IDC that predicted that 2007 would be the first time that spam out numbered legit email. Our readers didn't think that sounded right: surely spam outnumbered legit email years ago. "Spam sure as hell surpassed legit emails in my inbox -- years ago. Mine. My mom, dad, sisters, brothers, aunts, uncles, every single friend I've talked to about it, my cat and dog, Boobo my hamster, everyone..." wrote one commenter.

Barracuda's report corroborates those feelings and calls into question the IDC report. Certainly, from my own personal experience, it is a lot easier to believe Barracuda. I use three email accounts on a regular basis, and across them, I get about 2500-3000 pieces of spam each week. I get a lot of legit email, as well, but not enough to outnumber the unsolicited stuff. Luckily (for most users), I am in the minority. According to the report, 65% of email users get less than 10 pieces of junk mail per day (half get less than 5). Just 13% find themselves in the unhappy position of receiving more than 50 spam emails per day.

Barracuda's report also found that spam is not only annoying, but it is the most annoying form of junk advertising. 57% of respondents to a survey question asking what the worst form unsolicited advertising was said spam, compared to just 31% for postal junk mail and 12% for telemarketers.

Unfortunately, spammers continue to evolve their tactics to beat the filters. In 2006 there was a rise of image spam and botnets. This past year, spammers were seen using attachments (like PDF files) as well as using more advanced identity obfuscation techniques.

The good news is that spam filtering technology is evolving right along with the spammers, and it works well. Thanks to filters, I only see about 3-4% of the spam I get (which is still a lot given the immense volume). Here's to a spam free 2008 -- hey, a guy can dream, right?

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

E-discovery tools purchase considerations - January 26, 2008

As data volumes grow, it's increasingly difficult to locate relevant data. Data must be retained longer, and storage users cannot be counted upon to intuitively locate documents, spreadsheets or other data. This is a problem when dealing with electronic discovery (e-discovery) requests that impose a legal obligation to locate relevant data in a timely manner or face fines and possibly adverse judgments.

E-discovery tools from Symantec or Commvault provide powerful search capabilities that can quickly process and index billions of files based on keywords and other common metadata. The tools can also present search results in forms that are easy to understand and often deliver results in a form that is compatible with litigation management tools.

Like any search tool, you'll want to test the product in your own environment before purchasing it. Discovery tools are useless if they can't locate your data and deliver it for litigation. Once you've reviewed the issues involved in purchasing compliance products, you can review the criteria specific to e-discovery tool purchases. After that, you'll find a series of product specifications that will help you compare products from vendors such as Mimosa, Barracuda Networks, Index Engines Inc. and Commvault.

Test your search criteria and metadata. Use the search function to perform discovery drills and see that the tool will actually find mail, documents or other files based on your queries. For example, try locating all Word memos related to a recent company project or initiative. The search tests should return useful and relevant results based on common criteria, such as keywords, sender, file dates and even the context within documents, spreadsheets, email and instant message logs.

Evaluate the search scope and supported file types. Discovery tools can process a wide variety of file types stored on a range of storage hardware across the enterprise. Before purchasing a discovery tool, verify that the tool will work with file types that are most relevant to your organization, such as Word documents, Outlook .pst files, database files, images and .pdfs. Also, ensure that the tool can search storage systems, servers, desktops/workstations, and even corporate laptops or remote sites to locate files of interest.

Consider search performance. As corporate information proliferates into the fringes of the organization (e.g. laptop or remote users), discovery tools must be able to respond to discovery requests in ever-shorter timeframes. Since failing to meet discovery requests can result in fines or judgments, performance can also have an important financial impact for your company. Note the time required to perform each request. Some tools can process terabytes of storage per day.

Evaluate any e-discovery storage requirements.

The results of your searches need to be stored somewhere. Search results and indexes take 4% to 10% of your total file storage utilization. Smaller organizations or businesses operating with little extra storage capacity may get blindsided by unforeseen storage needs.

Consider logging and reporting features. Discovery tools should include logging and reporting features that identify the individuals making requests, criteria used for each search and the results obtained from each search. The tool should also track the disposition of any results, noting any files that are moved, held or copied, establishing a chain of custody that can demonstrate appropriate compliance with discovery requests and verify the authenticity of documents or other files.

Consider integration with litigation tools. Discovery tools should interface with standard litigation tools, such as ProLaw from Thomson Elite, AXS-One Case Management or LexisNexis. This allows counsel to organize and process the results. In many cases, discovery tools will export to some common text, image or other file formats.

Evaluate any network overhead. Pay attention to the discovery tool's deployment. Discovery products that rely on agents or other software deployed across the infrastructure can cause interoperability and maintenance issues. Agents and network crawlers can add unwanted network traffic overhead, placing additional load on the network and possibly slowing performance-sensitive applications. Discovery tools that avoid the use of agents and network crawlers are preferable.

Consider support for offline tape indexing. Organizations that rely on long-term archival tape storage should consider a discovery tool that includes offline tape indexing features. This type of function is available in appliances like those from Index Engines Inc., allowing archive tape contents to be processed into indexes with metadata. Without this type of feature, tapes would need to be restored first and then searched, but this feature can read and index tapes without needing to actually restore the content.

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland, Cape Canaveral

Other Projects: DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar CX4

Q1 Labs Announces QRadar 6.1: Converged Network and Security Management Disciplines Delivered in a Single Platform - January 20, 2008

Best of Breed Network and Security Monitoring for Log, Threat and Compliance Management


Q1 Labs, a leading network security management company, today unveiled QRadar™ 6.1, the latest version of its flagship product which reinforces Q1 Labs’ commitment to innovate across multiple monitoring disciplines: Log Management, Security Event Management and Network Behavior Analysis.

QRadar 6.1, delivers key features that enable both network and security teams to effectively monitor their network within the same management infrastructure. Coupled with the functionality included in the release of QRadar SLIM (Simple Log and Information Management; see release issued October 30, 2007), QRadar 6.1 provides several new features and capabilities in the following key areas including:

• New network flow searching capabilities for better network behavior analysis and security forensics
• Quality of Service monitoring for important network applications like VoIP
• Augmented host discovery and asset based alerting
• Tamper proofing of all stored log, event and network flow data

Combining network and security monitoring capabilities serves a growing need in the market. As noted in a recent Gartner report Select the Right Monitoring and Fraud Detection Technology1
“Network security and operations products are different markets; however, we see these markets converging in 2008 so that one product set will provide a common network monitoring infrastructure for the NOC and the SOC”

QRadar 6.1 – More Than Just Another SIEM and NBA Product
Today’s converging enterprise requires access to critical network and security data by both network and security operations teams. QRadar offers best of breed network and security monitoring to meet compliance and threat management drivers from a single platform. Features unique to QRadar 6.1 include:

• Network Behavior Analysis with a simple, flexible flow viewer that provides complete, enterprise network visibility
• Robust Log Management architecture combined with analysis that can monitor the network and intelligently alert on the state of new threats, users, and hosts/assets in the network
• SIEM with extensive monitoring inputs and analysis capabilities that allow customers to converge the monitoring of their network and security infrastructures

“QRadar was the first product to seamlessly combine NBA and SIEM functionality – something that many of our competitors are now attempting to achieve through technology partnerships or first-step technology integrations,” said Tom Turner, VP of Marketing and Product Management for Q1 Labs. “QRadar 6.1 further solidifies our technology lead and provides another step forward in helping the converging infrastructure roll-out leading threat management and compliance management practices.”

Pricing and Availability
QRadar 6.1 is available now. Upgrade to QRadar 6.1 is available for free to existing QRadar customers. Pricing starts at $39,900.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint



headerbottomrounded