Security News
Is Symantec up for sale? - May 6, 2008
John Thompson must have known the question was coming. The Symantec CEO certainly heard the rumors. So when he was asked Wednesday night during his company’s earnings conference call about selling off parts of his company, Thompson couldn’t have been clearer.
“Contrary to popular rumor, we have no plans to divest of anything,” he said. “None.”
The rumors mainly involved the storage products that Symantec acquired from Veritas three years ago. And they were widely circulated. According to an Associated Press earnings preview story that ran this week:
Analysts are particularly interested in the possible sales of backup and recovery software product NetBackup and the company’s non-Windows Data Center Foundation, which comprises of storage and server management products.
Several technology bellwethers, including IBM, Hewlett-Packard and EMC have been named as potential buyers for Symantec’s storage products, including NetBackup. One executive from HP who did not wish to be known is quoted as saying "he has meet with John (Thompson) and it's all but signed."
AP could have added two other bellwethers who have been mentioned as suitors of all or some of the Symantec storage products - Oracle and Microsoft.
From the tone of Thompson’s voice when he answered the question, he’s not happy with the rumors. Yet Symantec is at least partially to blame. There have been frequent reorganizations since it bought Veritas, usually accompanied by layoffs. Symantec admitted a large layoff in April but would not give details. This left the door open for scared Symantec employees, disgruntled former employees and opportunistic competitors to attempt to fill in the details. And Symantec execs have talked about getting rid of poor performing units on previous earnings calls.
But Wednesday’s call was upbeat. Symantec reported outstanding results all around, and storage was front and center. Email archiving, backup, and storage management were among the product segments that posted double-digit year over year growth. Thompson and COO Enrique Salem talked of a bright future for Net Backup 6.5, Backup Exec 12, and Storage Foundation. They emphasized Symantec’s encryption and virtualization capabilities and gushed about three hot storage areas where Symantec has hardly been a pioneer: data deduplication, continuous data protection and software as a service (SaaS).
Symantec’s earnings were impressive in current economic conditions, although with 53 percent of its revenue from international sales, it took advantage of favorable foreign exchange rates against the dollar. Symantec gained share from its major rival EMC on the backup front, with 11 percent year-over-year growth compared to EMC’s 8 percent growth.
The question now is whether the strong storage performance will prompt Symante execs to forget about spinning off any pieces, or will it only add to the value of a possible sale? Thompson’s take is nothing is for sale. Despite what you might have heard.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare
Security for Exchange: Best Practices - May 6, 2008
Email is essential for business communication, but it wasn't designed with security or regulatory compliance in mind. As spammers and hackers continue to attack the world's email infrastructure, organizations face a daunting security challenge - trying to protect their email systems from a relentless barrage of spam, denial-of-service and other inbound attacks, losing sensitive data through accidental leakage, and maintaining regulatory compliance.
Tumbleweed MailGate provides a suite of comprehensive, high-performance email security solutions that simply and effectively protect you from the full spectrum of email security threats and risks. Through MailGate you can:
Implement effective email security.
MailGate secures inbound and outbound email traffic, and stops virus outbreaks, spam, botnet attacks, image-spam, worms, directory harvest, and denial-of-service attacks. MailGate ensures that email traffic and message contents flow reliably and securely.
Accidental data leak prevention.
With the most comprehensive suite of email security, content filtering that prevents accidental data leakage, and intelligent routing capabilities, MailGate simplifies compliance with industry and government regulations such as HIPAA, GLBA, Sarbanes-Oxley, CA-1386, as well as with your organization’s internal security and privacy policies.
Protect private information.
MailGate’s industry-leading email encryption technology not only blocks malicious traffic, but provides secure communication as well. MailGate delivers automatic gateway-to-gateway strong encryption for any remote domain through policy-basedTLS encryption. Also, with Secure Messenger, messages can be routed based on message content or the identity of senders and receivers through many encryption options, including remote certificate error checking and validation, S/MIME and PGP protocols, and patented secure Web-based delivery.
Reduce infrastructure and management costs. MailGate eliminates costly threats, such as spam, directory harvest and denial-of-service attacks, which all too often force organizations to buy too much infrastructure for the very traffic they don’t want. MailGate can reduce your raw email load by more than 80 percent, dramatically cut infrastructure overhead and administrative costs, and improve network throughput.
Centralized control for inbound and outbound email security
Inbound and outbound email security are interrelated and require common management, threat protection, content protection, and reporting. Unlike other products that rely on third-party solutions for encryption and antispam technology, Tumbleweed delivers best-of-breed, integrated email security solutions that are powerful, comprehensive, and easy to manage.
MailGate: Comprehensive email security built on a high-performance, highly secure Linux platform that installs in minutes and can process close to two million messages an hour. Flexible and easy to manage, MailGate provides intelligent network-edge defenses, antispam, antivirus, zero-hour virus outbreak protection, accidental data leakage protection through content filtering, policy management, gateway-to-gateway encryption, automated reporting, and a state-of-the-art, centralized management console.
Secure Messenger: A policy-based, secure message delivery product that dynamically applies user-defined email encryption and routing policies. Includes the industry's widest range of email encryption options including TLS, S-MIME, PGP, and patented Web-based message delivery.
Desktop Messenger: A secure, practical, and easy-to-use solution for sending encrypted email from the desktop to any recipient. Unlike other products that are difficult to manage, or require pre-installation for recipients, Desktop Messenger eliminates the hassle of PKI, and allows delivery to any new or external recipient via Secure Messenger.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-web-application-controllers.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP.
Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses.
Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare
LendingTree's Poor Security Practices are the cause for Data Breach - April 23, 2008
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing Orlando, FL - based LendingTree is warning customers that their personal data may have been compromised by its former employees who used their passwords to pilfer the data from the company's systems.
In an email to customers, LendingTree said the former employees helped some mortgage lenders gain access to its customer database by sharing their confidential passwords. The data was used by those lenders to market their own mortgage loans.
The lenders accessed LendingTree's loan request forms between October 2006 and early 2008. The breached data includes names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information.
LendingTree said customer loan request forms are normally available only to LendingTree-approved lenders, to market loans to those customers.
In the email to customers, the company said it has no evidence that any identity theft or consumer fraud has resulted from the breach. I'd be surprise to hear if LendingTree even made an effort to valid this statement, said one LendingTree client.
"When we learned of this situation, we quickly contacted the authorities, and LendingTree is helping with their investigation," LendingTree said. "We promptly made several system security changes. We also brought lawsuits against those involved." What LendingTree should of been doing is keeping the horse in the barn with harden security rather then after the horse is down the road, meaning we are investigation, come on.
Security experts and analysts said the breach is likely the result of a breakdown in policy and the company's user provisioning system. The system is used to grant access rights to systems and applications when employees change roles within an organization.
Companies should conduct an identity audit process every three to six months to discover passwords still available to terminated employees, said Brian McCarthy President of Sencilo Solutions and long time security expert. If LendingTree conducted the audit, the breach probably could have been prevented, McCarthy said.
"It's important to have a user provisioning system that will disable employee access when they leave the company," Cser said.
Companies in the financial services industry are furthest along deploying provisioning systems, but the trend is gaining ground in other industries, Cser said. Adoption is being driven primarily for compliance and the need to reduce IT cycle times.
"We're seeing transition from implementing Web access management systems towards user account provisioning," he said. "We predict the biggest gains will come from user account provisioning systems and their adoption."
Insiders are involved in about half of all data breach cases, but many firms are so focused on hardening the perimeter that insider threats are neglected, said Brian Cleary, vice president of marketing at access management vendor, Juniper Networks.
"This is a case of really poor policy automation and a fundamental lack of good access governance which now has exposed LendingTree to a potential liability," Cleary said.
Many firms discover during an access review a number of orphaned accounts existing within the organization that provide access privileges but don't map back to a particular user, Cleary said. Access review in an organization typically falls on the CISO, but other parts of the company are involved, Cleary said. Business units are in a good position to certify an employee has the right privileges and the company's audit and compliance team understand the policies and set them to the right business rules to create a set of controls.
LendingTree advised customers to obtain and monitor their credit reports and referred them to a LendingTree credit protection page on its website. LendingTree also set up a breach faq outlining the situation to customers.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/mainservices.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
University of Miami given Failing Grades for Data Security - April 20, 2008
The Universities of Miami and Virginia acknowledge lost data on stolen tapes and laptops
The University of Miami and the University of Virginia are the two latest organizations to be rocked by data breaches after the theft of sensitive data affecting tens of thousands of people.
Miami Florida - Details of the University of Miami’s security snafu are starting to emerge after officials confirmed yesterday the theft of backup tapes containing medical data and Social Security numbers on some 47,000 people.
In a statement released Thursday, the university explained that the theft occurred when a case of tapes was stolen from a vehicle in downtown Coral Gables. The vehicle had been contracted by a “private off-site storage company," though officials but did not reveal the identity of the firm involved.
Anyone who has been a patient of a University of Miami physician or visited one of the university’s medical facilities since Jan. 1, 1999, is likely to be included on the tapes, according to officials.
Information contained on the stolen media includes names, addresses, Social Security numbers, health information, and, in some cases, credit card and financial data.
”We felt that in the best interest of the physician-patient relationship, we should be transparent in this matter,” said Pascal Goldschmidt, dean of the University of Miami’s Miller School of Medicine, in a statement, adding that he is confident that patients’ data is safe.
The tapes were written in a “complex and proprietary format," making it unlikely that a thief could access the data, according to the university. When the theft occurred last month, officials also brought in security specialist Terremark to work out whether data could be accessed from a similar set of backup tapes.
”Because of the highly proprietary compression and encoding used in writing the tapes, we were unable to extract any usable data,” said Christopher Day, senior VP of Terremark’s Secure Information Services group, in a statement.
At least one Security Consultant Brian McCarthy of Sencilo Solutions disagrees, "Mr. Day is flat at not telling the truth, the backup software is a free download via Symantec, as for the hardware I'd suggest he visit E-Bay to place a bid for a LTO tape reader". What Mr. Day should of been doing is recommending encryption technologies to his client, rather then filling them with false promises of security, states McCarthy. The only way to guarantee that the data is protected is to use encryption, say Mr. McCarthy.
Law enforcement agencies are currently investigating the theft, although Miami is not the only university dealing with the consequences of stolen data.
The University of Virginia also hit the headlines this week following the theft of a laptop from one of its employees. The laptop contained information on more than 7,000 staff, students, and faculty, according to media reports.
Local Charlottesville newspaper The Daily Progress reports that the laptop, which contained a file with names and Social Security numbers, was stolen from an undisclosed location in Albemarle County.
This is not the first time that the University of Virginia has been struck by a data breach.
Last year a hacker broke into the university’s network and accessed the records of 5,735 faculty members, prompting the school to call in the FBI to work on the case alongside the university police and its IT workers.
The University of Virginia did not respond to Byte and Switch’s requests for comment on the stolen laptop, although the local Albemarle County Police Department is said to be investigating the theft.
Research released today by analyst firm AMI Partners reveals the staggering scale of data breaches experienced by U.S. firms, with up to 86 percent of medium-sized American businesses reporting some form of security breach or data loss in the last 12 months.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
And the winner is........ - April 19, 2008
Leading Network Security Publication Honors Barracuda Spam Firewall and Barracuda IM Firewall at Annual Awards Gala
Jacksonville Florida – Barracuda Networks, Inc., the worldwide leader in email and Web security appliances, today announced that its Barracuda IM Firewall and Barracuda Spam Firewall were recognized by SC Magazine at the exclusive SC Magazine Awards Gala, held last week in conjunction with the annual RSA Conference. The Barracuda IM Firewall was selected for the Reader’s Trust Award for “Best IM Security Solution,” and the Barracuda Spam Firewall was awarded the 2008 SC Magazine Excellence Award for “Best SME Security Solution.”
As part of the Reader’s Trust Awards competition, SC Magazine readers representing IT’s most knowledgeable security professionals selected the Barracuda IM Firewall from among the industries’ finest solutions.
“We are truly honored to have been selected for these prestigious awards,” said Dean Drako, president and CEO of Barracuda Networks. “Knowing that the Barracuda IM Firewall was voted on by the readers of SC Magazine, is especially gratifying because we believe that many of those readers are also our customers, and we appreciate their continued support.”
Barracuda Networks and other 2008 SC Magazine Excellence Award winners were marked for distinction by a panel of 17 leading chief security officers from major corporations and large public sector organizations. The Barracuda Spam Firewall was selected for its excellence in protecting both small and medium enterprises.
“The Barracuda Spam Firewall was designed to be easy-to-use, powerful and affordable for businesses of all sizes,” said Drako. “To be recognized by this distinguished panel of security experts as the best overall SME security solution is an incredible honor for us.”
“In awarding the 2008 SC Magazine “Best SME Security Solution” Award, our judges have recognized Barracuda Networks as a key ally in their mission to safeguard businesses, customers and critical data in North America,” said SC Magazine Editor Illena Armstrong.
The awards highlight and showcase the best solutions, services and professionals while recognizing achievement and technical excellence in the information security industry. With more than 600 entries submitted in thirty categories, the 2008 SC Magazine Awards proved to be the most competitive in the program’s eleven year history.
The Barracuda Web Filter was also listed as a finalist for the Reader’s Trust Award for “Best Web Filtering Solution.” More information and a detailed list of categories and winners can be found at www.scmagazineus.com/awards.
About SC Magazine
SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Magazine Awards, SC Directory, SC Magazine Newswire and SC Magazine IT Security Executives Forums.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing
New Secure Access Appliances Offer Best-In-Class Performance, Scalability and Redundancy; Enabling High-Performance Businesses to Maximize Remote Access - April 12, 2008
Fort Lauderdale Florida -- Juniper Networks, Inc. (NASDAQ: JNPR), the leader in high-performance networking, today announced the next generation of its industry leading Secure Access (SA) SSL VPN platforms–the SA 2500, 4500 and 6500 appliances. The new Secure Access appliances provide enterprises and service providers with best-in-class performance, scalability and redundancy to ensure fast, reliable and secure remote access to applications and services for even the most complex and demanding secure environments.
Today's high-performance businesses are required to provide anytime, anywhere access to mission-critical applications in order to maintain business productivity and ensure operational continuity. IT organizations are under continuous pressure to provision uninterrupted instant access across an increasingly distributed environment securely and cost-effectively. Juniper's next generation of Secure Access SSL VPN appliances enable high-performance businesses to deliver anytime, anywhere access of corporate resources and applications to their remote and mobile employees, customers, and partners. They offer investment protection by providing a single platform to handle remote access to web applications, terminal services, client/server applications, and for the rising use of mobile devices. They also dynamically grant access to various types of traffic depending on each user's role and as a result, deliver tremendous flexibility and granularity.
"Providing reliable anytime, anywhere secure access to our remote users is critical to our success," said Mark Starry, manager of IT infrastructure and security at Concord Hospital. "Juniper's feature-rich, scalable Secure Access SSL VPN appliances will enable us to address our remote access needs with confidence as our business evolves and grows. We consider Juniper Networks to be a strategic vendor to meet our business goals."
Greater Real-World Performance and Ease of Ordering Experience
Unlike other vendors, Juniper has a proven track record in delivering the most innovative and extensive feature set on its SSL VPN platforms, as measured by real-world performance testing. The SA 6500 features one of the industry's most advanced high availability and flexibility options for the most complex and demanding secure enterprise and service provider environments. Based on real-world testing, the SA 6500 delivers double the capacity of the previous Secure Access generation with support for up to 30,000 concurrent users on a single four-unit cluster. The Secure Access platforms also support a wide array of mobile devices and cross-platform support, including devices running Microsoft Windows, Apple Mac OS and Linux.
Juniper has also taken steps to ease the ordering experience for customers and partners. Juniper is reducing the number of licensing SKUs associated with these new models to simplify ordering and configuring Secure Access appliances. Juniper has achieved this by integrating certain licenses that previously were optional into the baseline license. With this more efficient licensing scheme, a customer or partner will need to order less SKUs to configure a Secure Access appliance and as a result, spend less time during the ordering phase.
The scalable security platforms use SSL, the universal security protocol found in all standard Web browsers. SSL effectively eliminated the historic requirement for client-software deployments, doing away with changes to internal servers and costly ongoing client maintenance and desktop support. The SA 2500, 4500 and 6500 provide extensive end-to-end layered security and include endpoint client, device, data and server layered security controls. These advanced features provide interoperability with diverse endpoint security solutions from third-party vendors that conform to the Trusted Network Connect (TNC) standard.
"Juniper remains the industry's preferred choice for secure remote access in high-performance networks because we continue to deliver new advances in enterprise-wide access control that align with the evolving requirements of our enterprises and service provider customers," said Sanjay Beri, vice president, Access Solutions, Juniper Networks. "Our next generation of Secure Access SSL VPN appliances offers unmatched levels of flexibility and scalability that enable organizations to lower costs and maximize business productivity and continuity."
The Juniper Networks Secure Access appliances, which have earned numerous industry accolades in the SSL VPN market since its first products shipped in 2001, represent the market's leading SSL VPN product line. Enterprises and service providers worldwide have selected the Juniper Networks SSL VPN to help them increase efficiency and productivity. Juniper Networks also continues to be the only SSL VPN provider to have completed the most, independent security audits–supporting its goal to deliver secure networking solutions. The SSL VPN appliances have passed rigorous security audits by Information Security Partners, LLC (iSEC Partners) and Cybertrust®, Inc.
Pricing and Availability
The Juniper Networks SA 2500, 4500 and 6500 appliances are available today through Juniper Networks and its global network of reseller partners. The list price for the new appliances start at US $4,995 with 10 concurrent users for the SA 2500, US $16,895 with 50 concurrent users for the SA 4500, and US $43,995 with 100 concurrent users for the SA 6500.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint
EMC leading the way in disk-based security with new encryption capabilities - April 12, 2008
Hialeah, Florida -- EMC Corp., a provider of information infrastructure solutions, announced Tuesday new data encryption capabilities for storage-devices that protects information at rest from unauthorized access or the unauthorized removal of a disk drive or array from a secured environment.
The new EMC PowerPath Encryption with RSA integrates EMC PowerPath path management software with encryption and key management technology from RSA, the security division of EMC. Now, customers deploying EMC Symmetrix and EMC CLARiiON storage systems can benefit from a consistent security strategy and deployment in and around the data center and across the IT stack with central management and automation of encryption keys.
With this integration, EMC continues to execute and deliver another proof point of its commitment in providing information-centric security in the infrastructure. PowerPath Encryption with RSA is part of a series of announcements made this week at the RSA Conference.
Leveraging EMC PowerPath software, with more than 600,000 licenses deployed, EMC PowerPath Encryption with RSA encrypts and decrypts data at the host, as it is sent to and from the array. The solution protects against unauthorized access or inadvertent loss of un-protected information via malicious attacks and spoofing of Fibre Channel hosts, and makes information inaccessible in the event of physical theft of media from the data center.
The new encryption solution uses RSA Key Manager for the Datacenter, an easy- to-use, centrally administered encryption key management system that can manage encryption keys at the database, file server, and storage layers. It is designed to simplify the deployment and ongoing use of encryption throughout the enterprise, and helps ensure that information is properly secured and fully accessible when needed at any point in its information lifecycle.
"Improving the level of information protection using encryption helps companies comply with internal, private and government standards, including the Payment Card Industry Data Security Standard (PCI DSS), an applicable compliance standards," says Brian McCarthy President of Sencilo Solution in Orlando Florida, and Enterprise partner for EMC. The PCI DSS applies to every organization that processes credit or debit card information, including merchants and third-party service providers that store, process or transmit credit card/debit card data. As of the end of last year, any organization that accepts payment card transactions must be in compliance with the standard and PowerPath Encryption with RSA can form a foundation for meeting that standard.
Heidi Biggar, Analyst, Enterprise Strategy Group (ESG), said, "Recent ESG studies indicate that securing data independent of where it resides or how it's stored is a critical customer requirement. While important for organizations of all sizes, EMC PowerPath Encryption with RSA can yield immediate security benefits for those heavily regulated industries, such as public sector, financial services, retail and healthcare, by making sure data is inaccessible in the event of loss or theft. With this announcement, EMC delivers another solid proof point in how storage and security can work hand in hand."
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: DR BC Replication De-Dup iSCSI SAN NAS VMware Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM
Network Firewall Award Goes to Juniper - April 6, 2008
St. Petersburg Florida -- In-depth, high-performing network security products remain crucial to combat the ever-evolving threats to information technology coming in from branch offices and VPNs alike. Firewalls are a definite part of this defense and are often the heart of an overall secure enterprise network. vs. Secure Computing, Cisco, Barracuda
On top of protecting against denial of service (DoS) attacks, viruses, worms and Trojans (and combinations thereof), a good firewall cannot compromise the network's functions. Even a very powerful firewall will do little if network latency becomes unbearable or slows down business processes. Gartner Magic Quadrant winner
In today's network security landscape, network management, high bandwidth, and advanced applications (such as unified communications) all factor into the security product decision-making process. Modern networks need security products with ease of management and flexible controls on top of superior intrusion prevention and unified threat management (UTM) capabilities.
One product that fulfills these requirements is the Integrated Security Gateways (ISG) series from Juniper Networks. For the second year in a row, the ISG series has earned a gold medal in SearchNetworking.com's Product Leadership Awards.
Juniper has successfully created an all-in-one multi-gigabit firewall, VPN, and intrusion detection/prevention system that network administrators can manage easily. The fourth-generation, ASIC-based firewall uses GigaScreen3 to map programmable, high-speed microprocessors that support new protocols through software updates. According to Juniper, "No other security solution has the ability to accelerate security processing through software updates."
Product Leadership survey results found that more than 97% of respondents rated the series' ability to block intrusions, attacks and unauthorized network traffic good or excellent. No user said that the firewall protection was less than fair. The application-layer, protocol and HTTP controls received a combined good and excellent rating of 93%, while its ease of management and maintenance was rated good or excellent by 84% of respondents.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint
The Best Web Application Accelerator unit is the Juniper Networks DX - April 6, 2008
Transparent acceleration, protection, and encryption make this pricey load balancer worth the money
Jacksonville Florida -- The days of the proprietary client are waning fast, as more and more enterprise applications become Web-enabled or entirely Web-based. Critical applications from e-mail to CRM to custom internal apps are all running on either internal or external Web sites, and they need both quick response times and fault tolerance. vs. Cisco. That's where load balancers come in. Adding redundancy and scalability to Web applications, load balancers create a cluster of Web servers, over which they distribute incoming requests, sending new requests to the server with the least load at any given moment. If a Web server goes offline, the other servers in the cluster take up the slack. Geographic load balancers create clusters at different physical locations so that applications will still be available even if an entire datacenter loses connectivity. vs Barracuda or Websense Citrix
The Juniper DX3680 goes well beyond the relatively simple task of creating clusters of Web servers – it can accelerate Web applications with several methods, including by compressing the HTTP sent between the Web server and the client, caching static parts of the Web page, and offloading SSL processing from the Web server. It will also optimize the network traffic so that the viewing of a Web page, which might normally take 100 back-and-forth messages between the Web server and client, can be accomplished with only a few messages.
In addition, the DX3680 shields applications running on Web servers from Internet-based attacks, preventing hackers from issuing unauthorized commands or taking advantage of known bugs in the Web server software, and it can handle user authentication via RADIUS or LDAP. Look for us in the Gartner Magic Quadrant
Cluster call
Juniper Bucking the trend of cramming load balancers with switches and as many as 20 Ethernet ports, Juniper decks out the DX3680 with a total of 4 ports, which should be enough in most cases – one in and one out is all a load balancer really needs. Initial setup of the system is straightforward, via serial terminal, though it’d be nice to see a default IP address allowing for initial configuration via browser.
Once the basic networking information is set, you can begin creating virtual clusters, as well as rules for how each cluster will be used. There are three types of clusters: a basic cluster, a forwarder, or a redirector.
A basic cluster defaults to high security and allows only basic HTTP functions – anything more has to be explicitly allowed through a rule. The DX3680 has predefined rules for a number of standard Web applications, including Microsoft Outlook Web Access (OWA) and SharePoint, PeopleSoft, and IBM/Lotus Domino. Most of the rules have to be applied at the command line rather than through the Web GUI. If you want to create your own rules, there are examples to work with, but it's not a simple process – be prepared to test and debug your new rules. This is equally true with similar load balancer products, such as F5’s application rules.
For non-HTTP traffic, a forwarder simply passes all traffic to the server cluster without processing it or accelerating the outgoing traffic. A redirector takes traffic addressed to a given address and sends it to a different one, without processing it at all.
A basic load balancing cluster can be set up quickly and easily. Adding functions such as encryption, server application protection, "sticky" sessions for e-commerce or other stateful transactions, and acceleration of Web traffic will make the cluster as complex as you like.
Balancing acts
To test this system, I set up a standard Web site and simulated lots of clients accessing the site. The DX3680 should be able to handle large amounts of traffic without problems; in my testing, I had to use artificially small requests to generate any load on the system, but with normal requests, the system can handle more users than the network connection will support. (As for the DX3680's basic stats, it handles up to 256 HTTP proxy clusters; 1,024 server load balancing clusters; 64 servers per application cluster; 7,300 SSL transactions per second; 80,000 concurrent SSL connections; and 1.1 million concurrent SLB connections.)
Characterizing acceleration is more difficult – the amount of noticeable acceleration a user sees will vary greatly, depending on the type of application, how many users are on the system, which browser the user has, and many other factors. I tested response times for several types of Web transactions, including OWA, the serving of static pages, and a basic Java application, and found that applications were 30 to 400 percent faster than without the load balancer in place. One process that is simplified is converting a Web site from HTTP to HTTPS. Instead of rewriting all of the code on the site, the DX3680 handles the conversion automatically, and it takes care of the SSL processing, too.
The standard ruleset available when the DX3680 box is initially configured is called the Nitro.apprule. This set of rules protects against common attacks, causes clients to cache images, enables active acceleration of Web pages, and more. It's a simple starting point for getting acceleration working without having to do any programming.
The DX3680 can offload quite a bit of processing to reduce the load on the Web servers. In addition to SSL processing, it will cache images and other static content – even JavaScript so that requests from browsers are served by the DX3680 rather than by the Web servers in the cluster. This is intended to reduce loads on the servers, but it may increase performance for end-users as well.
Logging and reporting functionality is broad and deep, covering all aspects of cluster operations, and offers up as much detail as you want. The system provides detailed logs for all the clusters it serves (it pushes them to a central log server), including real-time performance logging for every user connection, if desired. The reporting tools provide a wealth of information, and I found them well organized and easy to follow.
Additional features include quality of service, which can be specified separately for each cluster, and ActiveN clustering that makes adding more DX systems a simple process. vs Radware
Pricey, but worth it
The Juniper DX3680 is not a system that someone would buy for simple load balancing. With a price as tested of $70,485 and a base price of $49,995, there are many less expensive load balancers out there that will create clusters of Web servers.
However, the system's sophisticated rules engine and acceleration features, as well as its ability to provide authentication, to protect Web servers and application servers, and to transparently add SSL encryption to a Web site without redoing code, will not be found on inexpensive load balancers. The DX3680 should allow even a small company to provide enterprise-class Web applications without a big investment in recoding.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/network-application-acceleration.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint
