Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• June 2011
• May 2011
• April 2011
• March 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Security News

TJX to face security audits for the next 20 years for losing data - March 28, 2008

 

Tampa Florida -- TJX Cos Inc. will implement tighter security and allow its data to be audited to settle charges that its poor security led to the massive data security breach, the U.S. Federal Trade Commission said on Thursday.

Under a settlement agreement reached with the FTC, the discount retailer agreed to open its records to an audit. Specifically, TJX must obtain audits by independent third-party security professionals every other year for 20 years, the FTC said.

TJX also agreed to establish and maintain a comprehensive security program. The FTC said the program must protect the personal information it collects from or about consumers. The FTC is requiring the retailer to conduct a risk assessment to identify holes that could put consumer data at risk and then design and implement policies and security technologies to mitigate the risks.  Had TJX had the right Firewalls from companies like Juniper or Barracuda Networks maybe thing would be a whole lot different.

The agreement also addresses TJX's process of selecting service providers to handle credit card transactions. The company must take steps in selecting a service provider and in handling consumer information it receives from business partnerswhich should of included encryption.

"By now, the message should be clear: companies that collect sensitive consumer information have a responsibility to keep it secure," said FTC Chairman Deborah Platt Majoras. "These cases bring to 20 the number of complaints in which the FTC has charged companies with security deficiencies in protecting sensitive consumer information. Information security is a priority for the FTC, as it should be for every business in America."

Scott Crawford, an analyst with Boulder, Colo.-based Enterprise Management Associates, called the settlement significant for the FTC, which is trying to send the message that it is ensuring enforcement of data security on businesses. 

"The impact on individual consumers is what is at stake here and the FTC wants to make sure that TJX is not just paying a penalty but it is required to practice some standard of appropriate security," Crawford said.
The FTC does not have the ability to impose fines, but the agency has reached settlements before. In January, 2006, the FTC reached a settlement with ChoicePoint, which agreed to pay $10 million in civil penalties and $5 million in consumer redress to settle charges that its security and record-handling procedures violated consumers' privacy rights and federal laws.

A full, independent security audit monitored by the FTC would be a costly process, Crawford said. While enterprises won't be able to plug all holes, the FTC is trying to send the signal that organizations should be proactive on security of consumer data.

"The idea that you could hermetically seal an organization from outside threats is unrealistic," he said.

At last year's RSA conference, Majoras said the FTC would be aggressive in taking action against firms that fail to protect consumer data. She said the FTC has taken action against companies for a variety of issues from failing to protect against SQL injection attacks to low-tech attacks such as dumpster diving.

TJX, which operates over 2,500 stores worldwide used legacy Wi-Fi security. A report issued by Canadian privacy officials said the retailer should have moved faster to upgrade its Wi-Fi security from WEP encryption to WPA encryption. Hackers tapped into TJX's servers using the weaker Wi-Fi encryption, pilfering millions of credit and debit cards over an 18-month period by in what experts say was the biggest data breach in history.

Several banking associations reached an agreement with TJX in December, to be reimbursed for the costs associated with canceling and reissuing credit cards.

Since the breach, TJX has been steadily improving its security safeguards. In a prepared statement following the settlement, Daniel J. Forte, president, of the Massachusetts Bankers Association praised TJX for the steps it took to improve security following the breach.

"TJX maybe the first, but they will not be the last".  "The message is lock it down or pay the price", states Brian McCarthy CEO and Security Consultant for Sencilo Solutions of Orlando Florida. 

"We are pleased to see the steps undertaken by TJX to improve the protection of cardholder data. Those steps have resulted in TJX having recently been certified as fully PCI DSS compliant by an independent PCI-approved assessor," Forte said.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

---

FUJIFILM Launches World's First Datatape Tracker with SC-Integrity's LoJack InTransit(TM) Monitoring Network - March 28, 2008

Orlando Florida (BUSINESS WIRE)--FUJIFILM Recording Media today announced the immediate availability of the Fujifilm Tape Tracker™, a first-of-its-kind wireless tool to help data managers increase security of data by tracking in real-time the location and status of sensitive removable media cartridges while in transit.

Fujifilm is partnering with SC-Integrity (SCI), the world's most comprehensive covert cargo monitoring, recovery and loss prevention service to provide real-time monitoring and notification for the Tape Tracker using the Fujifind™ interactive web application. Based in Bothell, Wash., SCI entered into an agreement in 2006 with the LoJack Corporation to add the power of the LoJack® brand to SCI’s well-known theft prevention, investigation, tracking and recovery solution for the global cargo security market. Fujifind is based on SCI’s powerful LoJack InTransit™ software platform and provides simple management of multiple Tape Trackers.

“The tremendous feedback we received from customers when we introduced this concept last year made clear – there is a significant desire to maintain visibility and control over removable media during shipment from one location to another,” said Daniel Greenberg, New Product Manager, Marketing, Fujifilm Recording Media. “The ability of tape to store large quantities of data in a cost effective, energy efficient, removable format make it a preferred medium to backup and archive critical business data. The Tape Tracker gives power back to the data managers to maintain a chain of custody for these assets as they move between data center backup, vault or disaster recovery destinations.”

This is no doubt a service required with what appears to be daily lost tapes reported in the media, usually starting off with "Iron Mountain again lost a batch of tapes off a truck today". 

Unique Product, Established Network

The Fujifilm Tape Tracker (patents pending) is designed within a half-inch tape cartridge format, enabling it to fit snugly and discreetly inside nearly any tape media case. The Fujifind application uses the information, tracking, geo-fencing and notification capability of the LoJack InTransit monitoring solution that currently provide corporations and government the ability to track and monitor high value cargo, audit driver activities, and conduct surveillance operations to ensure that their valuable assets are protected, worldwide.

LoJack InTransit uses the largest Law Enforcement Protocol and Dispatch Network in the cargo security business and the SCI Communications Command Center can dispatch appropriate authorities direct to the data tape location to ensure recovery, facilitate resolutions and prevent future losses.

“Data assets are well-protected in the data center and within a vault or duplicate operations center – but there has been no way to maintain continual chain of custody in real time. Now, with Tape Tracker combined with the LoJack InTransit, there is an effective solution,” said Robert Furtado, CEO, SC-Integrity. “If left unmonitored, back up, disaster recovery and archive data assets can become the Achilles heel to any business or an industry – particularly if the data is sensitive.”

Key features of the Fujifilm Tape Tracker system include:

• Discreet tracking cartridges that resemble other tape media in transit


• Fujifind web application for geo-mapping location with satellite imagery and online mapping created and supported directly by SCI


• Geo fencing capability, perimeter entry/exit notifications, in transit route discrepancy alerts


• Evidentiary reporting for continuous incident resolution and security protocol improvements


• User-defined activity and chain of custody history reports


• 24/7 expert staffed monitoring center, service and support

The Fujifilm Tape Tracker will be available through Fujifilm resellers in the United States at an MSRP of $150 per month.

About FUJIFILM

FUJIFILM Recording Media is the US-based manufacturing, marketing and sales operations of professional broadcast video and data tape recording media for FUJIFILM Corporation. Based on a history of thin-film engineering and magnetic particle science such as Fujifilm NANOCUBIC technology, Fujifilm creates breakthrough products for partners and end users.

Fujifilm is a leader in supplying the IT industry with advanced storage media including LTO Ultrium and enterprise-class data tape featuring the lowest cost per GB for mass storage applications while requiring very low power. Fujifilm provides broadcast and data center customers and industry partners with a wide range of unique data center accessories, value-added services and programs.

About Supply Chain Integrity (SCI)

Based near Seattle, Washington, SCI is committed to providing its community of members with the industry’s most comprehensive covert cargo theft detection, recovery, loss prevention and shared intelligence analysis service. At the core of SCI’s services is the federally-sanctioned Supply Chain Information Sharing and Analysis Center (ISAC), a secure and trusted information-sharing community for members to share incident information and actionable intelligence needed to protect the supply chain infrastructure. SCI services also include LoJack InTransit™, the world’s most comprehensive covert cargo monitoring, recovery and loss prevention service, and SC Investigate™, a powerful investigative sharing and management system with global intelligence-sharing capability.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

---

Juniper unveils Security Threat Response Manager (STRM) solution - March 27, 2008

Miami Florida - Juniper Networks Inc., a provider of networking solutions, announced Monday the availability of the Juniper Networks Security Threat Response Manager (STRM) solution. The comprehensive STRM solution provides IT administrators with a centralized, scalable and effective way to efficiently and effectively log and manage the evolving threat landscape and adhere to compliance mandates.

With the continuous pressure to increase network visibility, respond to threats and measure effectiveness and security posture in their network, businesses need a cost effective, comprehensive solution to manage the evolving threat landscape and help sustain regulatory compliance. The Juniper Networks STRM solution advances the fundamentals and economics of networking by simplifying security operations, monitoring and securing enterprise networks from external and internal threats.

Juniper offers network infrastructure that creates an environment for accelerating the deployment of services and applications over a single network, which helps to fuel high-performance businesses vs Cisco MARS. 

"In today's market there are too many segmented network and security management products that don't enable businesses to extract all of the value from their current infrastructure," said Andrew Mapp, CTO and noted Security Expert at Sencilo Solutions, a Juniper Networks J-Partner. "Juniper's STRM provides enhanced network security efficiency through the delivery of a single network security management solution that enables customers to maximize the efficiency of their network and better secure their business-critical assets."  Look for this product to be part of Gartner's Magic Quadrent in the security space. 

"High-performance businesses require an easy-to-deploy and easy-to-manage solution that converges security and network operations to deliver real-time surveillance and detection of today's more complex IT-based threats," said Oliver Tavakoli, vice president of Network Management, Juniper Networks. "Juniper's STRM solution intelligently monitors and secures multi-vendor networks by providing a comprehensive security and compliance "safety net" from external and internal threats."

The Juniper Networks STRM solution offers customers compliance management, log management and threat management to monitor and secure their network. The STRM solution delivers embedded intelligence to detect complex insider abuse and external threats with integrated behavior analysis. With unparalleled real-time surveillance, IT administrators have the advanced visibility to easily and quickly detect existing and emerging threats and pinpoint application policy violations.

The STRM solution helps prevent network and security event overload by collecting, archiving and searching events and logs from networked devices to provide integrated management of network and application flow data. The STRM solution also delivers the accountability, transparency and measurability that are critical to the success of any IT security program tasked with meeting regulatory mandates.

The Juniper Networks STRM500 and the STRM2500 are currently available. The Juniper Networks STRM5000 is scheduled to be available in the second half of this year. The list price for the STRM500 starts at US $15,000 and the list price for the STRM2500 starts at US $37,000.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-threat-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

---

Lockdown Networks closes it's doors on NAC market - March 20, 2008

This was a Train wrack waiting to happen security analysts are not surprised by the sudden demise of Lockdown Networks, given the shaky state of the Network Access Control (NAC) market. But questions abound for those who use Lockdown technology in their IT environments. The biggest question is where customers will get support for the products they've installed now that the vendor has imploded. 

A Lockdown spokesperson said in an email Thursday that the vendor is contacting customers and partners directly to provide more information. Certain employees have been retained to oversee the shutdown of the company and entertain offers to Lockdown's intellectual property.  Having not been listed in the Magic Quadrant like a Junipter Networks. 

"The company will try to sell some of its assets (technology), and is fortunate enough to be able to give its employees several weeks of severance and a few months of health benefits to help them find their next job," the spokesperson said. "They are smart, talented people who worked very hard and Lockdown is glad to be able to do that for them. The bottom line is that the NAC market is still developing; Lockdown made a go, and in the end, it wasn't enough."

"I'd be very worried about support for the products," said Andrew Mapp, vice president and service director of security and risk management strategies in Orlando Florida, with Sencilo Solutions. "I have not seen any announcement about who might pick up the technology or who might continue the support but if the company just dies, the products will be in limbo."

This is the latest in a series of events indicating trouble for the NAC market. In January, for example, Vernier Networks quietly re-launched itself under a new name, Autonomic Networks, and approach. The company hasn't revealed many details about its new direction, but has noted that it will move away from its heavy NAC focus.

Analysts have suggested the NAC market grew too crowded and that smaller companies would either follow Vernier's lead or go away because far fewer enterprises are adopting the technology than vendors had initially expected or hoped.

Most enterprises seem to have dismissed NAC as too complicated and expensive for their environment, and as 451 Group Senior Analyst Paul Roberts has noted, IT professionals have found ways to bolster access control using the technology they already have instead of investing in new NAC products.  We would suggest to anyone looking at a NAC product to look no further then Juniper Networks. 
Roberts said Thursday that Lockdown's demise surprised him since he asked the company point-blank in January if they were looking for additional funding and they said no. The vendor also touted some big enterprise wins at the time, including T-Mobile and Chevron.

"Frankly, something precipitous happened and I'm not sure what," he said in an email exchange. "I'm not sure what their story is on product support, but when this kind of thing happens, obviously, it effects other startups and tends to lend credence to the 'go with a name you can trust' argument that larger vendors make all the time in NAC and other areas as well."

Maiwald believes the whole NAC market category was artificial to begin with. NAC is really a control or set of controls and not really a product or a product category, he said, adding that there are different approaches to controlling who and what comes on to the network.

"I'm not surprised that we are seeing some of the smaller NAC vendors disappearing or trying to reinvent themselves," Maiwald said. "NAC is a control or a system. NAC is not a simple product. A control over who is on your network requires quite a few moving parts and that does not even begin to deal with the relationship of network and security groups within an enterprise."  Or see Juniper Network's white paper on NAC - http://www.juniper.net/solutions/literature/white_papers/nac_deployment_opus_one.pdf

Roger Herbst, senior IT technical specialist for the Canton, Ohio-based Timken Company, said his company is not currently doing anything with NAC because it requires significant infrastructure plus lots of care and feeding.

"To some degree, I see NAC as very similar to PKI, and we all know how well those vendors did over the long haul," Herbst said. "How many years was it 'the year of PKI?' You better have a business case in hand when you ask for the funds to implement a NAC solution. Being a security guy, I want NAC to provide me with compliance checking and perhaps some quarantining. That can be done many ways, but most are highly dependent on what plumbing you have in place."

That said, he's not against doing something with NAC in the future. He has looked at some of the vendors and found one of the better products to be what Sygate offered a few years ago before they were acquired by Symantec Corp.

"The combination of their Enforcer inline devices and their SODA for non-managed systems was quite compelling," he said. "I was simply not able to get all of that deployed at the time. If we do move forward with some kind of NAC solution, I will probably start with Symantec (Sygate) unless there is a compelling reason to look elsewhere. I doubt we will be doing anything like the Cisco or Microsoft solution anytime soon."

For more information call (407) 265-6293 or visit us at www.sencilo.com

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

---

Juniper Networks Positioned in Leaders Quadrant of Leading Analyst Firm's Magic Quadrant for Network Intrusion Prevention Systems - March 14, 2008

SUNNYVALE, Calif., February 27, 2008 — Juniper Networks, Inc. (NASDAQ: JNPR), the leader in high-performance networking, today announced it has been positioned in the "Leaders" quadrant of Gartner's recently released report: Magic Quadrant for Network Intrusion Prevention System (IPS) Appliances, 1H08.1 A leading worldwide IT research and advisory firm, Gartner evaluated vendors according to a set of criteria focused on the company's ability to execute and completeness of vision in the IPS market.

According to Gartner, "The network IPS appliance market is composed of in-line devices that perform full-stream assembly and deep inspection of network traffic, providing detection using several methods, including signatures, protocol anomaly detection and behavioral or heuristics." In the report, Gartner states, "Leaders demonstrate balanced progress and effort in all execution and vision categories. Their actions raise the competitive bar for all products in the market, and they can change the course of the industry. To remain leaders, vendors must have demonstrated a track record of delivering successfully in enterprise IPS deployments and in winning competitive assessments. Leaders produce products that provide high signature quality and low latency, are innovating with or ahead of customers' challenges and have a range of models."

"We believe Juniper's placement in the Leaders quadrant for network IPS, following our recent placements in the Leaders quadrant in Gartner's Magic Quadrants for Enterprise Network Firewalls2, SSL VPN3 and WAN Optimization Controllers4, reflects our commitment to delivering best-in-class technologies that set new metrics in high-performance networking," said Mark Bauhaus, executive vice president and general manager of Service Layer Technologies at Juniper Networks. "Backed by Juniper Networks' security team offering market leading response to threats and vulnerabilities, our Intrusion Detection and Prevention (IDP) appliances consistently offer comprehensive security coverage against an increasingly evolving threat landscape. Additionally, with centralized management that manages all firewall, Unified Threat Management (UTM) and IDP appliances, our customers have even greater choice and control in quickly meeting their security requirements while improving operational efficiencies."

To view a copy of "Magic Quadrant for Network Intrusion Prevention System Appliances, 1H08," compliments of Juniper, go to: http://mediaproducts.gartner.com/reprints/juniper/vol3/article3/article3.html.

About the Magic Quadrant
The Gartner Magic Quadrants are copyrighted 2007 and 2008 by Gartner, Inc., and are reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Juniper Networks
Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.

1) Gartner, Inc., "Magic Quadrant for Network Intrusion Prevention System Appliances, 1H08" by Greg Young and John Pescatore, February 14, 2008

2) Gartner, Inc., "Magic Quadrant for Enterprise Network Firewalls, 2H07" by Greg Young and John Pescatore, September 13, 2007

3) Gartner, Inc., "Magic Quadrant for SSL VPN, North America, 3Q07" by John Girard, December 6, 2007

4) Gartner, Inc., "Magic Quadrant for WAN Optimization Controllers, 2007" by Andy Rolfe and Joe Skorupa, December 14, 2007

For more information call (407) 265-6293 or visit us at www.sencilo.com

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

---

MTV breach affects 5,000 employees - March 10, 2008

Employees at MTV Networks are watching their credit reports more closely after the company acknowledged that the personal information of 5,000 employees was stolen late last week. 

The attack took place via a laptop Internet connection, according to a report in The Wall Street Journal. Viacom Inc., which owns MTV Networks, did not release further details of the attack. 

In an email to employees, Viacom said employee names, Social Security numbers and dates of birth had been stolen. Viacom said in a statement that law enforcement had been contacted and a criminal investigation is ongoing.

Companies are under increased pressure to guard against data security breaches. Security expert Brian McCarthy President of Sencilo Solutions of Orlando Florida say "it takes a mixture of strict security policies, end-user education and security technologies to help thwart an attack."

"This is one of those classic problems where people are so confused and when it happens, they get frozen into inaction," said Prat Moghe, founder and chief technology officer of database security vendor, Tizor Systems Inc. Rather than going into areas where they're weak on protection, they end up spending more and more money in areas they're already protecting."

A study by the Elk Rapids, Mich.-based Ponemon Institute found that the total average cost of a data breach grew to $197 per compromised record.

Companies tend to spend money on expanded use of encryption technologies, according to Ponemon. They also invest in new data loss prevention and identity and access management products; and deploy new technology for endpoint security and perimeter control, and event management.

Once the dust settles after a breach, Moghe recommends looking internally at where sensitive data resides on the company systems and how it is accessed. That would help to find the channel of where the data was lost and in plugging those holes, Moghe said.

Companies should also take an inventory to determine the most valuable data and figure out the security protections that are most appropriate to protect the data, said Ted Julian, vice president of marketing at database security vendor, Application Security, Inc. Julian said he's seen many firms discover databases they didn't even know they had, usually as a result of a merger or acquisition. In some cases, the role of IT is decentralized and many business units are free to create databases or implement the latest technologies.

"Yesterday's teenage hackers have figured out that they could make money doing this stuff and that change in motivation has changed the nature of their attacks," said McCarthy. "They're no longer defacing a website to show they can compromise a server, so yesterday's defenses are becoming meaningless."

More than half of corporate endpoints assessed by antimalware vendor Barracuda Networks fail to be secured, said Mike Haro, a senior security consultant at Sophos Inc. In many cases client firewalls have been disabled and antivirus definitions are not up to date, Haro said.

"It's just that enterprises just don't have the right policies in place for managing policy and patch assessment and we see that network access control (NAC) is still not widely deployed," Haro said. "NAC as a solution is still perceived as a complex technology and people are still not exactly sure what issue would be solved with it."

Sencilo Solution has office throughtout Florida including Tampa, St. Petersburg, Miami, Jacksonville, Daytona Beach, and Orlando Florida.

---

Data loss prevention starting from the inside out - February 22, 2008

Lake Mary Florida The traditional business-centric view of computer security has focused on the external threat landscape, often overlooking internal vulnerabilities. Subsequently, recent studies from Gartner, Magic Quadrant and Vontu have revealed that a majority of corporate data loss, often termed data leakage, is caused unintentionally by an organization's own actions.

The potential legal liability and brand-reputation damage from corporate data loss has spurred growing demand for data leakage prevention (DLP) technologies. These technologies have largely focused on the need for automated data management. This "inside-out" security paradigm has resulted in corporations striving to achieve rapid data governance via products that emphasize outbound content compliance (OCC) policies, insider threat management, and extrusion prevention systems (EPS).

However, before considering a comprehensive enterprise data management product or platform, information security departments must understand their organizations' business workflow and how it relates to the protection of existing IT assets. This process should include investigating and targeting key aspects of the network infrastructure that may be a source of data loss. Here are some important issues to consider when identifying potential areas of data leakage:
"As the complexity of an IT infrastructure increases, so does the difficulty of knowing where all the data resides, how it's accessed and by whom", say Brian McCarthy President of Sencilo Solutions in Tampa Florida.

As the roles of data managers and storage managers blur, assigning the responsibility for creating a data ranking system becomes harder to define this is were turning to a Security Expert and Trusted advisor really is money well spent, says McCarthy. 

The business must strive to assess the criticality of corporate. Once content discovery of all data is completed, a classification scheme must be implemented to categorize data sensitivity. .

Those with access to the data are the ones usually responsible for its loss. Identify users with overly permissive access controls, including senior managers, who often request high privilege levels without possessing the proper training in data security.

While inbound email is analyzed to protect against internet threats, outbound email is often overlooked as a major source of data loss. The accidental loss of confidential and proprietary information from insider email is one of the largest areas of data loss. The risks associated from activities such as personal web based account use and inappropriate message auto forwarding, can have serious legal, financial and regulatory consequences. .

• Unauthorized use of Internet protocols and services -- such as IM, peer-to-peer file sharing, blogging, social networking sites and unauthorized uploading (FTP) of data to Web sites -- is a major contributor to data security incidents and should be controlled via a detailed policy.


• The use of contractors and outside consultants usually requires the creation of new user credentials. However, knowledge and accountability of these user accounts is essential, as they are often lost.


• Removable storage media, such as flash drives, optical media, external hard drives and personal media devices, create a portable medium for the loss of data.


• Mobile computing platforms (i.e. laptops, PDAs) allow data to be physically removed from the corporate environment where all monitoring and control is lost and where encryption is important. 

Strategic planning for prevention
Enterprise storage has evolved far beyond direct-attached storage (DAS), basic networked file shares and simple database storage. Today's company's like Sencilo Solutions will architect storage area networks (SANs) using iSCSI and Fibre Channel, tiered and hierarchical storage models like Compellent Technologies, virtual storage systems like Overland Storage, high-end storage arrays from HDS and clustered storage. Due to the wide variety of hardware and software and their numerous configurations, the remediation strategies for data leakage are ultimately company specific.

Nevertheless, the commonality of all DLP planning should involve consideration of the following:

• Implementing basic company-wide standards and procedures for all employee data usage and information ownership;


• Assessing and ranking corporate data based on the business risks associated with its loss or exposure;


• Ensuring detection and classification software uses effective identification algorithms with lexical examination of data content;


• Performing frequent inventory reviews of business critical data, ensuring proper safeguards are in place and making sure security protocols are up to date;


• Using an effective data security model that simplifies role based access control (RBAC) and granular control of individual users;


• Enforcing employee training of corporate email acceptable use policies. Consider messaging protection platforms for automated corporate compliance and policy management of outbound email;


• Ensuring that employees are aware of computer usage monitoring as a deterrent to attempts at policy circumvention;


• Administering frequent reviews of user-privilege levels to assess and confirm that the appropriate settings are configured for each user;


• Embedding access controls directly into sensitive data through use of digital rights management (DRM) technologies like Q1 Labs or Barracuda Networks;


• Maintaining data security when dealing with business partners through the use of federated identity management; and


• Generating routine audit and data-flow assessment reports to monitor data leakage threats using QRadar and track data locations with respect to time and user request.

Data loss prevention has become a relevant compliance issue and is critical in protecting confidential company data and preserving customer data privacy. Data growth rates today are such that it is a challenge to efficiently manage new and existing data. Corporate security policies that address data proliferation issues must also sustain data availability, business productivity, operational continuity and data restoration. Most importantly, to avoid end-user misperception that your DLP strategy is set of IT laws, thorough communication and education is essential in facilitating acceptance of the organization's DLP program as an important parallel business strategy.

Sencilo offers a comprehensive suite of Security products and services that help you assess, design, and execute your network and applications in the most secure and cost-effective way. From security audits and virtual private networks to enterprise firewall implementations.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-threat-management.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

---

Infoblox hooks into Windows DNS - February 15, 2008

Infoblox has launched an appliance designed to help manage DNS and DHCP addressing on Windows servers without swapping out existing systems

Infoblox IPAM WinConnect sits in the datacentre and talks to Windows DNS and DHCP servers via the network, providing IT managers with a common view into both environments as well as automation and administrative features. It would augment existing Windows IP address management tools, according to industry watchers, who say many customers depend on out-of-date and insufficient tools to manage IT addresses.

“Forgotten services like DHCP, DNS, and RADIUS are critical network services components that dictate availability. Yet most are woefully out of date, stagnating on non-enterprise-grade infrastructure, with few security mechanisms," wrote Robert Whiteley, a senior analyst at Forrester Research, in a recent report on IP address management.

Infoblox said its appliance adds more functionality to existing Microsoft DNS and DHCP server deployments. For instance, the product automatically catalogues devices on the network, eliminating the need for IT staff to maintain spreadsheets or other home-grown approaches to tracking IP data. It also gives IT staff a look at current and historic IT usage and lets managers delegate administrative jobs into roles, which is critical for compliance purposes, the company said.

"IT managers need detailed audit logs of who did what and when to every device. And a vast majority of organisations using Windows are tracking that with spreadsheets, which is very manual and error-prone," said Richard Kagan, Infoblox vice president of marketing. "The native tools offered with Microsoft aren't as rich as they need to be so this appliance is designed to help people keep managing DNS and DCHP with Microsoft and a little help from Infoblox."

Infoblox, which competes with the likes of BlueCat Networks, DNSstuff and Secure64, said the appliance uses standard Microsoft protocols, so no changes are needed on the Windows servers. Forrester's Whiteley said such appliances could be ideal for greenfield environments looking to get started with IP address, DNS, DHCP and RADIUS management.

"If you have a greenfield opportunity to build a utility-grade network, then start with an appliance-oriented vendor like Infoblox or BlueCat," Whiteley wrote.

Infoblox IPAM WinConnect is scheduled to be available in December. It runs on Infoblox-250, -550, -1050 and -1550 platforms. Pricing for the IPAM WinConnect on an Infoblox-250 platform starts at about $3,000.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-threat-management.php

About Sencilo Solutions

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

 

---

A Guide to Practical PCI Compliance - February 9, 2008

With all the doom and gloom about how difficult and costly PCI is supposed to be, the reality is that PCI compliance is attainable and sustainable, if you follow these tips.

Myriad merchants find themselves at the end of the PCI compliance barrel and are spending significant amounts of time, money and effort in achieving PCI compliance. Advice from companies that have been there can help smooth your path.

Organizational Maturity
"One of the biggest mistakes organizations make is jumping into their PCI remediation effort without first understanding their company's gaps. It's crucial to realize that every organization has a different maturity level when it comes to technology and compliance. Without first knowing what level you are at, taking a "one size fits all" approach to fixing PCI will spell disaster", states Brian McCarthy the President of Sencilo Solution a Orlando Florida based Security firm with offices in Tampa and Jacksonville.

"A pre-compliance assessment is imperative and enables you to understand what your PCI compliance effort will entail. The output is a document identifying gaps between your current state and what the PCI DSS (Data Security Standard) requirements necessitate", cites McCarthy.

Some of the items covered in our pre-compliance assessment will include:

• Review of IT infrastructure; PCI-relevant application architecture, policies, procedures and processes; overall network design


• Gap analysis


• Network vulnerability scanning


• Risk analysis


• Mapping business flows to technology flows

Sencilo provides assistance in determining your current state by providing a PCI Assessment Questionnaire (SAQ). The SAQ is divided into six sections focusing on a specific area of security. After completing the SAQ, we will have a good idea of which controls and tools are in are in place.

• Cross-Organizational Interaction


• PCI requires the whole organization to play nicely together; too many organizations have different IT groups that have developed their own fiefdoms and act in semi-autonomous states. PCI doesn't support such an approach—it requires different groups to collaborate whether they like it or not.


• Success with PCI is dependant on how the numerous groups work together and maintain reasonable expectations.


• How well this is executed has a direct impact on compliance. The best way to ensure understanding is to set effective ground rules at the beginning of the compliance effort.

Vendor Remediation Support
"One of the biggest mistakes organizations made is using older software and hardware that isn't PCI-compliant. Similar to preparing for Y2K, getting vendors to ensure their products comply with PCI can be a significant issue. How much of an issue depends on your importance to the vendor and the importance of PCI to the vendor, says McCarthy.  "We offer a full suite of PCI-compliant products and services, from companies like Barracuda Networks, Symantec and Q1 Labs. 

For more information please call us at (407) 265-6293 or visit us at www.sencilo.com

enVision Data Loss Prevention Encryption and Key Management RSA Barracuda Q1

---

Barracuda Networks Launches First Enterprise-Class Web Application Controller for SMB Market - February 9, 2008

Barracuda Application Gateway NC 500 AG Offers Robust Web site Application Protection at an Affordable Price

Campbell, Calif., Feb. 7, 2008 – Barracuda Networks, Inc., the worldwide leader in email and Web security appliances, today launched the Barracuda Application Gateway NC 500 AG, the first and only enterprise-class Web Application Controller available for small and medium businesses.  Ideal for SMBs on a tight IT budget, this is the first appliance to fully secure Web applications and ensure compliance with regulations, such as Payment Card Industry Data Security Standard (PCI DSS) for $10,000.

“We are essentially bringing plug-and-play PCI compliance to the mass market,” said Stephen Pao, vice president of product management for Barracuda Networks.  “Until now, most businesses in the SMB space were facing very expensive and time-consuming audits of their Web infrastructures in order to achieve PCI compliance.  Further, these audits would be required every time the organization makes a change to their Web applications, so it is very possible that such costs could very quickly overwhelm a business.

“With the Barracuda Application Gateway NC 500 AG small and medium businesses will no longer have to worry about the recurring costs of application source code audits and instead they can achieve PCI DSS compliance without breaking the budget,” added Pao.     

As the June 30, 2008 deadline mandating e-commerce businesses of all sizes be compliant with requirement 6.6 of PCI DSS quickly approaches, many SMB organizations have been left with no choice but to prepare for very expensive and very detailed custom application code reviews.  The Barracuda Application Gateway NC 500 AG now provides these organizations with a cost-effective and powerful solution that will protect and maintain their Web infrastructure as well as satisfy PCI DSS requirements.

Comprehensive Web site Protection
The Barracuda Application Gateway NC 500 AG brings the same award-winning protection from Web site threats, such as unauthorized access, data theft, denial of service or defacement, offered in the full Barracuda Web Application Controller line.  The Barracuda Application Gateway NC 500 AG secures against all common Web application threats including SQL injections, cross-site scripting attacks, session tampering and buffer overflows.  Operating as a full proxy the Barracuda Application Gateway NC 500 AG inspects both request and response traffic, providing the capabilities to not only block inbound attacks, but also to shield SMB business Web sites from hackers and to filter outbound traffic, preventing sensitive data leakage, such as Social Security and credit card numbers.  In addition the Barracuda Application Gateway NC 500 AG integrates traffic management capabilities including caching, compression and load balancing, enabling Web application security as well as an increase in performance and availability of the applications.  Incorporating these features into the Barracuda Application Gateway NC 500 AG eliminates the need for multiple devices on the network, which ultimately brings down the user’s total cost of ownership.

The Barracuda Application Gateway NC 500 AG is the first model to be added to the Barracuda Web Application Controller product line since Barracuda Networks completed the acquisition of NetContinuum, the leading provider of Web Application Firewalls, in September 2007. 

“One of our goals in acquiring NetContinuum was to deliver industry-leading capabilities to a set of customers who had previously been unable to deploy Web site security solutions,” said Pao.  “With the launch of the new Barracuda Application Gateway NC 500 AG we are combining Web application security, traffic management and SSL acceleration into an easy to use and affordable solution for protecting Web sites of all sizes.”

Pricing and Availability
The Barracuda Application Gateway NC 500 AG is currently available and priced at $10,000. International pricing varies by region. For more information, visit http://www.sencilo.com/security-web-application-controllers.php

About Barracuda Web Application Controllers
Barracuda Web Application Controllers, including both the Barracuda Web Application Firewall and Barracuda Application Gateway, protect Web sites from attackers leveraging protocol or application vulnerabilities to instigate unauthorized access, data theft, denial of service or defacement.  Designed to deliver comprehensive Web security, Barracuda Web Application Controllers act as a proxy for Web traffic to insulate Web servers from direct access by hackers, enforces data security standards, such as the Payment Card Industry Data Security Standard (PCI DSS), and secures Web sites against the top 10 major Web vulnerabilities compiled by Open Web Application Security Project (OWASP).  Available in two models, the Barracuda Web Application Firewall provides Web applications and Web services with complete protection against malicious attacks.  The Barracuda Application Gateway, also available in three models, enhances the powerful Barracuda Web Application Firewall to integrate traffic management capabilities for increased performance and availability. 

About Barracuda Networks Inc.
Barracuda Networks Inc. is the worldwide leader in email and Web security appliances.  Barracuda Networks also provides world-class IM protection, application server load balancing and message archiving appliances.  More than 50,000 companies, including Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, NASA and Europcar, are protecting their networks with Barracuda Networks’ solutions.  Barracuda Networks' success is due to its ability to deliver easy to use, comprehensive solutions that solve the most serious issues facing customer networks without unnecessary add-ons, maintenance, lengthy installations or per user license fees.  Barracuda Networks is privately held with its headquarters in Campbell, Calif.  Barracuda Networks has offices in eight international locations and distributors in more than 80 countries worldwide. 

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

---