Barracuda Web Filter Wins "Best of Connections 2007" Award From Windows IT Pro in Windows Category - January 20, 2008

The worldwide leader in email and Web security appliances, announced today that the Barracuda Web Filter has been named the "Best of Connections 2007 Awards" winner. Penton Media's Windows IT Pro judges declared the Barracuda Web Filter the best in the Windows category.

The judges reviewed more than 60 IT products and services submissions and chose 18 finalists to be evaluated at the Connections Conference in Las Vegas. Interviews were conducted during the event with winners announced on Nov. 7 on the exhibit floor of the Connections Conference.

"This is the first year of this awards program and were thrilled by the high quality of the entries we received," said Karen Forster, group editorial and strategic director." While we had many worthy products, the winners clearly demonstrated their products' strategic importance to the market, their competitive advantages and the value they provide to customers."

The "Best of Connections 2007" awards recognize companies that offer innovative products in the following categories: Exchange, Mobile, .NET, Office, SharePoint, SQL Server and Windows.

"We are honored to have the Barracuda Web Filter recognized as an innovative Windows product at the Connections show," said Dean Drako, president and CEO of Barracuda Networks. "This distinction highlights our success at addressing the growing need with network administrators for affordable content filtering and powerful anti-spyware protection at the gateway level."  "Sencilo Solutions has recently signed up as a Diamond Level Partner", say Brian McCarthy, President and CEO of Sencilo, and Storage and Security Solution Provider based in Orlando Florida. 

About the Barracuda Web Filter
Available in six models, the Barracuda Web Filter combines preventative, reactive and proactive measures to form a complete content filtering and anti-spyware solution for businesses of all sizes. The Barracuda Web Filter is designed to enforce acceptable Internet usage policies by blocking access to objectionable content and unauthorized Internet applications. At the same time, the Barracuda Web Filter's award-winning feature set enables the Barracuda Web Filter to block spyware downloads, prevent viruses, and stop access to spyware Web sites. Unlike the widely available desktop software solutions, the Barracuda Web Filter is easily installed and does not require the additional time, money or resources necessary for downloading and maintaining software on each individual PC. Hourly Energize Updates are made automatically by Barracuda Central so that the Barracuda Web Filter can block the ever-changing virus and spyware variants, as well as maintain the most up-to-date database of the latest productivity-inhibiting Web sites.

About Barracuda Networks, Inc.
Established in 2002, Barracuda Networks, Inc. is the worldwide leader in email and Web security appliances. Barracuda Networks also provides world-class IM protection, application server load balancing and message archiving appliances. More than 50,000 companies, including Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, NASA and Europcar, are protecting their networks with Barracuda Networks solutions. Barracuda Networks' success is due to its ability to deliver easy to use, comprehensive solutions that solve the most serious issues facing customer networks without unnecessary add-ons, maintenance, lengthy installations or per user license fees. Barracuda Networks is privately held with its headquarters in Campbell, Calif. Barracuda Networks has offices in eight international locations and distributors in more than 80 countries worldwide.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint

Missing Iron Mountain backup tapes prompts identity theft fears for J.C. Penny customers - January 18, 2008

GE Money, the firm hired by J.C. Penny to run its credit card operations, announced Thursday that it is missing backup tapes containing the personal information of about 650,000 J.C. Penny shoppers.

The personal information contains about 150,000 Social Security numbers. GE said the tape was discovered missing last October by a worker at a warehouse run by Boston-based data-protection and storage company, Iron Mountain Inc.

It is unclear if the data was encrypted. "When stolen data is encrypted, companies are quick to point it out as a way to ensure customers that their identities are safe," say Security Consultant Brian McCarthy for Sencilo Solutions. GE Money spokesman Richard C. Jones said the company was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

"As is standard practice in our industry, we rarely know the nature of the information stored on the media we transport, nor the level of encryption or security our customers use," said Iron Mountain spokesman, Dan O'Neill in an email exchange. "We understand the tape was created in such a manner that unauthorized access to the data is extremely unlikely and difficult, even for its with specialized knowledge and technology."  Un-true says, McCarthy, 30 day demo backup software is available from most vendors as a free download, and the tape drives are common place via E-Bay", Iron Mountain again is trying to cover its tracks".  The only true and compliance way it to encrypt the tapes using encryption appliances or up-grade to the latest LTO-4 tape drives that have built-in encryption." 

It's the second time in recent months that Iron Mountain lost customer data. In October, Iron Mountain said it lost a decade's worth of bank account data and Social Security numbers for almost all Louisiana college applicants and their parents. The company was moving the backup tapes containing the information. A driver reportedly lost a case full of backup data for every Louisiana application for federal student aid from 1998 through Sept. 13, 2007.

Greg Schulz, an industry analyst with the Stillwater Minn.-based StorageIO Group downplayed the J.C Penny incident saying that it would be too labor intensive for a cybercriminal to steal the data off any missing tapes. 

"A penny theft criminal is not going to target an individual tape," Schulz said.

If the tape was targeted, a sophisticated cybercriminal would need to know the type of tape it is and have a specific device to read the data. Once cracked, the hacker would need to determine how the data was formatted. The work would be labor and financially intensive and therefore not a viable way for a cybercriminal to make money stealing identities, he said.

"Tapes have been lost and misplaced and have never left the building and the reality is that there are probably fewer tapes being lost today than there have been in the past," Schulz said. "Whether they're putting data on a tape or CDs or removable hard drives, the chance of that data getting lost is there."

"To bolster security in the wake of many high profile data breaches, some companies are encrypting data on backup tapes. Some firms are also using radio frequency identification and global positioning to track and maintain a handle on backup data", McCarthy of Sencilo Solutions said.

IBM has introduced encrypting tape drives and most back up software can encrypt but it still has to be turned on, said Eric Maiwald, an analyst at Midvale, Utah-based Burton Group.The potential for losing data because of a failed key management system must also be taken into account, Maiwald said.

"Encryption mechanisms that use appropriate algorithms with appropriate key lengths are effectively impossible to break. However, we have seen poor implementations that are breakable (such as WEP),"  McCarthy said.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-area-network.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell

 

Destorying Data. How to reduce business risks in an era of ever-increasing regulatory demands. - January 12, 2008

Sencilo Solutions and it's partner PeakData, LLC of Niwot, CO., which developed an innovative set of services, centered on data eradication, to attack a new category of financial and competitive risks head-on.

There was a time, not so long ago, when the primary data-management goal of IT organizations was to preserve data from various forms of loss - from issues related to such things as mechanical (hard) failure, software failure and natural disasters. But the world has changed. A new and multiplying batch of government regulations is keeping both CIOs and CFOs awake at night, according to CarrieAnne Curtis, Media Services general manager and data-security expert at PeakData. Now, enterprises are struggling to find fool-proof ways to get rid of their once-precious data.

Do you know where your data is?
The cost of the new regulations More than 30 new state and pending federal regulations are designed to protect individuals from the loss of their personal information maintained in organizations' IT systems. The net effect of these kinds of security-breach regulations, according to PeakData's Curtis, is that: An organization must maintain total control of personal data it owns or licenses - at all times

If the organization loses track of this data for just minutes, or even seconds, applicable regulations demand that the organization notify, in writing, every individual whose information might possibly have been exposed
According to Curtis, the cost of this type of notification process can run as high as $125 to $175 per person. One well-publicized security-breach case cost the organization involved more than $10 million. Clearly, much is at stake in this new regulatory environment. But what to do?

To destroy or not to destroy?
"Ever more sensitive to complex compliance obligations," Michael Klatman, vice president of Marketing at PeakData, says, "many organizations have gone to extremes to protect data from falling into the wrong hands. In many cases, these extremes include the physical destruction of failed or retired disk drives: an approach that has negative economic as well as environmental consequences." The risks associated with these new regulations are real. But is it really necessary to destroy retired or broken disks in order to avoid falling afoul of some 4,000 laws on data retenion laws such as Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, the USA PATRIOT, the California Security Breach Notification Law, PCI Security Standards Council ("PCI SSC"), 21 CFR Part II and many others.

While it eliminates business risk, physically destroying disks also destroys the residual economic value of those disks. And that can cost as much as $1,000 per disk. By contrast, the logical destruction of data through the process of disk eradication permits the enterprise to recover that economic value from their disk subsystem vendor: a strategy that pays for the eradication process many times over.

Destroying data...
Any organization that is destroying (or locking away) retired disk drives, according to Klatman, ought to consider using PeakData's disk-eradication services - whereby PeakData comes onsite and, using its own proprietary system and methodology, logically (rather than physically) removes the data - and certifies, according to the Department of Defense 5220.22-M standard1, that data cannot be recovered from the disk drives in question. Special technologies and methods are required to implement this standard because typical storage firmware and software are not designed to be able to purge all traces of data in this manner.

During the disk-eradication process, the customer's disks never leave the data center, according to PeakData's Curtis, and legacy storage subsystems do not need to be powered up, saving precious energy. Instead, PeakData technicians remove disks from their enclosures and place them in the company's unique Data Eradicator system chassis. The Data Eradicator then performs the minimum required three passes of binary rewrites (over each sector and bit) according to the DoD 5220.22-M standard.

...And proving it
Once the rewrites are complete, the unit automatically generates a customizable XML/PDF certificate for each disk, showing the (embedded) serial number of the disk, the number of passes made, the time and date of the operation, and the names of the technicians and witnesses present. In this way, PeakData can guarantee to its customers that the DoD 5220.22-M disk-eradication standard has been met - and that all of the old data has been purged.

Each Data Eradicator unit can process up to 36 disks at a time - and as many 10 units can be implemented simultaneously: which means that the systems can process 360 disks, or almost 15 terabytes, at once. And the unit is highly secure, according to Curtis, having no writable media of its own; instead, the Data Eradicator's specialized operating system and logic are contained solely on read-only CD/DVDs. The eradication system works with SCSI, FATA, mainframe or open-systems disks.  Or go to http://www.sencilo.com/services-eradication.php 

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage and security solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland and Cape Canaveral

Offerings Projects: Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc Pure Disk NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX4 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar DLD3 1500 D3 Storwiz storage compression data Ocarina Networks A-SIS compare Sepaton infopro BlueArc OnStor Microsoft Unified Storage data protection

Barracuda Networks Protects Salesforce.com Users Against Latest Phishing Malware Attack - January 9, 2008

Barracuda Spam Firewall Blocks Email Containing Malware that Collects Usernames and Passwords

Barracuda Networks, Inc., a leading provider of network security appliances, today announced that its Barracuda Spam Firewall has implemented specific countermeasures to block the phishing malware attacks targeted at salesforce.com users. These attacks were outlined in a broadcast email yesterday to all salesforce.com users advising them of the latest malware threat.

The attack on the Salesforce.com user base is a variant of known attacks that attempt to lure users into installing malware that can collect passwords to online systems, including banks, credit cards, shopping Web sites, and even salesforce.com itself.

“What makes this form of the attack unique is its social engineering,” said Stephen Pao, vice president of product management for Barracuda Networks. “The email masquerades itself as part of the Salesforce Identity Confirmation feature, which ironically was intended to enhance legitimate salesforce.com security measures against the latest wave of phishing attacks. Because of its clever design, unsuspecting salesforce.com users may inadvertently install the malware.

“While existing defense layers targeting malware in the Barracuda Spam Firewall have been effectively blocking these attacks, Barracuda Central today added another layer of defense specifically targeting this social engineering,” added Pao.

Barracuda Central, an advanced technology center at Barracuda Networks, consisting of highly trained engineers who continuously monitor and block the latest Internet threats, responded to the salesforce.com announcement by quickly adding additional levels of protection in the event that the attack starts using new malware variants. The additional levels of protection involve rules that actually block the social engineering around the Salesforce Identity Confirmation feature in addition to the malware.

“Just as Barracuda Networks was the first major appliance vendor to target the attacks against Adobe Reader users in 2007, we are proud to be the first to specifically target the attacks against salesforce.com users in 2008,” said Pao. “The tactical response of Barracuda Central combined with the Barracuda Spam Firewall's 12 defense layers allows us to continue to supply the best spam protection at the best value in the industry.”

About the Barracuda Spam Firewall
The Barracuda Spam Firewall is available in seven models and supports up to 30,000 active users with no per user licensing fees. Its architecture leverages 12 defense layers: denial of service and security protection, rate control, IP analysis, sender authentication, recipient verification, virus protection, policy (user-specified rules), Fingerprint Analysis, Intent Analysis, Image Analysis, Bayesian Analysis, and a Spam Rules Scoring engine. In addition, the entire Barracuda Spam Firewall line features simultaneous inbound and outbound email filtering with the inclusion of sophisticated outbound email filtering techniques, such as rate controls, domain restrictions, user authentication (SASL), keyword and attachment blocking, dual layer virus blocking, and remote user support for outbound email filtering. The Barracuda Spam Firewall’s layered approach minimizes the processing of each email, which yields the performance required to process millions of messages per day.  Or read more in Gartner, Inc.'s Magic Quadrant

About Barracuda Networks Inc.
Barracuda Networks Inc. is the worldwide leader in email and Web security appliances. Barracuda Networks also provides world-class IM protection, application server load balancing and message archiving appliances. More than 50,000 companies, including Coca-Cola, FedEx, Harvard University, IBM, L'Oreal, NASA and Europcar, are protecting their networks with Barracuda Networks solutions. Barracuda Networks' success is due to its ability to deliver easy to use, comprehensive solutions that solve the most serious issues facing customer networks without unnecessary add-ons, maintenance, lengthy installations or per user license fees. Barracuda Networks is privately held with its headquarters in Campbell, Calif. Barracuda Networks has offices in eight international locations and distributors in more than 80 countries worldwide.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint enVision Data Loss Prevention Encryption and Key Management

ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS. - January 7, 2008

The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/.... There's no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is where the real phishing expertise comes in.But a potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined.

The alternative root server is a strange concept to most people, says Brian McCarthy President of Sencilo Solutions. The root servers are the DNS servers that control the root of the DNS. They control the top of the hierarchy or the bottom (root) of the tree, depending on the metaphor you want to use. So eWEEK controls the eweek.com domain; VeriSign controls the .com domain; and the root, the level above .com and also known as "." is controlled by the IANA (the Internet Assigned Numbers Authority).

This Wikipedia article includes a list of alternative roots that exist and the non-standard zones they include. For instance, the home page for OpenNIC is http://opennic.glue/. You might be wondering at that ".glue" top-level domain, and if you click on it you'll get an error. That's because OpenNIC is an alternative root with a completely different name space. Your DNS, probably derivative of your ISP's DNS, doesn't point into the OpenNIC name space. Organizations like OpenNIC sometimes exist in order to escape the control of ICANN. Free to put up any TLD they wish, they have .geek for example.

But OpenNIC does exist on the public Internet; it's not a private network. If your DNS is set up for it, it's possible to see these as well as the real Internet. In fact, UnifiedRoot goes this extra mile, by setting up your systems to see the public DNS as well as their own, on which they sell new TLDs to whoever wants them.

These groups don't worry me. Who's going to use them anyway? I get worried when I see whole countries, like Russia, trying to set up separate roots. In the case of Russia, the government wants more control over the Cyrillic portion of the Internet. They can never have real control as long as the root zone is in the hands of the IANA. Call me a western hegemonist, but I just don't trust the Russian government with a root zone.

Compounding the Russian issue is the ongoing development of IDNs (Internationalized Domain Names), which are domain names that support non-Latin character sets, including the Cyrillic used in Russia. Work on this has been in standards bodies coordinated by ICANN for years and some are in use. Work on Internationalized TLDs is also underway, and here's where the phishing angle becomes really clear. .ru the Russian TLD, translates in Cyrillic to .py, the TLD for Paraguay. It's not hard to see a Cyrillic phishing domain in the Paraguayan .py being used to fool Russian users.

This specific example isn't the real point. I have a general concern about these expansions of the DNS in ways that seem destined to provide massive new opportunities for abuse. The limitations of freedom for the people of Russia and China, which is also interested in both developments. Internationalized domain names are not inherently objectionable, of course, and it would be great if they could be made to work securely. Unfortunately, I see most of the news being about new browser exploits and scams.  It's companies like Infoblox that keep things running.  Read more about this in the 2H2007 Gartner, Inc.'s Magic Quadrant.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.phpAbout Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint