Category: Product

“Tenable’s advanced analytics have allowed us to extend SecurityCenter as both a solution for security assessments and one for data center maintenance and operations. We are looking forward to the ‘security apps’ in 4.7,” said Russell Butturini, Senior Enterprise Security Architect at Healthways, a global disease management and well-being provider and ranked #8 on Information Week 500.

These analytics are directly accessible from within the SecurityCenter console and offer extensive visibility for multiple teams – network, security, operations, and compliance. The apps dramatically cut time and resources required to identify and respond to vulnerabilities, advanced threats, and compliance violations without the need to write complex scripts or rely on 3rd party tools.

Extended mobile device coverage to track mobile device types, users, and vulnerabilities through active, passive scanning and MDM integration.

“Tenable’s mandate is to protect its clients 24/7, so we realize that our solutions’ capabilities need to be as dynamic as the current threat landscape,” said Ron Gula, CEO of Tenable. “We provide customers with the only real-time vulnerability management platform with built-in scan, log, and network analysis technology to assess IT infrastructure risk. With this release, we’re making SecurityCenter even more strategic for our customers by providing direct access to the latest security and compliance intelligence as identified by our world class researchers.”

Link: http://www.darkreading.com/applications/tenable-launches-security-app-store-for/240160641?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29

“Typically batch in nature, big data analytics allows an organization to organize and analyze vast amounts of structured and unstructured information to facilitate the detection of rogue employees, partners or criminal or collusive rings of fraudulent or abusive activity,” Avivah Litan, an analyst at IT research firm Gartner, said in a statement. “Adversaries only need to get it right once to invoke serious damage on an organization’s private data, ability to provide critical service or corporate reputation,” Haiyan Song, vice president and general manager of ArcSight, Enterprise Security Products for HP, said in a statement. “With solutions designed to enhance threat detection through improved security analytics for big data, HP enables customers to quickly identify potential attackers and take action proactively to minimize business impact and prevent disruption to critical client services.”

With the launch of IdentityView 2.5, HP has expanded the number of users that a single instance can monitor by 10 times, an enhancement designed to help organizations correlate security incident and event data across an expansive user base to reduce insider threat risk.

“With a mission to provide superior health care, it is critical that we prevent system disruptions that might impact patient safety or quality of care,” Keith Duemling, information security officer at Lake Health, said in a statement. “By automating threat detection across our network, HP ArcSight allowed us to move to a much more proactive approach to information security and improve our ability to detect risks that might affect overall system performance by a factor of 10.”

Link: http://www.eweek.com/small-business/hp-updates-arcsight-portfolio-with-security-analytics/

Exposing those back-end systems is complicated, and companies can face a risk of hacking if the systems are misconfigured or do not have up-to-date patches.

Sanjay Poonen, head of SAP’s mobile division, said at the Sapphire Now conference in May that the company has more than 1,000 people working on mobile-related projects in areas such as retail, banking and consumer package goods.

Last year, SAP reported more than €222 million (US$293 million) in license revenue from its mobile-related business, a revenue stream that didn’t exist two and half years prior, Poonen said.

Nunez said companies faces risks if, for example, a CRM (customer relationship management) system is incorrectly configured for access by mobile devices, opening a door for hackers using attack tools for Web services.

X1’s mobile security module looks at what functions and processes are exposed in the back-end systems and not on the mobile application itself, Nunez said.

Link: http://m.itworld.com/security/365487/security-company-release-testing-tool-sap-mobile-access

GreenSQL offers a free version of its database security system from its website, with clients receiving the masking, performance management and auditing functions as part of its full service, Maman notes.

The company’s unified database security system was developed, initially, as an open-source project to protect open-source MySQL databases in 2006, with the first release in 2007 of the basic database security solution, he says. In less than three years time, the program was downloaded more than 100 000 times and Maman then founded the company with partners in 2009, which developed the GreenSQL database security system – built anew based on the team’s knowledge of database security in the open-source community.

“The system provides complete compliance with regulations, such as the public company accounting reform Sarbanes-Oxley Act, the administrative simplification standard Health Insurance Portability and Accountability Act and the Payment Card Industry Data Security Standard,” concludes Maman.

* Unified database security software parses the protocols and the syntax of connections into a database to analyse the patterns of activity to monitor and manage access to sensitive information.

* Database Activity Monitoring enables management to see exactly when and which sensitive records their external consultants have been exposed to and what actions they took.

Link: http://www.engineeringnews.co.za/article/protocol-and-syntax-parsing-into-database-provides-security-performance-and-access-management-2013-06-07

Instead of focusing only on the needs of the individual user or offering a complex solution for the enterprise, it provides a password management system which allows small businesses the ability to share passwords securely across a team. The bootstrapped, Baltimore-based startup was co-founded this October by Andrew Stroup, a…

CommonKey has launched as an extension for the Chrome web browser, but the plan is to soon bring it to Firefox, Safari then to iOS and Android as a mobile app. It works a lot like any other password manager available today, except that in its case, a business owner can create an organization and groups within that organization (e.g., PR, marketing, development, sales, etc.) in order to securely share common passwords among the team.

Users establish their own CommonKey accounts, which they can also use for one-click logins to personal services like Facebook, Twitter, email or anything else that’s not work-related. In fact, the service works just fine if you wanted to use it as an individual, and will also soon include a feature that automatically generates strong passwords for you, too.

During its beta period, CommonKey’s service is free, but the plan is to eventually charge companies based on number of employees with access to shared accounts.

Link: http://techcrunch.com/2013/05/24/commonkey-brings-password-management-to-small-teams/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29