Intoto Introduces Multi-Service Security Software

Posted on by admini

The new iGateway software integrates Secure Socket Layer-VPN, anti-virus (AV) and anti-spam (AS) functionality, to enhance its existing firewall, intrusion prevention and Web filtering solutions for improved secure access, threat management and productivity assurance.

Intoto’s new multi-service security software platforms allow OEMs to deliver integrated security appliances and converged business gateways, two of the most rapidly growing networking product segments. “OEMs are looking for more integrated security functionality in their next-generation designs,” said Doug Makishima, vice president of marketing at Intoto.

According to In-Stat, the integrated security appliance market is poised for explosive growth, reaching $3.3 billion by 2009, while the business gateway, a new integrated networking product type that serves the entire data, security, and voice communications needs of small businesses and branch offices, may capture a significant portion of the total SME equipment market forecasted to grow to $16B in 2008.

http://www.zdnetindia.com/news/pr/stories/121012.html

Read more

Wi-Fi-proof sheet gets UK government approval

Posted on by admini

The blast-proof film, called Spyguard, can be laminated or fitted inside windows to prevent remote eavesdroppers penetrating rooms with infrared or Wi-Fi signals to steal information or access private networks.

To stop Wi-Fi signals “leaking” from a room, the walls are also covered with a layer of paint that contains the same metals as the SpyGuard film. The film can even prevent hackers from stealing information from light flicker emitted from computer monitors and reflected on a window, claims GlassLock UK, a company that sells the film in the UK.

“The film is developed by the US National Security Agency,” said John Hall, managing director of GlassLock UK. “The only way you can get hold of it here is through us.” CESG (the Communications-Electronics Security Group), the information assurance arm of GCHQ, has backed the product, but the intelligence community is keeping an eye on who buys it. “We have to get permission to sell it,” said Hall. “We have to tell MI5 who we sell it to. It’s no problem unless they’re known terrorists.”

GlassLock is demonstrating the product at Infosecurity Europe 2005 in London.

http://news.zdnet.co.uk/communications/0,39020336,39196444,00.htm

Read more

Microsoft reveals hardware security plans

Posted on by admini

The software giant plans to deliver encryption features and integrity checks to insure that computers, such as notebooks, that are disconnected from a network are not affected by malicious programs.

Called Secure Startup, the feature will appear in Microsoft’s forthcoming version of its operating system, known as Longhorn, and represents a much smaller subset of the security features that the software giant had originally intended to build into the system software.

“We remain fully committed to the vision of creating new security technology for the Microsoft Windows platform that uses a unique hardware and software design to give users new kinds of security and privacy protections in an interconnected world,” Selena Wilson, director of product marketing for Microsoft’s Security Business and Technology Unit, said in statement.

While the technologies, once known as Palladium and now called the next-generation secure computing base (NGSCB), will help companies and consumers lock down their computers and networks, concerns remain that the hardware security measures could also be used to lock-in consumers to a single platform and restrict fair uses of content. Innovation could suffer if reverse engineers are locked out from tinkering with devices, said Dan Lockton, a graduate student at the University of Cambridge whose thesis focuses on the effects of technologies created for controlling information. The fear is that “we’re moving to a stage where the customer no longer has control over the product he or she has bought or the products (created) using that device,” Lockton said.

http://www.theregister.co.uk/2005/04/26/microsoft_hardware_security_plans/

Read more

$5.2 bln will be spent on Wi-Fi, $115 mln on WiMAX in 2005

Posted on by admini

Wi-Fi market will continue to grow as the number of hot spots proliferate, and the emerging WiMAX equipment market would also add to growth over the next few years.

TIA expects revenues from spending on Wi-Fi/WiMAX capital expenditures in the US to hit an estimated $22.3 bln in 2005, rising to $29.3 bln by 2008, a compound annual gain of 7.1%. Spending on support services for wireless infrastructure like professional services, depot repair and logistics increased by 13.6% in 2004, up from the 31.8% drop in 2003. Spending on Wi-Fi services in the US reached $21 mln in 2004 and the TIA expected this to increase to $45 mln in 2005 rising at 99.9% CAGR to us$335 mln by 2008. Spending on Wi-Fi equipment in the US in 2004 increased by 31.8% to $4.35 bln.

By 2008 the TIA expects spending on Wi-Fi infrastructure equipment to total $7 bln in 2008, a 12.6% compound annual increase. The TIA expects the number of Wi-Fi hotspots to rise from 32,800 this year to 64,200 in 2008, rising at 31.5% CAGR. The TIA said it expected spending on WiMAX infrastructure in the US to increase dramatically over the coming few years, growing 666.7% from $15 mln in 2004 to $115 mln in 2005, then rising further to $290 mln by 2008, growing at 109.7% CAGR.

http://blogs.zdnet.com/ITFacts/index.php?p=1079

Read more

What Price Security?

Posted on by admini

This article looks at new ways that businesses are making the ROI case for this critical investment.

It’s a conundrum that plagues businesses large and small as they strive to wring competitive advantage from every dollar they spend: Where is the quantifiable proof that X amount of spending will prevent Y amount of losses due to security breaches?

Traditional cost-benefit analysis hasn’t been much help here because costs and benefits need to be measured in the same terms. That’s easy with some straightforward revenue-enhancing investments, but not with security.

For many companies, the benefit of their security investment often boils down to so-called “soft” returns — such as the protection of their brand image by avoiding the negative publicity associated with being hacked.

Perhaps it’s not surprising that, in the absence of hard numbers, advocates for increased security spending sometimes find themselves falling back on fear, uncertainty and doubt — or FUD — to make their case.

In the past few years a body of research has grown that supports the — theory that it is possible to calculate a tangible return on security investment (or ROSI). Much of this research comes from the fields of risk assessment and risk management

It looks at such things as cost reduction related to risk mitigation and productivity gains associated with security investment.

Cost-benefit trade-offs Researchers at the University of Idaho assessed the cost-benefit trade-offs for a network intrusion detection system (IDS) they built. Their goal was to prove that it’s more cost-effective to deal with attacks using intrusion detection than through other means.

Their conclusion: An IDS that cost $40,000 and was 85 percent effective resulted in a ROSI of $45,000 on a network that was expected to lose $100,000 yearly as a result of intrusions.

Baseline comparisons In a third study, researchers erected a network infrastructure similar to that used by companies conducting transactions over the Internet. Performance metrics were taken to establish a baseline throughput rate. Security measures were then applied in steps, and new metrics were taken and compared with the baseline metrics.

Researchers found that applying appropriate security measures can create efficiency gains — that is, increased network throughput — of more than 3 percent.

As the above examples show, calculating a tangible ROSI is math- and labor-intensive.

Research is now available to help calculate the cost of security incidents to an organization company and the probability that a given incident will occur.

At the same time, the threat of cyber attacks continues to grow each day, including the emergence of two overarching threats to corporate computer security: the spread of fast-spreading, “blended” threats (i.e., malicious code), and insufficient funding allocated by managers for security initiatives.

http://www.itstrategycenter.com/itworld/Res/analytics/what_price_sec/index.html

Read more

The Defining Moment

Posted on by admini

Those aren’t convergence; they are merely dumb ideas. And like a lot of dumb ideas—rooted in an insufficient respect for reality—they provoke objections that miss the point, such as: “IT security is too complicated and important to entrust to those ‘guns and holsters’ guys.” Or “How can a technogeek possibly manage an executive protection strategy?” (For a list of five common convergence objections just begging to be overruled, go to www.csoonline.com/printlinks.)

It may be more revealing to think in terms of integrated or holistic security management. In fact, while physical and information security are the cornerstones of holistic security, they aren’t the whole ball of wax. Depending on which industry they serve, CSOs need visibility into fraud and loss-prevention efforts, investigations, process-control systems, business continuity, pieces of regulatory compliance, some aspects of the human resources function and audit.

But reworking the organizational chart isn’t really the end goal, according to Timothy Williams; it’s just one possible means of establishing the necessary accountability and processes that make security effective. Williams is the CSO at Nortel Networks, where he has been leading a centralized, multifaceted security program since 1990. “If you don’t trust the person you’re giving the group to, forget it; it will never work. It’s about how we manage risk and the processes between the domains,” he says.

A case of intellectual property theft doesn’t fit neatly into any of the domains of IT, corporate security or legal; it crosses all of these functions. To Williams, convergence is about “what we are doing to make sure we’re not creating or missing an interdependency between the various areas.” In some cases, the CSO (by whatever title he or she goes) has direct oversight of two or three branches of security, plus dotted-line reports to well-placed employees in other branches. Which lines are dotted and which are solid can depend on the circumstances and priorities of each company, and on the expertise of the CSO.

Steve Hunt, a CPP-toting former Forrester Research analyst, goes so far as to say the leadership role is best handled by a committee, an idea he says is gaining traction particularly in Europe. Hunt says he has seen it work, though it’s worth noting that leadership by committee generally has a checkered history in the corporate world.

Having noted that convergence isn’t accomplished by remaking reporting relationships, Williams circles back to reemphasize that convergence is not the same as “having lunch once in a while. Constellation Energy Group CIO Beth Perlman, who handed the reins of information security to ex-Marine John Petruzzi, sums it up: “If you don’t trust the person you’re giving the group to, forget it; it will never work.”

Another key leadership requirement, Williams adds, is the ability to articulate security and risk issues in the context of business activities and in the language of the corporate boardroom.

Today’s corporate security department is an evolution of what used to be referred to as physical security; over time, forward-thinking practitioners demonstrated the value of putting surveillance, fraud investigations, executive protection, and an assortment of other activities (each requiring different knowledge and skills) under a single umbrella.

http://www.csoonline.com/read/041505/intro_moment_3536.html

Read more