Archive for the ‘Security News’ Category

HomeSecurity News

Trend Micro Adds a New Twist on Security Education with the Release of Titanium Power Up

On December 27, 2010   /   Computer Security, Security News   /   Leave a comment

Video game lets consumers win prizes daily while highlighting Internet security concerns in a fun and unexpected way.

Trend Micro Incorporated, a global leader in Internet security, released Titanium Power Up, an online video game designed to challenge negative perceptions of Internet security with unexpected humor and personality.

Titanium Power Up is reminiscent of classic arcade games like Super Mario Bros and Pitfall. There are multiple levels within the game that players must complete, with each level set in a unique environment with fun characters and challenges. The game serves as a metaphor for the things people dislike about Internet security, such as slow speeds, annoying pop-ups and scary warnings; but instead of feeling intimidated and confused by such things, the game gives people the ability to overcome them.

The game also includes a sweepstakes component called the Titanium Power Up Giveaway. These instant prizes are awarded on a daily basis and there will be one Grand Prize awarded at the end of the sweepstakes, which ends on December 31, 2010. Players get one chance to win instantly each day; in addition, each day they play the game again gives them an extra entry into the grand prize drawing. Sweepstakes available to U.S. and U.K. residents only.

“Titanium Power Up is a fun way to engage with our customers on a relevant platform,” said Natalie Severino, director of Consumer Product Marketing at Trend Micro. “Our job at Trend Micro is to protect families and individuals from real-world threats so they don’t have to spend time thinking about them. This game will help raise awareness about everyday online risks and expose a younger demographic that might not otherwise taking the time understand some of the treats associated with the Internet.”

Players use their space bar and arrow keys to control a character with the objective being to avoid a variety of threats and obstacles, and defeat the “bad guy” at the end of each level. Points are earned in a variety of ways and a player’s final score can easily be shared with friends via Facebook and Twitter.

Prize Details
Instant Prizes (On a daily basis)

  • One-year subscription for Trend Micro Titanium Maximum Security Grand Prizes
  • Toshiba – Qosmio Laptop / 18.4” Display / 6GB Memory / 500GB Hard Drive
  • Bose® – Companion® 3 Series II Multimedia Speaker System (3-Piece)
  • 27” Widescreen Flat-Panel LCD Monitor
Read more
Back to Top

UK Government and IT security experts willing to change governance to benefit from the cloud

On December 22, 2010   /   Security News   /   Leave a comment

CSC today announced the results of a study that reveals a willingness within the government and IT community to be flexible around security governance, in order to benefit from cloud computing and shared services. Results show that users are open to sharing sensitive activities in the cloud, as long as the parties involved share similar characteristics and have the same cultural approach to security.

The report, titled ‘Shared Services: A perfect storm of opportunity,’ was developed by CSC with support from UK government body CESG (Communications-Electronics Security Group), the information assurance arm of GCHQ (Government Communications Headquarters). Respondents included 200 senior security and IT experts working across central and local government and their associated suppliers, who attended the Government’s Information Assurance flagship event, IA10 in September this year.

With security of utmost concern to UK government departments, the survey asked what the inhibitors are to achieving full cost savings and efficiencies from cloud computing. The research revealed that the main barrier to the adoption of cloud services are the different approaches to information security across potential users, and that confusion still exists about the cloud.

Enthusiasm to find the middle ground on governance was demonstrated by the majority of respondents (65 percent) being willing to share Security Operations Centre (SOC) services, as an interim measure to build trust between users. People also declared that a reduction in the number of audit events to be monitored – along with a revision to internal governance, risk and compliance policies and processes – were the two most important compromises when migrating to cloud services.

“Reaping the cost benefit of shared services is of paramount importance to local and central government but security policies and compliance regulation have made this a real challenge,” said Ron Knode, CSC’s director for Global Security Solutions. “The most startling discovery in the survey is that the public sector is more flexible and willing to look at alternative approaches to certain aspects of security, and develop stepping stones towards using shared services. Previously, nobody was willing to do this – departments had their rules and that was that. Now suddenly, people are indicating that ‘if you’re a lot like me,’ maybe they can come together with an altered set of governance processes and decision-making criteria to gain the benefits of the cloud.”

When asked what the most important aspects are when establishing shared services, the “cultural approach to Information Assurance (IA) and Information Risk Management” was respondents’ top answer. Desktop applications are the first choice for respondents when questioned about which service functions they were most comfortable in sharing. In addition, while the vast majority strongly agreed that the use of a public cloud would substantially increase risk to confidentiality, a majority also agreed that a shared private cloud (or community cloud) among users with similar security cultures would likely be an acceptable risk.

Confusion around what contributes to the development of cloud services was also evident with respondents. When asked what technologies and approaches used to develop cloud services were the most mature, the survey unveiled conflicting opinions with no clear outcome.

Survey presents three key recommendations:

“For progress to be made in cloud computing, departments need to focus on the paths of least resistance, such as creating a like-minded community sharing lower-risk services. By establishing a governance test-bed, users can examine and validate potential areas of flexibility of governance. Transparency also has to be included in every proposed cloud standard and advocates should resist the urge to develop too many clouds but rather explore progressive or layered clouds, which accommodate different user standards,” Knode added.

To help increase confidence in shared services and build momentum in cloud adoption within government, CESG and CSC have made three key recommendations following the survey:

Recommendations summary:

1. Common bond payoffs: The willingness to be flexible in governance presents an opportunity that should not be missed. Concentrate on affinity: If you can find a team outside your immediate organization whose security culture, maturity and general obligation to security governance is close to your own, then hunt for shared functions, business processes or applications. If they emerge, then that’s a great way of kicking-off a shared service model and capturing the shared service payoffs. Why not use a community cloud to share similar-risk services?

But don’t just set out to prove the technology; instead, establish a focused, cloud-based risk-governance test-bed (not just a general cloud pilot) and use it to test scenarios that examine and validate potential areas of flexibility in governance.

Finally, there’s evidence that industry may be prepared to go as far as the sharing of security officer services. Include this in the trial and – if it’s successful – momentum for more shared services will surely follow. You’ll need a champion, of course – someone to lead the sharing initiative. The right IT partner will be able to help.

2. Cloud usage barriers: New cloud standards are inevitable, whether developed by central government or by the industry itself. Either way, transparency must be a fundamental characteristic in any and every agreed standard.

For most public services, data anchoring in some form or another will be hugely important, so government departments need to be sure to include a mandate for geographic, platform and process anchoring of data and transactions. Transparency and accountability in the cloud are key, so get them specified in the standards where possible.

3. Compliance adjustment: The danger with ensuring every cloud-based process or service complies with a specific standard is that you end up with multiple clouds. It is far better to exploit the willingness to be flexible with governance in establishing, measuring and confirming compliance. Explore progressive (layered) cloud solutions that enable people to add their own degrees of compliance and certification when they need to. Fix the methodology, not the cloud.

Read more
Back to Top

Westcon Group expands global distribution strategy with ArcSight

On December 15, 2010   /   Computer Security, Security News   /   Leave a comment

Westcon Group, Inc., the market’s leading specialty distributor in data centre, networking, security, mobility, and convergence, today announced both new North American and expanded European distribution agreements with ArcSight, an HP company, and a leading global provider of cybersecurity and compliance solutions.

As part of the expanded relationship, Westcon will now distribute ArcSight products and solutions through its North American reseller base. In addition, Westcon Group European Operations Limited, a Westcon Group company, will deliver ArcSight products to 10 countries across Europe, adding to its existing distribution within France, Belgium, Luxembourg, Germany and Italy.

This announcement marks the first North American agreement between the two companies, powering Westcon reseller partners with the ArcSight Enterprise Threat and Risk Management (ETRM) platform. Additionally, the expanded agreement adds Norway, Ireland, Finland, Sweden and the United Kingdom to Westcon’s existing roster of countries across Europe.

“With the rapid proliferation of attacks from the outside and data breaches from the inside occurring daily on a global scale, it’s extremely important for companies to have a comprehensive IT security strategy in place,” said Dean Douglas, President and Chief Executive Officer, Westcon Group. “Tackling these threats head-on, ArcSight offers a comprehensive security and compliance= management platform. Based on our success in Europe, and to ensure we’re offering the richest portfolio of security products, the global expansion of the ArcSight relationship just makes sense.”

The ArcSight ETRM platform is a highly integrated product suite for collecting, analysing, and assessing security and risk information. The solution enables companies to easily safeguard their business by delivering complete visibility into all activity across the IT infrastructure, including: external threats such as malware and hackers; internal threats such as data breaches and fraud; risks from application flaws and configuration changes; and compliance pressures from failed audits.

“New cyberthreats and industry regulations are driving increased global demand for security and compliance solutions from a broader set of markets,” said Tom Reilly, CEO of ArcSight. “ArcSight is committed to delivering solutions that help enterprises and government agencies alike protect their IT infrastructures, and Westcon’s deep domain expertise will provide a strong value addition to our global channel program.”

Westcon Group’s Security business practice offers the necessary elements to secure today’s networks: management frameworks, hardware devices, identity services, and software functionality. The portfolio offers best-in-class security products, services, and solutions designed to interoperate with and complement one another.

ArcSight products, including recently announced ArcSight Logger 5.0, will be available through Westcon in all of the above-mentioned markets immediately. More information about ArcSight products is available at www.arcsight.com

Read more
Back to Top

Unified Communications and MPLS Take up to Grow in 2011

On November 9, 2010   /   Money and Business, Security News   /   Leave a comment

Twelve per cent of businesses plan to deploy unified communications in 2011, according to survey results from managed security company, Redscan (formerly Network Box UK). As communications channels integrate, businesses are turning to unified communications technologies to make collaboration easier by bringing together a myriad of communication platforms such as IM, chat, click-to-call, video and VOIP calls, into one central system.

This changes the security landscape for a business, says Simon Heron, internet security analyst for Redscan: “If all your voice and data is going over a single communications system, you need to be sure that system is secured. Financial services companies are taking up this technology with all the regulation and compliance implications this can have, and other businesses are increasingly implementing unified communications strategies. People expect to be able to communicate over any platform, and more often than not, those platforms are internet-based.”

The survey also found that 10 per cent of customers expected to be implementing a Multiprotocol Label Switching (MPLS) network within the next year. Implementing an MPLS system can bring several benefits, including improved network performance and significant cost savings, but there are associated risks that businesses must address at the beginning of the change programme.

“We’ve seen companies decide to implement MPLS without considering security at all, which is worrying.” says Heron. “It’s effectively restructuring the network. You need to consider how users will access the Internet – will they go through a single gateway, or can they bypass security processes? If access is via an ISP, then you need to be certain that the ISP’s security is as tough as the corporate security system and as flexible.”

“Businesses that decide to restructure their network in this way must ensure that safeguards are in place prior to implementation, or put the entire network at risk from security breaches. Installing a network security device when a company has already implemented MPLS can result in a security solution that is far from ideal, not as flexible as it should be and at worst can result in security holes in the solution. Security is not something that should be tacked on at the end of the process; it must be considered at the beginning.”

Redscan surveyed 250 IT managers about their security priorities for 2011.

Read more
Back to Top

IED Discoveries Prompt State of Alert Amongst Counter-Terrorism Community

On November 6, 2010   /   International Security, Security News   /   Leave a comment

The discovery on Friday of two Improvised Explosive Devices (IEDs) already in transit to target through the airfreight transportation system, has prompted a near global clampdown on the movement of cargo from the Yemen, fear that more such devices may be en-route or have reached target and a manhunt for the master bomb maker thought to be responsible.

The devices, founded en-route to the United States of America at East Midlands airport in the United Kingdom and Dubai International in the United Arab Emirates, were discovered following information received from intelligence sources. Both had their origin in the Yemen and one of them had already been shipped on two passenger flights before discovery.

Both were of sophisticated construction, exceptionally well concealed, contained enough of the high explosive Pentaerythritol Trinitrate (PETN) to blow up an in-flight airliner, were connected to mobile phone units and were also viable and highly dangerous. The device discovered at East Midlands airport had reportedly been assessed and cleared, until information received from Dubai prompted a fresh assessment, at which point the explosive was discovered.

Within the past twenty-four hours, Counter Terror Expo senior advisor’s have been informed that both devices are directly linked with Al Qaeda in the Arabian Peninsula (AQAP) and that organisation’s master bomb maker, Ibrahim Hassan Tali al-Asiri.

AQAP’s first major operation outside of Yemen, was against the Saudi Deputy Interior Minister, Prince Mohammed bin Nayef, in August of last year. Ahmed Hassan Tali al-Asiri, the bomb makers brother, carried out that suicide attack, though the Prince suffered only minor injuries.

Graphic aftermath images reviewed by Counter Terror Expo’s advisory team revealed a substantial crater in the floor which suggested the force of the blast had gone downwards. Prince Mohammed bin Nayef survived though his attacker was torn apart.

The bomb maker is also thought to have devised the device carried by Umar Farouk Abdulmutallab, when he attempted to blow up Northwest Airlines flight 253 on Christmas Day. That device also contained PETN and used a liquid chemical fuse to avoid detection in the passenger channel, which may have led to Abdulmutallab’s ultimate failure.

John Brennan, Assistant to the US President for Homeland Security and Counter-Terrorism has suggested that the concern for officials is how many other same or similar devices may be on target in the wild. A further two dozen suspect packages have been seized by Yemeni officials, but it’s thought the seizures were false alarms.

The IED discoveries have prompted an immediate review of belly-hold and pure cargo flight security in the US, UK and elsewhere in the world. Security of airfreight has long been considered the soft underbelly in the overall aviation security regime.

United States regulators recently enacted legislative instruments requiring 100 per cent screening of all belly-hold cargo reaching their shores. The demand for use of high technology screening systems, prompted a transatlantic dispute with the European Union. The issue is the impact the regulation has on just-in-time transshipments from within Europe and the airfreight passing through.

Given the severity of these two most recent incidents, new regulation is likely in fairly short order. The industry fears costly knee jerk unilateral action and is counselling for considered multilateral steps to be taken on inefficient screening methods.

Stop gap measures may emerge soon but operationally sensible solutions may not appear for many months if not years.

Read more
Back to Top
Page 20 of 35« First...10...1819202122...30...Last »

Extra Security

FREE Security Updates

Enter your email address:

Delivered by FeedBurner

Best Security Sites

Computers Business Directory - BTS Local TopOfBlogs