IDMi Bookshelf. View digital editions and back-issues FOR FREE! Click the issues below to get started.

IM World News
 

To search use Ctrl+F and key in the word you are looking for.

PRESS F5 OR REFRESH TO ENSURE YOU SEE THE LATEST IDMi NEWS UPDATES

Older news at: IDMi News Archives

February Index:  30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1

16th February 2012 11:25
UK Document Scanning Company, Cleardata is the first company in Europe to invest in Kodak’s brand new i5800 production scanner. The new technology, ideal for the document scanning bureau environment, captures 420 images per minute with advanced image features. It’s perfect for bulk volume scanning work such as digital mailroom, invoice scanning and insurance claims capture.
Cleardata’s document scanning bureau, one of the largest in the UK, is in high demand. The company’s strategy focuses on delivering paperless, cost saving solutions for businesses, through intelligent document imaging software and hardware. This is proving popular in the current climate, as many businesses are looking to reduce labour intensive processes and ultimately reduce overheads. Cleardata’s clients include 35 of the FTSE 250, NHS and public sector organisations.
To meet demand, an additional production scanner was required to increase capacity and enhance the bureau’s productivity. Cleardata challenged its experienced scanning team to put a range of production scanners through their paces. Testing focused on speed, quality, output and usability. The Kodak i5800 was selected as best in group and has now been installed in the bureau. Kodak has a very successful and profitable Document Imaging Business which produces innovative scanning technology at the forefront of the market.
“Neil Murphy, Northern Cluster Sales Manager, Kodak Document Imaging commented 
"We are delighted that Cleardata has opted to purchase the i5800 scanner. It is the ideal solution for such a demanding environment and represents the pinnacle of our market-leading production scanner range.”
Cleardata’s Managing Director David Bryce added “Cleardata is growing quickly, by meeting customers’ needs and investing in innovative document scanning technology. Our aim is to provide the best quality scanning solutions. The operations team thoroughly researched the market for this investment and chose the Kodak i5800 as the latest in high production scanning. The business is expanding rapidly and growing from strength to strength."
More: http://www.ukdocumentscanningservices.com

14th February 2012 17:06
Matthew McCabe, vice president of business development for The Crowley Company, reports that InoTec high performance scanners have recently been certified for Digitech Systems’ software product PaperVision® Capture. The certification is valid for InoTec models 4x1, 4x2, 4x3 and 51x. “This is an important step in furthering the credibility and proving the efficiency of InoTec scanners, which are utilized worldwide and beginning to gain a significant foothold in North American markets.” The Crowley Company is the exclusive North American distributor of InoTec products.
“The combination of InoTec’s high performance scanners and PaperVision® Capture software provides users with an efficient world-class solution for document capture,” explains Sean Morris, Sales Director, Digitech Systems. Peter Schnautz, CEO of InoTec GmbH, notes the importance of the certification to InoTec’s expansion into North America. “Cintas Document Management, a BPO in the Netherlands, was the first to employ this total solution to its scanning services. The success of this project gives us a strong case study for BPOs, VARs and integrators around the world. PaperVision® Capture is a highly scalable and flexible system for data capture and document indexing with a very attractive cost-performance ratio. It pairs well with InoTec’s already reliable and efficient document digitization features.”
Notes McCabe, “InoTec document scanners are designed for 24/7 volume and use. The units stand out because of their rugged construction and ease of handling in both operation and maintenance. The option to include PaperVision® Capture is just one more feature that makes the InoTec models, which are ISIS™ and TWAIN driven, a competitive choice for document digitization and records management.”
More: www.thecrowleycompany.com

14th February 2012 13:35
Community support to the many organizations and businesses impacted by Hurricane Irene continues with the latest outreach from Schenectady based docSTAR. The preeminent provider of award winning document management software has donated a new document management system to the village of Schoharie to aid in records recovery due to losses sustained from Hurricane Irene. That system is docSTAR 3twelve.
“I think I speak on everyone’s behalf here in the village when I say thank you to the many groups and individuals for the outpouring of support we have received in the aftermath of Hurricane Irene,’ said Larry Caza, village trustee. “The document management system that was donated to us from docSTAR could not have come at a better time. It will help us get back on our feet much sooner and we’ll be better equipped to serve the community.”
“One of the hallmarks of docSTAR’s culture is our commitment to community support and service,” said Jeff Frankel, VP and Principal. “The impact that Hurricane Irene had on this community was devastating and we hope that our donation will, at the very least, not only get them up and running sooner, but will ensure that their documents are no longer susceptible to any type of disaster.”
The docSTAR 3twelve system offers enhanced productivity, security and business continuity. Features include: automated document-driven workflows with instant access to critical documents anytime, anywhere; real-time checklists, automated alerts, storage redundancy, automated online backups; AuthentiDate (time-date-content stamping), secure access, and one-click email integration. docSTAR’s central document repository provides unparalleled document acquisition, collaboration, protection, and responsiveness.
More: www.docstar.com

14th February 2012 10:25
Commenting on a report from Trustwave claiming that antivirus (AV) software is powerless to stop data breaches, Avecto says the study’s conclusion is similar to that of a Best Buy Guide to Chocolate Fireguards - the end result is always going to be a negative one.
“This report conclusion made me smile, as the reality is that, if a system compromise has occurred, then the security surrounding IT has obviously failed. Never mind that 99.9 per cent of the other times the IT defences have worked - what this study really proves is that a multi-layered security defence strategy is the only way to go,” said Paul Kenyon, chief operating officer with the Windows privilege management specialist.
“In taking a multi-layered security approach, he says, IT security systems can help defend against today’s hybridised and multi-vectored technology aggression – ranging from a simple piece of virus malware, all the way through to a man-in-the-browser blitzkrieg,” he added.
And, he went on to say, while the primary aim of today’s attacks is to monetise a cybercriminal fraud - or simply embarrass an organisation, as illustrated by the latest politically-motivated hacktivist attacks – defending against these technology barrages requires a well-planned strategy.
That strategy, he explained, goes way beyond the simple use of AV software and needs to involve advanced technologies that include security privilege management – controlling who can use which software assets, as well as from what location and at what time.
Although taking this approach may sound complex, says Kenyon, the fundamental principle is one of breaking the security process into a series of simple stages and the building the defences up from there.
“In the case of our own Windows privilege management approach - which seeks to reduce the security risk profile of the Windows desktop - you manage the endpoint through the use of admin domains; UAC - user account control; software hardening; application whitelisting; and assigning privileges to each user,” he said.
Limiting admin privileges to true administrators only, engenders advancement towards the least risk Windows 7 desktop. By ensuring all other users log on with standard user rights, and only elevating applications, a new option previously unavailable to organizations is introduced.
Put simply, Kenyon says, this means that if a hacker gains access to a general user account – which are in the majority - they have no admin privileges. Coupled with the aforementioned endpoint management controls, you then end up with the aim of a highly effective IT security strategy: a least risk environment:
More: www.avecto.com

14th February 2012 09:30
Cryptomathic, an independent e-security solutions provider, has launched a range of two-factor authentication (2FA) smart phone applications to meet the requirements of its global clients for a user friendly and cost effective online security solution. The suite delivers Cryptomathic’s extensive financial security expertise within a convenient and easy to use mobile application, which enables users to securely authenticate themselves and undertake online transactions without the need to carry a dedicated authentication token.
Cryptomathic developed the Mobile AuthApp suite to meet advancing security requirements for accessing sensitive information online. With the ability to generate one-time-passwords (OTPs) on a wide range of devices including Blackberry, Apple iOS and Google Android, the solution delivers a versatile and effective mechanism to protect organisations from malicious data breaches using an everyday tool which is familiar and convenient to the end-user. Aligning with open standards such as the Initiative for Open AuTHentication (OATH) as well as banking industry standards, including MasterCard Chip Authentication Protocol and VISA Dynamic Passcode Authentication, ensures the suite can easily be integrated into existing security systems and that the solution is fully interoperable with the global payment network.
Peter Landrock, Executive Chairman and Founder of Cryptomathic, comments: “While many banks are deploying 2FA for their online banking systems, these require end-users to carry around a separate token. By implementing an application that can be used via smart phones, Cryptomathic is delivering a more convenient solution that removes the need for an additional token. This ensures the system is easy to deploy and highly cost effective compared with legacy tokens. It also offers the formidable security which Cryptomathic is renowned for.”
More: www.cryptomathic.com

14th February 2012 09:02
Nimble, the award-winning Social Business Platform, today announced that it has launched Nimble 2.0, the most social CRM platform on the market today. Nimble was designed entirely with social engagement in mind and is the first social business platform that empowers companies to get closer to their customers through listening and engagement, helping them turn their social communities into customers for life.
Over the past year, Nimble has listened to the feedback of its community -- many of whom are on the forefront of Social Business adoption -- and incorporated it into Nimble 2.0 to make it easier, smarter and more flexible. New enhanced features such as social discovery, improved usability and marketing integration have all been added to the product.
"Traditional CRM systems fail at relationship management and that's why people don't use them for engagement," said Jon Ferrara, Nimble CEO and previous founder of GoldMine, a pioneering CRM product. "The era of customer engagement is now, and it starts with listening. You can't just snap social onto legacy CRM platforms and expect it to be effective. Nimble was built from the ground up for active social listening and engagement. We're putting the 'R' (relationship) back into CRM, and with Nimble 2.0, we are disrupting the old CRM ways of doing business."
Nimble has recently surpassed 30,000 registered users at more than 2,800 companies -- a significant achievement for a start-up SaaS business application. The average Nimble user spends almost 3 hours a day managing business contacts. Nimble has seen phenomenal global growth in its VAR partner channel, having signed up more than 250 resellers worldwide, 50 of which are in Europe.
More: www.nimble.com

13th February 2012 13:01
SecurEnvoy is delighted today to confirm that it has successfully patented its ‘preload’ technology for SecurAccess and SecurMail. This sanction ensures other organisations cannot ‘copy’ its pioneering solution for reliable, business grade, Tokenless® two factor authentication (2FA).
SecurEnvoy’s preload technology avoids vulnerabilities to communication problems - such as coverage dead spots, delays in transmissions, or other issues previously associated with SMS delivery, at the time the user initiates access. As pre-loading occurs every time the user’s session terminates, the use of SMS as a business grade 2FA service is endorsed as a credible alternative, not just a backup, to physical tokens.
“When we invented Tokenless® authentication, ten years ago, we knew SMS was the way forward. However, with issues such as delivery delays and coverage black-spots, the illusive 99.9% availability needed to be resolved if it was to be recognised as a credible business grade solution,” Andy Kemshall, technical director and co-founder of SecurEnvoy explains. “By creating preload functionality, we resolved the problem. However, we’ve always been concerned that others could copy our intellectual property. These patents, and those outstanding, protect and secure our pioneering technology. Now, while others may claim to offer the same solution, only SecurEnvoy can – and ever will, deliver a business grade Tokenless® authentication service."
SecurAccess turns any mobile phone that can receive SMS into a ready-made authentication device. It allows organisations to provide remote staff with industry standard 2FA without the pain and cost of deploying legacy hardware tokens. Unlike traditional tokens that take months to deploy and replace, SecurAccess can be rolled out to more than 20,000 staff an hour without the pain, cost or environmental impact created by legacy hardware distribution.
More: www.SecurEnvoy.com

09th February 2012 11:17
Trustwave’s revelation that it has issued a digital certificate that allowed a private company to spy on SSL-protected connections within a data loss prevention (DLP) system comes hot on the heels of VeriSign’s disclosure of breaches last week. “Unfortunately this is meat and drink for the ‘SSL bashers’ in the industry,” said Calum MacLeod, EMEA director of the Enterprise Key and Certificate Management (EKCM) solutions company Venafi.
“Trustwave should be commended for making this statement public, knowing that this could result in reputational damage. I believe it is commendable that they will no longer continue this practice, but the reality is, in my opinion, that this is a common industry practice,” said MacLeod.
“Most large enterprises use this approach to be able to monitor outgoing and incoming traffic, and it is common to find an assortment of technologies between a user and a web service such as DLP, Performance Monitoring, and Customer Experience Monitoring technologies, which are there ostensibly to help provide users and customers’ with more efficient services. An analogy would be that when we call a help desk for a bank or an airline, we are frequently greeted with the message that our call may be monitored and recorded to help improve customer services - we find this quite acceptable. The fact that businesses do the same for internet traffic is therefore understandable.”
“So in order for a business to improve services and customer experience, they frequently need to “record” what is happening. Yet if this data is encrypted, then this becomes impossible. The solution adopted by many is to decrypt and re-encrypt at each “checkpoint” and –to provide a customer with a seamless service –they will use the same SSL certificate and shared private key throughout the network. Perception is that this eases the operational burden, though in reality it opens up the company to significant security risks.
“Without knowing all the details of how Trustwave managed this with their client the challenge is how do you actually control this in practice. To their credit they state that the “certificate was subject to a Certification Practice Statement (CPS), Subscriber Agreement and Relying Party Agreement crafted by Trustwave, after an audit of the customer’s physical security, network security, and security policies.”
MacLeod said: “In the vast majority of enterprises today, there is little or no control over the security and management of private keys. Little thought is given to how keys are protected against loss, misuse or theft, and these are important questions given that, according to a recent report from Gartner*, the majority of data breaches are executed from inside organisations. In most cases, the private keys are not being protected, and system administrators are handling keys manually. This in turn exposes organisations and users to a host of security vulnerabilities, either because the administrators are not following best practices or because they have malicious intent. In fact, in spite of best-practice suggestions and specific key management requirements, private encryption keys are not well protected. They are not protected from lax distribution processes or poor and infrequent keystore password rotation practices — and are frequently protected with the same password across hundreds of administrative keystores.”
More: www.venafi.com

09th February 2012 08:51
Hybrid cloud technology in the new avast! 7 will give all users streaming updates on new malware threats in addition to the regular virus database updates.
“Instead of our clients having to ‘pull’ in the updates, we can ‘push’ it to them,” said Ondrej Vlcek, CTO of AVAST Software. “Once we have decided to publish an update, we can push it out to all of our users in minutes.”
According to the AV-Test, an independent testing agency, most free security products provide less than three virus updates on average daily , some with even less on the weekend. With the launch of avast! 7, AVAST Virus Lab will release around 20 updates daily and gradually ramp up the frequency as the infrastructure is built up.
“Our Virus Lab adds about 25,000 new virus signatures daily. Instead of waiting for an update two or three times a day, users will get streaming updates as new malware is discovered throughout the day,” stated Mr. Vlcek.
AVAST Software’s hybrid approach combines the strengths of both the “cloud’ and the traditional virus database update. With avast! 7, the streamed data accumulates on top of the regular database updates on users’ hard drives, keeping them protected regardless of their internet connection. Thanks to its restructured distribution network, AVAST is able to connect up to two million clients to a single server.
“This lets users get fresh information more frequently while still retaining a very up-to-date Plan B,” added Mr. Vlcek. “We believe this is a better design than a cloud-only system where the malware information is not stored and users have to be connected to remain protected.”
AVAST will continue the audio and pop-up announcements alongside the daily virus database updates. “These announcements are a distinctive feature of avast! There are lots of users that like the reassurance that their avast! has been updated and is working,” pointed out Mr. Vlcek. “Those that don’t can easily turn this off in the program settings.”
More: www.avast.com

08th February 2012 11:40
Trusteer Research has discovered two cybercrime rings that are advertising what Trusteer CTO Amit Klein refers to as a “Factory Outlet” of login credentials for different web sites including Facebook, Twitter and a leading website administration software called cPanel.
Financial malware, like Zeus, SpyEye and others, once it infects a machine, is configured to attack specific online banking web sites. In addition to online banking credentials, the malware also captures login credentials used by the victim’s machine to access other web sites and web applications.
To monetize the login credentials that pile up, fraudsters have started setting up “Factory Outlets” to sell them off.
In a so called “Credential Factory Outlet Sale” advertisement, a botnet operator offers to sell login and URL information that would allow a fraudster to take control of certain web sites. Specifically, the advertiser is offering cPanel credentials. cPanel is the leading control panel application used to manage hosted websites. Why would somebody want to buy credentials to manage someone else’s web site remotely?
“One possible reason could be to plant malicious code on these sites that can exploit browser vulnerabilities and infect machines through drive-by-downloads,” says Klein. “Using phishing emails and social network messages cybercriminals can lure unsuspecting users to these sites. This is a common practice. As we indicated in a previous Blog, some cybercriminals have setup networks of web sites loaded with exploit code and sell malware drive-by download infections in bulk.”
This latest development provides a window into the vast cybercrime aftermarket that has risen up on the internet and been made possible by sophisticated malware. Whether it’s bulk drive-by download infections, bulk login credentials, pre-built web-injects, etc., criminals today have an unprecedented arsenal of tools at their disposal to attack banks and enterprises.
“A layered approach to security that includes deterministic detection capabilities on the endpoint is now central to fighting cybercrime. This approach looks for specific malware Crime Logic footprints in real-time before transactions are submitted so the online banking application can block fraud. It can also prevent malware on an infected machine from stealing login credentials, thus preventing them from ending up in these newly opened criminal ‘factory outlets’,” concludes Klein.
Trusteer contacted Facebook, Twitter and cPanel to advise them that they would be mentioned in this blog. Facebook requested that Trusteer pass on some information about their site’s security measures. Here’s a summary of their response:

1) Facebook actively detects known malware on users' devices to provide Facebook users with a self-remediation procedure including the Scan-And-Repair malware scan
2) Facebook has built robust internal systems that validate every single login to the Facebook site, regardless of whether the password is correct or not, to check for malicious activity. Analyzing every single login to the

3) Facebook site has added a layer of security that protects Facebook users from threats both known and unknown
4) Please advise your readers to report to Facebook any spam they find on the Facebook site

More: www.trusteer.com/blog

08th February 2012 13:06
Commenting on a US copyright lawsuit that targets insecure wireless network owners, Cryptzone says the case will act as a wake-up call to those organisations that allow password-free access to their wireless networks.
According to Peter Davin, COO of the European IT threat mitigation specialist, the lawsuit has been filed by a Californian adult movie company and accuses more than 50 people of using – or allowing their Internet connection to be used - for file-sharing activities.
“The case is an interesting one, as this is first time that the legal weight of the adult movie business has been brought to bear on the password-free WiFi network responsibility issue,” he said.
“The fact that the result of lawsuit could make or break what has become a billion dollar industry means that – regardless of your opinion on the morality of adult movies – the case is very likely to reach the US courts, and legal liability decided,” he added.
The Cryptzone COO went on to say that he expects the case – as it progresses through the US legal system – to help educate those companies that use on-site password-free wireless network access of the dangers they are running.
Quite apart from the civil and criminal risks of users of their Internet connection downloading illegal content, there is also the very real risk that the firm’s reputation could be hit if the courts become involved – as they have in this case.
A growing number of businesses, he explained, now offer guest access to their company network, allowing site visitors to access their email and the Web. This is fine if the access is controlled through the use of a password and audit logging system – complete with acceptable usage policies - but many companies avoid the cost of these controls by simply opening up their wireless network on a password-free basis.
More: www.cryptzone.com

07th February 2012 20:20
Kaneland Community Unit School District announced today that it has partnered with Canon Business Solutions, Inc., a subsidiary of Canon U.S.A. and a leading provider of document imaging and print production solutions, to help meet the diverse document management needs of the District.
Spending approximately $200,000 annually in equipment lease, paper consumption and printing costs, the District felt strongly that it needed to reduce overall spending by increasing efficiencies in device usage. Working closely with Canon Business Solutions, a printing systems overhaul took place at the district’s four elementary schools, including Blackberry Creek, John Stewart, McDole and John Shields. By carefully assessing the District’s printing needs, Canon Business Solutions devised a strategy to:
Reduce Total Cost of Ownership: By updating the current fleet to Canon imageRUNNERmultifunctional devices, overall print spending was reduced. By condensing the number of devices throughout the District, overall savings were seen in servicing, energy and consumables.
Maximize Security: To ensure the privacy of student data, as well as minimize unused printouts left on the output tray, Canon installed “follow-me” printing capabilities that require the user to provide authentication by swiping a badge at the device. Until proper authentication takes place, all print jobs sent by staff and faculty are held within the device.
Help the Environment: To minimize device output, duplex (double-sided) and black-and-white were set as the default printing method by using uniFLOW, a program that enables complete management of the print environment. Additionally, in an effort to reduce energy consumption and CO2 emissions, individual classroom printers were eliminated and replaced with centrally located Canon imageRUNNER multifunctional devices.
As a result of these programs, the Kaneland Community Unit School District saved approximately $37,000 during the 2011 fiscal year, versus the 2010 fiscal year.
More: www.usa.canon.com

07th February 2012 20:21
Kaneland Community Unit School District announced today that it has partnered with Canon Business Solutions, Inc., a subsidiary of Canon U.S.A. and a leading provider of document imaging and print production solutions, to help meet the diverse document management needs of the District.
Spending approximately $200,000 annually in equipment lease, paper consumption and printing costs, the District felt strongly that it needed to reduce overall spending by increasing efficiencies in device usage. Working closely with Canon Business Solutions, a printing systems overhaul took place at the district’s four elementary schools, including Blackberry Creek, John Stewart, McDole and John Shields. By carefully assessing the District’s printing needs, Canon Business Solutions devised a strategy to:
Reduce Total Cost of Ownership: By updating the current fleet to Canon imageRUNNERmultifunctional devices, overall print spending was reduced. By condensing the number of devices throughout the District, overall savings were seen in servicing, energy and consumables.
Maximize Security: To ensure the privacy of student data, as well as minimize unused printouts left on the output tray, Canon installed “follow-me” printing capabilities that require the user to provide authentication by swiping a badge at the device. Until proper authentication takes place, all print jobs sent by staff and faculty are held within the device.
Help the Environment: To minimize device output, duplex (double-sided) and black-and-white were set as the default printing method by using uniFLOW, a program that enables complete management of the print environment. Additionally, in an effort to reduce energy consumption and CO2 emissions, individual classroom printers were eliminated and replaced with centrally located Canon imageRUNNER multifunctional devices.
As a result of these programs, the Kaneland Community Unit School District saved approximately $37,000 during the 2011 fiscal year, versus the 2010 fiscal year.
“As revenues continue to decrease each year, we were forced to make our operations as efficient as possible. Our goal was to do this without impacting the quality of education for our students. By implementing this solution, we were able to accomplish this goal,” said Julie-Ann Fuchs, Assistant Superintendent of Business at Kaneland Community Unit School District. “Canon Business Solutions proved to be a true partner in reaching our goals. The company not only understood our needs, but also offered us the greatest number of benefits with the most effective solution.”
Peter Kowalczuk, Vice President of Sales, Central at Canon Business Solutions, said, “We are thrilled to be working with the Kaneland School District and are gratified by the results they have seen since implementing Canon products and solutions. Kaneland is highly progressive and an exceptional school district that others can certainly benefit from emulating. Canon Business Solutions looks forward to working with the District to further identify ways to reduce costs and increase efficiency related to document management.
During the 2012 fiscal year, Kaneland Community Unit School District plans on implementing a similar solution at its Harter Middle School. To supplement the implementation of the multi-functional devices, the District will also be exploring other technological solutions to cut costs.
More: www.solutions.canon.com

07th February 2012 11:39
Venafi, the inventor of and market leader in enterprise key and certificate management (EKCM) solutions, today announced the availability of a report on the critical need for enterprises to deploy automated certificate discovery and management solutions. The report—X.509 Certificate Management: Avoiding Downtime and Brand Damage, published Nov. 4, 2011, by leading research firm Gartner—highlights the time, cost and vulnerabilities associated with manually reviewing and managing security certificates. The report analyzes current manual techniques, discusses methods for remediating resulting problems, and underscores the need to protect enterprise assets by automating certificate management.
According to the report, “Organisations are often not aware of the scope or the validity status of their X.509 certificate deployments until it is too late. Organisations need to establish formalised plans and, if necessary, leverage available tools to minimise impact.”
Gartner Report “X.509 Certificate Management: Avoiding Downtime and Brand DamagE” Download the full report here.
“Despite the frequent and disruptive certificate authority (CA) compromises and the resultant digital certificate trust issues for those CAs, we are continually surprised to find that IT security teams are unaware of and unprepared for the consequences of poorly managed X.509 certificates. Organizations are using large numbers of certificates to encrypt and protect information and authenticate systems to one another—in their data centers, private clouds and now on mobile devices. What’s amazing is how few know how many certificates are installed and in use, when they are going to expire, or who the issuing CAs are,” said Jeff Hudson, Venafi CEO.
“A best-practices approach is a must,” Hudson continued. “This guidance from Gartner is certain to educate and motivate better SSL certificate management, which in turn will greatly reduce the operational and security risks that result from poor management. Venafi is hosting this report as part of our ongoing commitment to educate the security community on SSL certificate management.”
More: www.venafi.com

06th February 2012 15:00
Agfa HealthCare announced today that a wide range of systems from its comprehensive digital imaging portfolio will be showcased at the American Academy of Orthopaedic Surgeons (AAOS) annual meeting, February 7-11, 2012 in San Francisco, California. Agfa HealthCare's solutions provide the right fit for any orthopaedic practice looking to transition to digital, as well as for those looking to upgrade their existing digital imaging solutions.
Orthopaedic practices must utilize solutions that are cost and workflow efficient and produce advanced image quality. Agfa HealthCare's extensive experience in digital imaging has made the company ideally positioned to equip the orthopaedic specialty with reliable and efficient solutions and products. "We are committed to continually developing and providing advanced solutions for the orthopaedic market that enable more efficient workflow and enhance image quality," said Ray Russell, General Manager, Radiology Solutions Business, Agfa HealthCare US.
More: www.agfahealthcare.com

06th February 2012 09:47
Avecto – the leader in Windows privilege management, has now unveiled the latest version of its award-winning Privilege Guard technology. Developed to enable organizations to give all users the privileges they need to remain productive, Privilege Guard empowers them to perform their role without impacting the security posture of systems and networks. Privilege Guard 3.0 now combines application elevation, application control, end user messaging and a complete auditing and reporting framework for all your Windows based systems.
“Working with our global customer base, we’ve made Privilege Guard 3.0 even more intuitive to configure, with full search capabilities, summary views and a new message designer,” explains Mark Austin, Avecto’s co-founder and chief technology officer. “As you explore beyond the obvious visual enhancements, you’ll find a host of new features. There’s a new delegated user capability, which caters for help desk staff and over-the-shoulder departmental administration. We’ve also extended the application validation rules and included the ability for users to unlock shared workstations, ensuring Privilege Guard continues to be the most powerful and flexible privilege management solution on the market today.”
“With Windows enterprise privilege management serving as the company's point of departure, Avecto has developed a distinctive approach that encompasses tools to iteratively improve the efficiency of IT administrative operations as well as engineer a balance in policy management between autonomy and centralization”, comments Steve Coplan, Senior Analyst, Enterprise Security Practice, 451 Research. “Avecto's release of Privilege Guard 3.0 reinforces the set of capabilities available to deliver a policy-enablement framework for managing user privileges through the operations and policy management lifecycle – from gathering user requirements, deploying and enforcing policy, enabling user feedback as well as a complete auditing and reporting capability”.
Privilege Guard 3.0 introduces two new optional add-on packs, which provide enterprise reporting capabilities based on Microsoft SQL Server and integration with McAfee ePolicy Orchestrator (ePO).
The Enterprise Reporting Pack is built on Windows Event Forwarding and SQL Server, and includes a rich set of preconfigured dashboards and reports for elevated, executed, discovered and blocked applications. The dashboards and reports all utilize SQL Reporting Services, which allows secure access to the reports from a web browser.
McAfee ePO enables customers to connect industry leading security solutions to their enterprise infrastructure to increase visibility, gain efficiencies, and strengthen protection. The Avecto Privilege Guard ePO Integration Pack includes elevated, executed, discovered and blocked applications. Additionally, deployment times can be reduced and implementation simplified by deploying the Privilege Guard Client directly from ePO.
Mark concludes, “We’re continually looking for ways to improve the flexibility, usability and security capabilities of Privilege Guard and we believe version 3.0 ticks all of these boxes. Beyond the core product enhancements, the new enterprise reporting capabilities and McAfee ePO integration introduce a greater level of visibility across the enterprise, enabling the creation of compliance reports and the fine tuning of Privilege Guard policies.”
More: www.avecto.com

03rd February 2012 12:34
Cryptzone calls for mandatory encryption of medical data as laptop with 1,500 patient records is stolen. Commenting on reports that a Gosport podiatrist's records laptop containing both personal and medical details has been stolen, Cryptzone says that any database containing medical information needs to be encrypted – period.
According to Grant Taylor, UK Vice President of the European threat mitigation specialist, whilst the podiatrist claims the laptop was protected by a Windows password, this form of security is rudimentary at best, and can be cracked in minutes by a determined hacker.
“And since we’re talking people’s medical details here – with all the associated issues of financial and emotional blackmail, fraud and other nastiness that ensues – a Windows password is about as much use as a chocolate teapot. Encryption is a must-have, as is the question as to whether this information should be on a laptop in the first place,” he said.
“The fact that the ICO is already on the case is an indication of the potential severity of this clear breach of the Data Protection Act. And as the penalty of £140,000 levied earlier this week against Midlothian Council – the highest fine for a data breach seen so far – clearly shows, the ICO is clearly gunning for those organisations that drop the ball on data security,” he added.
The Cryptzone UK Vice President went on to say that with the enhanced penalties that can be levied under the Data Protection Act coming up for their second anniversary this spring, there are signs that the ICO is prepared to clamp down hard on organisations – on both side of the public and private sector divide – that break the provisions of the Act.
More: www.cryptzone.com

01st February 2012 10:23
Doyenz Inc., a leading provider of cloud-based recovery services for small and medium-sized businesses (SMBs), has announced that Himag Solutions has become the first UK client to use its recently launched rCloud service from its new London data centre.
With over ten years experience in the field of Planar Transformers, inverter technology and PCB design, Himag Solutions has become a worldwide leader with over 1.5 million planar transformers delivered including over 200 bespoke designs. The Gloucestershire based firm manufactures in both the UK and China with field sales staff and partners across the Americas, Europe and Asia.
The firm runs the majority of its key business activities from a Microsoft Small Business 2011 Server based at its headquarters in Quedgeley. The SBS server provides email, contact books, product database and remote access to critical files and is needed by users from across the world at any hour of the day,
Himag felt that its current business continuity position, using a daily backup removed off-site by a senior member of staff, was not robust enough. After seeking advice from Technos Solutions, a trusted IT service provider, the firm selected the Doyenz rCloud solution, a disaster recovery solution that can reduce the recovery period for physical and virtual environments to minutes instead of days.
In late November 2011, a technical team from Technos performed a local backup of the critical server which was seeded via a removable drive sent to the Doyenz UK datacentre in London. This complete server image was then updated in the rCloud with an incremental backup sent from Himag via a broadband connection every night.
“Under the old system, we estimated that if we had a server failure, say in the middle of the night, it would take us at least a day to recover in the best case scenario. Worse case of maybe several days if we needed to fully rebuild our server,” explains Dean Curran, Managing Director at Himag, “We have field staff and manufacturing partners around the world that need constant access to our Microsoft applications and the prospect of an IT outage for such a length of time was not acceptable for our growing export led business.”
More: www.doyenz.com and www.technos.co.uk

01st February 2012 10:02
Malware Redirects Bank Phone Calls to Attackers. Trusteer have discovered a concerning development in some new Ice IX configurations that are targeting online banking customers in the UK and US. Ice IX is a modified variant of the ZeuS financial malware platform.
Amit Klein, CTO of Trusteer, said “In addition to stealing bank account data, these Ice IX configurations are capturing information on telephone accounts belonging to the victims. This allows attackers to divert calls from the bank intended for their customer to attacker controlled phone numbers. I believe the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services (discussed in a previous Trusteer blog) that approve the transactions.”
In one attack captured by Trusteer researchers, at login the malware steals the victim’s user id and password, memorable information/secret question answer, date of birth and account balance.
Next, the victim is asked to update their phone numbers of record (home, mobile and work) and select the name of their service provider from a drop-down list. In this particular attack, the three most popular phone service providers in the UK are presented: British Telecommunications, TalkTalk and Sky.
Amit Klein, CTO of Trusteer said, “As Trusteer discussed in a recent blog, fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank. This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.”
Deterministic detection security mechanisms like Trusteer Rapport, which search for specific malware Crime Logic footprints before transactions are submitted and allow the online banking application to stop fraud by changing business flows (block money transfers, decline add payee, limit amounts, etc.), are not vulnerable to post transaction attacks.
More: www.trusteer.com

31st January 2012 11:49
Avecto today predicted that 2012 is the year organisations need to concentrate on getting their Microsoft migrations right, or risk being out of the game. The leader in privilege management warned, with Windows XP expected to have been phased out by 2014, organisations must ‘get it right’ as they migrate across to Windows 7.
Avecto’s co-founder and chief technology officer, Mark Austin, stated, “Today’s workforce is increasingly mobile, and demands devices to facilitate this. With the Windows 7 – and even Windows 8 – operating systems, Microsoft is enabling this trend and most enterprises are either in the process or planning to migrate across. However it is a complex process, with many pitfalls, and getting it wrong can be expensive and inherently risky.” Avecto’s advice is to, “Act now, and invest in the right technology, to make your migration secure, cost-effective and easy to manage.”
Avecto is also predicting an increased focus on endpoint security. It believes corporates will need to re-embrace solutions that are able to detect the criminals’ increasingly diverse arsenal of threats, crucial in the battle against stealthy and persistent malware. In fact, with many malware attacks mitigated and even eliminated with better control over application execution and user privileges, the adoption of application control and privilege management solutions within the operating system will increase in order to provide a more pro-active approach to endpoint security.
In its final prediction Avecto anticipates that compliance will be the key differentiator for cloud based providers in 2012. Austin concludes, “If cloud providers are to appeal to customers in highly regulated industries then administrator access, and their actions on servers in the data-centres, needs to be better controlled and monitored. The security of servers in the data-centres of cloud providers will drive more innovative security offerings at the hypervisor level. This in turn will then allow the security software to get a complete view of the hosted servers, especially when dealing with stealthy attacks.”
More: www.avecto.com

31st January 2012 10:35
AlienVault, creator of OSSIM, the de-facto standard open source SIEM (Security Information and Event Management) solution, announced today that it has closed an $8 million Series B financing led by new investor Trident Capital with participation from existing investors Adara Venture Partners and Neotec. The company has named Trident managing director J. Alberto Yepez Chairman of the Board. Trident principal Michael Biggee also joins the AlienVault Board of Directors. The funding will be used to accelerate research and development and aggressively expand sales and marketing to meet increasing demand for unified security management from around the world. AlienVault also recently announced the appointment of a new executive team, led by CEO Barmak Meftah and CTO Roger Thornton.
Trident Capital has an exceptional track record of building successful cyber security companies including: AirTight Networks, Arxan, BlueCat Networks, HyTrust, Neohapsis, Qualys, Solera Networks, Voltage Security, Sygate (acquired by Symantec – NASDAQ: SYMC), Tablus (acquired by EMC – NYSE: EMC), Thor Technologies (acquired by Oracle – NASDAQ: ORCL), and Tricipher (acquired by VMware – NYSE: VMW).
“The SIEM market is the fastest growing segment in information security and AlienVault’s OSSIM is the leading open source SIEM,” said Trident Capital managing director J. Alberto Yepez, AlienVault Board Chairman. “AlienVault is uniquely positioned to expand its leadership in a global market that wants proven, cost-effective solutions that provide a unified management approach to their security requirements. The combination of the OSSIM community, the AlienVault team led by founders Julio Casal and Dominique Karg, and the recent addition of the experienced Silicon Valley executive team we helped recruit, will establish the company as the leader in the rapidly growing unified security management market.”
More: www.alienvault.com

30th January 2012 15:06
AVAST Software has awarded its 190 millionth registered avast! user – and her friend – with an expenses-paid trip to Prague. “Getting to the 190 million mark is quite an achievement for any company,” said Vince Steckler, CEO of AVAST Software. “And since over 60% of new users come because of a friend, this time we are also recognizing a recommender.”
The 190 millionth user is Julie, a British national living in Spain. She chose avast! Free antivirus on the advice of Stephen, a retired friend. And it was Stephen that downloaded and installed avast! on her computer this January 12.
Both Julie and Stephen will receive an expenses-paid trip for two to Prague, the historic capital of Prague and the home of AVAST Software.
“As a recommender and IT helper, people like Stephen have a big impact on AVAST,” said Mr. Steckler. “They have helped our user base grow last year from 141 million to 190 million registered users.”
Recommending avast! comes naturally to Stephen. “I’ve probably recommended avast! to at least a dozen friends,” said Stephen. An avast! user for over six years, he describes himself as somewhat knowledgeable, but not a computer geek. He’s the person that gets asked to install games, add hardware, and show friends how to save or send family pictures.
Stephen’s own avast! use has been uneventful – and he likes it that way. Stephen likes the daily virus database update notices, he has gotten warning pop-ups about malware and dodgy sites, but never had an infection himself.
Helping his friends out with avast! and their IT issues is almost a social event. “Yes I have been known to have a beer or two while waiting for the machine to restart,” Stephen quipped. Neither he or Julie had ever imagined they could win a trip to Prague before they were contacted by AVAST.
More: www.avast.com

30th January 2012 14:00
Canon U.S.A., a leader in digital imaging solutions, unveiled the imageFORMULA ScanFront 300/300P CAC/PIV, the latest additions to its award-winning lineup of network scanners that combine Common Access Card (CAC) and Personal Identification Verification (PIV) card support with networked document scanner functionality. The ScanFront 300/300P CAC/PIV network scanners are secure, full-featured and compact devices designed to improve the security of information being shared across federal government networks, while maintaining information quality, increasing manageability and lowering costs.
“With good reason, the government sets an extremely high bar regarding the security, effectiveness and efficiency requirements its image-processing solutions must meet,” said Sam Yoshida, vice president and general manager, Business Imaging Solutions Group, Canon U.S.A.” The ScanFront 300/300P CAC/PIV network scanners meet and exceed those standards, with the ability to digitally send documents without compromising the security of the documents and information they are processing.”Common Access Cards (CACs), issued by the Department of Defense (DoD), and other Personal Identification Verification (PIV)-compliant cards are components of the federal government’s initiative to control access to its facilities and information systems. The ScanFront 300/300P CAC/PIV scanners are designed to recognize these cards in order to comply with this initiative. Secure network scanning can be useful in federal government entities beyond the DoD, and regardless of the environment, it is necessary to increase efficiency,
reduce fraud and protect private information.
More: www.usa.canon.com

30th January 2012 12:03
Swivel Secure's Deployment Range Highlighted in Gartner User Authentication Magic Quadrant. Swivel Secure, the UK’s specialist authentication vendor has been positioned in the 2012 Gartner Magic Quadrant for User Authentication as offering the broadest range of deployment options of any vendor discussed in the report.
The Gartner Magic Quadrant is an objective, in-depth review of all the leading user authentication vendors in terms of product features, functionality and market penetration based on vendor submissions, extensive market research and direct customer interviews. The annual report is used widely by major enterprises and large public sector organisations as a reference tool for identifying the right technologies for their own IT security requirements.
Gartner is one of the world’s foremost and widely respected technology analyst companies. The Magic Quadrant for User Authentication was authored by Ant Allen who is a Gartner research Vice President focussed on Identity and Access Management.
Swivel Secure is a UK company established in 2000 that has pioneered the concept of tokenless, two-factor authentication. The company’s flagship authentication platform and patented PINsafe OTP protocol is used by leading global enterprises, public sector organisations and SMBs as an integral part of their corporate remote network access management systems, using a range of existing user devices to confirm user identity.
More: www.swivelsecure.com

30th January 2012 10:52
SANS Institute offers free webcast series to help SME's improve information security and reduce risk
Series covers a wide range of topics including IT security, risk management, policy development, and business continuity
“Millions of small businesses assume that Information security is just too complex,” explains Jim Herbeck, an instructor for the SANS Institute. “But by breaking down the complete process into smaller, bite sized chunks using the same best practice favoured by larger organisations, SMEs (Small Medium Enterprises) should understand that having good information security is a very realistic goal.”
SME managers need to be informed consumers. Because many information security products and services are targeted for large, multi-national organisations, they may not scale to the budgetary or staffing constraints at SMEs. One of the goals of this webcast series is to make SMEs aware of the many options they have for managing information security risks, and empowering SMEs to make good risk management decisions.
Herbeck’s approach to information security is very business-centric. As part of his ongoing research at the
Business Information Security Competency Center at the Geneva School of Business Administration, he developed a simplified version of the ISO 27001 information security standard for SME’s to use. “The Information Risk Framework is a combination of ISO 27001, ISO 27005, and the SANS Institute 20 Critical Security Controls,” says Herbeck. “The Framework includes 33 risk areas organised into eight common business functions. While half the Framework covers IT-related risk areas, the rest specifies non-IT-related risk. This underscores my belief that information security is a business risk, not just an IT risk.”
More: www.sans.org/webcasts

27th January 2012 09:43
Avecto, the world leader in Windows Privilege Management, today announced that the increasing migration of organizations to Windows 7, is a key driving factor for boosting year end results upward by 200% on 2010.
Tony Bolland, CEO said “Organizations of all sizes, ranging from SMEs to large corporations employing over 450,000 people, now rely on Avecto’s Privilege Guard technology to empower users, reduce operating costs, achieve compliance and strengthen security. According to IDC research published in 2011, shipments of new Windows 7 licences will rise to over 109M in 2012. With our Privilege Guard technology we are enabling customers to deliver the least risk, least cost Windows 7 desktop environment. These latest year end results underpin our strategic plans for rapid growth as we respond to increasing market demands.”
In 2010 Gartner research* predicted that with the approaching end of Windows XP support in 2014, organizations should treat the rollout of Windows 7 strategically to advance the security of managed desktops and web browsing.
The impact of this adoption trend across North America, means that this region alone now represents over 60% of the company’s turnover. To both underpin and sustain this growth, during 2011 Avecto invested heavily in product development with Privilege Guard 3.0, scheduled to launch in early February. Additionally Avecto has undertaken a substantial recruitment programme during 2011 in North America, with key new hires now responsible for managing specific industry verticals, and in Europe new regional offices are scheduled to open in Germany during the first quarter of 2012.
Bolland continues, “Our strategy for growth is closely linked to the escalating need to better secure Windows environments. Privilege Guard continues to exceed market expectations, and our new, deeper and more collaborative alliances with industry giants such as HP, CSC, Citrix and McAfee, have helped propel us into a world leading position for Windows Privilege Management.”
More: www.avecto.com

26th January 2012 13:35
International information security expert Lieutenant Colonel (Ret’d) William Hagestad II is today warning UK businesses could fall victim to cyberattacks from China unless they improve their cybersecurity.
Speaking at Cyber Defence & Network Security 2012 in London, Hagestad said: “The threat of Chinese cyberwarfare cannot be ignored. Cyberattacks are a clear and present danger to the experienced and innocent alike and will be economically, socially and culturally damaging for the nations targeted.”
Hagestad continued: “China is using and will continue to use state-sponsored cyberwarfare to promote the nation’s own imperialistic national interests. The US has been a target for Chinese cyberterrorists and the UK, as a long-term American ally, will be next in the sights of the Chinese. The UK business community will be a likely target because of the role businesses play in supporting the country’s economy. Businesses should be putting proper measures in place to protect employees, clients and internal networks from attacks.
“Businesses throughout the country must improve their cybersecurity and the government should be taking the lead on this objective,” Hagestad added. “The UK government has been proactively researching this particular issue and trying to encourage businesses to improve their cybersecurity, given the number of businesses in the UK which retain sensitive data relating to customers and internal plans, procedures and projects. Through a combined public, private and academic partnership, the UK and other countries can move towards defending against an advanced persistent threat such as that of the People’s Republic of China.”
More: www.itgovernance.co.uk

26th January 2012 08:24
Varonis Systems has welcomed news that a common set of privacy standards are to be applied to organisations across the entire European Union for the first time - as well as a gameplan that includes immediate notification of breaches and other ‘data misplacements’.
According to the data governance specialist, the new rules are an excellent balance between the very real data privacy needs of citizens against the practical issues of managing data within the modern corporate environment.
“Notice I said practical issues. Many IT security professionals have expressed concerns about the technical problems associated with managing, protecting and auditing access to their growing data stores. While these concerns are understandable, the reality is that with the correct technology in place – these issues can easily be solved,” said David Gibson, the firm’s director of strategy.
“Many organisations have been struggling with non-existent or limited permissions management, classification, and auditing capabilities included with their data stores, but new Metadata framework technologies can provide intelligence, automation, and control across multiple platforms to allow C-level executives to sleep easy in their beds at night,” he added.
According to Gibson, whose firm specialises in providing intelligence and control for the often-overlooked – and often-unsecure - area of unstructured data, the introduction of a single set of privacy standards for all EU territories is long overdue, although he notes that the migration to the new rules may be a complex process for some multinationals - and those firms who are pushing into new countries for the first time.
More: www.varonis.com

26th January 2012 08:10
Imperva, a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today announced the release of the second Imperva Web Application Attack Report (WAAR), which revealed that web applications are subject to business logic attacks. The WAAR, created as a part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious web application attack traffic over a period of six months, June 2011 through November 2011.
Imperva monitored and categorized attacks across the internet targeting 40 different applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation.
“Business logic attacks are attractive for hackers since they follow a legitimate flow of interaction of a user with the application,” said Amichai Shulman, Imperva’s CTO. “This interaction is guided by an understanding of how specific sequences of operations affect the application’s functionality. Therefore, the abuser can lead the application to reveal private information for harvesting, skew information shared with other users and much more — often bypassing security controls.”
More: www.imperva.com