"The Unified Move"- Embracing a unified approach with UTM

Below is an excerpt from the article " The Unified Move - The security market is increasingly embracing an integrated approach with UTM" by Shanteri Mallaya appearing in the Security Feature section of ChannelWorld.

Enterprises in India are showing willingness to leverage technology at their disposal to protect their most vital corporate assets from external and internal trouble. As a result, IT security has become and will continue to remain de facto. The challenge lies in using the right security component in warding off threats, filtering content, and keeping organizations safe. As companies are in pursuit of the panacea to their security requirements, there is a tilt towards looking at a holistic, cost-effective, durable solution instead of a makeshift approach.

Agrees Venkata Ramana Murthy, prime Mover at 22by7, "the individual, niche component of UtM functionality — say a component filtering mechanism may not necessarily be superior in performance to that of a niche vendor." Nevertheless, the channels are fairly receptive to the UtM idea. This is an emerging technology that throws up new business opportunities for them at a time when conventional technologies are not getting them sufficient margins or giving cross-selling opportunities anymore.

Mr. Murthy of 22by7 adds, "UtM is a successful single point alternative that i can pro-pose to customers."

Venkata Ramana Murthy of 22by7 concludes, “Globally, there is a trend towards the virtual machine, so all security standards have to evolve towards this. Businesses providing security solutions have to look at this seriously and evolve best of breed solutions."

For the full article, please read the issue of ChannelWorld dated Feb 15 2009.

Corporate Sniffing

Large companies snooping on employees' e-mails

Date: Tuesday, May 27, 2008

New York: If you are an employee in a large company and are thinking of using your work e-mail for job hunting or online dating, watch out.

A new survey finds that 41 percent of large companies (those with 20,000 or more employees) are employing staffers to read or otherwise analyse the contents of employees' outbound e-mail, technology website cnet.com reports.

In the study, which was commissioned by e-mail security provider Proofpoint and conducted by Forrester Research, 44 percent of the US companies surveyed said they investigated an e-mail leak of confidential data in the past year and 26 percent said they fired an employee for violating e-mail policies.

The companies also said they are worried about employees leaking company information on their blogs, message boards, and media-sharing sites like YouTube.

Eleven percent of the companies surveyed took disciplinary action against employees for improper use of blogs or message boards in the past year, and slightly more than that disciplined workers for social-network violations and for improper use of media-sharing sites.

And 14 percent of publicly traded companies investigated the leakage of material financial information, such as unannounced financial results, on blogs and message boards.

Source: Silicon India

Wireless Threats

Wireless Vulnerabilities Present Enterprise-Wide Threats, Expert Says

Wireless is the greatest threat to corporate networks since the emergence of the Internet, AirPatrol CEO says

APRIL 28, 2008 | 5:40 PM

By Tim Wilson
Site Editor, Dark Reading

LAS VEGAS -- Interop/CSI SX Conference -- Wireless vulnerabilities in corporate environments are creating as great a threat now as the Internet did in its early days, a security expert said here today.

In a session at the Computer Security Institute's CSI CX conference, which is being held concurrently with Interop here, AirPatrol CEO Nicholas Miller said the rapid growth of wireless networking has increased the threat of wireless vulnerabilities to an unprecedented level.

"The problem is that wireless vulnerabilities don't just expose the user who's unaware of them, but the whole corporate network the user is attached to."

"I can go out in a car and sit in a parking lot with a wireless router and gain access to an amazing variety of systems," Miller said. "It's really a little bit scary."

In an effort to save money and reduce infrastructure, many companies are moving toward a wireless infrastructure, which puts their networks at a greater risk than ever, Miller says. Yet many of the old vulnerabilities that existed in the wireless environment still have not been resolved, he observed.

"We think the best approach is to attack the problem in the reverse way that they're currently doing, which is to put in a wireless network and then add a security solution," Miller said. "What we think they should do is deploy a wireless security system first, and then you could literally go out and buy the access points at Best Buy."

"What we're really saying is that the emperor's got no clothes. You don't need all of that complex wireless technology if you have a wireless threat management system in place with encryption and security."

Wireless infrastructure vendors offer some security capabilities, "but they are really looking for rogue access points, which is a tiny issue compared to the total problem associated with laptop security," he said. "You really need to look at the entire network -- you need to secure the endpoints."

The problem with most wireless technologies is that they don't account for the end user's location, Miller said. "All of a sudden people can have access to the network as if they were in the building, which is why we need location-based access in wireless. Any wireless product you're looking for should have that capability. If a hacker wants to break into the network, they should have to break into the building."

AirPatrol is working with CheckPoint to block wireless access from unauthorized access points via the firewall, Miller said. "We're blocking traffic at the edge of the network using CheckPoint firewalls, which is a new way to use the firewall. We're also working with a very large switch vendor to see this sort of access control at the switch level."

To be effective, a location-based wireless security system should be able to deliver accuracy within 10 feet of the user's location, Miller said. "Ten feet tells you it's Frank in accounting. Thirty feet tells you it's in the building."

Source

Managing Corporate Infosec Risk

| View | Upload your own