Quantiq International Pte Ltd

November Q Times

Subject:

November Q Times

Send date:

2009-11-25 08:47:30

Issue #:

Content:

November Q Times

"New York Times: Stuart A. Baker, General Counsel for the NSA, explained why crooks and terrorists who are smart enough to use data encryption would be stupid enough to choose the U.S. Government's compromised data encryption standard."
In this issue	New Quantiq Website
- Access Control and Audit Solution for Mainframe and virtual environments - Another Zero Day Threat Discovered in Internet Explorer - Lumension Endpoint Management Platform Strategy to Reduce Complexity, Enhance Security & Compliance, and Expand Visibility Across IT Operations and Security Functions - Sensage Announces Increased Cooperation With Sap To Drive Convergence Of It Security, Governance, Risk And Compliance Controls	Before you proceed with this newsletter, we're excited to annouce the new look of Quantiq website designed to provide more organized workflow of webpages and interactive browsing experience in our portal. Key features of our new web includes: • Fast and powerful search utility made in AJAX for richer and integrated searching experience. • Modules to showcase our featured articles seamlessly. • Sophisticated Navigation Menu • Informative eNewsletter Archives • Helpdesk Section for opening trouble tickets, viewing status of pending tickets and knowledge base (This feature requires registered users to login) Read More
Technology Watch
Access Control and Audit Solution for Mainframe and virtual environments Xceedium have extended their groundbreaking unique access control, policy enforcement and audit capabilities to mainframe and virtualized environments with the release of their award-winning Gatekeeper solution. Featuring full support for mainframe and virtual environments, Gatekeeper Version 5 reflects the need for access control and audit for centralized computing models. Now companies can apply its patented technologies to contain users to authorized areas, track, record and deliver targeted reports and more easily and cost effectively meet compliance requirements. This solution allows organizations to remain agile enough to quickly adapt to changes in their business, regulatory and computing environments. Key components includes: Restrictive Zero Footprint Access - reverse port forwarding provides a virtual abstraction layer further enhancing security when accessing infrastructure resources including mainframe and virtualized systems ensuring no IP address is ever granted to the client and the user has no visibility to unauthorized resources. Clientless Compartmentalization - secure, compartmentalized access to mainframe and virtual systems without requiring any local client installation. All connections can be restricted to a single originating IP while allowing authorized users to connect to the full extent of their authorized roles, regardless of physical location. Containment to Authorized Areas and Command Restriction - For mainframe environments, the Command Line Interface (CLI) Java Applet allows for command filtering functionality which can be used to intercept unauthorized commands and keystrokes. Users can effectively be contained to their authorized systems or resources when accessing authorized mainframe systems, servers or network appliances. Real-Time Remediation - provide corrective actions such as termination of access or account deactivation based on thresholds set by the organization. Audit and Compliance (Full Session Recording) - allows users to access and interact with CLI, mainframe, graphical and virtual environments while providing the ability to enforce full session recording of all user activities within these interactive sessions. For easier auditing of these user sessions, Xceedium GateKeeper allows administrators and auditors to search for information and playback the sessions from any point in time. Read Full Article

Latest News

Another Zero Day Threat Discovered in Internet Explorer

The latest Internet Explorer zero day threat will unfortunately catch many off guard and will have a significant impact on many organizations that are still relying on outdated defenses.

For the past decade or perhaps longer, our way of dealing with threats has been to try to filter our way out of trouble. However, with our run rate of 6,000 new vulnerabilities combined with the many ways a bad guy can obfuscate their malware, it is simply an obsolete defensive strategy.

Vendor software vulnerabilities are not going away and zero day threats will continue to plague even those organizations that have the best of the best in flaw remediation plans in place. It is important to remember that a zero day threat is not the bad guys “end-game,” it is simply a delivery vehicle to execute malware on the victims PC. Outdated technologies that rely on blocking malware with any form of signature can afford little effective defense. The only defense that makes sense is to disregard the delivery mechanism and apply our focus on the “end-game” to prevent the bag guys from executing their unauthorized malicious payload within our environment.

Read Full Article

Press Release

Lumension Endpoint Management Platform Strategy to Reduce Complexity, Enhance Security & Compliance, and Expand Visibility Across IT Operations and Security Functions

Company Announces the Availability of Lumension Endpoint Management and Security Suite to Deliver End-to-End Endpoint Management Solution Capabilities on a Single Server, Single Agent and Single Management Console Architecture

Scottsdale, AZ, Nov. 18, 2009

Lumension, a global leader in endpoint management and security, announced its comprehensive Lumension® Endpoint Management Platform (LEMP) strategy that will deliver tighter integrations and workflows across IT security and operations to help organizations optimize security and compliance posture, reduce technology complexity and decrease TCO. As part of this platform launch, Lumension will be releasing its Lumension® Endpoint Management and Security Suite (LEMSS), which includes initial product capabilities across integrated vulnerability management and security configuration management to deliver greater agility, security and compliance.

According to a recent Ponemon Institute survey commissioned by Lumension, titled Worldwide State of the Endpoint 2010, collaboration between security and operations is considered poor or non-existent by 53 percent of IT security and 38 percent of IT operations practitioners. Further, a majority of IT security and IT operations executives said they feel less secure today than a year ago as a result of complexities in disparate technologies. According to the survey findings, the top three challenges in endpoint management are improving security posture, reducing costs and decreasing complexity. Current challenges are compounded by the growing gaps within IT operations and security groups that have been slow to adapt to the evolving endpoint security risks and approaches, adding to the inflexible and high-risk IT environments that exist today.

Read Full Article

Sensage Announces Increased Cooperation With Sap To Drive Convergence Of It Security, Governance, Risk And Compliance Controls

SenSage Continuous Monitoring & Auditing for ERP Achieves SAP Certified Integration

PRAGUE, Czech Republic, November 18, 2009 - SenSage, Inc. announced today that it has expanded its cooperation with SAP AG, spanning technology integration and compatibility certification. SenSage Continuous Monitoring & Auditing for ERP provides enhanced visibility into SAP transactions and audit logs – filtered by pre-built analytics and mined by ad-hoc queries – all within the context of the underlying IT infrastructure that is monitored in real time. SenSage is actively demonstrating the offering and sharing customer success stories at various SAP end-user and channel events, including SAP TechEd 2009 and this week’s GRC 2009 conference in Prague. Together, SAP and SenSage safeguard critical enterprise assets and processes by allowing organizations to detect and respond to security and IT risks aligned to an enterprise risk management program.

"We are excited to extend our partnership with SAP to address data management challenges in continuous controls monitoring and SAP user activity monitoring," said Jim Pflaging, president and CEO of SenSage. "Together we are helping management, internal audit, security and compliance professionals to detect and monitor fraudulent behavior such as failed or fraudulent transactions, failing controls, segregation of duty (SoD) violations or overrides, user profile and privilege changes, unauthorized access to transactions, users with temporary or expired privileges, and unauthorized changes to master data through exception-based alerts and reporting."

The SAP® Integration and Certification Center (SAP ICC) has certified that SenSage Continuous Monitoring & Auditing 3.0 has achieved "Powered by SAP NetWeaver®" status as an ABAP™ add-on for the SAP ERP 6.0 application. This deployment has been tested and certified by the SAP ICC. The solution monitors the security events for key data changes to financial, materials management, sales and distribution, and user access information.

Read Full Article

Web Application Security via Cloud Computing

We can assess your Web applications remotely to ensure they are protected against hacker attacks. It's an ideal way to quickly improve your Web security posture with minimum resources and limited budget.

Key Benefits:

• Lower Total Cost of Ownership with savings in hardware and software costs,
• No capital budget required,
• Flexible subscription plans to meet your specific needs,
• Ability to jump-start your Web security initiative,
• Default use of the latest product release without requiring upgrades, and
• Ease of use.

Find out more!

You are receiving this Newsletter because you have subscribed for our newsletter at our site. Please update your subscription with us by emailing marketing@quantiqint.com

Copyright © 2009 Quantiq International Pte Ltd. All Rights Reserved.

Main Menu

Services Offered

Industry Focus

Be our Partner