Unauthorized snooping in the office may not necessarily be on the rise in Asia, but companies are becoming more attuned to the problem and looking to address associated risks, according to a security practitioner.

P.F. Vilquin, security director for Asia-Pacific and Japan at CA Technologies, told ZDNet Asia in an e-mail interview that employee abuse of system administrative privileges to access data in the corporate network has "always" been an issue. The consequences, he added, are typically more severe when the abuse is carried out by IT staff.

"The IT department member may have [greater access] to data across multiple systems due to the IT privileges associated with his role and responsibilities than non-IT staff," Vilquin explained. "Therefore, the damages inflicted by an IT department member can be much more significant."

Such behavior, he noted, does not appear to be getting more common but companies are now more sensitive to the problem and do understand the different levels of access to data and risks associated with "super users".

His assessment echoes the findings of a recent survey of 400 senior IT professionals in the United Kingdom and United States released earlier this month by Cyber-Ark Software. The study revealed 41 percent of respondents admitted they or their colleagues abused administrative passwords to snoop on information such as customer data and human resource records.

In addition, over two-third of respondents said they had previously accessed data that was not relevant to their role. Some 54 percent also pointed to the IT department as the most likely culprit of snooping activities.

Read full article.

Has dummy-proof network forensics arrived? A recent YouTube video from network security software vendor NetWitness, which shows off one of the coolest UIs ever, makes that prospect seem likely.

The video is a promotional trailer for a new Visualize module for NetWitness' Informer product -- a kind of security information and event management product that works on top of NetWitness' network traffic capture platform. View it on YouTube and fast-forward to around the 3:50 mark to check out the bit on Visualize.

As the name suggests, the cool thing about Visualize is its ability to render network traffic graphically. Instead of merely logging that Paul was viewing his holiday photo album on Flickr or sending out a PDF over his Gmail account, or regurgitating the session data in a text file, an analyst using Visualize would see the session as the person who conducted it did -- viewing the actual photos and documents.

Visualize lets analysts do this across a swath of thousands of network sessions -- that is, individual sessions rendered not as abstract strings of binary or hexadecimal data, but as discrete blocks of "stuff," including images, application data, documents, VoIP sessions, and other rich media that can be manipulated, drilled into, and otherwise poked at.

Clicking on one of these blocks allows analysts to pivot to other related sessions and data (say, display all the images associated with this user or IP address). It all brings to mind that amazing scene from the movie "Minority Report" where Tom Cruise, playing Chief John Anderton, conducts a fast moving "pre-murder" investigation using a wall-size, touch-sensitive GUI that lets him manipulate images and video data and feeds from many sources with the aid of nothing more than a wacky, three-fingered glove.

That film, which came out in 2002, anticipated many of the advances in graphical interface and touch-sensitive displays that have appeared in the years that followed -- not least of which are the iPod Touch, iPhone, and iPad. But it has even more powerful devotees in circles like defense and computer security, where adaptive, persistent adversaries like those behind the "Aurora" attacks on Google and other prominent Western firms put the focus on correlating discrete bits of data that can identify the who (hacker, terrorist, state actor) and not just the what (virus, bot, Trojan).


Read full story.



About NetWitness

NetWitness® Corporation is the world leader in real-time network forensics and automated threat intelligence solutions, helping government and commercial organizations detect, prioritize and remediate complex IT risks. NetWitness solutions concurrently solve a wide variety of information security problems including: advanced persistent threat management; sensitive data discovery and advanced data leakage detection; malware activity discovery; insider threat management; policy and controls verification and e-discovery. Originally developed for the US Intelligence Community, NetWitness has evolved to provide enterprises around the world with breakthrough methods of network content analysis and host-based risk discovery and prioritization. NetWitness customers include Defense, National Law Enforcement and Intelligence Agencies, Top US and European Banks, Critical Infrastructure, and Global 1000 organizations. NetWitness has offices in the U.S. and the U.K. and partners throughout North and South America, Europe, the Middle East, and Asia.

Email us at marketing@quantiqint.com to learn more now!

Government agencies are more dependent than ever on computer systems to carry out their missions. From providing citizens access to public information over the Web to processing and accounting for trillions of dollars in spending, computer systems permeate virtually every aspect of government work.

At the same time, federal departments – such as the Department of Defense (DoD) and the Department of Homeland Security (DHS) -- have increasingly turned to contractors to fill key roles and perform many critical IT functions, such as network administration, configuration management and user provisioning. One need not look very far to find a multi-year, multi-million dollar contract awarded to one company or another to provide strategic IT services to a government agency.

These parallel trends have raised concerns about the proper balance between an agency’s need to secure its computer operations and assets, and the contractor’s need for system access to perform its tasks.

Traditional access control solutions focus on authenticating and then providing users access to systems, rather than granularly containing them to authorized resources. Such an approach provides users, once they are authenticated, the proverbial “keys to the kingdom.” In addition, the lack of identity-based controls also can lead to cases of mistaken identity. Unfortunately, identity is one of several critical concerns that legacy access control systems do not adequately address. Other key areas include user monitoring and auditing.

Now, there is a next-generation of access solutions that evolved from the need to manage a smaller group of privileged users with elevated rights, such as the contracted IT workers, who are accessing critical infrastructure and sensitive data. These systems provide an efficient, cost effective way to integrate strong network controls that offer significant security and compliance benefits. The technical and functional requirements for next-generation solutions map to the best practices for access control strategies, which require organizations to:

Right-size permissions, based on a model of zero trust.

Be identity aware.

Implement fine-grained enforcement.

Utilize integrated audit capabilities to validate controls.

Automate all the requirements from access to audit.


Read full story.


About Xceedium

Xceedium Inc., is the leading provider of Zero Trust Access Control solutions for managing access to critical infrastructure and sensitive data by privileged users, 3rd-party vendors, and contractors.

Employing unique and patent-pending technologies, the Xceedium GateKeeper hardened appliance enables organizations to extend and manage access while safeguarding business critical assets, demonstrating compliance and decreasing business risk. Its key differentiators lie in its ability to enforce policy by identity, contain users based on the user’s explicit privileges, and record users for audit and compliance. Deployed in the largest enterprise, and federal government environments, Xceedium’s ever-expanding client base includes household names in financial services, healthcare, pharmaceutical, retail, MSP and other key verticals.

Headquartered in New Jersey with offices in Virginia, Xceedium has been honored with a number of prestigious industry awards, including recognition by Forrester Research as a “Hot Company to Watch,” by Gartner, Inc. as a “Cool Vendor in Infrastructure Protection 2009,” and by Red Herring as a “Top 100 Global Company.” For more information, visit www.xceedium.com

Email us at marketing@quantiqint.com to learn more now!

Enterprises Can Use Next-Generation Firewalls to Safely Enable Hyves for Their Workers

Palo Alto Networks™, the network security company, today announced it has released new functionality that enables enterprises to control several popular Hyves capabilities, empowering users to continue to embrace Hyves while mitigating any security concerns. Hyves users in enterprises are susceptible to bringing vulnerabilities into the organization and leaking confidential data to third parties because of the nature of Hyves-based applications, which like many other social networking-based applications have been heavily targeted by hackers and cybercriminals.

Hyves has enjoyed rapid growth and has become the dominant social media platform in the Netherlands and Belgium with more than 10 million members. These members continue to use Hyves at work, which causes its applications such as chat, mail, games, and music to become the target of attacks as cybercriminals use it as one of their vectors of choice to penetrate the enterprise perimeter.

Palo Alto Networks' new App-ID™ allows IT security teams to centrally protect their Hyves users against the undesired security issues while transparently preserving Hyves functionality.

"This is another example of the safe enablement that customers of Palo Alto Networks can uniquely take advantage of; reaping the benefit of social applications, yet mitigating the risks," said René Bonvanie, vice president of worldwide marketing at Palo Alto Networks. "For example, an organization might want to enable customer service representatives to use Hyves for its Chat function and the Mail function, but disable Hyves Music or Hyves Games to mitigate security and productivity concerns."

The Palo Alto Networks Application and Threat Research Team actively researches applications. Taking input from the market, application developers and customers, the team aggressively maintains App-ID and the more than 1,050 applications it identifies, adding three to five applications weekly. Palo Alto Networks' App-ID technology enables a more sophisticated identification than a simple signature, putting decryption, decoders, heuristic analysis, and a rich signature analysis at the team's disposal. Augmented with detailed information about the application's use, behavior, and risks, customers can make informed policy decisions regarding applications.

Next Generation Firewall: How it Works for Hyves
Palo Alto Networks combines three identification technologies to provide visibility and control over Hyves-related functionality, users and content:

* App-ID identifies exactly which Hyves functionality is running on the network, as well as the associated risks, so administrators can deploy comprehensive application usage control policies for inbound and outbound traffic.
* User-ID integrates with Microsoft Active Directory and LDAP directories to link Hyves use to users and groups – not just IP addresses – for visibility, policy creation, logging and reporting.
* Content-ID combines a real-time threat prevention engine with a comprehensive URL database to detect and block a wide range of threats, limit unauthorized transfer of files and data, enabling customers to scan permitted Hyves traffic for threats and confidential data.

Information on more than 1,050 applications that are identified by Palo Alto Networks can be found in Applipedia, part of the company's Application and Threat Research Center. Visit the online resource to find the latest news, commentary, and discoveries on applications and threats at http://www.paloaltonetworks.com/researchcenter/.


About Palo Alto Networks

Palo Alto Networks™ is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content – by user, not just IP address – at up to 10Gbps with no performance degradation. Based on patent pending App-ID™ technology, Palo Alto Networks firewalls accurately identify and control applications – regardless of port, protocol, evasive tactic or SSL encryption – and scan content to stop threats and prevent data leakage. Enterprises can for the first time embrace Web 2.0 and maintain complete visibility and control, while significantly reducing total cost of ownership through device consolidation. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, “The Network Security Company,” the Palo Alto Networks Logo and App-ID are trademarks of Palo Alto Networks, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.