Global Security Mag Online

Thales Datacryptor Recognized as Best Encryption Solution in Info Security Products Guide 2013 Global Excellence Awards

Marc Jacob — 2013-03-01T15:14:29Z

Thales announces that Info Security Products Guide, the industry's leading information security research and advisory guide, has named the Thales Datacryptor line of network encryption solutions Gold Winner of the 2013 Global Excellence Awards in the Best Encryption category. The prestigious global excellence awards recognize Thales as a global leader in the security industry with advanced, ground-breaking products and solutions.

More than 50 judges from a broad spectrum of industry voices around the world participated and their average scores determined the 2013 Global Excellence Awards Finalists and Winners. Winners were announced during an awards dinner and presentation on February 27, 2013 in San Francisco attended by finalists, judges and industry peers.

The Thales Datacryptor network encryption product family has provided network security to enterprise and government organizations for more than 20 years. Datacryptor solutions provide secure, efficient, and scalable data transport for a variety of Layer 2 point-to-point and multipoint applications as well as Layer 3 IP. These tamper-resistant devices protect data confidentiality using the strongest commercial and government encryption algorithms with sophisticated key lifecycle management and storage techniques, while offering significantly lower latency than software encryption capabilities embedded in common network devices such as switches and routers. Datacryptor solutions make it possible for organizations to utilize the most cost-effective data transport medium available, while also meeting or exceeding business and regulatory requirements for data privacy and confidentiality. Specifically designed to ease maintenance and minimize cost of ownership, Datacryptor products are certified to the highest levels, including FIPS, Common Criteria, the UK government CAPS (CESG Assisted Products Service) standards, NATO and the U.S. Defense Information Systems Agency's Unified Capabilities Approved Products List (DISA UC APL).

Vigil@nce - Debian: file access via libvirtd

Vigil@nce — 2013-03-01T13:35:01Z

This bulletin was written by Vigil@nce : vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY A local attacker, who is member of the kvm group, can access to LVM devices managed by libvirtd. Impacted products: Debian Severity: 1/4 Creation date: 26/02/2013 DESCRIPTION OF THE VULNERABILITY On Debian, the libvirtd daemon configures LVM devices with the "libvirt-qemu" user and the "kvm" group. However, the kvm group is used by other applications. A local (...) - Security Vulnerability

Proxim Wireless Corporation announced the distribution partnership with Config, a value added IT distributor

Marc Jacob — 2013-03-01T08:34:57Z

Proxim Wireless Corporation announced the distribution partnership with Config, a value added IT distributor.

Config, based in France and having strong regional presence in

Switzerland, Morocco, Tunisia and Algeria, is keen to enable its

customers to capitalize on the growth opportunities in the outdoor

wireless market within these countries. Proxim's products deliver

leading-edge performance on a very cost-effective basis, due in large

part to Proxim's unique Wireless Outdoor Router Protocol (WORP(R))

software. Proxim's wireless portfolio addresses numerous broadband

connectivity needs that exist today, including video security and

surveillance, cellular backhaul, and mobile data offload, for

governmental, enterprise, and telecom customers. Config is very proactive

in these markets providing support at both commercial and technical

level. Proxim products are now available for purchase through Config and

a program covering commercial and technical training for Config's

partners will be announced shortly.

Key SCADA Security Questions for CEOs

2013-02-28T19:59:31Z

It wasn't that long ago when cyber security seemed like a foreign language to those folks entrusted with running companies. It was not like they didn't know about it, but it just was not top of mind. Not anymore. With cyber threats evolving to the point where they are affecting their companies and their customer's companies, chief executives are taking a new look and approach to how they attack cyber security. They know meeting objectives and delivering on business initiatives means they (...) - Opinion / affiche

19 March - 29 My: DenyAll's upcoming Webinars cover the following key themes: BYOD, migration, virtual patching and

Marc Jacob — 2013-02-28T16:59:57Z

 March 19: Beyond BYOD, featuring Promon's CTO and founder, Tom Lysemose. _ The webinar will focus on how to ensure that corporate data remains secure while being accessed by devices that don't comply with corporate policy. The innovative Client Shield solution for Web and mobile applications will be presented.

 March 26: why and how to migrate to DenyAll Protect version 4.1? This webinar will highlight the advantages of the new platform and present the methodology used by DenyAll to support customers through the migration process.

 April 9: the new features in DenyAll Detect 5.0, including in the critical areas of reporting and asset management.

 April 23: the new features in DenyAll Protect 4.1 FP1, with a focus on new security engines and the virtual patching capabilities derived from the integration between the Detect and Protect product lines.

 May 29: a new edition of the “CTO Talk” webinar series, during which DenyAll CTO Renaud Bidou will highlight the dangers associated with the broader use of HTML5.

Registration to all webinars can be performed on the company's website: www.denyall.com/news/events_en

Signify achieves ISO27001 certification putting its secure authentication service 'best in class'

Marc Jacob — 2013-02-28T13:44:09Z

Signify, the cloud-based secure authentication service, has achieved ISO27001 certification. Signify provides 2-Factor Authentication (2FA) as a hosted service in the cloud that enhances the security of its customers systems, especially their remote access and cloud-based systems. The ISO27001 certification demonstrates that Signify's security and reliability are in line with world-class standards, ensuring it meets the needs of its security conscious customers. This puts it best in class as an authentication service provider.

When choosing a hosted authentication service it is essential to have complete confidence that sensitive business and user information will be safe. This means ensuring that the service is robust, reliable and secure at all times.

ISO/IEC 27001:2005 sets out requirements for organisations throughout the world, to develop and maintain a robust information security management system. Through a systematic evaluation of information security risks throughout the business, Signify has designed and implemented a comprehensive set of best practice information security controls and management processes in line with much larger global companies, demonstrating its no-compromise commitment to information security.

Signify has tried and tested framework of policies, procedures, logistics and 24/7 user support designed to simplify the whole identify management lifecycle. By using Signify, 2FA is not only made easy and affordable, it enables companies to successfully manage digital identity and have a more secure, reliable and flexible solution than they could ever achieve by running their own in-house systems.

LynxSecure 5.2 adds new features to help protect endpoints against the most potent and stealthy advanced persistent threats

Marc Jacob — 2013-02-28T13:42:40Z

LynuxWorks, Inc. announced that they will be demonstrating the industry's first technology capable of real-time detection, alert and protection against zero-day rootkits and bootkits. Rootkits are the most sophisticated and lethal type of malware—stealthy and extremely potent. When resident on endpoint devices, the LynxSecure 5.2 product can help security experts and IT staff discover rootkit infections and neutralize them, and then easily remotely clean infected machines, thereby preventing future infections.

LynxSecure 5.2 is the next version of the established secure separation kernel and hypervisor from LynuxWorks. Designed from the ground up with security as a key design goal, this military-grade virtualization solution is now available for Enterprise users. It is small, secure and offers high performance that is well suited to today's modern roaming endpoints, such as laptops and hybrids. Now adding a feature that does real-time detection of stealthy advanced persistent threats such as rootkits, brings the use of this technology to the front of Enterprise security protection.

Rootkits work at the lowest levels of the operating system (OS) they intend to attack. Thus, it is a self-defeating cause to try and have a detection and prevention mechanism that is a part of the “target of attack.” The approach to combating these insidious threats needs a mechanism that offers a completely different security posture: It must execute with a higher privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. Also, this mechanism must be self-protecting, non-bypassable and tamper-proof. LynxSecure provides a comprehensive end-to-end solution, fully manageable by IT staff, while providing a detailed real-life picture of the rootkit infections in the corporate network.

Vigil@nce - Cisco Unified MeetingPlace: Cross Site Request Forgery

Vigil@nce — 2013-02-28T13:19:09Z

This bulletin was written by Vigil@nce : vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can trigger a Cross Site Request Forgery in Cisco Unified MeetingPlace, in order to perform actions in the context of the web site. Impacted products: Cisco Unified MeetingPlace Severity: 2/4 Creation date: 13/02/2013 DESCRIPTION OF THE VULNERABILITY An attacker can trigger a Cross Site Request Forgery in Cisco Unified MeetingPlace, in order to perform (...) - Security Vulnerability

Sécurité informatique en 2013 : pas ce recette miracle à l'horizon

Pierre Siaut, Security Expert Team Leader, Trend Micro France — 2013-02-28T13:16:31Z

Que va nous réserver 2013 en matière de sécurité informatique ? Quelles seront les principales menaces et d'où proviendront-elles ? Comment y faire face ? Autant de questions qu'il est légitime de se poser en ce début d'année. Les réponses à ces questions peuvent s'avérer précieuses pour les entreprises et organisations, ainsi à même de réorganiser leur ligne de défense pour contrer les nouvelles stratégies imaginées par les cybercriminels. Cependant, un problème persiste : il n'existe malheureusement pas (...) - Product Reviews

gateprotect Firewall Obtains EAL4+ Certification under Common Criteria

Marc Jacob — 2013-02-28T13:09:57Z

The German IT security specialist gateprotect has successfully completed the internationally recognized EAL4+ certification under Common Criteria. In the course of development, the firewall packet filtering core was evaluated by the Federal Office for Information Security (BSI) in Germany.

Common Criteria is the most important international security standard for IT security products. For products that are freely available in the market, level 4+ is the highest possible level of evaluation. The certification assures customers around the globe that the firewall solution has been developed in accordance with strict regulations and complies with high quality and security standards. The certification was conducted based on the CC version 3.1 and involved the inspection of the source code by independent experts as well as the approval of the development environment by the BSI.

In addition, the mechanisms of quality assurance, the testing procedures as well as the measures of protection against the intrusion of unauthorized codes were examined. The successful certification evidences that gateprotect is complying with security requirements and the procedures used.

The next generation firewalls from gateprotect protect companies of any size against malware attacks, viruses, unauthorized access and misuse. They are characterized by a multitude of sophisticated security features – as well as optimal scalability, security and performance.

Embarcadero Launches FireDAC: Enterprise Data Access for Multiple Devices

Marc Jacob — 2013-02-28T13:07:44Z

Embarcadero Technologies announced the availability of FireDAC, an enterprise-class data access development library for multiple devices including Windows, Mac, and Mobile. FireDAC works seamlessly with Embarcadero's Delphi, C++Builder, and RAD Studio multi-device development solutions. The release of FireDAC follows Embarcadero's recent acquisition of DA-SOFT's AnyDAC data access technology. “Enterprises have already been challenged with supporting a wide variety of database platforms in (...) - Product Reviews

Cognosec adds QSA string to bow

Marc Jacob — 2013-02-28T10:09:26Z

IT security and compliance specialist, Cognosec - a UC Group company - has added to its growing portfolio of services after achieving the Quality Security Assessor (QSA) accreditation, qualifying the firm to carry out PCI DSS compliance audits across Europe.

The PCI DSS standard applies to all organisations that store, process, and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data.

To help drive through the accreditation process, Cognosec appointed industry leading expert David Jenkins as its new director of PCI and payment services. Jenkins, formerly of Trustwave, boasts a wealth of industry experience in assisting banks, payment service providers and merchants across EMEA in gaining and maintaining PCI accreditation.

Cognosec can now provide clients with a full PCI DSS audit portfolio - on top of the consultancy service it already offers - creating a rounded and comprehensive compliance package.

In the future, Cognosec aims to qualify as an assessor for the whole EMEA region, with plans to expand its reach to other markets.