Barcelona, Spain – March 26, 2013 – Qustodio, a leading parental control software start-up, today announced the release of the latest version of its free software, now compatible with Mac OSX Lion/Mountain Lion and Android devices. It is already available for Window 8 PCs.
The latest version of Qustodio is aimed at giving parents better tools to manage their children’s online activities on the many devices that they use to connect to the world, including Android mobile phones and tablets. Parents can view the web-browsing activity or applications being used on any device within the family and set usage limits for certain applications and/or web pages. Parents can manage the use of all Macs, Windows PCs and Android mobile devices from one unified web-based online dashboard, called the Family Portal.
This release also allows parents to have a deeper view into social networks including Facebook. Qustodio has always tracked children’s time spent on social media sites like Twitter, FourSquare and Pinterest. But today it launched a robust new tool called Advanced Facebook Monitoring that connects to a child’s Facebook account from any device, and reports on the key activities, information and photos where a child may be tagged.
Social Activity reported on Qustodio Family Portal
To showcase this new feature, Qustodio’s Family Portal features a new tab called Social Activity. Social Activity offers parents a detailed view of all social activity performed by the child. It allows parents to see the names of contacts that children communicate with online and the time and duration of the conversation. Qustodio also alerts parents the first time a child is contacted by a new friend. This allows parents to keep a closer eye on social media interactions and intervene if necessary.
Multi-Device Management for Premium Users
Those who purchase Qustodio’s premium version will get access to a new Multi-Device Scheduler that allows a parent to customize individual time usage limits for each mobile, desktop or laptop. Using these features parents can customize their child’s experience on each device.
“Management of the multiple connected devices and online activities in the family is a new and challenging problem that we aim to solve,” said Eduardo Cruz, CEO and co-founder of Qustodio. “We are committed to providing parents useful tools to guarantee safe and responsible use of devices by children.”
Qustodio Premium Users Get Expanded Social Protection and Monitoring
For Premium users, who pay $49.95 per year, Qustodio offers a deeper level of social monitoring called Advanced Facebook Monitoring. Once activated, Qustodio monitors all activity that takes place on a child’s Facebook account, regardless of the device being used to access Facebook. The Advanced Facebook Monitoring feature provides parents with information on new friends, events, shared photos and social interactions including:
- A child’s friends list on Facebook and friends’ profile pictures.
- List of new friends on Facebook and their ages
- A list of mutual friends
- Activity log of how a child interacts with friends in the past 30 days, including time spent chatting and sharing photos.
- Published information such as: interests, relationships, work, religion, etc.
- See the photos that a child shares online and the comments that other users make on those photos.
Pricing and Availability
Qustodio is available now for Mac, Windows and Android at http://www.qustodio.com and has a free version. A premium version is available for $49.95: http://www.qustodio.com/premium. Qustodio’s Android app can be downloaded here: https://play.google.com/store/apps/details?id=com.qustodio.qustodioapp
Qustodio develops leading parental control software solutions for families worldwide. Our solutions empower parents to have greater visibility into their children’s online activity, including social networks. Our revolutionary approach provides quick and actionable information for parents, enabling parents to ensure their children use connected devices safely and responsibly. We are passionate about Internet security for children, and we love creating well-made products with excellent user experiences. We want to work with you to make the Internet a safe and enjoyable place for your kids. Qustodio is headquartered in Barcelona, Spain and can be found online: www.Qustodio.com, via Twitter: @Qustodio and on Facebook: Qustodio.
DULLES, Va., September 18, 2012—Cigital Inc., the world’s largest consulting firm specializing in software security, today announced the fourth major release of the Building Security In Maturity Model (BSIMM) study. This release continues BSIMM’s impressive growth and now describes real-world data from fifty-one firms with active software security initiatives. BSIMM4 encompasses ten times the measurement data of the original 2009 study (95 distinct measurements), and reports on two new activities, bringing the activity count going forward to 111.
The BSIMM4 project provides insight into fifty-one of the most successful software security initiatives in the world and describes how these initiatives evolve, change, and improve over time. The multi-year study is based on in-depth measurement of leading enterprises including Adobe, Aon, Bank of America, Box, Capital One, The Depository Trust & Clearing Corporation (DTCC), EMC, F-Secure, Fannie Mae, Fidelity, Google, Intel, Intuit, JPMorgan Chase & Co., Mashery, McKesson, Microsoft, Nokia, Nokia Siemens Networks, QUALCOMM, Rackspace, Salesforce, Sallie Mae, SAP, Scripps Networks, Sony Mobile, Standard Life, SWIFT, Symantec, Telecom Italia, Thomson Reuters, Vanguard, Visa, VMware, Wells Fargo, and Zynga.
Originally launched in March 2009, the BSIMM is the industry’s first software security measurement tool built from real-world data rather than based on philosophy and theory. BSIMM2 was released in May 2010 and tripled the size of the original study from nine organizations to thirty. BSIMM3 was released in September 2011 with data from forty-two firms and included a longitudinal study showing how software security initiatives have grown over time. BSIMM4, released today, covers fifty-one firms representing a range of twelve overlapping verticals including: financial services (19), independent software vendors (19), technology firms (13), cloud (13), media (4), security (3), telecommunications (3), insurance (2), energy (2), retail (2) and healthcare (1). The current release includes updated activity descriptions, two new activities and a longitudinal study.
“The BSIMM work is exciting not only because of its data-driven scientific approach to measurement, but also because of the community we have established,” said Dr. Gary McGraw, Cigital’s CTO. “There is nothing more satisfying than enabling top software security initiatives worldwide to cooperate in moving software security forward.”
Using the BSIMM measuring stick, Dr. Gary McGraw, Sammy Migues, and Jacob West conducted a series of in-person interviews with executives in charge of the fifty-one software security initiatives to collect data for BSIMM4. For the first time in the BSIMM project, new activities were observed in addition to the original 109, resulting in the addition of two new activities to the model going forward. The activities are: Simulate software crisis and Automate malicious code detection.
Some numerical highlights of BSIMM4:
• BSIMM4 includes 51 firms from 12 industry verticals
• BSIMM4 has grown 20% since BSIMM3 and is ten times bigger than the original 2009 edition
• The BSIMM4 data set has 95 distinct measurements (some firms measured multiple times, some firms with multiple divisions measured separately and rolled into one firm score)
• BSIMM4 continues to show that leading firms on average employ two full time software security specialists for every 100 developers
• BSIMM4 describes the work of 974 software security professionals working with a development-based satellite of 2039 people to secure the software developed by 218,286 developers
“We are very pleased with the effect BSIMM is having beyond its primary use as a reflection of the state of software security,” said Sammy Migues, co-author of the ongoing study and Cigital Principal. “We see it referenced directly in business partner discussions, in government and commercial acquisitions, in service level agreements, and vendor management processes.”
The fifty-one firms participating in the BSIMM Project make up the BSIMM Community. The BSIMM Community hosts a private mailing list and an annual Conference where representatives gather together in an off-the-record forum to discuss day to day administration of software security initiatives. In 2011, 21 of 42 firms participated in the second annual BSIMM Community Conference hosted in Washington State. And in Spring of 2012, the first BSIMM Europe Community conference held in Amsterdam included 17 firms with a presence in the European market.
“Fidelity Investments makes use of BSIMM measurements taken over time to identify areas for improvement in our software security initiative,” said David Smith, VP, Technology Risk Management, Fidelity. “Access to the BSIMM Community adds additional value both when trying to get new initiatives off the ground and when working to enhance and evolve existing initiatives. The BSIMM Community’s industry leaders are knee deep in real-world software security, have a deep well of experience to draw on, and often have extremely effective initiatives well underway. As such, they provide valuable insight on how to succeed with software security at a world class level.”
For more information and to access the BSIMM4 study, which is distributed free of charge under a Creative Commons license, please visit: http://bsimm.com/
Cigital Inc., founded in 1992, is the world’s largest consulting firm specializing in software security and is the global leader in helping organizations to design, build, and maintain secure software. Our unique expertise, technologies, and training services are a culmination of over twenty years of research activities and thousands of successful software security consulting engagements at leading public and private organizations throughout the world. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. For more information visit: http://www.cigital.com.
Here are my slides from a lecture I gave 2 years ago correlating a drop in stock price with news of a data breach. Please forgive the short post, I’m just throwing this out there in response to today’s #secchat.
I spoke with Lori MacVittie of F5 Networks about what they’re seeing in terms of security attacks. The F5 Networks equipment, which I had thought of as load balancers and such, is actually really good at intercepting and reporting on network traffic. For example, if an attacker were manipulating packet headers then since all the traffic flows through the BIG-IP, it is easy to find anomalies in the BIG-IP. There’s also an application security firewall (Application Security Manager) that runs on top of BIG-IP.
Because we can’t control the endpoint we need to do a better job of securing the applications and web sites that. In this way, hackers have a way of exploiting a series of trust relationships. Mobile devices may go outside the firewall, get infected, and then come back inside the firewall.
In this way, consumers aren’t only at risk, they’re becoming part of the attack. As attackers move up the stack and figure out how to involve more users unknowingly they will. This spreads out the threat in such a way that it is difficult to address. Now you’ve got a DDOS coming in from all over the world, not from a few dozen servers.
“Everybody is a suspect now. Every connection needs to be examined as an attack of some kind.” The traffic inspection tool becomes much more important at this point. Websites need to protect themselves in order to protect users. When attackers use the protocol itself as part of their strategy, then it is very difficult to search for anomalies and detect them.
Potential solutions include running a web application firewall, conducting regular vulnerability scans, scan code before implementing it. Make sure that the web app firewall is configured to scan incoming and outgoing traffic to better find anomalies. Use some of the security features built into your load balancer, which are usually not used because people think of the devices just as load balancers. Use all the tools at your disposal in a layered approach.
Attacks are now being combined, where an attacker could use a DDOS to mask an attack on the application.
Joe Stewart, Dell SecureWorks’ Director of Malware Research, and the Counter Threat Unit (CTU) research team have long been researching Advanced Persistent Threat (APT) hacking activity. Since different entities may use the term APT differently, it is important to define the term as used in this analysis. According to Stewart , APT is best defined as “cyber-espionage activity targeted at government, industry or activists.”
To date, Stewart and the CTU have catalogued over 60 different families of custom malware involved in APT activity. Stewart and the CTU have developed countermeasures and Threat Intelligence to detect this malware. During this research, Stewart discovered that the hackers using these APT malware families sometimes use a common tool in order to disguise the location of their command-and-control (C2) servers. This tool is known as “HTran”.
HTran is a connection bouncer, sort of like a simplified reverse proxy server. Hackers can install an HTran listener on a host anywhere on the Internet (most often on hacked third-party servers), and bounce incoming connections back to their real C2 server. HTran was authored by “lion”, a well-known Chinese hacker and reported founder of the Honker Union of China (HUC), a patriotic hacking group in the People’s Republic of China (PRC). The name “HTran” actually stands for “HUC Packet Transmit Tool”.
What led Stewart to the discovery of the common use of HTran was an error message that HTran emits to connecting clients whenever the hidden backend C2 server is unreachable. By creating a system to establish regular connections to a list of over 1,000 IP addresses known by the CTU to be associated with APT activity bouncers, Stewart was able to uncover several HTran installations that eventually reported error messages revealing the IP address of the true C2 controllers. While all of the found HTran installations were on computers in the U.S., Europe, Japan and Taiwan, all of the hidden C2 controllers they redirected traffic to were located on just a few networks in the PRC.
Two of the families of malware, where variants were discovered using HTran bouncers, can be directly connected to the RSA Security breach disclosed in March 2011, based on related samples analyzed by Stewart that use C2s from the list disclosed in the CERT bulletin “EWIN-11-077″.
All of the detected HTran and hidden C2 IP addresses are listed in the full report, along with information and Snort signatures which can enable other institutions to detect HTran error messages in network
traffic and possibly uncover not only latent APT activity, but also the true destination of any data that would be exfiltrated.
I had the opportunity to interview Joe Stewart from Black Hat about HTran.
The research started as Joe focused on APT because of a number of reasons. He set about to classify APT, to survey the malware environment and how the APT malware is related as well as how the infrastructure they share is related. A bunch of malware samples related to but not used in the RSA attack and looking at the network traffic he saw a pattern. It was an error message from HTran saying that it couldn’t bounce. So he wondered, how many of these bouncers are there and can we find out where the systems are that are on the other side of the bouncer.
HTran basically gives away the IP address of the hosts that are on the back side. HTran came out in 2000 and is a popular bouncer used widely in hacking so this is significant because it could lend insight to how to combat HTran.
He’s got over 6,000 back end hosts identified and over 60 individual strains of malware isolated as results of this analysis. After resolving all of the host names he ended up with about 1000 IP addresses. He started to connect to them every 10 minutes with software he wrote to obtain that error message from the servers. From those 1000 he ended up with 18 back end servers.
Joe’s written 2 snort rules to detect the activity so this functionality has been rolled out to SecureWorks customers already. The snort rules were publicly posted on Wednesday so anyone running an open source based IPS can take advantage of this knowledge. Someone who has malware using the HTran network could install these rules and spot the traffic in order to protect themselves.
The research is available in full.
Cyber security experts and government policy makers from around the world are gathering at Queen’s University Belfast to develop the first ever global technology research strategy to counter cyber terrorism.
The inaugural World Cyber Security Technology Research Summit is being held at Queen’s Centre for Secure Information Technologies (CSIT) – the UK’s lead centre for cyber security research in this area. The summit will address the current risk to global cyber security as well as outline potential future threats to information systems. The select group of world experts will share current trends in cyber security, look at security threats likely to emerge over the next five to ten years and agree on an international strategy for developing research that will safeguard the ‘Internet of tomorrow’.
The summit comes just weeks after the UK government announced that cyber crime was costing the UK economy £27 billion a year. The cost is made up of £21 billion of costs to businesses, £2.2 billion to government and £3.1 billion to citizens.
Danny Kennedy, Minister for Employment and Learning, opened the summit. During his welcoming address, the Minister said: “The significance and benefit of the cutting edge work being carried out by Queen’s has been demonstrated with their status as the UK Integrated Knowledge Centre for Secure Information Technology, a development which will create significant opportunities in the local economy, as well as enhancing the skills base within Northern Ireland.
“It is a great honour for the University and, of course, the city of Belfast, to host the inaugural World Cyber Security Technology Research Summit, and thus play a part in helping to develop an international strategy on cyber security.”
He continued by saying: “With the goodwill, knowledge and expertise that the summit has now brought together, I have absolutely no doubt that the outcome from today’s event will ultimately bring huge benefits to wider society.”
The Minister concluded by commending Queen’s for the excellence of the research being carried out within this field at the Centre for Secure Information Technologies, and highlighted that it will play a pivotal role in enabling that success to be attained.
Professor John McCanny, CSIT principal investigator, said: “CSIT recognises there is a lot being done on current cyber threats, but there is not a lot of collective thinking about what is coming next.
“It is hard to say exactly what the Internet will become, but we can see a world where it will be core to the very fabric of society. It will be part of our critical infrastructure; providing essential services and becoming an even bigger part of our lives – being used in assisted living; allowing computers to drive our cars, deliver our groceries and monitor and manage our health. It is therefore very important that we develop a strategy to protect ourselves against cyber technology attacks. With such a range of experts attending we expect to come up with the first ever global strategy to protect against cyber crime.
“This summit is the first of its kind and will really mark out the future of cyber technology around the world. The risks associated with the Internet extend from individuals to nations. Internet security is a major issue at a national and international level and there are a number of programs and initiatives around the world where both governments and industry are looking to solve some of the problems we face in this area. We at CSIT believe that ‘Belfast 2011’ will be the first of many summits over coming years, and may even be the beginning of an international movement of collaboration and co-operation to safeguard against cyber terrorists of the future.”
The summit at Queen’s puts the University and Belfast on the map as leading the research into global cyber security. Guests from UK Home Office, U.S. Department of Commerce, U.S. Cyber Consequences Unit, Stanford University, Carnegie Mellon University, BAE Systems, Thales and IBM among others, illustrate the scale of the expertise at the summit.
My latest blog post for CIOUpdate.com went live this morning. I talk about some of the trends I saw at RSA last week including emphasis on securing virtual and mobile environments.
M86 Security bi-annual report focuses on second half of 2010 cyber threats and key trends; more complex Trojans and next generation malware on the way, social network attacks continue to increase
Orange, Calif. – February 14, 2011 – Frustrated email users may have noticed a significant drop in spam in recent months, but cybercriminals are gaining ground with creative new phishing methods and making exploit kits more robust, according to the latest Security Labs Report from M86 Security, the global expert in real-time Web and email threat protection, which was released today.
Investigating the cyber threat trends in the second half of 2010 for its bi-annual report, M86 Security Labs analyzed spam, phishing, and malware activity, and tracked global Internet security trends. Millions of email messages, infected Web pages and malware samples were reviewed and then correlated with their own Web exploit and vulnerability research, providing M86 with a unique vantage point to report on these trends.
“What is especially noteworthy is that our findings demonstrate that vulnerabilities already patched are continuing to be successfully used for malicious gain. Organizations and individuals must get better at updating their applications and staying ahead of attacks on their devices and their networks,” said Bradley Anstis, vice president of technical strategy, M86 Security. “While the M86 Security Labs report notes that great strides are being made in thwarting cyber-criminal attempts, there is always something else coming through the back door.”
Key findings by the M86 Security Labs for the second half of 2010:
Email Spam is Declining, though Far from Dead: According to the M86 Security Labs research, spam volume has slowed considerably, down to one-third the level at year end when compared to June 2010. Using the M86 Security Labs Spam Volume Index, which tracks changes in the volume of spam received by representative domains, the research shows that spam reduction was affected by botnet disruptions and the closure of a popular affiliate program. This is the lowest since November 2008, when the rogue hosting provider McColo was taken offline.
Botnet Take-downs and Spamit.com Closure: Notably, Spamit.com, an underground affiliate program used by several spamming botnets, was shut down in late September 2010. Spamit.com was linked to Glavmed and the “Canadian Pharmacy” brand of bogus online pharmacies. The Rustock botnet was most affected, with its spam output drastically reduced. However, plenty of other botnets moved up to take its place, and trends in this threat category will continue to be monitored for changes and increases. Other spamming categories in the top four include those for replica watches, fake diplomas and cheap watches. In August, notorious spammer/botnet, Pushdo/Cutwail, was taken down, resulting in a significant spam volume decrease due to a coordinated takedown attempt by security researchers. According to Anstis, such efforts are typically short lived, with the botnets returning to their normal activities. Another well-known botnet, Mega-D, has been taken down multiple times since 2008, only to return. In November 2010, the FBI identified and apprehended Oleg Nikolaenko, a Russian behind the botnet. The botnet since has generated less than 5 percent spam by volume. M86 Labs analysts point to the continuing need to go after and prosecute botnet operators for more long-term impact on spam operations and volumes.
Third-Party Phishing on the Rise: The good news about phishing is that such practices delivered via email are declining dramatically as users are becoming more aware of fake e-mails claiming to be from banking institutions. The bad news: cyber-thieves have found more effective means of stealing bank information from users visiting legitimate banking websites. Malware, including Trojans like SpyEye and ZeuS, are increasingly popular methods for criminals to make off with personal and financial information.
Additionally, attacks posing as third-party agencies such as the IRS and the New Zealand Department of Inland Revenue are being used to phish for a user’s bank account information under the guise of receiving bogus tax refunds. This makes it easier for thieves to obtain information from unsuspecting users by providing multiple options to the user to select the bank of their choice, thus eliminating the guessing game typically played to determine where a user conducts their banking. UK banking customers have been similarly affected, receiving a falsified email purporting to be from HM Revenue and Customs with the same legitimate looking page with options for all banks in that specific region.
Exploit Kits with Virus Scanners, Social Network Attacks Increase: As previously reported by M86 Security, the popularity of exploit kits is on the rise. The newest trend is that more kits are offering services to their customers thus becoming more of a “one-stop shop.” The scanning module in the Siberia Exploit kit and Neosploit’s new Malware-as-a-Service offering are just a couple of significant examples signaling a shift in exploit kit capabilities.
While traditional forms of spamming via email are down, spam techniques using such social networking sites as Twitter, Facebook and LinkedIn, continue to expand. The LinkedIn scam has a legitimate look and feel, inviting users to connect with others in their “network,” only to be connected with the Phoenix exploit kit infection page, which tries to exploit the victims’ computer through various vulnerabilities. The M86 Security Labs report also tracks the top 10 exploit kits being used worldwide.
To download the complete version of the latest M86 Security Labs Report, please go to http://m86.it/2h2010
About M86 Security Labs
M86 Security Labs is a group of security analysts specializing in Email and Web threats, from spam to malware. They continuously monitor and respond to Internet security threats. The Security Labs’ primary purpose is to provide a value-added service to M86 customers as part of product maintenance and support. This service includes frequent updates to M86’s unique, proprietary anti-spam technology, SpamCensor, as well as Web threat and vulnerability updates to the M86 Secure Web Gateway products. The updates allow M86 customers to proactively detect and block new and emerging exploits, threats and malware.
Data and analysis from M86 Security Labs is continuously updated and always accessible online at http://www.m86security.com/labs and on Twitter at http://twitter.com/m86labs
About M86 Security
M86 Security is the global expert in real-time threat protection and the industry’s leading Secure Web Gateway provider. The company’s appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 24,000 customers and over 17 million users worldwide. M86 products use patented real-time code analysis and behavior-based malware detection technologies as well as threat intelligence from M86 Security Labs to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Orange, California with international headquarters in London and development centers in California, Israel, and New Zealand. For more information about M86 Security, please visit: www.m86security.com.
Vendors and Service Providers Benefit from Simplified Access to Messaging Security, Web Security, Antivirus
RSA Conference, San Francisco, CA – February 14, 2011 — Commtouch® (NASDAQ: CTCH) today announced the introduction of its new unified Internet security solution, which brings together messaging security, Web security and antivirus into a single engine.
The unified engine can be integrated into the products of security and networking vendors and into service providers’ infrastructure. Typical solutions that would benefit from the unified engine are software or hardware solutions or services that combine multiple security technologies, such as unified threat management (UTM), secure content filtering gateways and SaaS security solutions.
“With a combined ‘triple-play’ solution, each technology leverages the other to create an even stronger barrier against ever-increasing blended threats,” said Amir Lev, Commtouch’s CTO. “From a business perspective, the single interface also reduces short and long-term integration and operational costs.”
The three security technologies cross-enhance each other by sharing intelligence about Internet threats, providing better protection overall. There are several instances in which this information exchange would take place. For example, if a phishing web site threat is detected, the malicious URL is shared with Commtouch Anti-Spam so that emails containing the phishing link can be blocked. This data-sharing is enabled by Commtouch’s cloud-based GlobalView™ Network, which collects and analyzes billions of Internet transactions in real-time.
Using an integrated detection engine offers some clear technical benefits to the vendors and service providers that incorporate it into their solutions:
- Enhances performance by reducing resource utilization compared to the larger footprint required by separate components
- Significantly reduces integration time of all three services since there is a unified interface
The unified solution is a win-win on the business side, since it significantly simplifies operations. There is:
- one vendor to manage
- one invoice to process
- one address for support
- one company to interface with for training, roadmap discussions, or any type of technical or operational updates
Each of the three solutions within the unified engine is best-of-breed, and they are available individually as well. These industry-leading stand-alone solutions also benefit from the shared security information distributed via the GlobalView Network.
“This new engine presents a unified interface across our product lines, providing a thoroughly integrated, simplified, and cost-effective combination of technologies for our partners,” concluded Mr. Lev.
The single engine includes the following products: GlobalView™ Web Security, Anti-Spam, Command Antivirus®, and Zero-Hour™ Virus Outbreak Protection. The Command Antivirus division was acquired from Authentium in September, 2010.
To learn more about Commtouch’s new triple-play product, contact firstname.lastname@example.org.
Commtouch® (NASDAQ: CTCH) provides proven Internet security technology to more than 150 security companies and service providers for integration into their solutions. Commtouch’s GlobalView™ and patented Recurrent Pattern Detection™ (RPD™) technologies are founded on a unique cloud-based approach, and work together in a comprehensive feedback loop to protect effectively in all languages and formats. Commtouch’s Command Antivirus utilizes a multi-layered approach to provide award winning malware detection and industry-leading performance. Commtouch technology automatically analyzes billions of Internet transactions in real-time in its global data centers to identify new threats as they are initiated, enabling our partners and customers to protect end-users from spam and malware, and enabling safe, compliant browsing. The company’s expertise in building efficient, massive-scale security services has resulted in mitigating Internet threats for thousands of organizations and hundreds of millions of users in 190 countries. Commtouch was founded in 1991, is headquartered in Netanya, Israel, and has a subsidiary with offices in Sunnyvale, California and Palm Beach Gardens, Florida.
Stay abreast of the latest news at the Commtouch Café:
http://blog.commtouch.com. For more information about enhancing security offerings with Commtouch technology, see http://www.commtouch.com or write to email@example.com.
Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
New Solution Allows Users to Integrate Critical Security Event Information in Minutes
(Los Angeles, CA – February 15, 2011) Security information and event management (SIEM) solutions have become a must-have in IT environments because the technology helps make sense of the vast quantities of data provided by security software and appliances across the network. But for all the advantages of SIEM, until now the solutions had one troubling blind spot. While SIEM can correlate volumes of security data to create a picture of singular events, by itself it lacks the ability to tie those events to the most powerful users and processes within IT.
Lieberman Software Corporation today announced that the latest version of Enterprise Random Password Manager™ (ERPM), the company’s flagship privileged identity management (PIM) solution, provides deep, out-of-the-box integration with ArcSight ESM™, RSA enVision™, and the Q1 Labs QRadar™ Security Intelligence Platform. Available at no additional cost to supported customers, ERPM now includes an intuitive setup Wizard that customers can use to configure integration with these SIEM systems in only minutes.
Once customers enable the integration features in ERPM, the PIM and SIEM technologies work in concert to ensure that only authorized personnel can access an organization’s most sensitive data, change configuration settings, and run programs on the network.
“Our collaboration with leading SIEM providers has eliminated a single, critical blind spot that was present in these solutions,” said Philip Lieberman, president of Lieberman Software. “These technical integrations allow IT staff to correlate the most powerful and potentially disruptive human and automated actions with the individuals responsible. Prior to this integration, the lack of individual accountability was a key missing element in SIEM.”
About the PIM and SIEM Integration
In most large organizations, IT staff and the software that links computers, databases and applications all maintain access through privileged account credentials. Widely shared and seldom changed, these “super user” accounts grant access to read and alter sensitive data, change configuration settings and run programs everywhere on the network.
Because SIEM systems were not designed with privileged identities in mind, they have no way to tie security events that are triggered through use of these accounts with the individuals and processes responsible. This lack of visibility can leave IT staff with too little information to make informed decisions and the inability to differentiate between routine security events and potentially damaging – or even criminal – activity.
The integrations between ERPM and SIEM technology close this visibility gap by showing IT staff not only when and where critical events occurred, but also precisely who was responsible for any action that required the use of highly “super user” accounts. ERPM and leading SIEM solutions also work together to generate an audit trail to correlate the actions taken by privileged users with the security events that might result. By removing anonymity, the products introduce accountability for all users who access the organization’s most critical IT resources – revealing who had access to what systems and data, when and for what purpose.
The ERPM integrations with SIEM solutions are available immediately at no cost to supported customers. The company anticipates announcing additional integrations with SIEM systems in the near future.
Lieberman Software is exhibiting the latest version of ERPM in booth 529 at RSA Conference in San Francisco, CA this week.