New Web-Based Solution Arms Broad User Base With the Power of Self-Service Data Discovery and Analysis New York, NY - September 17, 2014Information Builders, a leader in business intelligence (BI) and analytics, information integrity and integration so...
The “very alarming” level of cyber threats organisations face is unlikely to fall for at least ten years, according to Suleyman Anil, head of cyber defence head at the emerging security challenges division of Nato. “It will be at least a decade before we are able to reach an effective level of collaboration and co-operation on cyber defence,” he told Sinet’s first Global Cyber Security Innovation Summit in London. The summit, which has the support of the UK and US governments, brings together representatives from government and business to create new partnerships and projects in cyber security. Anil said there are three main reasons cyber threats have reached the current level and continue to grow. Cyber crime profits First, is the growing number of threat actors – particularly in the criminal fraternity, largely enabled by relatively low-cost exploit kits that are easy to use. “Cyber crime and cyber-enabled crime is also relatively low-risk with huge financial rewards, and many cyber criminals are willing to freelance for anyone with money,” said Anil. Increased opportunity Second, the “attack surface” has increased significantly and continues to expand with the proliferation of web-based services and internet-connected mobile devices. “We are now seeing things like IT networks being penetrated through internet-connected air-conditioning systems,” said Anil. State-sponsored attack Third, is the growth in “hostile intent” in various conflict regions such as Ukraine, where cyber attacks are becoming low-cost options for aggression and a standard component of military action. “In addition to protecting Nato’s own IT networks, we are increasingly working with member states and partner countries to defend against offensive cyber capabilities of other nation states,” said Anil. NCIP consultation with industry This week, Nato is meeting industry representatives at its annual information assurance symposium to discuss the proposed Nato cyber industry partnership (NCIP) to gauge interest. Also on the agenda will be what benefits industry partners expect from the NCIP, what things could be shared, ways of building trust, and at what level they can work with Nato. Nato will seek to use the symposium to set short-term, medium-term and long-term goals for the NCIP and to set an agenda to get the initiative up and running. The NCIP will attempt to replicate at a Nato national level the private-public partnerships in member countries such as the UK’s cyber security information sharing partnership (Cisp). The NCIP is aimed at enabling Nato to work with industry on issues such as supply chain management, risk assessment, information assurance and early warning best practice. Earlier this month, Nato leaders adopted a cyber defence policy that draws no distinction between cyber attack and physical attack as a trigger for collective defence at the Nato 2014 summit in Wales. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Launches Dodd Frank Title X-compliant solution for retail banking institutionsMadrid, Spain - September 17, 2014 - Fonetic, the recognised leader in voice management solutions, today launched SPi Compliance for Retail Banking to tackle the latest obligations faced by financial institutions as set out by the enactment of Title X of the Dodd Frank Act. Title X grants powers to the regulatory bodies to request details from any bank for all complaints relating to any of its financial products over a seven year period within just 15 days. Dodd-Frank Title X, also known as the Consumer Financial Protection Act 2010, creates a new Bureau of Consumer Financial Protection (CFPB) within the US Federal Reserve Board as a new supervisor for certain financial firms and as a rule-maker and enforcer against unfair, deceptive, abusive, or otherwise prohibited practices relating to most consumer financial products or services. According to KPMG's Banking Industry Outlook 2014, the regulatory environment resulting from the Dodd-Frank Act is still having the greatest negative impact on, and remains the greatest barrier to, growth for financial institutions. The survey found that regulatory compliance costs and regulatory limitations on products and services were cited as having the greatest negative impact on growth by 55 percent and 40 percent of banks respectively."The scale of the Title X challenge for banks cannot be underestimated," said Simon Richards, CEO, Fonetic USA. "From mid-2011 to 2013, the CFPB received an astonishing 176,700 consumer complaints. Add into the equation that the CFPB is now demanding full disclosure from the banks involved in just 15 days, and that's potentially over 2.6 million banking days being swamped by Dodd-Frank Title X compliance."Fonetic is addressing this pain point for retail banks facing the compliance requirements of Title X by drawing on its extensive expertise in voice analytics for Dodd-Frank compliance on the trading floor. Fonetic SPi Compliance gathers and analyses complaint-related information through all communication channels, retaining all communications for at least seven years and providing a resolution to within 15 calendar days. The technology looks directly into all calls, chats and emails; measuring customer satisfaction and complaints escalation. "What started on the trading floor is now being extended to every facet of a bank's operations," said Richards. "We've drawn on our experience of working with some of the world's biggest banks to create a solution and that is fit-for-purpose and directly addresses the challenges of Title X. Our technology doesn't just understand calls, it is able to detect potential compliance risks before they occur saving banks both time and money." Fonetic's advanced linguistic solution, which captures, indexes, analyses and extracts relevant unstructured data from all voice, email and chat interactions, enables banks and financial institutions to better manage all customer complaints, by capturing words and phrases through voice recordings and via the website. Fonetic is a recognized leader in Voice Management solutions. Its award-winning Trading Record Keeping Compliance Solution was developed four years ago for Banco Bilbao Vizcaya Argentaria (BBVA) to proactively prevent market abuse and adhere to stringent legislation. This solution, also implemented globally in Santander, enables compliance officers to find specific, relevant communications about any given trade. By monitoring up to 84 different languages and dialects, Fonetic can reconstruct all interactions associated with a trade in moments. About Fonetic Fonetic helps businesses and institutions get to know and understand their customers better. The company works with major international banks, contact centres and utility companies including Vodafone, Telefónica, Santander, BBVA and Direct Line (Linea Directa). Fonetic brings social media, data analytics, sentiment analysis and unstructured data together into a single multi-channel, multi-language solution that decodes customer behaviour and makes recommendations on how to act. Its Dodd-Frank Record Keeping Compliance Solution is the only linguistic-based solution in the market MEDIA CONTACT:Tom FarthingAxiCom (for Fonetic)Tel: +44 (0)20 8392 4099Email: firstname.lastname@example.org Source: RealWire
Fortinet, McAfee, Palo Alto Networks and Symantec will dedicate resources to determine most effective mechanisms for sharing advanced threat data. Security specialists McAfee and Symantec have joined the Cyber Threat Alliance, following the original co-founders, Fortinet and Palo Alto Networks, into the industry’s first cyber-threat alliance. The mission of the Cyber Threat Alliance is to drive a coordinated industry effort against cyber-adversaries through deep collaboration on threat intelligence and sharing indicators of compromise. "Both McAfee and Symantec have substantial threat research centers and provide incremental information on advanced threats to the alliance," John Maddison, vice president of marketing for Fortinet, told eWeek. "It was very obvious when talking to both these companies they were keen to join the alliance, which enabled them to share the information with their own customer bases. Both McAfee and Symantec put aside market rivalries to become founding members of the alliance." Maddision explained the goal of the alliance to band together the top security companies and to combine forces by sharing the very best and latest threat intelligence across the member companies. He noted all four companies have a huge installed base of network security appliances and endpoints, which provides a large network of sensors to feed relevant threat information into the system. "The alliance will strive to build the most effective source of advanced threat information available," Maddision explained. "It will continue to improve the threat intelligence distribution within its current members and look to add members who can contribute additional capabilities and information. Longer-term objectives will include more sophisticated APIs and protocols such that deeper threat intelligence can be shared." In addition to evolving the alliance framework and bylaws, co-founders Fortinet, McAfee, Palo Alto Networks and Symantec will each dedicate resources to determine the most effective mechanisms for sharing advanced threat data to foster collaboration amongst all alliance members and make united progress in the fight against sophisticated cyber adversaries. While past industry efforts have often been limited to the exchange of malware samples, this alliance aims to provide more actionable threat intelligence from contributing members, including information on zero-day vulnerabilities, botnet command and control (C&C) server information, mobile threats, and indicators of compromise (IoCs) related to advanced persistent threats (APTs), as well as the commonly-shared malware samples. By raising the industry's collective actionable intelligence, alliance participants will be able to deliver greater security for individual customers and organizations, Maddision said. "All cyber threats are an issue for enterprises, governments and infrastructure. It does not matter if they are State sponsored or the result of criminal activity -- they result in loss of data, intellectual property or far worse, control of critical infrastructure," he said. "Advanced or targeted threats change elements of their life cycle to avoid detection – these threats can only be stopped by threat intelligence that has been gathered across a wide cross-section of the industry."
Almost three quarters (72%) of European businesses accuse cloud service providers of failing to comply with data protection regulations. The research carried out by the Ponemon Institute for cloud services supplier Netskope revealed that over a half of respondents (53%) believe data breaches are more likely as a result of increased cloud computing. Respondents said they think cloud use triples the likelihood of breaches. Over 1,000 IT and IT security practitioners across Europe were questioned for the study. It revealed that European organisations were better at securing cloud-based data and apps, with 52% rating their organisation's effectiveness as high. In contrast, the study revealed that only 26% of US respondents believed their organisation was highly effective at securing data and apps in the cloud. A total of 84% of European businesses doubt that their cloud suppliers would tell them immediately if their intellectual property or business confidential information were breached; and 77% said their cloud providers would not notify their organisation immediately if they had a data breach involving the loss or theft of customer data. Mark Lewis, outsourcing lawyer at Berwin Leighton Paisner, said that, if these figures were accurate, businesses are being reckless. “If that is what the respondents think, they are culpable,” he said. Larry Ponemon, founder of Ponemon Institute, said data protection laws and regulations were increasingly coming under the spotlight, particularly in Europe. “I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a fear of the unknown," he said. "Overcoming this takes a better understanding of a supplier’s security precautions and how people are using the cloud in the first place. Businesses that demand more supplier transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty.” Proposed EU data protection regulation A recent study of more than 7,000 cloud services, by security provider Skyhigh Networks, revealed that most cloud providers have not prepared for the proposed European Union (EU) General Data Protection Regulation. The European Commission (EC) plans to replace the EU Data Protection Directive, adopted in 1995, with the regulation, although the timing and final wording remain uncertain. Only one out of 100 cloud service providers said they are ready for the directive, intended to succeed the older directive to suit the needs of the internet and cloud era. EC commentators predict the overhauled EU data protection regulation will require data controllers (the organisations that own the data), and data processors (such as cloud providers and datacentre hosting companies), to share liability for data breaches and violations of the data protection law. The proposed EU regulation will apply to European businesses that process personal data and businesses outside the EU that monitor EU citizens or process personal data obtained from offering goods or services to EU citizens. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
Zylpha (www.zylpha.com), the UK's leading legal systems innovator has formalised a partnership with safedrop (www.safedrop.com) for its widely acclaimed secure delivery software. The partnership follows the development of an integration that enables Zy...
Banking Trojans are increasingly being used to launch cyber attacks on organisations because of the proliferation of such malware on PCs around the world. That is the warning of Dana Tamir, the director of enterprise security at IBM Trusteer. It follo...
Hamburg, September 17th, 2014 - gateprotect, an international operating manufacturer of IT security products and part of the Rohde & Schwarz group, will present its innovative achievements in network security technology for businesses at GITEX 2014. From October 12th to 16th, the network security specialists will demonstrate eGUI - a network to touch that offers an easy to use drag & drop-surface to administrate UTM firewalls in hall 2 | stand 204. Further highlights are the release of the firewall version 9.5 with reverse-proxy function as well as version 5.2 of the Next Generation Firewall Network Protector. For IT experts and technophiles, this event is a must: At the GITEX in Dubai, the leading tradeshow of technological trends, countless visitors from the entire EMEA region are expected also this year. About 25,000 representatives from the C level, 3,700 international technology companies and 142,000 visitors made last year's GITEX the greatest and most important event of the region. The reinvention of firewall administration managed with gateprotect's WebGUI will be demonstrated at stand 204 in hall 2. A network to touchWith its patented eGUI technology gateprotect successfully indicated that administrating larger corporate networks can be quite simple without lacking security and efficiency. This technology, which has already been successfully established in the market, provides operators with an overview and allows them to deploy IT security solutions that may be quickly administered and safely operated. With respect to the growing number of security functions and the complex defense mechanisms, this is a decisive advantage in the fight against threats from the Internet and the loss of data. The firewall administration is immensely simplified thanks to the fully visual display of the company network in the eGUI. The unique usability approach renders complex IT security systems much more transparent and comprehensible to the administrator. With just one click on an object administrators are able to view all firewall rules no matter if desktop PC, server or printer. With this technology gateprotect continues to follow its "easy-to-use" approach. Release UTM-Firewall Version 9.5With the release of software version 9.5 gateprotect shows comprehensive reverse proxy functionalities for high performance UTM firewalls to set up dedicated filter rules or loadbalancing guidelines. The benefit of highest security standards that a reverse proxy offers allows external users only access to a reverse proxy - everything else can't be accessed. Access to internal resources can be granted to certain users without creating new vulnerabilities. Highest Information Security with Next Generation Firewall Network Protector 5.2 With the Next Generation Firewall NP series gateprotect offers a new product line for enterprises. The products of formerly Adyton Systems now gateprotect Leipzig GmbH ensure highest information security with the innovative approach of complete protocol validation in combination with application whitelisting in a single-pass engine.At GITEX 2014 gateprotect will demonstrate version 5.2 of the innovative firewall. New features are rule based reporting and forensic traffic capture.With the help of the rule-based reporting, IT managers can now display exactly the composition of the network traffic and the so-called "firewall success metrics". To block or to prioritize the access to certain content, administrators can define firewall policy rules. The update also contains features that support network capture for forensic analysis. The detection is based on rules, that means the network, user and application traffic is treated differently by the firewall. The stored data can be used by the security for subsequent forensic investigations.gateprotect exhibits in hall 2 | stand 204. For further information please visit: http://www.gateprotect.com/en/gateprotect-gitex-technology-week-2014 Download the Press Release: http://www.gateprotect.com/en About gateprotectgateprotect GmbH has been a leading, international producer of IT security solutions in the field of network security for more than ten years. Among the solutions developed in Germany are firewalls with all modern UTM functionality for small and medium-sized businesses, managed security systems for larger companies as well as VPN client systems for networking branch offices and home offices. All gateprotect UTM firewalls are equipped with innovative security features and the patented eGUI® technology. Thanks to the uniquely visual representation of the network, even complex security systems are extremely simple to operate. For larger companies, gateprotect GmbH offers a next generation firewall in the shape of its gateprotect NP-series which represents the highest level of information security thanks to the novel technology of complete positive validation in conjunction with application whitelisting in a single pass engine. gateprotect solutions meet the highest international standards, are mainly certified to "Common Criteria Evaluation Assurance Level 4+ (EAL 4+)" with the Federal Office for Information Security and have won many international awards. Since 2010 gateprotect is also listed in the renowned "Gartner Magic Quadrant" for UTM firewall appliances.gateprotect is a company belonging to the Rohde & Schwarz Group. The electronics group, Rohde & Schwarz is a leading solutions provider in the fields of test and measurement, broadcasting, secure communications, and radiomonitoring and radiolocation.Further information:gateprotect GmbHAnika Ohlsen - Marketing DirectorValentinskamp 2420354 Hamburg, GermanyTel.: +49 (0) 40 278 85 0Fax: +49 (0) 40 278 85 105E-Mail: email@example.comInternet: http://www.gateprotect.de/ Source: RealWire
Proposed changes to European Union (EU) data-sharing legislation could obstruct the NHS' plans for seamless data integration across GP surgeries and hospitals. Speaking at the launch of a new report on data sharing, Tim Kelsey, national director for patients and information at NHS England, said: "European legislation is very worrying, we cannot accept the legislative context being proposed." Among the proposals set out by the European Commission (EC) is the citizen's right to be forgotten. Organisations holding personal data – including the NHS – will need explicit permission to process data. Data shortcomings The EMC-sponsored Sustaining Universal Healthcare in the UK report highlighted a number of inefficiencies in the NHS – such as the lack of electronic patient records – leading to doctors using incomplete patient information. The report said interoperability of patient records would allow records to be accessed and updated by authorised personnel at any point in the healthcare system. “When a patient moves to a new doctors surgery, their new GP would be able to access their complete patient record immediately, containing their medical history of previous and current conditions,” the report stated. Sharing patient data across NHS organisations would improve analytics and support predictive analytics to support better treatment effectiveness through risk stratification, said the report. "IT is not a saviour of NHS, it is an enabler," said James Norman, healthcare business development director at EMC. "We see waste from duplication of services.” Giving an example of the benefits of sharing data, Norman said: “Staff time not wasted on things can be automated. Because data doesn't flow between organisations.” Data-sharing concerns Sharing data through the NHS's Care.data programme is the foundation of Kelsey's vision of how to improve efficiency in the NHS and allow patients to manage their health. However, as Computer Weekly has previously reported, NHS England abandoned its plan to fully roll out the controversial Care.data patient records sharing scheme in the Autumn. The roll-out was scaled back to 500 GP practices before further decisions are made over future timescales. Beyond the barriers of EU legislation, Kelsey said he was concerned by the lack of standardisation in NHS software. Some hospitals buy patient administration software that uses non-standard identifiers for patients and do not match the patient's NHS number – even though the NHS number is a requirement of the NHS's Standard Contract, which was updated in February 2014. Kelsey made the point that, without the NHS number, it is not possible for systems to share patient data. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
The vendor's ASA with FirePower Services solution leverages technology obtained when Cisco bought Sourcefire almost a year ago. Cisco Systems is leveraging the technology it inherited almost a year ago through the $2.7 billion acquisition of Sourcefire in its new next-generation firewall, which officials said will enable organizations to be more proactive when dealing with such threats as advanced and zero-day attacks. Cisco is combining its ASA firewall technology with Sourcefire's FirePower Service to give customers the contextual awareness and dynamic controls needed to automatically take the steps needed to protect their networks. Through its ASA with FirePower Services offering, businesses will automatically be able to assess any threats, bring together the intelligence they need and then get the protections in place for their networks, according to Cisco officials. "To meet current and future needs, a [next-generation firewall] must now provide full visibility and contextual awareness across applications, hosts, and the network, address dynamic threats, quickly correlate and identify multi-vector threats and deliver the dynamic controls organizations now require to combat advanced threats," Scott Harrell, vice president of product management in Cisco's Security Business Group, said in a post on the company blog. "It must do all of this while reducing complexity. These capabilities are crucial for enabling continuous protection across the attack continuum—before, during and after an attack." Security has been one of the key focuses for Cisco officials as they look to grow the company from a networking hardware vendor to an enterprise IT solutions provider, with the company innovating both in-house and through acquisitions. If a tech company wants to be a trusted player from the edge of the network back into the data center, it needs to ensure security at all levels, Cisco CEO John Chambers. "We are moving to become the number-one security company, because the only way you can defend [the enterprise IT environment] is from the cloud to the data center, the wide-area network to the edge to any device," Chambers said in May in an interview with Bloomberg. "We are moving rapidly to all areas of security, not with individual pieces but an architecture that brings them together." Cisco's security business is growing. During the second quarter of the year, its security business grew 29 percent over the same period in 2013, with strength in its advanced threat solutions offerings and such core businesses as firewalls and ASA, Chambers said during a conference call with analysts and journalists in August to discuss the quarterly results. He said he expects the security business' growth to be in the double digits going forward. The new offering integrates Cisco's ASA 5500 Series firewall with Sourcefire's Next-Generation Intrusion Prevention System and Advanced Malware Protection capabilities to enable businesses to deal with threats before, during and after an attack. According to Cisco officials, most next-generation firewalls have concentrated on policy and application control, which don't enable them to easily handle advanced and zero-day attacks. Cisco's new solution is different in that it is designed to be visibility-driven and threat-focused. It leverages Cisco's FireSight Management Center technology to offer greater visibility into activity running in the network, from users, devices and communications to operating systems, virtual machine communications, Websites and vulnerabilities. In addition, the focus on threats comes from Cisco's intrusion-prevention system to battle threats and the use of big data analytics, continuous analysis and the vendor's Collective Security Intelligence efforts to protect the network from a host of attackers. "This purpose-built appliance family is highly scalable, performs at up to multigigabit speeds, and provides consistent and robust security across branch, Internet edge, and data centers in both physical and virtual environments," Cisco's Harrell wrote. Customers who want the solution have two options: Cisco ASA with FirePower Services by buying an ASA 5500-X Series or 5585-X series firewall that include a bundled FirePower Services license, or by purchasing a FirePower Services for Cisco ASA by enabling FirePower Services on existing ASA 5500-X and 5585-X firewall products, according to Cisco.
Bug enables malicious sites to grab cookies, passwords from other sites.
Elcomsoft’s backup ripper, other tools now can’t gain access with password only.