Home Tags Digital Signature Standard

Tag: Digital Signature Standard

HotDocs partners with Codec-dss

HotDocs, the global leader in document automation software, has today announced its partnership with Codec-dss, a provider of enterprise scale applications and infrastructure that has served the Irish market for more than 30 years.This new partnership agreement will provide Codec-dss clients with HotDocs’ industry leading document automation technology, which enables enhanced compliance, minimised risk, improved quality and increased operational efficiency in the production of business-critical documentation.Steve Spratt, Chief Operating Officer at HotDocs, said: “We are... Source: RealWire

8 Docker security rules to live by

Odds are, software (or virtual) containers are in use right now somewhere within your organization, probably by isolated developers or development teams to rapidly create new applications.

They might even be running in production. Unfortunately, many security teams don’t yet understand the security implications of containers or know if they are running in their companies. In a nutshell, Linux container technologies such as Docker and CoreOS Rkt virtualize applications instead of entire servers.

Containers are superlightweight compared with virtual machines, with no need for replicating the guest operating system.

They are flexible, scalable, and easy to use, and they can pack a lot more applications into a given physical infrastructure than is possible with VMs.

And because they share the host operating system, rather than relying on a guest OS, containers can be spun up instantly (in seconds versus the minutes VMs require). A June 2016 report from the Cloud Foundry Foundation surveyed 711 companies about their use of containers. More than half had either deployed or were in the process of evaluating containers. Of those, 16 percent have already mainstreamed the use of containers, with 64 percent expecting to do so within the next year.
If security teams want to seize the opportunity (borrowing a devops term) to “shift security to the left,” they need to identify and involve themselves in container initiatives now. Developers and devops teams have embraced containers because they align with the devops philosophy of agile, continuous application delivery. However, as is the case with any new technology, containers also introduce new and unique security challenges.

These include the following: Inflow of vulnerable source code: Because containers are open source, images created by an organization’s developers are often updated, then stored and used as necessary.

This creates an endless stream of uncontrolled code that may harbor vulnerabilities or unexpected behaviors. Large attack surface: In a given environment, there would be many more containers than there would be applications, VMs, databases, or any other object that requires protecting.

The large numbers of containers running on multiple machines, whether on premises or in the cloud, make it difficult to track what’s going on or to detect anomalies through the noise. Lack of visibility: Containers are run by a container engine, such as Docker or Rkt, that interfaces with the Linux kernel.

This creates another layer of abstraction that can mask the activity of specific containers or what specific users are doing within the containers. Devops speed: The pace of change is such that containers typically have a lifespan four times shorter than that of VMs, on average.

Containers can be executed in an instant, run for a few minutes, then stopped and removed.

This ephemerality makes it possible to launch attacks and disappear quickly, with no need to install anything. “Noisy neighbor” containers: A container might behave in a way that effectively creates a DoS attack on other containers.

For example, opening sockets repeatedly will quickly bring the entire host machine to a crawl and eventually cause it to freeze up. Container breakout to the host: Containers might run as a root user, making it possible to use privilege escalation to break the “containment” and access the host’s operating system. “East-west” network attacks: A jeopardized container can be leveraged to launch attacks across the network, especially if its outbound network connections and ability to run with raw sockets were not properly restricted. The best practices for securing container environments are not only about hardening containers or the servers they run on after the fact.

They’re focused on securing the entire environment.
Security must be considered from the moment container images are pulled from a registry to when the containers are spun down from a runtime or production environment.

Given that containers are often deployed at devops speed as part of a CI/CD framework, the more you can automate, the better. With that in mind, I present this list of best practices. Many of them are not unique to containers, but if they are “baked” into the devops process now, they will have a much greater impact on the security posture of containerized applications than if they are “bolted” on after the fact. Implement a comprehensive vulnerability management program. Vulnerability management goes way beyond scanning images when they are first downloaded from a registry.

Containers can easily pass through the development cycle with access controls or other policies that are too loose, resulting in corruption that causes the application to break down or leading to compromise in runtime.

A rigorous vulnerability management program is a proactive initiative with multiple checks from “cradle to grave,” triggered automatically and used as gates between the dev, test, staging, and production environments. Ensure that only approved images are used in your environment. An effective way of reducing the attack surface and preventing developers from making critical security mistakes is to control the inflow of container images into your development environment.

This means using only approved private registries and approved images and versions.

For example, you might sanction a single Linux distro as a base image, preferably one that is lean (Alpine or CoreOS rather than Ubuntu) to minimize the surface for potential attacks. Implement proactive integrity checks throughout the lifecycle. Part of managing security throughout the container lifecycle is to ensure the integrity of the container images in the registry and enforce controls as they are altered or deployed into production.
Image signing or fingerprinting can be used to provide a chain of custody that allows you to verify the integrity of the containers. Enforce least privileges in runtime. This is a basic security best practice that applies equally in the world of containers. When a vulnerability is exploited, it generally provides the attacker with access and privileges equal to those of the application or process that has been compromised.

Ensuring that containers operate with the least privileges and access required to get the job done reduces your exposure to risk. Whitelist files and executables that the container is allowed to access or run. It’s a lot easier to manage a whitelist when it is implemented from the get-go.

A whitelist provides a measure of control and manageability as you learn what files and executables are required for the application to function correctly, and it allows you to maintain a more stable and reliable environment. Limiting containers so that they can access or run only pre-approved or whitelisted files and executables is a powerful nethod to mitigate risk.
It not only reduces the attack surface, but also can be employed to provide a baseline for anomalies and prevent the use cases of the “noisy neighbor” and container breakout scenarios described above. Enforce network segmentation on running containers. Maintain network segmentation (or “nano-segmentation”) to segregate clusters or zones of containers by application or workload.
In addition to being a highly effective best practice, network segmentation is a must-have for container-based applications that are subject to PCI DSS.
It also serves as a safeguard against “east-west” attacks. Actively monitor container activity and user access. As with any IT environment, you should consistently monitor activity and user access to your container ecosystem to quickly identify any suspicious or malicious activity. Log all administrative user access to containers for auditing. While strong user access controls can restrict privileges for the majority of people who interact with containers, administrators are in a class by themselves. Logging administrative access to your container ecosystem, container registry, and container images is a good security practice and a common-sense control.
It will provide the forensic evidence needed in the case of a breach, as well as a clear audit trail if needed to demonstrate compliance. Much of the notion of “baking security into IT processes” relates to automating preventive processes from the onset.

Getting aggressive about container security now can allow for containerized applications to be inherently more secure than their predecessors. However, given that containers will be deployed ephemerally and in large numbers, active detection and response -- essential to any security program -- will be critical for containerized environments.

Container runtime environments will need to be monitored at all times, for anomalies, suspected breaches, and compliance purposes. Although there’s a growing body of knowledge about container security in the public domain, it’s important to note that we’re still in the early stages.

As we discover new container-specific vulnerabilities (or new-old ones such as Dirty COW), and as we make the inevitable mistakes (like the configuration error in Vine’s Docker registry that allowed a security researcher to access Vine's source code), best practices are sure to evolve. The good news, as far as container adoption goes, is it’s still early enough to automate strong security controls into container environments.

The not-so-good news is security teams need to know about container initiatives early enough to make that happen, and more often than not they don’t.

To realize the potential security improvements that can be achieved in the transition to container-based application development, that needs to change ... soon.

Educating yourself about containers and the security implications of using them is a good start. New Tech Forum provides a venue to explore and discuss emerging enterprise technology in unprecedented depth and breadth.

The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers.
InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content.
Send all inquiries to newtechforum@infoworld.com.

DoD Warns Contractors About Iran-Linked Malware

Shamoon, a piece of malware that tries to turn infected computers into unusable bricks, is back. Earlier this month, a number of cybersecurity firms reported that hackers had used the malware against thousands of computers in Saudi Arabia's civil aviation agency and other government bodies. According to Bloomberg, the attacks, like previous ones involving Shamoon, seemingly originated from Iran. Now, the Defense Security Service (DSS), part of the US Department of Defense, has issued a bulletin to cleared contractors warning them of the threat. “Between 2 and 7 December 2016, DSS was given information from another government agency regarding Indicators of Compromise (IOC) associated with a Shamoon malware variant and may be used in computer network exploitation attempts,” the bulletin, distributed on Thursday and obtained by Motherboard, reads. It does not specify the government agency that provided the information. These bulletins are sent to contractors to alert them to threats from foreign intelligence entities (FIEs), and in particular, FIEs' infrastructure, malware, tactics, techniques or procedures. “This information is being shared by DSS in order to enable potential targets of possible espionage activity to detect, disrupt or deny FIE's exploitation of cleared contractor information systems, networks or personnel,” it reads. In 2012, the “Cutting Sword of Justice,” a suspected Iranian hacking group, used Shamoon to aggressively wipe tens of thousands of computers belonging to Saudi Aramco. Aramco is the state-owned oil company of Saudi Arabia. In the wake of the attack, Armaco had to take itself entirely offline. “No emails, no phones, nothing,” Chris Kubecka, a consultant who worked with Aramco, told an audience at the Black Hat hacking conference last year. The hackers also replaced emails and documents with a picture of a burning American flag, according to The Register. The new version of Shamoon, however, displays a picture of a Alan Kurdi, the 3-year-old Syrian boy who drowned while trying to cross from Turkey to Greece, according to a report from security company Symantec. Neither the FBI or the Department of Defense provided comment in time for publication, and the NSA did not respond to a request for comment.

Semafone wins new US contracts totalling $7.5 million

New deals for UK payment technology provider include multi-million dollar contract with Fortune 500 insurer

Guildford, UK – December 7 2016Semafone, which provides secure payment software for call centres, has reported three new client wins in North America worth $7.5 million, only six months after opening its headquarters in Boston.

The company’s substantial investment in its North American operations has contributed significantly to Semafone’s 30 per cent growth in its customer base worldwide.

The new US customer deals include:

  • A Fortune 500 insurance company, which will use Semafone’s solution to shield payment card information from agents and recordings, maintain regulatory compliance and minimise the risk of data breaches.
  • One of the most recognisable retail brands in the US.

    This company will work with Semafone to simplify PCI DSS compliance and help its call centres provide a better customer experience.
  • A large US telecommunications service provider, which Semafone will help to reduce the scope of PCI compliance in two of its call centres.

“This past year has been one of remarkable growth for the business,” said Tim Critchley, Semafone CEO. “Opening our North American headquarters and hiring high-calibre people has given us the foundation to extend our reach to some of the largest and most respected US companies within the insurance, communications and retail spaces.

“We look forward to continued success in 2017 as we help companies secure their call centres, fight fraud, maintain a positive brand reputation and keep customers’ most sensitive data safe.”

In addition to significant customer deals across the globe, Semafone has also formed strategic partnerships with other leading call centre solution providers, including BT Wholesale and Secure Co, to support a growing roster of worldwide clients.

In another testament to Semafone’s successful year in North America, the company won three 2016 CNP Awards, recognising its market-leading patented payment method for call centres.

Semafone recently expanded its global accreditations by gaining Level 1 Service Provider Status against v3.2 of the PCI DSS in North America.

Already a Level 1 Service Provider in Europe, a Visa (Europe) Merchant Agent and a global ISO 27001 company, Semafone attained this accreditation to mirror and extend current and new services into North America.

This includes Semafone’s in-house development and existing Payment Application Data Security Standard (PA DSS) products.

As a result, customers can rapidly access unique enhancements and updates to Semafone’s products, created with the PCI standards in mind.

For more information about Semafone, please visit: www.semafone.com

About Semafone
Semafone believes in the phrase, “You can’t hack what you don’t hold.” The company’s patented payment method enables call centres to secure sensitive payment card data to comply with PCI DSS, while providing positive experiences for customers and agents alike.

By shielding callers’ payment card information and other PII from agents, and keeping sensitive data out of the call centre’s infrastructure, Semafone’s solution helps to minimize the risks associated with potentially brand-damaging data breaches and fraud.

Semafone has achieved the four leading security and payment accreditations: ISO 27001:2013, PA DSS certification for its payment solution, PCI DSS Level 1 Service Provider and is a Visa Level 1 Merchant Agent.

The company was founded in 2009 and serves a wide range of industry sectors including financial services, media, retail, utilities, travel and tourism and the public sector.

Customers include Sky, TalkTalk, AXA and Virgin Holidays. North American customers include Rogers Communications, Consolidated Communications, Aviva Canada, Aimia, Amica and TVG.

BT offers a hosted version of Semafone’s technology - BT Cloud Contact PCI. Major investors include Octopus Investments and BGF (Business Growth Fund).

###

For more information please contact:
Xanthe Vaughan Williams / Lisa Coutts
Fourth Day PR
Xanthe@fourthday.co.uk / lisa.coutts@fourthday.co.uk
020 7403 4411

Who's responsible for data compliance? 25% of execs don't know

According to the 2016 State of Compliance survey conducted by data management and integration provider Liaison Technologies, one-quarter of top executives are unclear who in their organization is responsible for compliance. And nearly half (47 percent) of respondents to the survey of 479 senior and C-level executives said they don't know which compliance standards apply to their organizations. “As leaders in the compliance domain we thought it was important to share our findings on how U.S. companies perceive their regulatory obligations—and examine ways to help improve their compliance postures,” Hmong Vang, chief trust officer with Liaison, said in a statement. “What we found was rather concerning." Among other notable findings from the survey: Just 3 percent of respondents said that PCI DSS applied to their organization, a number that Liaison says is "surprisingly small" because it is a security standard that "applies to all entities that store, process or transmit cardholder data." 51 percent of respondents said they believe their data is secure in the cloud, a concern that was echoed in a recent survey by CSO's parent company IDG, in which 46 percent respondents "said that they need to ensure that cloud service providers’ security meets their compliance requirements before moving ahead with deployments." 85 percent of respondents said they do not feel their job security is at risk due to compliance issues. Liaison says this number shows gross underestimation of personal liability. Register now to download the infographic from Liaison Technologies and learn more about the state of compliance.

FireEye Bolsters Security Technologies With Helix Platform

The new Helix platform will become the core of FireEye's product offerings integrating intelligence and visibility tools that will help improve security operation. Security vendor FireEye announced its new Helix platform on November 29, in an effort t...

Web security still outstandingly mediocre, experts report

XSS marks the spot Black Hat EU Cross-site scripting (XSS) vulnerabilities continue to dominate the list of most common vulnerabilities found in real-world tests. In more than a third (37 per cent) of cases, a website vulnerable to XSS is also vulnerable to a more critical flaw such as SQL injection or improper access control, according to web security testing firm High-Tech Bridge. Insecure WordPress blogging platform installs also continued to pose problems. More than 72 per cent of WordPress installs assessed by High-Tech Bridge had default admin panel location and at least one brute-force crackable login/password pair, nullifying any efforts their owners might have made to keep patches up to date. More than two thirds (77 per cent) of mass website infections with malicious code are possible because of the exploitation of a known vulnerability in an open-source content management system (CMS), its plugin or theme publicly disclosed over the previous three months. Elsewhere there has been mixed progress on the web server security front.

Firms have continued to phase out the obsolete SSLv3 protocol, support for which was exploited in attacks such as POODLE (padding Oracle on downgraded legacy encryption) and others.

By the end of September 18 per cent of web servers still support it, compared with 23 per cent recorded by High-Tech Bridge in June 2016. By contrast there has been no move away from the ageing TLS 1.0 protocol: 96.1 per cent of web servers still support it, compared with 97 per cent in June 2016. Maintaining compliance with the credit card industry’s PCI DSS standard means those who handle credit card data need to drop support for TLS 1.0 from June 2018. Ilia Kolochenko, High-Tech Bridge’s chief exec, commented: “Both SMEs and multinationals experience serious problems and face financial losses caused by insecure web applications.

Traditional web security testing by automated solutions and defence by web application firewalls cannot reliably protect modern web applications any more. “Companies shall look on DevSecOps and S-SDLC implementation to manage their web application lifecycle. Web application security is a continuous process, not an ad-hoc action or quarterly scan." High-Tech Bridge’s web security trend findings for the year to date were announced at last week’s Black Hat EU conference. ® Sponsored: Customer Identity and Access Management

A Job In Security Leads To Job Security

Developers who focus on secure development skills find themselves in high demand. Developers who choose to augment their knowledge with secure development skills will find themselves in the most in-demand career field as the growth in cyberattacks forces organizations and governments to strengthen their cyber war chests with more advanced tools, increased budgets, and larger teams. A quick glance at the astronomical budgets that governments and Fortune 100 companies are allocating toward cybersecurity provides a glimpse into the extreme challenges organizations face because of the increase in cyberattack sophistication and volume.  J.P. Morgan has increased its 2016 cybersecurity budget to $500 million, up from $250 million in 2015, and its general counsel for intellectual property and data protection says that the company "still feels challenged" by cyberattacks.

Bank of America CEO Brian Moynihan has said that when it comes to cybersecurity, there are no budget constraints.

At the federal level, President Obama has increased cybersecurity spending to $19 billion in 2017, up from $14 billion in 2016. But even with massive budgets being earmarked to protect against cyberattacks, it's difficult for organizations to fill all their open cybersecurity positions.
In 2015, more than 200,000 cybersecurity job positions went unfilled, a shortfall that is on track to increase to 1.5 million by 2019, according to Symantec CEO Michael Brown. For developers passionate about securing code and willing to invest the time needed to add security to their IT skills, when it comes to career advancement, there are many opportunities.  How Can Developers Choose "Secure Development"?At the top of the pyramid when it comes to cybersecurity certifications is the Certified Information Systems Security Professional (CISSP); however, it requires years of prior experience in information security.  For developers looking to boost their secure development knowledge by attaining a security certification, an ideal place to start your research is "10 Security Certifications To Boost Your Career" in order to find the certification that matches your goals and current qualifications.  When it comes to pinpointing which pathway best suits your cybersecurity career goals, there are numerous routes to take.  Developers who have a passion for policy enforcement, incident response, auditing, or user awareness and are interested in providing a security perspective on third-party products can head in the direction of enterprise IT security. Compliance-minded developers with experience developing applications with PCI-DSS, MISRA, FIPS, and other policy certifications can find roles available as security or compliance consultants, or as internal or external auditors.  Other routes include jobs in wireless security, network security, cryptography, risk management, identity architects, and many others.

According to the U.S.

Department of Labor, the most sought-after job titles in cybersecurity include security engineer, security analyst, information security analyst, network security engineer, and information technology security analyst.  5 Top Security Careers, Job Descriptions & SalariesHigher salaries are the most obvious benefit for developers who decide to enhance their cybersecurity knowledge and move into secure development roles. Roles in cybersecurity can pay up to 9% more on average than IT jobs outside of the security realm. Note: Salary statistics taken from PayScale, job description information from Cyber Degrees. Security EngineerSecurity engineers build and maintain IT security solutions within organizations.

They perform vulnerability testing, risk analyses, and security assessments while creating innovative ways to solve existing production security issues. Requirements: Degree in computer scienceMedian Salary: $88,777  Security AnalystSecurity analysts are in charge of the detection and prevention of cyberthreats against an organization through an ongoing analysis of the company's IT infrastructure.

Tasks include the planning and implementation of security measures and controls, data maintenance and the monitoring of security assets, in-house security awareness training, and more. Requirements: Between one and five years of cybersecurity experience is needed.Median Salary: $66,787 Penetration TesterPenetration testers are legal hackers who help organizations find security threats in applications, networks, and systems.

They're also known as pentesters.

They test applications by simulating cyberattacks that have been found in the wild. Requirements: Unlike other cybersecurity, many openings for pentesters don't require a degree; however, your abilities will be under constant scrutiny, so some formal education is recommended. Median Salary: $77,774 Security ConsultantSecurity consultants design and implement innovative security solutions.
Since security consultants are relied upon by numerous different departments to guide and implement long-term cybersecurity strategy, extensive industry experience is required.

For developers who are new to security, starting as a pentester or security analyst is recommended, although after proving themselves in other security roles for between three to five years, and understanding the industry inside out, aspiring security analysts could find themselves relevant for this role. Requirements: A degree in computer science and between three and five years of experience in cybersecurity are needed. Median Salary: $80,763 Incident ResponderIncident responders, also known as CSIRT engineers, or intrusion analysts, investigate and limit the damage from cyberattacks that have occurred while working closely with the security team to prevent further attacks from taking place.
Incident responders monitor their organization's networks and systems for threats while performing audits, risk analysis, and malware assessments. Requirements: Like pentesters, incident responders don't necessarily have to have a specific degree, although a cybersecurity certification or specialization is helpful.Median Salary: Around $60,000 Don't WaitWhile security analysts and security engineers must have a degree and extensive experience, there are options for developers who want to turn their security passions into a profession in roles such as incident responders and pentesters, with less-intensive requirements.
If you're a developer, don't wait — start working on enhancing your career in cybersecurity now. Related Content: Paul is an application security community specialist at Checkmarx, responsible for writing, editing, and managing the social media community. With a background in mobile applications, Paul brings a passion for creativity to investigating the trends, news and security issues ...
View Full Bio More Insights

Solgari launches enhanced user application suite to provide businesses with seamless...

Platform removes complexities of using multiple service providers and ensures compliance with data regulationsLondon – Tuesday 18th October – Solgari, the global provider of the world’s first complete enterprise cloud business communications software solution, has today launched a number of key additional user application features to its cloud telephony and business communications suite.

The modular Software-as-a-Service (SaaS) platform unifies all communication capabilities into a single platform, enabling cloud communications delivered to all devices, users and locations.

Businesses are empowered with increased flexibility around contact management and deployment, while ensuring compliance with increasingly stringent regulations. The scalable platform provides enterprises with a comprehensive communication tool that enables the effortless transition between instant messaging, email, voice and video, while allowing seamless integration with core IT such as CRM using Solgari Link. Organisations can cherry-pick the services that match their requirements, avoiding the complexities of dealing with multiple service vendors that can lead to long contracts and spiralling costs.

Furthermore, the platform provides PCI DSS compliant call & video recording and archiving, functions that aid customer query resolution and ensures regulatory requirements are met. “The SaaS suite offers a cost-effective and convenient alternative to expensive hardware and software solutions, which are often not integrated or suited to the requirements of the business,” said Vance Harris, Solgari CTO and co-founder. “The modular design enables businesses to customise exactly what they need and it means it can be utilised in all industries. Moreover, with the capability to search for archived calls via a number of options, including user details and keywords, users are able to solve queries effortlessly - it’s a real resource saver around compliance.” The services with enhanced features include: Solgari Connect – offers browser-based inbound communications from corporate website through WebRTC.
Simple click and talk functionality is enabled via an intuitive interface, and agents can effortlessly escalate calls from voice to video, while also adding instant messages.

Customer calls are completely free. Solgari Global Voice – delivers users with worldwide numbering capabilities and provides Tier 1 voice quality regardless of device or location.

The service is supported on Windows, macOS, iOS and Android, with a dedicated smartphone app. Many optional features include advanced IVR which aids and automates customer service. Solgari Contact Centre – developed to run inbound, outbound or blended contact centres.

Features include call listening, whispering and barging – ideal capabilities for training and supervision – as well as agent visibility and wallboards, which can be programmed to display a number of performance-related criteria. Solgari User Application Suite (SUAS) – enables businesses to comprehensively manage and analyse their communications.

Through three tools, Solgari Callview, Reports and Analyser, users are able to simply retrieve and listen to archived calls & videos, create detailed and accurate PBX and ACD reports, and examine overall system use – enabling them to identify where processes can be enhanced. Word and phrase searching capability within archived calls to address compliance and dispute resolution. Solgari Link – empowers users to seamlessly integrate voice and video communication capabilities to leading CRM systems, including Microsoft Dynamics, Salesforce and Bullhorn, as well as with other ERP and back office systems. Other features that work with Solgari Link include advanced IVR and voice verification which facilitates PCI payment, surveys and intelligent identification of customers and their requirements. Solgari WebMeeting – WebRTC solution that provides real-time voice and video meetings without the need for extra software downloads or plugins.

Additional capabilities include remote desktop control, screen share and automatic meeting report emails “The platform can benefit all departments and has been successfully deployed over a number of verticals including Fintech, Recruitment, Government and Retail,” said John Colgan, Solgari CEO and co-founder. “For example, Solgari Link can help facilitate the sales process due to its CRM solution integration capability.

Agents can simply click and call customers and prospects from a single dashboard; there’s no need to pick up the phone.

Furthermore, all incoming customer calls & requirements can be clearly identified in advance of the agent picking up, creating a great impression and efficiencies.
It’s this adaptability that really makes the Solgari product suite a unique and innovative player in the cloud communications market.” Solgari services are available on a per-user, per-month subscription.

As the services are completely cloud-based, there are no hardware or infrastructure requirements and all updates are provided by Solgari. On average, Solgari customers see yearly savings of more than 40 % compared to legacy telephony and contact centre providers. The platform is available to all new and existing customers.

For more information see the Solgari demo overview or, to request a demo, please visit http://www.solgari.com/contact.About SolgariSolgari has developed the technology, network and partnerships to deliver the world’s first complete enterprise cloud business communications software solution. No boxes, no licenses, no software upgrades, no capital expenditure, Solgari is unique.
Solgari is a licensed telco, integrated with a scalable and modular cloud software platform, providing every service from Cloud Telephony, Call & Video Conferencing, Desktop Sharing up to the most intelligent Contact Centre, covering call encryption and meeting FCA, SEC, Central Bank and PCI DSS Compliance.
Solgari’s customers can pick and choose the services required, where and when through a subscription based model.

For more information, please visit the company website and learn more about Solgari’s solutions at www.solgari.com Media ContactsFinn PartnersAstor Sonnen or Caitlin Mullally+44 203 217 7060SolgariTeam@finnpartners.com

Solgari launches User Application Suite to empower financial services organisations with...

Application forms part of comprehensive modular communications platform that increases agility, flexibility and cost controlLondon – 18 October 2016 – Solgari, the global provider of the world’s first complete enterprise cloud business communication software solution, has today announced the launch of the Solgari User Application Suite (SUAS), as part of its modular Software-as-a-Service (SaaS) communications platform. Providing every cloud telephony and business communication service per user per month, financial services organisations can ensure compliance with increasingly stringent regulations, while seamlessly switching between audio, video and messaging from a single dashboard. The platform automatically records and archives all communications, and users are able to retrieve and playback calls effortlessly.

Call logs can be searched via date, time, duration, location, participants and keywords.
Voice verification also adds a further layer of security around customer identification, and all archived data is encrypted.

These features ensure financial services organisations remain compliant with the Markets in Financial Instruments Directive (MiFID), Payment Card Industry Data Security Standard (PCI DSS), as well as the requirements of The Financial Conduct Authority (FCA), Central Bank and Securities and Exchange Commission (SEC).

Furthermore, with MiFID II due to come into effect in 2018, the platform future-proofs organisations and prepares them for upcoming requirements.

These include all those involved in trading, who will be required to have all calls recorded and archived for five years. “Strict regulations have historically prevented the financial services industry from taking full advantage of the cloud,” said Edward Grant, COO at Solgari. “Businesses have found it difficult to juggle innovation and compliance, with employees inevitably finding ways to cut corners that leave the company vulnerable to regulatory fines. However, our cloud business communication software platform is a game changer. Not only do businesses suddenly have all services at their fingertips, but all communications are recorded and stored, enabling them to be retrieved easily if requested by the FCA, for example. “Financial services organisations can mitigate the risk of ever-increasing penalties for non-compliance, all the while increasing the efficiency of communications internally and to partners and customers,” continued Grant. The complete platform consists of a number of services, with its modular design enabling organisations to choose the options that suit their requirements.
Services and their features can be added or removed as needed, avoiding the issue of large upfront investment in enterprise solutions that soon become a burden to budgets and infrastructure. The services with enhanced features include: SUAS – able to run Solgari Callview, Reports and Analyser, businesses can easily search and listen to archived calls & video meetings, run PBX and ACD reports, and analyse overall system use. Word and phrase searching capability within archived calls to address compliance and dispute resolution. Solgari Link – enables users to seamlessly integrate voice and video communications capabilities to all the leading CRM and back-office systems in the market, such as Microsoft Dynamics, Salesforce and Bullhorn Solgari Connect – offers browser-based inbound communications from the corporate website through Solgari’s WebRTC.

Customer inbound communications are completely free on Wi-Fi and extension numbers can be shared across numerous devices so that users are always within contact.

Conversations can be easily escalated between instant messages, voice and video making a huge impression on the customer. Solgari Global Voice – ensures businesses can make worldwide calls with consistent tier one voice quality, regardless of location or device Solgari WebMeeting – instant WebRTC browser video meetings without the need for any software downloads.
Screens can be shared, desktops controlled remotely and it provides automatic end of meeting email reports Solgari Contact Centre – can run inbound, outbound or blended contact centres.

Functions include supervisor listen and whisper, agent visibility and performance boards Solgari services are available on a per-user per-month subscription.

As the services are completely cloud-based, there are no hardware or infrastructure requirements and all updates are provided by Solgari. On average, Solgari customers see yearly savings of more than 40 % compare to legacy telephony and contact centre providers. The platform is available to all new and existing customers.

For more information see the Solgari demo overview or, to request a demo, please visit http://www.solgari.com/contact. About SolgariSolgari has developed the technology, network and partnerships to deliver the world’s first complete enterprise cloud business communications software solution. No boxes, no licenses, no software upgrades, no capital expenditure, Solgari is unique.
Solgari is a licensed telco, integrated with a scalable and modular cloud software platform, providing every service from Cloud Telephony, Call & Video Conferencing, Desktop Sharing up to the most intelligent Contact Centre, covering call encryption and meeting FCA, SEC, Central Bank and PCI DSS Compliance.
Solgari’s customers can pick and choose the services required, where and when through a subscription based model.

For more information, please visit the company website and learn more about Solgari’s solutions at www.solgari.com Media ContactsFinn PartnersAstor Sonnen or Caitlin Mullally+44 203 217 7060SolgariTeam@finnpartners.com

Security Specialists Netsurion and EventTracker Merge

The newly merged company plans to announce a product that will provide a fully managed security service that integrates firewalls with SIEM and other capabilities. Privately held security vendor Netsurion announced on Oct. 13 that it is merging with security information and event management (SIEM) vendor EventTracker.Financial details of the merger are not being publicly disclosed, though the deal is being facilitated by Providence Strategic Growth, which already has made equity investments in Netsurion.Netsurion is a provider of security services, including managed firewall capabilities, while EventTracker provides a managed SIEM offering.

The merged company will be known as Netsurion, with the EventTracker business operating as a division.Many of Netsurion's customers are in the retail and restaurant businesses and have to comply with the Payment Card Industry Data Security Standard (PCI DSS), said CEO Kevin Watson.

A core element of PCI DSS compliance is having SIEM capability. Prior to the merger with EventTracker, Netsurion was doing a "basic" level of PCI DSS-related logging, Watson said. "We didn't have the sophistication of correlated events and automated alerting that comes out of a true SIEM product," Watson told eWEEK. In the last 18 months, Netsurion officials have noticed an increase in sophisticated attacks that were more complex to track than what a basic SIEM product could handle, he said, adding that Netsurion wanted to improve security to deal with the increasingly complex attacks, which is what led the company to EventTracker."We started working with EventTracker to build a product that can bring true SIEM capabilities to the edge of the network with a very lightweight sensor that has both automated and fully managed capabilities," Watson said.While there are many SIEM vendors in the market today, EventTracker manages its own Security Operations Center and provides managed service capabilities, he said.  A key trend in the SIEM market today is adding capabilities for user behavior analytics that look to correlate user behavior across different points of access to find anomalies.

Among the many tools is the space is the Splunk User Behavior Analytics (UBA) 3.0. platform, which was announced Sept. 27. With EventTracker, Netsurion provides a large pool of data intelligence that can be used to help identify potentially malicious user behavior, Watson said.The newly merged company is set to announce a new product in approximately one month that will provide a fully managed security service that integrates the firewall with SIEM, as well as remediation capabilities.The retail and hospitality markets have been hit particularly hard in recent years with multiple instances of point-of-sale (POS) system breaches.

The new Netsurion product that is set to be announced next month takes aim at the POS security challenge."The new product puts SIEM capabilities at the point-of-sale terminal in a branch," Watson said.Instead of just protecting a branch location with a managed firewall, the new Netsurion product will be able to collect and correlate data to help identify threats.

The SIEM will also be able to take action on its own and stop potentially malicious processes."We'll also work with the impacted customer to provide true remediation and identify how a malicious item came in, all the systems that the item is on and how to fully remediate," Watson said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter
@TechJournalist.

Ipswitch MOVEit® 2017 Offers New Levels of Compliance Support in Secure...

New Features Added to Managed File Transfer Products Help IT Teams Protect Data When Most VulnerableLondon, UK. 11th October, 2016 – Ipswitch, the leader in easy to try, buy and use IT management software, today announced MOVEit® 2017 – the combined release includes new versions of its industry leading Managed File Transfer products MOVEit® Transfer, MOVEit® Automation and Ipswitch® Analytics.

These new releases significantly enhance the ability of IT teams to ensure the secure exchange of sensitive data with external partners on a global scale, and in compliance with data protection regulations such as HIPAA, PCI and GDPR. Ipswitch MOVEit 2017 In our information-based economy, the daily exchange of data with external organisations has become a core process of businesses across a large number of industries. Healthcare providers and Insurers routinely share Protected Health Information (PHI) between themselves and regulatory agencies. Retailers and Financial institutions transmit payment card data. Organisations in multiple industries routinely exchange Personally Identifiable Information (PII).

All of this data is protected by regulations such as HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), GDPR (the European Union’s General Data Protection Regulation) and others. PHI, PII and payment card data are the target of global cybercriminal activity. MOVEit® helps safeguard that data when it is most vulnerable – in transit, as well as when the data is at rest, with best in class encryption. Ipswitch’s industry leading MOVEit® products help IT teams ensure these exchanges are secure, in compliance with data protection regulations, and automated to reduce IT overhead costs and meet internal and external Service Level Agreements (SLAs). MOVEit Transfer 2017 provides enhanced language support and improvements to its user interface. MOVEit users can now externally transfer files in any language (including support for Japanese and Simplified Chinese) to anywhere in the world securely and in compliance with multiple data protection regulations. MOVEit Automation 2017 includes new features that significantly extend IT team’s ability to automate core data exchange processes at high volumes while continuing to meet SLAs and reduce IT costs.

These include improvements to its state-of-the-art web admin interface, the ability to manage files and resources in any language and SOCKS proxy support for SFTP hosts. Ipswitch Analytics 2017 enables SLA and compliance reporting with new advanced data filters, and enhanced management of security keys, licenses and agents.

Additionally, Ipswitch Analytics provides new agents for Microsoft Exchange that extend IT teams’ visibility to include data transfers that occur through email.

This significantly enhances the organisations ability to assure regulatory compliance by providing first time visibility into an area of increasing concern – ad hoc file transmissions of sensitive data by employees. “With many organisations implementing security policies to restrict manual file transfers, IT teams need a flexible, IT-approved solution that provides the ease-of-use that today’s employees crave combined with the security IT teams demand for protection and compliance,” said Austin O’Malley, Chief Product Officer at Ipswitch. “Thousands of companies in some of the most data-sensitive industries are using MOVEit 2017 to better manage data exchange processes from a central console that is understandable and easy-to-use.” EditionsTo make it easier for IT teams to buy a solution that meets their exact requirements while increasing the value they receive from their investment, MOVEit Transfer 2017 and MOVEit Automation 2017 are offered in Standard, Professional and Premium editions. MOVEit Automation 2017 is also offered in an additional edition, Basic, which is ideal for small businesses. All MOVEit 2017 solutions – MOVEit Transfer, MOVEit Automation, Ipswitch Analytics and Ipswitch Gateway – are combined in the comprehensive MOVEit Complete package, which simplifies IT teams’ Managed File Transfer needs in Standard, Professional and Premium editions as well. MOVEit has been reliably and predictably transferring files for thousands of customers and millions of users across several vertical industries – including banking, financial services, insurance, healthcare and retail.

To learn more about MOVEit 2017, visit https://www.ipswitch.com/secure-information-and-file-transfer/moveit-mft-complete. END About IpswitchToday’s hard-working IT teams are relied upon to manage increasing complexity and deliver near-zero downtime.
Ipswitch IT and network management software helps them succeed by enabling secure control of business transactions, applications and infrastructure.
Ipswitch software is powerful, flexible and easy to try, buy and use.

The company’s software helps teams shine by delivering 24/7 performance and security across cloud, virtual and network environments.
Ipswitch Unified Infrastructure and Applications Monitoring software provides end-to-end insight, is extremely flexible and simple to deploy.

The company’s Information Security and Managed File Transfer solutions enable secure, automated and compliant business transactions and file transfers for millions of users.
Ipswitch powers more than 150,000 networks spanning 168 countries, and is based in Lexington, Mass., with offices throughout the U.S., Europe, Asia and Latin America.

For more information, please visit http://www.ipswitch.com/, or connect with us on LinkedIn and Twitter. Media Contact:Rebecca Orr or Richard WolfeTOUCHDOWNPROffice: +44 (0) 1252 717 040ipswitch@touchdownpr.com