Endpoint Protector Appliance: Stop data theft on Windows and Mac

CoSoSys Products reach Australia and New Zealand

February 27th, 2009 by Agent Smith (0) DLP,endpoint security,In the News

CoSoSys, a leading European developer of security solutions for USB devices, has just appointed Chillisoft as distributor of its products n New Zealand and Australia. That means companies and home users in these areas will be introduces to their Endpoint Security and data loss precention solutions.

Who’s Chillisoft? According to the press release, Chillisoft is a specialist software distributor and finalist in the APAC Deloitte Fast 500 for the last 3 consecutive years. Our security solutions are carefully selected leading or emerging products from reliable and reputable vendors that can benefit our resellers and end-user clients in our target markets.

We’ve covered CoSoSys and their products before, but here’s a little info on what they do:

CoSoSys was founded in early 2004 with a strong business focus on software development, marketing and support of applications for portable storage devices such as USB Flash Drives and flash based MP3 Players. In a second business unit CoSoSys is developing endpoint and data leakage security solutions that enable a secure working environment for portable storage devices.

Happy shopping, Australia and New Zealand! And stay safe :)

FAA Data Breach Exposes Records of 45,000

February 21st, 2009 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

A recent breach reported by the Federal Aviation Administration has exposed the private data of about 45,000 employees, as a result of a hack in one of the FAA computer systems. The FAA has released a warning notice, quoted in Dark Reading, stating that employee personal identity information has been stolen during the illegal access. Those affected by this security breach will also receive individual letter, letting them know their data is stolen and probably used in fraud or identity theft attempts.

“Two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA’s rolls as of the first week of February 2006,”  states the notice. “The server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system, and the FAA has no indication those systems have been compromised in any way.”

The FAA also stated it has learned its lesson and taken the necessary steps to prevent future incidents of the sort. They are also taking long term measures to protect personal information. As for those who have been affected by this very real breack, there’s a a toll-free number and some details on the employee site.

Dark Reading Starts Educational Series

February 20th, 2009 by Agent Smith (0) Data Theft & Loss,DLP

The Dard Reading reporters have set their mind on educating their readers and helping them understand IT security better. The series is also designed to help IT people explain such topics to atechnical employees easier and faster. They have started with a piece explaining Data Loss Prevention (DLP) – the concept, what DLP solutions can and can’t do.

Here’s a short excerpt of the article defining and explaining what a Data Loss Prevention solution is and does:

teachingIn a nutshell, DLP is a type of software that is designed to seek out sensitive data — either traversing the network or sitting idle on your computer systems — and enforce policies for handling it. If a user attempts to send out sensitive data via email, post it to a Website, or copy it to a USB storage drive, DLP technology can identify that activity and record it.

More important, most DLP applications are also designed to prevent the user from executing tasks that might compromise the data or cause it to leak out to unauthorized sources. The DLP software might turn off the “write” capability that would allow a PC to copy certain data to an external storage device, or it might disallow an email user from sending the data to another user.

Read more on Dark Reading and make sure to read the next articles on this subject as well.

Photo credit.

The Latest Trick in Biometrics: Finger Vein Authentication

February 13th, 2009 by Agent Smith (3) In the News,In The Spotlight

When I say biometrics, most people think of fingerprints, face recognition, eye scanning and other cool but rather common tricks we’ve seen in movies and run across in real life. I might add a ear scan from some Batman movie, but that’s it.

Sony has come up with a new idea, recently covered by The Register in its Hardware section. It’s a camera-based system that analyses veins in people’s fingers. This new technology also comes with it’s own name: Mofiria.

Mofiria Technology by Sony

Photo credit

How does the new biometric tech work?

Here’s the explanation given by the Register:

The user first lays one side of their index finger down on a small pad, after which a series of LEDs shine infrared light onto it. A CMOS sensor sat on the other side of the finger then picks up light scattered off of the veins inside the user’s finger.

Why is this better than other technologies in the biometrics field?

I found the answer to this question in Sony’s official press release. I’m still waiting for some comparative reviews and tests. If you happen to run across one, feel free to share it in the comment box.

Compared to the other biometric authentication techniques, vein authentication technology achieves higher accuracy on personal identification and forgery resistance because it uses the veins inside the human body. Finger vein patterns differ from person to person, each finger to finger, and it is said that they do not change over the years.

I am looking forward to an action movie depicting a breach of this new technology :)

US Data Breach Cost Up, Response Cost Down

According to a  recent Ponemon Institute study, the costs of data breaches rose in the USA to $6.6 million per incident in 2008, although companies put increased efforts in better handling such incidents.

The study, funded by data security firm PGP Corp. and quoted by Security Focus, analyzed data breaches experienced by 43 US-based companies from 17 different industry sectors. The breaches involved a number of records ranging from about 4,200 to more than 113,000. The findings showed the average costs of data breaches are about 2.5 percent higher in 2008, amounting to $202 per record, up from $197 per record in 2007 and $182 per record in 2006. An average breach would require a company to spend $6.6 million in 2008, up from $6.3 million in 2007 and $4.7 million in 20006.

To calculate the total cost of a data breach, the institute added the costs of detecting and responding to the loss of data, legal and administrative expenses, customer defections and opportunity loss. The response costs decrease was a result of businesses learning how to cost effectively handle such incidents:

While legal fees and customer losses moved breach costs higher, companies reduced the costs of dealing with breaches, signaling that firms and their third-party providers are becoming more cost effective in responding to data breaches, the Ponemon Institute stated in the report.

TJX finds closure for breach in big time sale

We’ve all come to refer to the TJX data breach as the largest one in history, with an estimated 45.7 million credit card accounts exposed through a brech in the discount retaler’s wireless network. Some even place the number of affected acounts in the vicinity 94 million. Whichever the real number is, it is huge, scary and as it has happened over a significant period of time, it got plenty of coverage.

In the recovery process, they had to pay 40.9 million dollars to settle a lawsuit, but according to the Register TJX had created a 118 million fund to pay for breach-related damages in August 2007. 11 people were charged in relation with the data theft and some trials are still ongoing. The retailer has made an attempt to close this dark chapter for good by offering one-day 15 percent discounts in all its US and Canadian stores, as a token of their appreciation for the customers “for retaining their loyalty after it did such a bad job of retaining their records”.

Nice strategy to reward customers, build trust and boost sales at the same time! But I believe they need to implement all the cutting edge security toys in the market and make every new added layer of protection public to ease the minds of those affected.