CoSoSys in the Balkans through Inter Engineering

May 20th, 2008 by Alina (0) Default

Inter Engineering, one of the main players on the data security market in the Balkans, and CoSoSys, vendor of network endpoint security and portable storage device enhancement solutions, announce today their strategic partnership to distribute the Endpoint Protector 2008 solution and additional support services in Greece, Cyprus and Malta. The distribution agreement between Inter Engineering and CoSoSys comes as a natural response to the increasing demand in Balkan countries for the numerous business and technical benefits that CoSoSys technology delivers.

“The developments in enterprise needs make Endpoint Security an indisputable part of a solid Policy” said Josmaarten Swinkels, CEO of Inter Engineering. “CoSoSys provides solutions which combine quality with flexibility and an attractive pricing model fitting extremely well in Inter Engineering’s solutions portfolio. We are happy to work with CoSoSys and optimistic about the future.”

“Inter Engineering has proven to be an absolute first-rate partner committed to the success of our customers,” said Roman Foeckl, director of CoSoSys. “We are pleased to have such a reputable and experienced company representing us in their home market.”

See more in the official press release available on the CoSoSys site.

CoSoSys to Protect SearchAmerica

April 23rd, 2008 by Alina (0) DLP, Data Leakage, Data Loss, Data Theft, In The Spotlight, In the News, endpoint security

CoSoSys, the leading provider of End Point Security solutions, has recently announced that SearchAmerica has selected Endpoint Protector 2008 to manage and enforce portable device security policies in their IT environment. The solution SearchAmerica chose is quite new and extremely powerful, and it will protect all company workstations, notebooks and servers against data loss, data theft and other forms of data leakage.

CoSoSys has added a rather important client to its portfolio, as SearchAmerica is the industry leader in financially clearing patients through address verification, prediction of payment and automated charity/Medicaid processing. See more in the official press release.

DLP on the Right Track, but not Fullproof

April 18th, 2008 by Alina (0) DLP, Data Leakage, Data Loss, Data Theft, In The Spotlight, In the News, security breach

Speakers at RSA 2008 state the Data Loss Prevention (DLP) segment of security solution is reporting impressive improvements, but it still not able to stop innovative attacks. While it might be the new hot shot of the entire security industry, DLP can fail when attempting to successfully fight off all data breaches.

In a Symantec-sponsored panel addressing DLP related issues, speakers were highly optimistic towards the future of this new technology, which, according to Dark Reading, “is designed to monitor, detect, and control the egress of sensitive enterprise data in an organization”. Yet the fact that insider-theft technology has been describes as omnipotence was acknowledged to be grossly exaggerated. Here’s a selection of the most interesting quotes Dark Reading published:

“The idea that you’re going to be able to protect every piece of data all the time is probably impossible,” said Joseph Ansanelli, former CEO of DLP pioneer Vontu and now vice president of DLP at Symantec, which bough Vontu last year. “It’s not going to happen.”

“DLP is a tool,” said Craig Shumard, CISO for CIGNA Corp., a Vontu user. “It’s one of a number of things you can use to help control the insider threat. But it’s not the whole solution.”

The key, Rich Mogull, founder of Securosis, says, is to define your “sensitive” data before deploying DLP. “You need to put all of your business people in a room and force them to choose which data is the most valuable,” he said. “Once you’ve done that, you can use DLP to start monitoring that data, to set policies for protecting it, and eventually, to enforce those policies.”

Companies Forced to Live up to Security Promises

March 19th, 2008 by Alina (0) DLP, Data Loss, Data Theft, IT security, In The Spotlight, endpoint security, security breach

The Federal Trade Commission has recently settled a lawsuit against ValueClick amounting to 2.9 million dollars. ValueClick was found guilty of making email and advertising claims that were deceptive and misleading. The company was also found guilty of violating its own privacy policy, which promises, according to DarkReading, to protect customer data and implement “reasonable security measures.” ValueClick’s privacy policy promises encryption but the company failed to provide data entryption and did not fix reported vulnerabilities to SQL injection attacks.

The FTA decision in the ValueClick case opens the door for enterprises to be held responsible for negligence and for failing to implement the required security measures to achieve the user data protection they promise.

“The FTC ruling sends a powerful message to the business community,” says Scott Kamber, a partner at Kamber Edelson LLC, a legal firm that specializes in cyber security law.

“In the past, companies that failed to protect customer data have argued that they are immune from prosecution unless consumers can directly prove that they suffered harm from the breach of their personal information,” Kamber explains. “Given that hackers are generally pretty good at covering their tracks, this argument — if accepted — would mean that few companies would have to account for their negligence.”

With the ValueClick settlement, Kamber says, “the FTC has made clear that common sense will prevail over technical legal arguments, at least when it comes to governmental sanctions. We believe the FTC’s ruling will help with the current cases we are prosecuting, as well as future ones we are contemplating.”

With laws imposing clear requirement for companies, they will no longer be able to hide behind vague security claims and data loss prevention will become a major concern for all those dealing with private records. Hopefully, these laws, supported by international standards, will help prevent fraud, data loss and theft and other types of security breaches.

Data Breaches Going up

March 14th, 2008 by Alina (1) Data Loss, Data Theft, In The Spotlight, endpoint security, security breach

IT Security published an interesting feature this week focusing on data breaches, their trends, the laws regarding such security breakdowns and the targeted company. I thought some of the fats and issues they pointed out are highly important and worth being re-broad casted.

  • the first law in the US regarding data breaches notice dates back to 2003 and was issued in California. Since the 37 states have enforced similar stipulations.
  • In 2007, over 162 million records have been stolen or lost. To better understand what a significant growth the past few years accounted for, note that in 2002 the lost or stolen records amounted to a little under 5,000.
  • Big companies with numerous private records seem to be the preferred target. Yet the cause of such breaches is not the thieves’ high level of knowledge. It’s human errors that facilitate such attacks.

    TJX, the parent of retail chains including TJ Maxx, announced the computer incursion in January 2007 and later disclosed in an SEC (Securities and Exchange Commission) filing that the incident involved data from more than 45 million payment cards.

    Brad Johnson, vice president at SystemExperts, said he views TJX as an anomaly, suggesting most breaches stem from human error rather than an attacker’s ingenuity. “The fundamental problem is a lack of security awareness,” Johnson said. “Employees weren’t aware of the risk involved, so they didn’t take the appropriate precautions.”

    The case of HM Revenue & Customs, the United Kingdom’s tax department, fits the human-error category. In late 2007, HM Revenue & Customs acknowledged the loss of two computer disks containing personal information for 25 million people.

  • Criminal gangs stealing data get 1$ to 10$ per record. Therefore, as long as the attacks are profitable, they will continue
  • The first step a company should take is to realize what sensitive data they have and where it is stored. Such a step should make the implementation of an efficient Endpoint security and DLP solution easier.
  • Another security measure would be to only process the data needed at a certain time (e.g. a few entries as opposed to an entire Excel file containing those entries)
  • Users or consumers should investigate more the risks they expose themselves to when entrusting their private information to third parties.

Staffers to Protect Information

February 29th, 2008 by Alina (0) DLP, Data Leakage, Data Loss, In the News, endpoint security

Last year in November, UK’s HM Revenue and Customs lost the personal records of 25 million people. In order to prevent future such losses, they will rely on 37 employees who’s role would be to protect data. According to a parliamentary written answer by Jane Kennedy, financial secretary to the Treasury, quoted by the Register, the goal for the data guardian appointed to each business unit “to strengthen the management of the department’s data assets”.

The information was lost while being transfer through postal services on unencrypted computer disks. How about portable storage devices with encryption? Wouldn’t that be cheaper than paying the salaries of 37 people?

As we can tell from the article published by the Register, other governmental agencies also rely on work force to protect data:

In response to another written question connected to the child benefit data loss, the Department for Work and Pensions said it provides data to the National Audit Office using “rigorous courier arrangements and a requirement that physical transfers of data must have the specific authority of a member of the senior civil service”, according to Anne McGuire, minister for disabled people.

Symantec Customers Angered by Update Bug

February 20th, 2008 by Alina (1) In the News, endpoint security

A bug in a live update spread among Symantec’s endpoint security customers resulted in error logs piling up and rendering the solution inoperable. While the company states it is working on a fix for the issue that seems to have affected quite large numbers of users, the Register presents a different story - the hard time one of their readers has had dealing with the repeated errors.

The story sparked quite a debate on Symantec’s forums. Although the initial stories about how much damage this bug has caused are exaggerated, there still seems to be a great discrepancy in how customers and the company see things. While Symantec states only minor errors should have been reported, the quoted Registrar reader speaks of server halts and users being unable to login:

Symantec acknowledged the error-generating bug, but says the product remains functional. “This issue would have led users to see “Error 58/55″ in their SEP log files. The issue shouldn’t have done anything but generate errors — there should have been no issue with the product itself,” a spokesman said.

Richard said the problem didn’t cause problems in downloading anti-virus definitions even without applying workarounds (contrary to earlier versions of this story). Nonetheless the issue is still causing all sorts of grief. “Anti-virus updates appear to come down fine. It’s just a decomposer issue, but does that mean that anti-virus can’t scan inside archives until the problem is fixed? Symantec aren’t saying,” he said.

“However many many people are still having problems with things like the errors filling up logs and grinding servers to a halt. I personally figured something was wrong when none of my users could log on, there were temp files from live update littering the boot drive of the server and it had no free space,” Richard reports.

Endpoint Protector 2008 Addresses Wireless USB Security Issues

February 13th, 2008 by Alina (0) DLP, In The Spotlight, Wireless USB, endpoint security

Wireless USBs, besides bringing data transfers and portability to a new level and diminishing restrictions of the traditional USB protocol, also harbor specific threats. While transfers between these portable devices and computers comes with no impressive tricks, the data the store can be easily leaked to third party PCs or devices supporting wireless transfers.

The new Endpoint Protector 2008 developed by CoSoSys is the first endpoint security and DLP solution to address such threats specifically. More details on the new version from PR Inside:

The new Endpoint Protector 2008 efficiently protects PCs from data loss, data theft and other forms of data leakage. Endpoint Protector allows the controlled use of USB devices, external hard drives, FireWire devices, CD/DVD-Readers/Writers and many other potentially harmful devices, with the goal of stopping malware, viruses and other unwanted data intrusions.

Endpoint Protector 2008 also monitors and records all data transferred to and from portable storage devices. This new feature gives IT administrators the possibility to trace all data activity regarding removable storage and endpoint devices. This file tracing option allows the prevention of possible data breaches or of data being copied without authorization.

While the client product only runs on Windows operating systems, the Endpoint Protector Server 2008 is available for both Windows and Linux platforms, addressing a wider range of working scenarios.

CoSoSys Enters US Market

February 11th, 2008 by Alina (0) DLP, In The Spotlight, endpoint security

CoSoSys, the Romanian based developer of endpoint security and data loss prevention (DLP) solutions, has recently opened a new office in the US. According to DarkReding, the company already has strong presence in Europe and Asia and is now working on expanding its diffusion on the North American market.

“This is an exciting time in the evolution of CoSoSys. We look forward to delivering high-end Security and Policy Management solutions to our enterprise customers, thus helping them secure data and prevent data loss on USB devices, ” said Roman Foeckl, Managing Director of CoSoSys. “Also we are committed to developing and delivering world-class enterprise business applications with potential Resellers and Distribution partners who are leaders in their field and who are willing to invest in a successful collaboration targeting mutual future growth.”

More details on the Silicon Valley office in the official press release.

Harsher Laws to Deal with Data Breaches

February 6th, 2008 by Alina (0) DLP, Data Leakage, Laws & Standards

The state of California has recently passed a bill imposing strict measures to be taken by companies experiencing data breaches. The main purpose of the document is to make sure those affected by their private details being compromised are informed and fully aware of what’s at stake. InformationWeek provided more information on the bill:

California has already enacted a law that requires consumer notification when data breaches occur. The new bill requires companies, public agencies, and other organizations to provide toll-free numbers for credit reporting agencies so consumers can put holds on their cards, the name and contact information of the business affected, and what information may have been exposed or stolen. It also requires notices to explain when the breach occurred and the number of people affected by it.

It is only a matter of time until such measures are taken by other stated and other countries. Given the significant amounts of time and money invested in reacting to such information breaches, implementing a data leakage prevention solution seems a much wiser and cheaper way out.

© Endpoint Security Info 2008. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML