Verizon: Application logs monitoring helps prevent data breaches. Really?
“Given the nature of data breaches today, organizations are better off saving money and doing ‘lightweight’ security testing across more of their infrastructure than conducting deep assessments across a few systems,” this is what Peter Tippet, vice president of innovation and technology for Verizon Business stated at a the CSI/SX held in Las Vegas, according to a DarkReading quote.
Tippet thinks application logs are more effective than logs of signature based devices and firewalls. He’s probably right. But only for the scenarios he has chosen: data theft caused by outside attacks, most frequently using stolen, but valid passwords and attacking idle, old and forgotten machines.
While Tippet’s method might just prove effective for those using Verizon software and fearing outside attacks, what happens to unencrypted and stolen or lost hardware? What about insiders who can copy/paste an entire database on a thumb drive? Yes, ongoing attacks or failed attempts can be discovered. But that gets businesses nowhere near a comprehensive and effective data loss prevention solution!
CoSoSys uses humor to teach about security threats
As you’ve probably seen on this blog, there are news about security breaches, people who’ve been affected by identity theft and fraud, billions of dollars in losses every single day. More a day in really bad cases. Although there’s a ton of information out there, individuals and companies still fail at protecting themselves against such breaches and at keeping their private data safe.
CoSoSys, leading developer of endpoint security and data loss prevention solutions, has chosen a different approach to raise awareness about the risks we face everyday: humor, namely a series of comic strips showing what can really happen. As CNET puts it, they put the fun back in security threats.
The first comic, originally published on CoSoSys’ EndpointProtector.com site shows how easy it is for an employee to copy your entire data base and take it to your main competitor. A simple thumb drive, three minutes left alone in the office, and that’s it!
But as fun and laughing are not the only goals of the strip, each of them also helps you find out what to do and how you do it. Designed to promote the company’s most popular DLP, endpoint security and device management solution, Endpoint Protector, each issue will show how everything can be prevented.
“Recent research performed in both the US and the UK shows a troubling trend: data breaches are rising in numbers and in costs as well. Millions of people have their data exposed to identity theft or fraud each year and few of those affected or those responsible of the incidents know that most of these instances could easily be prevented. Making sure that your private records and all endpoints in your network are secured is not a difficult task. That is why we are committed to put our best efforts into raising awareness and educating the public about staying safe without making any lifestyle compromises”, explained Roman Foeckl, CoSoSys CEO.
The next issues of the strip will be published each Thursday for the next 7 weeks. You can see them here or register to get them on your email. Easier if you asked me, as remembering to visit a link every week is not something I usually do.
CoSoSys Products reach Australia and New Zealand
CoSoSys, a leading European developer of security solutions for USB devices, has just appointed Chillisoft as distributor of its products n New Zealand and Australia. That means companies and home users in these areas will be introduces to their Endpoint Security and data loss precention solutions.
Who’s Chillisoft? According to the press release, Chillisoft is a specialist software distributor and finalist in the APAC Deloitte Fast 500 for the last 3 consecutive years. Our security solutions are carefully selected leading or emerging products from reliable and reputable vendors that can benefit our resellers and end-user clients in our target markets.
We’ve covered CoSoSys and their products before, but here’s a little info on what they do:
CoSoSys was founded in early 2004 with a strong business focus on software development, marketing and support of applications for portable storage devices such as USB Flash Drives and flash based MP3 Players. In a second business unit CoSoSys is developing endpoint and data leakage security solutions that enable a secure working environment for portable storage devices.
Happy shopping, Australia and New Zealand! And stay safe 
Dark Reading Starts Educational Series
The Dard Reading reporters have set their mind on educating their readers and helping them understand IT security better. The series is also designed to help IT people explain such topics to atechnical employees easier and faster. They have started with a piece explaining Data Loss Prevention (DLP) – the concept, what DLP solutions can and can’t do.
Here’s a short excerpt of the article defining and explaining what a Data Loss Prevention solution is and does:
In a nutshell, DLP is a type of software that is designed to seek out sensitive data — either traversing the network or sitting idle on your computer systems — and enforce policies for handling it. If a user attempts to send out sensitive data via email, post it to a Website, or copy it to a USB storage drive, DLP technology can identify that activity and record it.
More important, most DLP applications are also designed to prevent the user from executing tasks that might compromise the data or cause it to leak out to unauthorized sources. The DLP software might turn off the “write” capability that would allow a PC to copy certain data to an external storage device, or it might disallow an email user from sending the data to another user.
Read more on Dark Reading and make sure to read the next articles on this subject as well.
NetBooks and the surprises they come with
Portable storage device applications and endpoint security solution provider CoSoSys has just risen the red flag regarding Netbooks. As they explain, although treandy gift and excellent PC replacement for all offices, netbooks embed serious threats to corporate and individual security. While their seamless connectivity and increasingly large solid state disks (SSD) or traditional HDD capacities can help everyone of us increase productivity while considerably decreasing the weight we carry around, they are also the perfect means for both intentional and unintentional data breaches.
“Corporate IT departments needs to consider Netbooks as a serious issue when it comes to Endpoint Security and they are advised to take control over them as they enter their networks rather than waiting for the first data breaches to happen. Enforcing Endpoint Security policies with Endpoint Protector allows IT administrators to fully control all ports and data transfers from endpoints, including Netbooks, to any other portable device such as USB Flash Drives or External HDDs to prevent data loss” said Roman Foeckl, CoSoSys CEO.
While the CD or DVD drive is no longer a threat, netbooks come with almost immediate access to any data through wireless networks, USB Ports, SD Card readers and other ports, making it extremely easy for confidential details to be transferred in and out of unsecured networks. And if you run a search through our blog to see how many laptops have been lost, stolen and misplaced in the past, we have to also wonder about how much easier it is to steal or lose a much smaller version.
So take this warning seriously and stay trendy and safe at the same time!
Self-encrypting laptop from Dell
One of the most common causes of security breaches is stolen hardware. And I’m sure you’ve all heard of the thousands and thousands of laptops stolen in airports, from parking lots and other public places. And as most companies fail to implement a comprehensive endpoint security solution, a stolen laptop means trouble. For the end users, a laptop sometimes stores most of their documents, personal and business, memories from trips and other important events and everything that is private and dear to them. Picturing everything lost to a stranger’s hand is hard to cope it.
Dell states there’s a new way to prevent such bad things from happening: a self-encrypting laptop. Your data is still lost, but at least no one can acess it. The drives with self-encryption features are produced by Seagate and embedded in the new Dell product. And apparently, the Seagate hardware will soon be shipped by IBM and LSI as well. Let’s hope no one breaks the encryption system!
Endpoint Security Strategies for SMBs
SMBs have specific requirements when it come to IT security in general and endpoint security in particular: they need comprehensive policies, high-end technology, all downsized at a larger scale and a fair price. They don’t need cheap and unreliable solutions, they just need the best there is, adjusted to their size.
If you’d like to know more about what the IT security market has to offer, what challenges arise from the current business environment, which are the real threats SMBs face, how to properly asses the costs of a security breach, how easy it is to lose data or have it stolen, read the latest white paper published by CoSoSys, Easy Guide to Comprehensive IT Security Strategies for SMBs – High-End Endpoint Security, Data Loss Prevention and Portable Device Management at a Reduced Scale.
Data Watchdog Warns of Poor Data Protection in UK Institutions
Data protection watchdog, the Information Commissioner’s Office has recently confirmed that it has served enforcement notices on two UKgovernmental institutions, HM Revenue and Customs and the Ministry of Defence. The decision, made public in the Information Commissioner Richard Thomas’ annual report comes as a response to high profile data breaches occurring within the twe organizations.
According to IT Week, both departments will be compelled to provide progress reports detailing how they are improving data governance practices.
This piece of news comes shortly after the same office called for European data protection laws to be reformed to make them more business-friendly. The recommendation was made by the same Richard Thomas at the annual Privacy Laws and Business conference in Cambridge. Thomas said existing legislation was out-dated and increasingly ill-suited to the internet age.
CoSoSys in the Balkans through Inter Engineering
Inter Engineering, one of the main players on the data security market in the Balkans, and CoSoSys, vendor of network endpoint security and portable storage device enhancement solutions, announce today their strategic partnership to distribute the Endpoint Protector 2008 solution and additional support services in Greece, Cyprus and Malta. The distribution agreement between Inter Engineering and CoSoSys comes as a natural response to the increasing demand in Balkan countries for the numerous business and technical benefits that CoSoSys technology delivers.
“The developments in enterprise needs make Endpoint Security an indisputable part of a solid Policy” said Josmaarten Swinkels, CEO of Inter Engineering. “CoSoSys provides solutions which combine quality with flexibility and an attractive pricing model fitting extremely well in Inter Engineering’s solutions portfolio. We are happy to work with CoSoSys and optimistic about the future.”
“Inter Engineering has proven to be an absolute first-rate partner committed to the success of our customers,” said Roman Foeckl, director of CoSoSys. “We are pleased to have such a reputable and experienced company representing us in their home market.”
See more in the official press release available on the CoSoSys site.
CoSoSys to Protect SearchAmerica
CoSoSys, the leading provider of End Point Security solutions, has recently announced that SearchAmerica has selected Endpoint Protector 2008 to manage and enforce portable device security policies in their IT environment. The solution SearchAmerica chose is quite new and extremely powerful, and it will protect all company workstations, notebooks and servers against data loss, data theft and other forms of data leakage.
CoSoSys has added a rather important client to its portfolio, as SearchAmerica is the industry leader in financially clearing patients through address verification, prediction of payment and automated charity/Medicaid processing. See more in the official press release.
