NASDAQ OMX & SafeNet discuss securing financial data in the cloudCloud, Compliance

SafeNet May 23, 2013, 12:12 pm UTC

• Tweet

• 0

On this episode of the TabbFORUM, SafeNet’s David Etue is joined by Adam Honoré, managing director of NASDAQ’s FinQloud, to discuss the challenges and solutions for securing financial data in the cloud. FinQloud began as an internal NASDAQ initiative, and has grown into an on-demand offering based on Amazon Web Services and SafeNet security.

Some of the controls Honoré and Etue recommend are authentication, encryption, key management, and real-time monitoring. In particular, encryption is a popular choice for financial service providers.

“Clouds love encryption,” says David Etue. “When you have a cloud provider like Amazon Web Services or infrastructure-as-a-service…illustrating control of your data can be very challenging from a security or audit perspective. When you wrap that data in encryption and you have strong encryption and good key management. All of a sudden you have the ability to abstract the visibility and control of that data away from the infrastructure itself.”

New Partner Resource: Secure the Breach Channel-Ready KitChannel, Secure the Breach

SafeNet May 22, 2013, 04:50 pm UTC

• Tweet

• 0

The frightening reality is that the way the entire world consumes and shares data has dramatically change over the past few years, and companies are still spending 80% of their IT budgets securing the perimeter instead of what it really matters, THE DATA.

This presents SafeNet’s channel partners with an excellent opportunity.

To help you shift your customers understanding of reality, where the end result is a Secure Breach environment, and perimeter breaches have no actual impact on the encrypted data itself, we have put together a set of sales tools for you to use in your sales efforts.

Download your Secure the Breach Channel Ready Sales Kit and change the conversation from Breach Avoidance to Breach Acceptance.

5 Tips to Prepare for the AttackData Breach, Secure the Breach

Cheryl Barto ShoultsMay 16, 2013, 03:57 pm UTC

• Tweet

• 0

SecurityWeek published a great article today: Preparing for an Attack: 5 Tips for Organizations. Marc Solomon starts out by saying, “Even the most security diligent organizations are realizing that breaches are no longer a question of ‘if’ but a question of ‘when.’” Yep. That’s the concept of “Breach Acceptance” that CSO Tsion Gonen has been preaching for the past year (see his article in Network World). So, now that you’ve accepted that breaches are a “when” and not an “if,” Solomon gives these five tips to make your breach cleanup run a little more smoothly.

1. Adopt a threat-centric approach to security.  You need solutions that address the extended network – protecting endpoints, mobile and virtual environments.

2. Automate security as much as possible. Manual processes are inadequate to defend against relentless attacks that often employ automated techniques to accelerate and broaden attacks. For example, SafeNet Authentication Service uses automated setup and maintenance policies, freeing staff to focus on critical tasks. The Crypto Hypervisor automatically tracks encryption keys in virtual environments so your data is never left unprotected.

3. Leverage retrospective security. Look for technologies that address this scenario by continuously monitoring files originally deemed “safe” or “unknown” and enabling you to apply retrospective security if these files are later determined to be malicious.

4. Hone your incident response processes. The Verizon 2013 Data Breach Investigations Report found that in 22 percent of the incidents investigated it took months to contain the breach. Orgs should have an Incident Response Team trained on what to do, an InfoSec Policy to ensure you’re protecting the right data, an Incident Response Runbook with step-by-step instructions, and quarterly systematic program reviews.

5. Educate users and IT security staff on the latest threats. Educating users and keeping staff trained on the current threat landscape can go a long way toward preventing these malicious attacks that often rely on relatively simple methods.

Read the full article at SecurityWeek.com. Learn more about SafeNet’s data protection solutions to help you create a secure breach.

Alvand Solutions on eBanking, Compliance and SecurityCrypto, Customer Stories

SafeNet May 9, 2013, 08:05 am UTC

• Tweet

• 0

Alvand Solutions provides Enterprise Security, FinanceCenter, Application Development, and Project Management Services. To ensure their clients are equipped to combat the latest cybersecurity threats, Alvand Solutions recommends encryption solutions like SafeNet hardware security modules (HSMs).

“Data breaches are happening to globally recognized entities, and obviously it’s a key concern for the financial services industry,” says David Jones, VP of Alvand Solutions. “Encryption is fairly standard. People know how it works, but in terms of effectively implementing and securing it, that’s where SafeNet solutions come to the floor.”

Learn more about SafeNet’s solutions for the financial services industry at http://www2.safenet-inc.com/email/2013/dp/financial-services/index.html.

Security Industry: The Sanity TestSecure the Breach

Tsion GonenFebruary 12, 2013, 08:15 am UTC

• Tweet

• 2

Infosec insanity: (n) \in-ˈsan-ət-ē\ applying the same breach prevention methodologies of the last 20 years and expecting breaches to stop

Today, SafeNet released the State of the Data Breach survey answered by hundreds of U.S. enterprise security professionals. Not surprisingly, most respondents (66%) say they are probably going to be the victim of a data breach in the next 3 years. With the epidemic of security breaches from LinkedIn to universities and financial institutions, it’s apparent that everyone is a target, and more and more organizations are accepting that they might be next.

Expected, but even more concerning, is that a significant chunk of security professionals (1 in 5) said that they wouldn’t trust their own organization with their personal data!

So while all that was interesting, it wasn’t totally surprising. Here’s what should really shock you: even though they’re expecting a breach and don’t trust their own security, 74% of respondents believe their perimeter defenses are effective and most of them are planning to increase spend on those technologies.

Pause with me and read that again. The vast majority of organizations accept that attackers will breach their network and steal high-value data, and yet they’re still trusting the same old perimeter security approach to keep their organizations safe. Have we as an industry lost it? Isn’t that the definition of insanity?

Well, the good news is that this phase of insanity and denial cannot continue for long. The bad news, though, is that the denial will only end because breaches will become too catastrophic to ignore. What we should be thinking about is life in a post-“breach prevention” world, an era I call “breach acceptance.” In this modern era, organizations will move beyond relying solely on breach prevention approaches and will accept that a breach will happen, and then apply tactics and technologies to mitigate the impact of that breach.

A network breach will never be fun, but it certainly does not have to be a catastrophe. Who says that just because attackers get into the network that they get access to what they actually want (aka – the data)?

I’m not saying perimeter defenses are dead. They play an important role in delaying the breach and keeping out the less-skilled attackers and script kiddies with something to prove. But for prevention against today’s sophisticated cybercriminals, super users and admins (old – DBA and new – virtualization admin), you have to assume a network breach and protect what matters – - the data. This is the only way to ensure that your data stays secure no matter who is in your network.

So here’s the million dollar question: are you going to continue to assume you can prevent the breach? Or are you going to accept it and secure it?

Read the full survey: SafeNet, Inc. Survey Sheds Light on the State of the Data Breach

We Remember...Corporate Culture

Cheryl Barto ShoultsOctober 26, 2010, 03:23 pm UTC

• Tweet

• 1

   Elena Maggiore 

Receptionist, Chicago, IL USA

Elena Maggiore was the beloved receptionist, and overall office “ mother,” for SafeNet’s Chicago office. Since 2003, Elena had been taking care of the Aladdin employees – coordinating  employee outings, events, charity drives, global meetings and everything else a busy office could need. Born July 24, 1946 in Chicago, she died Sept. 19, 2010 at Highland Park Hospital.

In 2009, Elena was diagnosed with breast cancer. She underwent a mastectomy and was told she would make a full recovery. After just a few weeks, she was back in the office, smiling and greeting everyone as if nothing ever happened.  “Elena brought joy to not only those that worked out of the Chicago office, but any visitor or vendor that stopped in,” said Gordon French. “Elena always checked in with me to ask how everything was going and make sure I was eating right.  I miss the positive energy and special attitude that Elena projected.”

But in the spring of 2010, Elena began to feel unwell. Further testing revealed that the cancer had progressed further than they imagined and the removal of the infected breast had not eradicated all the cancer: it had moved into her liver. Almost immediately, Elena began a rigorous chemotherapy regimen that left her weak and tired.

Elena’s co-workers remember her fondly.  “Elena was the first face you’d see in the Arlington Heights office as you walked in the front door,” said Nancy Ragont. “She’d always have a smile and a kind word and she’s always make people immediately feel at ease.  She really liked taking care of people, always making sure you were comfortable and that you had whatever you needed.”

“Elena was always so considerate and thinking of others,” said Mark Felix. “She made everyone feel comfortable and welcome at work and treated everyone with respect. She was a great family person and made us all feel part of "her family".  

Even through the trauma of chemotherapy, Elena continued to come to work as much as possible,  cheering on the rest of us and running the office with her warm smile. When she lost her hair, she wore her wig with pride, making everyone laugh with her story of getting it fitted and choosing the color. In support of her new bald head, Niles Leisti, a technical support specialist in Arlington Heights, shaved his head too. It was just one month later that she experienced severe side effects from the chemotherapy and was hospitalized. Her body was simply not strong enough to fight the cancer and treatment a second time, and she died peacefully on Sunday, September 19. To the end, she was surrounded by her family, just as she always wanted.

“She made everyone around her feel loved, appreciated, and like they belonged,” remembers co-worker Theresa Damato. “She created for us in the office a family atmosphere that will always be there as long as we are – a tribute to her and her amazing gift for bringing people together.  Her beautiful spirit will always be with us.”

“What can I say about our Elena – there  are so many things she did to make everyone happy,” said Manuela (Manny) Delgado. “Elena knew the right things to say or do to make things all better.  Elena, you will always be in my heart and will never be forgotten!”

Goals for 2011: Kathryn SampsonCorporate Culture

Maureen KolbJanuary 21, 2011, 10:00 am UTC

• Tweet

• 1

I would like to continue to develop the positive habits I started in 2010 including:

1) Reach my goal weight on the Weight Watchers program-only 17 pounds more to go!
2) Stay credit card free.
3) Learn knew skills in knitting-actually make a sweater or pair of socks.
4) Develop a consistent exercise routine.

Kathryn Sampson
SafeNet –  Columbia, MD office 

At Last: New Guidelines for Online Banking AuthenticaitonAuthentication, Compliance

Motty AlonJuly 1, 2011, 06:46 am UTC

• Tweet

• 1

You can call it symbolic, but the first bars of Etta James’ “At Last” started to play on the radio when I ran into the FFIEC announcement on their long awaited update to the Internet Banking Authentication Guidelines. At last — a fresh look at info-security guidelines, regulations, and best practices in the wake of all of the recent attacks and breaches.

In its “Supplement to Authentication in an Internet Banking Environment” the FFIEC addressed two important issues. First the idea that not all customers were created equal and that different customers are banking differently, have different risk profiles, and thus need different risk mitigation tools.

The second interesting idea is the understanding that a good security strategy should be based on multi-layered approach. So if hackers manage to find vulnerabilities in one of the authentication methods there are, in most cases, other methods that will continue to authenticate or protect customers.

On the less positive side, the FFIEC guidelines do not provide any good risk mitigation options to Man-in- the-Browser (MitB) attacks. MitB is best fought with Out-of-Band transaction security solutions, but FFIEC revised regulations do not mention this at all.

Moreover it seems that the updated regulation does not offer real detailed guidelines, but rather talks about concepts in general. I guess that bankers and their CISOs that are looking for definitive direction on how to comply with the regulation, are not going to get a good answer.

It also seems that the new FFIEC document targets the market and threat landscape of 2 – 3 years ago and has not caught up to the environment in 2011.

I would recommend the FFIEC focus on building guidelines that focus on how company’s respond to evolving threats instead of trying to solve yesterday’s problems. And company’s should focus on looking for security and authentication solutions that can not only ensure compliance with guidelines like these, but also evolve and react to today’s complex and evolving threat environment. Learn more.

2012 Top 5 SafeNet VideosUncategorized

SafeNet December 26, 2012, 10:46 am UTC

• Tweet

• 0

In 2012, we saw an explosion of interest in cloud security, and high demand for… well… anything other than whitepapers. You want all the important info in 3 min or less? With cool graphics and visual aids? Done. Here are the top 5 videos from 2012.

1. SafeNet, the Data Protection Company

2. How SafeNet Helps Secure the Digital Mailbox in the Cloud

3. Cloud Data Protection: SafeNet ProtectV

4. Cryptography and Key Management

5. SafeNet eBanking Video

Thoughts on the 2013 Global State of Information Security SurveyCrypto, Secure the Breach

Charles GoldbergJanuary 9, 2013, 10:58 am UTC

• Tweet

• 0

I just finished reviewing The Global State of Information Security^® Survey 2013 which is a worldwide study by PwC, CIO magazine, and CSO magazine. I like this report because it is comprehensive: 9,300 CXOs from 128 countries, with less than half from North America.  Also, this report is unique because it surveys folks very serious about security, with 42% of respondents seeing their organization as a “front-runner” in terms of information security strategy and execution.  It is a good read.

It is a 32 page report (download the PDF), so it is hard to pick only a few highlights, but here are a few that struck me.

Dispersed Data Changing Security Rules

I think the report articulated the core of the current security challenges well, “The heart of the matter for many businesses, security has become a game that is almost impossible to win. The rules have changed, and opponents−old and new−are armed with expert technology skills, and the risks are greater than ever.”

I mentioned that 42% identified themselves as front-runners in security – however, this survey determined that only 8% ranked as true security leaders.  I’m not sure which scares me more – the companies whose security teams know that they are not security leaders and don’t change, or the 34% that are delusional.  Actually – I’m sure – it is the delusional ones that terrify me more! The report show 56% of respondents admitting to collecting more personal information then they need while becoming less confident that they know how to protect it.  The bright side to this fact? The first step in solving a problem is admitting that you have one!  It is getting tougher to build perimeters around data that is agile in virtual environments and in the cloud. This contributes to why only 31% have accurate inventory of locations or jurisdictions where data is stored.  I guess European companies are surprised when the US takes their data under the US Patriot Act because they didn’t even know fell into US jurisdiction! If your data isn’t encrypted government agencies can easily ask for your data from a cloud provider without even letting the corporation know.

Incidents & Breaches Up from 2011

The number of respondents reporting 50 or more incidents hit 13%, up slightly from last year and far above the levels reported in earlier surveys. About one-third of respondents say their organization experienced no incidents, while one in seven say they do not know.  The good news is that financial loss is down. However, in another report, 61% of customer respondents stated they would stop using a company’s services after finding out about a breach – it is easy to understand why companies are not performing a thorough appraisal of the factors that might contribute to such losses.

Don’t Ask, Don’t Tell

The report continues to say that investigations and forensics were included by just over one-third of respondents, and roughly the same percentage looked at audit and consulting services and legal defense services. It appears many companies are following “a don’t ask, don’t tell policy” post a breach because of the fear they would have to share what they learned about losses publically.  After a detected breach and loss they go right to the lawyers because they know the consequences can do tremendous damage to their business.

What’s SafeNet Doing About It?

At SafeNet we are finding many new customers embracing one of the oldest ways in securing their data: using encryption. Our customers are protecting their data across physical, virtual and cloud datacenters with modern and innovative techniques giving them an opportunity to securely create value for their business.  This enables them the resilience of knowing that when their perimeter is breached their important data can’t be compromised because it is encrypted, these customers experience what is called a Secure Breach.  These customers are highly-aware security leaders!

Adversary ROI Comes to Atlanta: Josh Corman and David Etue Present at the GFIRST National ConferenceCloud, Crypto, Events

David EtueAugust 17, 2012, 02:15 pm UTC

• Tweet

• 0

Josh Corman and I will be speaking at the 8th Annual GFIRST National Conference in Atlanta on Tuesday, August 21 at 1 PM (in the Marquis Ballroom C) on adversary-centric security models. Attendees will learn why organizations must look not from their own company’s perspective, but from the adversary’s, to best model threats and security investment.

The GFIRST presentation is an updated version of the presentation we gave earlier this year at RSA incorporating feedback we received and additional research we’ve incorporated.

We hope you can join us at GFIRST, but if you are unable to you can still view the TED-like version at RSA Conference Online.

You can keep up with Josh and I throughout the year on Twitter: @djetue and @joshcorman.

Landis+Gyr and SafeNet Sign Agreement to Enhance Smart Grid Security for Utility Companies and ConsumersCorporate News

Jennifer LewisOctober 20, 2010, 02:54 pm UTC

• Tweet

• 0

Landis+Gyr and SafeNet announced on October 19, 2010 they have signed a reseller agreement to integrate SafeNet’s Luna Hardware Security Module (HSM) into Landis+Gyr’s Gridstream™ end-to-end security architecture, creating a highly secure environment to exchange and store utilities’ sensitive cryptographic keys in a trusted hardware device.

As part of its multi-tiered security strategy, Landis+Gyr is implementing SafeNet HSMs to protect the cryptographic keys used to secure data exchange between smart meters and the head-end system in the Gridstream RF network. The Luna HSM complies with the highest security standards, such as Federal Information Processing Standard (FIPS) 140-2 and Common Criteria EAL 4+, and provides utilities with a validated and tamper-resistant hardware solution that supports overall smart grid security.

View the entire press release here:  Landis+Gyr and SafeNet Sign Agreement to Enhance Smart Grid Security for Utility Companies and Consumers