Web application attacks are the biggest security threat faced by businesses today says SANS Institute

17 March 2008, Godalming, C-MI Labs Plc, a UK distributor of security applications and managed security services, has signed a distribution agreement for 2008 to support Applicure Technologies’ drive into the UK market. The web application firewall vendor was recently highlighted in the SANS Institute Top-20 Security Risks report – the security industry benchmark for prioritizing IT security threats – as providing technology that protects against external and internal attacks on web applications.

With UK distributors under increasing pressure to deliver solutions that will help meet upcoming PCI Compliance legislation and protect against growing web application attacks and data leakage, C-MI Labs will be introducing Applicure’s dotDefender technology to hosting companies, SMEs seeking web server protection and enterprises that require a technology to protect internal web applications.
Neil Patmore, Channel Marketing, C-MI Labs said, “Applicure’s technology is well suited to any size of company and is a particularly strong fit for the mid-market sector which has the same security issues as larger enterprises but without the resources and budget to deal with them effectively. We will target a large cross section of our clients with the comprehensive, low TCO, high ROI web application security that Applicure offers”.

Amir Peled, Director European Sales, Applicure Technologies Ltd added: “We believe that the potential for Applicure’s technology is huge and our agreement with C-MI Labs underlines their commitment to support Applicure as it provides its unique technology to the UK market. Through C-MI Labs excellent service to the channel as a true value-add distributor, we are sure to increase market share during 2008 and beyond.”

Applicure’s flagship software product - dotDefender - provides dedicated web application security that complements network protection (firewall, IPS/ IDS). This innovative website security software provides strong protection against SQL Injection, Cross-site scripting, Path Traversal, Defacement and many other application attacks. dotDefender is multi-platform, working on Apache, IIS, and ISA Server, with central management and reporting. Implemented as a software plug-in, it is rapidly deployed, and requires minimal maintenance, providing excellent TCO in the industry.

Applicure also provides a free downloadable security monitor that identifies attempts to hack the website or application in real time. It allows companies to assess their exposure based on actual attacks, and prioritize their investment accordingly.

Intamac wins prestigous European Business Awards - Business Innovation of the Year, 2008 ...plus two Ruban d'Honneur's Ribbons...

17th March 2008 - Intamac Systems, the specialists in home and security monitoring solutions has won the European Business Awards - 'Business Innovation of the Year Award'. It also received two Ruban d'Honneurs ribbons, for Business Innovation and Entrepreneur of the Year. The award ceremony was held in Paris on 11 March 2008.

The European Business Awards was set up to recognise and reward excellence, best practice and innovation in companies across the 27 EU member states. It serves to showcase Europe's most successful business achievements.

Intamac have utilised the World Wide Web to revolutionise the capabilities and reduce the cost of home monitoring and security systems. The Intamac solution offers a unique combination of innovative technology, practical purpose and ease of use. In light of this, the company has already secured major contracts with large international players, including BT, and Australia and New Zealand's largest general insurer, IAG. Intamac's technology has also been adopted in a number of high street products by companies such as Linksys and Yale.

European Business Awards CEO Adrian Tripp said, "Intamac has the potential to completely shakeup the traditional home security industry.
It is providing some very strong businesses not presently in the home security market with excellent new technologies and business models to challenge the existing players." Intamac was selected over a shortlist of ten International businesses such as British Telecom, Deutsche Post and Daimler AG.

Intamac's CEO and founder, Kevin Meagher commented, "We are delighted to win the Business Innovation of the Year Award. It demonstrates that our work in providing innovative monitoring solutions at an affordable price is being recognised outside the UK. We are an Innovation led company, which is constantly driving for growth and has a strong customer focus.
We are honored to have won this renowned award against such strong global competition".

Intamac's services are currently available through global partners such as Cisco, BT, Yale and IAG, and through leading retailers such as Homebase and PC World or by visiting www.intamac.com

A third of businesses leave their back-up tapes in the office overnight, says new research report from Connect

33% of small to medium sized enterprises in the UK leave their back-up tapes in the office at the end of the day, negating the benefit of backing up their servers, according to a new research report entitled ‘Risky Business’, published today by Connect - the IT support company . Two thirds of businesses (69%) had never tested whether they could retrieve all the information held on their backups.

The survey was conducted by an independent research company on behalf of Connect and consisted of in-depth interviews with IT Managers and Directors at 151 UK companies in a range of industry sectors.

Mark MacGregor, CEO, Connect, comments:
“It is alarming that one in three businesses are storing their backup tapes in their own offices. If there’s a fire, a flood or a burglary, they risk losing both the original data and the back-ups. Equally surprising is why so many organisations are using backup tapes at all. There are plenty of better and more up-to-date methods that can be used to protect their business critical data and at a similar cost.”

Other significant results from the research include:

* Back-up tapes are still the prevalent back-up technology used by UK SMEs - 89% of UK firms use back-up tapes to store their data;

* 10% of the SMEs surveyed by Connect have suffered a major data loss as a direct result of back-up failure;

* 33% of UK firms experience a major server problem every six months;

* 69% of small to medium-sized companies have not tested their backup systems in the last six months;

* Only 11% of the companies surveyed by Connect back up their data over the internet to a secure offsite data centre using a service similar to Total Recall;

From Murder To Money-Laundering - GB Groups Technology Helps Make The UK A Safe Place To Live

An innovative on-line people tracing tool from GB Group, a specialist provider of identity information, is helping bring criminals to justice by enabling police forces to trace criminal suspects to their known address.

GB's Accelerator IQ is helping reducing the burden on police administrative resources by many hundreds of man-hours by focusing resources to locate individuals quickly. Already in use by the Metropolitan Police and Suffolk Police forces, its most recent high profile use was in tracking Steve Wright, recently convicted of the murder of five Ipswich women.

GB Accelerator IQ is a specialist tool that is used specifically by police and Government agencies for the prevention and detection of crime. It works by cross referencing the broadest and most current spectrum of UK population databases to confirm the last known or current address of a suspect

Richard Law, Chief Executive at GB Group, said: "We support the police and Government with leading edge technology to save valuable resources and to speed up the time taken to conclude an investigation. In many cases, time is of the essence and by quickly identifying suspects, such as Steven Wright, and being able to trace them to a current address, we can provide intelligence to the investigating team that would previously have taken thousands of man-hours to complete.

"We firmly believe that GB Accelerator IQ is making the UK a safer place to live by helping the security services to identify and profile suspects quickly. At a time when citizens in the Ipswich area felt particularly at risk, we were pleased to support Suffolk Police in helping secure a firm conviction. We have since extended the use of our identity technology to many other Police Forces and Government Agencies.

Detective Inspector Phil Boswell from Suffolk Police said: "GB Accelerator IQ has saved us hundreds of hours which would otherwise have been spent manually searching through intelligence provided by the community. Accurate intelligence gathering and address verification is key in an investigation of any size, but on the scale we experienced here it made officer time far more efficient and made a vital difference.

"We have always been keen to employ the latest technology in an investigation and this case has proved why."

Richard Law added: "Our ability to locate and verify people for the prevention of criminal activity underpins our position as the market leader in online identity verification solutions. Our technology is equally used within the private sector to combat money laundering and fraud - activity that is often used to fund organised crime syndicates or terrorist groups - groups who are particularly adept at covering their tracks."

Consumers need to lock the door on internet crime by securing their wireless netwo

Core Facts
• According to the Guardian, the government says it intends to launch a consultation on legislation for ISPs and rights holders to "cooperate in taking action on illegal file sharing... with a view to implementing legislation by 2009".

• Tracking service Mininova recorded the 4 billionth torrent download last week, say Tech Radar

• The FT reports that ISPs are opposed to the idea, "ISPs are no more able to inspect and filter every single packet passing across their network than the Post Office is able to open every envelope," it said.

• Industry fears that proposals will lead to increase in Wi-Fi highjacking

• Two men were arrested for ‘Wi-Fi' highjacking this week, according to the Register

• APACS, the credit card industry association, reports that Card Not Present fraud increased 44% in the first six months of 2007 to £137 million

• GSEC1 recently launched the XGate, the first device to offer all in one security and wireless protection, straight out of the box.

Quotes
• Mark Brooks, marketing director at internet and computer security company Global Security One (GSEC1) says:
"While the proposals to tackle illegal file sharing will be unpopular with ISPs and could, in practice, be unworkable (how are they policed?), they do highlight an important issue about businesses and consumers protecting their wireless network.
"How many times have you turned on your laptop, only to be greeted by a completely open wireless networks? Even those protected by WEP security can be cracked in under a minute by experts. Wi-Fi highjacking, phishing and drive by pharming - where DNS weaknesses are exploited - are all on the rise.
"Legislation is unlikely to help with these internet threats and some ISPs will be more vigilant than others to tackle illegal file sharing. Consumers need to lock the door on internet crime by securing their wireless networks.
"Consumers understand the importance of wireless security, but weaknesses are often exploited in the rush to get online. Also, most anti-virus and online banking security is software based, which is time consuming to administrate and still open to attack. The solution is to take a hardware-based approach, using more secure wireless standards than WEP, such as WPA2."

Glasgow School Installs Bloxx Web Filtering To Combat Anonymous Proxies

The High School of Glasgow Selects Bloxx to Protect Staff and Students Online

Bloxx, the enterprise web filtering specialist, today announced that The High School of Glasgow has deployed Bloxx web filtering technology to monitor pupil and staff online activity and to provide enhanced security for its IT network.

With 1,100 pupils, The High School of Glasgow caters for children of all ages, from kindergarten up to the age of 18 years and offers a wide and varied curriculum.

It is divided into two campuses for Junior and Senior level, both of which are based in northwest Glasgow.

The decision to replace the school's existing SurfControl web filtering solution with Bloxx Tru-View Technology, followed concerns by IT management that it was becoming increasingly difficult to protect the students from accessing offensive or inappropriate web material whilst at school.

"SurfControl's heavy reliance on lists of URLs to determine which sites were subject to filtering provided avenues for pupils to attempt and in some cases succeed in bypassing the filtering system, mainly through the use of anonymous proxies," explains the school's Network Manager, Thomas Makridis.

Anonymous proxies are websites that allow users to easily bypass web filtering, enabling them to access blocked sites. With hundreds of new proxy sites being created every week, blocking access to these sites using URL lists has become difficult and time consuming for IT staff.

Bloxx Tru-View Technology web filtering combines the best of conventional tools with new intelligent identification methods and analysis technologies which can identify and block websites quicker and more accurately than other web filters that rely on manual URL classification and keyword scoring alone. In addition, Bloxx can automatically detect and block the vast majority of newly created anonymous proxy sites, significantly reducing the workload of IT staff and increasing protection against anonymous proxies.

Since installing Bloxx the school has witnessed considerable benefits.
"Not only has Bloxx significantly reduced costs and made my job easier but, more importantly, by design it is much more effective and efficient than SurfControl was. It also has the bonus of malware and anti-virus functionality, adding additional layers of protection to our IT network," comments Makridis.

"Children of this generation are becoming increasingly tech-savvy. This, coupled with the issue of anonymous proxies, means that schools need to strike a balance between protecting their students online, yet still enable them to take advantage of the Internet as a valuable source of information," adds Bloxx Managing Director, Eamonn Doyle. "As the school has such a diverse range of ages and subjects, it is important that the network manager has the ability to tailor the solution to meet the specific needs of the users. It is great to hear how the school is benefiting from the added protection and flexibility of Bloxx."

About Bloxx Tru-View Technology
Bloxx Tru-View Technology uses internationally patent pending technology to analyse and block web sites quicker and more accurately than other web filters, which use manual classification and keyword scoring.
Tru-View Technology uses intelligent identification and analysis providing instant classification of web content as soon as it is accessed even if the content has not been seen by anyone before.

Bloxx Tru-View Technology helps organisations proactively manage users'
access to web content which might lower productivity, expose the organisation to risk and liability or pose a network security threat.

An estimated one million + users already benefit from enhanced security and performance with low administration and no cost per user charges.
Additional protection is provided via anti-virus, anti-spyware and anti-phishing functionality, alongside onboard cache

Mobile And Remote Working: Is It Secure?

Increased remote working implies increased security at the end points and there is a wide range of solutions available including remote firewalls and specific end point solutions, which can be administered centrally. Such solutions can extend network protection strategies to mobile and remote users. They can also ensure that firewall, anti-virus and security patches are used by remote and mobile users when they should be.

Check Point provides 'End Security', an end point security solution which combines a firewall, network access control, program control, anti-virus, anti-spyware, data security and remote access. It allows security policies at end points to be viewed and modified from a single management console.

Branch offices can install low-cost remote unified threat management systems (UTMs) which incorporate VPNs and these can be centrally administered, typically by the head office, providing the same levels of gateway protection as there is at the centre. SSL VPNs can provide security of data in transit for mobile users connecting into head office or between branches.

Solutions such as WatchGuard's Firebox SOHO Edge (available in wired and wireless versions) and Check Point's UTM-1 Appliance are UTMs suitable for remote/branch offices which combine a firewall, VPN, zero day protection, anti-virus, anti-spyware, anti-spam, intrusion prevention and URL filtering.

Low cost encryption can protect remote laptop users and safeguard against data loss. In the past, poor performance and high costs prevented the use of encryption software, but today's high performance and low cost solutions make it impossible to justify not encrypting laptops. Low cost solutions from encryption specialists such as Utimaco can protect network data, laptops and removable media.

Finally, wireless is high risk and all mobile wireless traffic should be over VPNs and be encrypted, with the use of strong authentication.

Applied Security Launches New File Encryption Solution

fideAS(r) file enterprise delivers data loss and information leakage prevention

10 March 2008: Applied Security has launched its new fideAS(r) enterprise file and folder encryption solution in the UK to protect and secure access to sensitive data on fileservers, deskops and laptops by encrypting all the files and folders on the disk drives. Integrated into existing workflow and completely transparent to users, the
fideAS(r) encryption process can also be used to control removable storage media such as USB keys or removable hard drives. This prevents data theft or leakage and also ensures that viruses or other malware are blocked from getting onto the network.

Other features of fideAS(r) file enterprise include automatic encryption of email attachments, revision-safe logging and the enforcement of the 'four-eyes-principle' that ensures at least two people are present to access specific confidential data.

The entire administration of fideAS(r) file enterprise, including access authorisations, is performed centrally using a simple graphical interface and is integrated with existing directory services such as Microsoft Active Directory. Role separation between system and security administrators ensures that no one has unauthorised access to confidential files; while keys and certificates are generated automatically and distributed to users as software or on smartcards and USB tokens.

"Recent high profile date loss incidents from the HMRC and Royal Navy to TKMaxx, and Marks and Spencer, could all have been avoided if files had been encrypted," says Frank Schlottke, CEO at Applied Security.

"It is clear that companies and public sector organisations now recognise that encryption is the most effective way to protect confidential data falling into the wrong hands and fulfilling compliance requirements. fideAS(r) file enterprise has been designed to combine a high level of cryptographic security with maximum user friendliness, so that encryption does not slow down or get in the way of day-to-day work activity," adds Schlottke.

Also available from Applied Security is fideAS(r) file safe, a free tool for encryption and decryption of files by a password that can be used to decrypt email attachments encrypted by fideAS(r) file. fideAS(r) file safe uses AES-256, the strongest state-of-the-art symmetric encryption algorithm.

Trend Micro Introduces Secure Message Archiving Solution for Mid-Size Companies

New solution helps customers securely store and quickly access archived email; includes rapid e-discovery, compliance, tamper-proof architecture, and "privacy-guard."

Cupertino, Calif. - March 10, 2008 - Trend Micro Incorporated (TSE:
4704), a leader in network antivirus and Internet content security software and services, announced today its message archiving solution designed to help companies archive with accessibility and encryption, reduce email management costs, and protect and preserve the integrity of their electronic data.

Trend Micro(tm) Message Archiver (TMMA) delivers a fast, on-demand email search capability so employees can quickly access any archived email without leaving Microsoft(tm) Outlook(tm), or the need for IT support; installation time averages 30 minutes. The solution's tamper-resistant design, combined with forensics technology that uses digital fingerprinting and encryption, ensures that emails are authentic and un-altered for automatic legal compliance. In today's regulatory environment, this is a critical component and another reason why analysts predict the message archiving market will reach $1.37 billion in 2011.[1]

In a recent survey of IT administrators for mid-size companies, more than three quarters of them cite privacy safeguards to be especially important in an email archiving solution.[2] Trend Micro Message Archiver's "privacy-guard," a distinctive feature compared to other solutions, tracks and logs email searches by authorized users and sends an audit of them to a designated "data guardian" in order to safeguard employee privacy. Privacy-guard avoids potential abuse by privileged users and guarantees email searches occur for valid purposes.

"It's no surprise that email volume for companies is growing rapidly - nearly everyone uses it on a daily basis. And because of the tremendous amount of intellectual property that's stored in email, our customers have been asking for efficient message archiving to complement their Trend Micro content-security solutions," said Steve Quane, executive general manager for Trend Micro's small and medium business unit.
"Message Archiver addresses our customers' need for compliance, data protection, authenticity of data, easy management of large quantities of email, and employee privacy."

"Trend Micro Message Archiver was a quick installation; it was also easy to learn how to manage the system - no extra training was needed,"
said Seth Bjorn, network engineer for Goodwill Industries of Orange County. "As a mid-size company, we need something that is effective but doesn't consume a lot of time and money. Trend Micro Message Archiver addresses our need for compliance, our need to store huge amounts of emails securely, and our need to be able to access and search for these archived emails quickly and easily."

Pricing and Availability for North America Trend Micro Message Archiver is available immediately. Per user pricing varies by seat count and price decreases with volume. For the 501-1000 seat level, TMMA is $33.70 per user. This price includes search and compliance capabilities, as well as the first year of maintenance. The solution is available for a 30-day-trial download at:
http://us.trendmicro.com/go/tmma.

WatchGuard Unifies Security and Mobility

New WatchGuard SSL VPN Stand Alone Security Appliances Give Remote and Mobile Workers Best in Class, Highly Secure Remote Connectivity

March 6, 2008 - WatchGuard® Technologies, a global provider of network security solutions, today unveiled new SSL VPN remote access appliances designed to give remote and mobile workers highly secure connectivity to their corporate networks. The WatchGuard SSL 1000 and WatchGuard SSL 500 offer an array of enterprise-class remote access features optimised for today's diverse range of mobile devices, platforms and network authentication options.

"Today, more than ever, mobility is the key to increased productivity and fundamental to global business practices," said Eric Aarrestad, Vice President of Marketing at WatchGuard. "With mobility comes the challenge of managing identities and keeping data secure. With WatchGuard SSL VPN solutions, customers can continue to provide remote and mobile workers with strong, secure access to their critical data without having to compromise on security or ease of use."

The WatchGuard SSL 1000 and 500 utilize web browsers or thin clients, end-point integrity checking, network interface control, as well as virtual desktops and session cleanup to deliver business applications right to the user for maximum productivity. The WatchGuard SSL 1000 and 500 deliver the most comprehensive range of authentication, identity management and security features along with support for the broadest number of devices and access options.

Best known for award-winning unified threat management (UTM) network security solutions, WatchGuard is leveraging its security experience and advanced technology to deliver powerful SSL VPN appliances that can work side-by-side with its UTM products, or be deployed in a mixed, heterogeneous network environment.

Key Features & Benefits
Multiple features make the new WatchGuard SSL VPN appliances ideal for mobile-rich, heterogeneous application environments. Key features include:
* Clientless SSL VPN Access - eliminates hassles of having to install proprietary software on every client device, while giving employees full remote access to all their applications
* Strong Authentication - allows administrators to use SMS and software-based two-factor authentication, as well as 14 additional methods of authentication, including token support for RSA, VASCO and VeriSign, which builds on IT investment protection for superior network security
* Single Sign On - allows users to seamlessly access information without having to repeatedly re-authenticate, which reduces help desk issues and enables users to be more productive
* Federated Identity - allows for sophisticated environments, such as business-to-business networks or company/departmental relationships, to give users seamless access to multiple or disparate resources
* Endpoint Integrity - examines every user device before it connects to the network, which reduces risk and provides for contiguous integrity and enforcement of security policies
* Administrative & Management features - with real-time scanning capabilities, automatic session cleanup, ActiveX and Java client support, as well as consolidated and comprehensive audit capabilities, administrators will appreciate having full control over remote workers

Pricing & Availability
The WatchGuard SSL 1000 and 500 appliances will be available globally from WatchGuard resellers in 30 days. The WatchGuard SSL 1000 with a 10 user license lists for £4,825 and the WatchGuard SSL 500 with a 10 user license is £2,850. As an incentive, WatchGuard will include its new SSL VPN appliances as part of its "Trade Up" program that gives generous discounts to WatchGuard customers upgrading from legacy systems, as well as to customers with competitive products who are looking for a superior price/performance alternative.