There is a great webinar on Wednesday March 5th on Data Governance and Controlling Active Directory...

Take this opportunity to learn about fixing access control on your Windows File Servers once-and-for-all; without disrupting business. And come see how the Town of Milton and the City of Burlington are protecting their most critical assets.

Introducing a Single Governance Framework for All of Your File Systems LCM Security Inc. WebEx DATE: March 5th, 2008 TIME: 10:00AM EST RSVP: Please Click Here

About Us: LCM Security is your local resource for data and networking security solutions. We work hand-in-hand with the industries most advanced technologies to provide comprehensive consulting solutions and top-knotch implementations. Our partner, Varonis is the foremost innovator and solution provider of all-inclusive, actionable data governance solutions. Based on patent-pending technology and a highly accurate analytics platform, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Learn more about Varonis and get insights into Data Governance at our WebEx on March 5th. RSVP HERE... Check out the Press Release on Data Governance at www.Varonis.com PDF: Varonis CEO shares insights for the 2008 data governance market

With F5, you're closer to PCI compliance than you think.

Any business that deals with credit card data -- whether they're processing, transmitting, or storing it -- needs to abide by the Payment Card Industry (PCI) Data Security Standard. Businesses out of compliance could have their credit card transaction privileges completely revoked. The new PCI requirement 6.6 requires securing your Web Application Servers by June 30, 2008.

F5 can help you comply with this mandate, being a leader in the Web Application Firewall space with their BIG-IP Application Security Manager (ASM). Join us to see how F5's Web Application Firewall simply and easily allows you to meet this requirement.

Friday 14-Dec-07 9am ET Join
www.f5.com

Vasco's Ultra-Portable Digipass 270

Today, VASCO Lauched its' Ultra-Portable Digipass 270 e-Signature Authenticator. The "Slim" Digipass can be carried in user’s wallet; especially designed for large-volume banking and e-commerce market. Functionalities include e-signature against man-in-the-middle attacks.

VASCO Data Security International Inc. (Nasdaq: VDSI; www.vasco.com), is the leading software security company specializing in authentication products. Its' new Digipass 270, is an ultra-portable client authentication device enabled with all functionalities of VASCO’s renowned Digipass product line.

With Digipass 270, VASCO reinforces its market-leading product offerings of large-volume client authentication solutions for the banking and e-commerce sector. In addition to one-time password generation, Digipass 270 uses the AES-algorithm to calculate e-signatures, host authentication codes and other Digipass-functionalities. The size of the device (70 mm x 45 mm x 2,85 mm) allows you to put it in a wallet and use it at any time and anywhere. The PIN-protected Digipass 270 is compatible with VASCO’s VACMAN core authentication platform. VACMAN supports over 50 different VASCO client authentication products.

"With Digipass 270, VASCO strengthens its offerings as the Full Option, All Terrain Authentication Company," said Jan Valcke, VASCO’s President and COO. "We notice an increasing market demand for products that are easy to use, very portable, secure, customizable and affordable. Digipass 270 is the perfect answer to all above mentioned demands."

Digipass 270 will be available starting today. For more information about Digipass 270, please visit http://www.vasco.com/digipass-270.

Some News Before Turkey-Day

With Thanksgiving approaching I thought I'd leave you with a few good links to check out with during your free time. I myself, will be taking a few days off, to find new juicy items for next weeks entries. Have a happy and safe holiday.

1. Network security: Using unified threat management (UTM)
   By: Puneet Mehta, Network Security Expert
   

"Network security products vary in their level of protection. If you're looking at security options to protect your network, read this description of unified threat management (UTM) to learn what UTM's advantages are compared to traditional security models."

2. On November 19, 2007, McAfee, Inc. announced its acquisition of SafeBoot, a leading enterprise-class security software vendor for data encryption and user authentication.


3. Hackers Poised for Black Friday Assault
   By Jon Brodkin, Network World

"You know retailers are ready for Black Friday – but so are hackers poised to launch a slew of Web-based attacks against consumers. Your money and personal information could be at risk."

No More NSA -- eIQ Discontinues its' SMB Flagship

I received an email today with the opening line.... "We are writing to inform you that effective January 1, 2008 eIQnetworks will no longer be selling Network Security Analyzer (NSA) directly or through our reseller channel. NSA will only be offered through OEM partners." -- I'm left staring blankly at my MS Outlook, not sure of what I just read.

And it continues... "We are pleased to offer existing NSA customers a free upgrade to Enterprise Security Analyzer (ESA) to replace their current configuration. To receive this free upgrade they will need to have a valid NSA eCare contract as well as be willing to purchase an annual ESA eCare contract before January 31, 2008. The remainder of their NSA eCare contract will be credited towards their ESA eCare purchase. Please note NSA customers that choose not to upgrade will continue to receive support through December 31, 2008 via email only."

Holy cow they're not joking... eIQ Networks just decided to get out of the SMB / SOHO market -- I'm speechless.

Look at the prices for ESA -- this isn't something you can recommend to a 4 or 5 device company with 10 users.

Annual ESA eCare support pricing is as follows:
• $1,599 for customers with less than 5 managed devices
• $2,999 for customers with 6-10 managed devices
• $2,999 plus 20% of the device cost for customers with more than 10 managed devices.

Customers that upgrade to ESA and want to add additional devices, servers or hosts may do so at a minimum quantity of 5. ( AND you can no longer order a single device license. )

ESA pricing follows:
• ESA Base Package 10: MSRP $14,995 (part number eIQ-ESA-EW-BP10) includes central server, syslog server application, integrated datastore, correlator, console, portal and 10 managed node licenses (NOTE: package includes a total of 10 devices, servers and hosts)
• ESA Base Package 5: MSRP $7,995 (part number eIQ-ESA-EW-BP5) includes central server, syslog server application, integrated datastore, correlator, console, portal and 5 managed node licenses (NOTE: package includes a total of 5 devices, servers and hosts)
• ESA eCare: annual contract, which includes product upgrades and email / phone support, is 20% of initial product price

Now don't get me wrong, ESA has some enhanced functionality over NSA and is a great product. For more information on ESA, please visit: http://www.eiqnetworks.com/products/EnterpriseSecurityAnalyzer.shtml.
But what about your current customers who don't need ESA or prospects that just need reporting on single devices like a new UTM firewall?

Can I get some comments? Some feedback from the peanut gallery? What do you guys think?

Just Another UTM Report

Has anyone seen Joel Snyder's report on UTM Firewalls? (Hide Your Eyes) The overall top performers in this test are Juniper, Cisco and Check Point.... give me a break.
Gartner just release this same report last month and had Juniper, Fortinet and CheckPoint as the leaders in the space. [see report] Not to mention, I thought UTM was taboo. Isn't the new trend next-generation firewalls? IPS, AV, Anti-Spam, VPN all in one?

With that being said look at what they compared:

• Astaro ASG 425a
• Check Point UTM-1 2050
• Check Point VPN-1 UTM Gateway
• Cisco ASA 5540
• Crossbeam C25
• Fortinet FortiGate 3600A
• IBM System x3650
• IBM/ISS MX5010
• Juniper ISG-1000 and Juniper SSG-520M
• Nokia IP290
• Secure Computing Sidewinder 2150D
• SonicWALL PRO 5060
• WatchGuard Firebox Peak X8500e

Couldn't we have chopped this list down to the real players in the space? I would have recommended we compare: Juniper, Cisco, Fortinet and CheckPoint at the various levels SMB/SOHO, Midsize, Enterprise, and maybe the +20GB throughput monsters. All the other devices are either to niche or to generic or its a matter of costs.

Now I know someone is going to comment, "this was an enterprise evaluation." Come on, not every box in the enterprise is... what about at the endpoints, at local offices, for site to site VPN, etc... Your ideal situation is one provider, one central interface, that can protect the perimeter and is scalable.

I'm opening the floor to comments. I want everyone to see this report because Joel asks some great questions and the concept was well intentioned. So you be the judge.

Memory Stick Madness

Since today is day one of the new blog I felt I needed at least two major contributions to start it of right. This however is from the Edmonton Sun Newspaper, by Kevin Crush.

This one, well it might as well be an advertisement for all the encryption companies with removable media encryption solutions -- like Utimaco's SGRM solution (shameless plug) :)

Large organizations have to get better at keeping people's information private, says Alberta's privacy commissioner. "I'm sort of laughing, but I don't know what else to do at this point. It is just very, very frustrating," said Alberta Information and Privacy Commissioner Frank Work.

"We just have to recognize that portables go missing. We had at least four (Capital Health) laptops go missing, and on the weekend we had a memory stick go missing. It's reaching epidemic proportions and I don't know what the answer is."

Yesterday, Work released his report into the theft of four Capital Health laptops last August - one containing 20,000 patient names, health card numbers, addresses and reasons for admittance into the hospital.

Work found that Capital Health did not properly safeguard the information and gave several recommendations for the health authority to better protect people's privacy, including physically securing portable devices, having a valid reason to store health information on portable devices in the first place, and, Work emphasized, to encrypt the information.

"The equation - and we keep hammering at this - the equation is personal information plus a portable equals encryption," said Work.

Capital Health agreed to all of the commissioner's recommendations and was already working on what the next steps would be when they first reported the theft to the commissioner, said spokesman Steve Buick.

For the past year, Capital Health has been working on getting an encryption program set up and hopes to have it ready by January.

"Encryption is the right thing to do," said Buick.

"We've been working at it for a year. It's a very big exercise and we totally sympathize with the commissioner's concerns of the time it takes for big organizations to get it in place."

He noted it takes longer for big organizations to set up encryption programs than it would for a home computer user because of the massive size of the health authority and how complex the information flow is.

Buick said Capital Health is also working on increasing file storage space so less information would be stored on portable devices.

Capital Health will not face any sanctions for the privacy breach. Work said Alberta's laws do not allow for any sort of sanctions but only give him the authority to make recommendations.