*Outpost24 launches a new Web Application Scanner. An extension of Outpost24’s OUTSCAN and HIAB solutions, Outpost24’s Web Application Scanner uniquely enables both internal and external scanning, allowing organizations to scan thousands of public and custom websites and web applications quickly and easily in order to identify vulnerabilities and their remedies. Outpost24’s Web Application Scanner integrates easily with existing tools in order to provide unified reporting of both network and web vulnerabilities and requires no additional software to be downloaded or installed. Contact your local Account Manager for more information, or email sales@outpost24.com.
*Frost & Sullivan whitepaper urges organizations to rethink current vulnerability management practices. The Frost & Sullivan whitepaper, titled “Vulnerability Management Made Easy”, highlights the growing risk that vulnerabilities pose to organizations, and recommends that customers select vendors which offer automated solutions which are cost-effective, easy-to-use and deploy, and reduce the total number of false positives. Outpost24’s HIAB is singularly identified by the whitepaper as well placed to help large and mid-sized organizations remain secure and meet a growing number of compliance requirements.
*Please visit Outpost24 at Infosecurity - Europe's most comprehensive gathering of information security professionals. The event takes place at Earls Court in London from April 19 - 21, 2011. Make sure to stop by booth E92 for a live demonstration on a mini-network, an educational seminar by Outpost24 CTO Ron Perris, and a cold beer! Register for the event as an Outpost24 guest here: http://tinyurl.com/4l9p5zq
*Outpost24 strengthens presence in the Latin American Region with a new office in São Paulo, Brazil. The goal of this initiative is to build upon Outpost24’s presence in the region and provide local businesses with straight forward and easy-to-use vulnerability management solutions at the lowest total cost of ownership. Flávia Schlesinger, Sales Office Manager for Brazil, states "By reinforcing an active local presence, Outpost24 will supply the demand of the Brazilian market for Vulnerability Management with constant innovation, providing the highest level of support and service needed."
*Outpost24 continues Mediterranean expansion with a new office in Greece and an expansion into Cyprus. Outpost24 has selected Eve Bourdakou to head the new office in Greece and Cyprus. Bourdakou’s wealth of experience will enable her to provide the highest level of service while delivering best-of-breed vulnerability management solutions to the Greek and Cyprus markets.
*Remember to mark your calendar for the April 6, 2011 SC Magazine Webcast titled 'Online Vulnerability Management - A 360 Degree Perspective". Attendees will learn how to understand online vulnerabilities across today's disparate systems and how to streamline your efforts to cover all bases. Register now to attend the Webcast at http://www.scwebcasts.tv/.
*Outpost24 Benelux's next monthly Webinar titled “Vulnerability Management Made Easy – A case study” is scheduled to take place on April 8, 2011 at 2pm CET. Join the Webinar to learn more about “Vulnerability Management” as presented by Hero de Haan, Sales Director Outpost24 Benelux. If you missed the last Webinar “Web Application Scanner” on March 4th, please visit http://www.allinhr.com/outpost24.html for the recorded presentations. And to register for the upcoming Webinar please email Willow Le, Marketing and CRM, Outpost24 Benelux (willow@outpost24.nl).
*Outpost24 has opened a new office in Switzerland. This new office will be well positioned to service the growing demand for Vulnerability Management and Assessment solutions across the region. Mrs. Gabriela Bühlmann has been appointed to headthe new office in Switzerland, bringing with her 15 plus years of IT experience working for various multinational companies managing corporate and enterprise accounts.
*As satisfied clients, Funda Real Estate B.V. and CTIE have shared their experiences working with Outpost24. We are very proud to continue successfully supporting businesses as an entrusted partner in Vulnerability Management. More details of the endorsement cases can be found herehttp://outpost24.com/support-resources.html.
*Outpost24 expands across Germany with a new office in Berlin. Andreas Friede takes on his new role as Regional Sales Manager for Outpost24 Berlin with the ability to fully understand the perspective of clients and partners and assist in raising the IT security level while protecting critical corporate networks, stating "In addition to the currently predominantly reactive security solutions in the IT network landscape, a strong trend can be seen that proactive security solutions are becoming more and more important."
Tuesday, April 5, 2011
Outpost24 Customer Corner
**Excerpt from the Outpost24 case study; 'The Centre des technologies de l’information de l’Etat in Luxembourg uses Outpost24's HIAB to stay secure'. The Centre des technologies de l’information de l’Etat (CTIE) was established by the Luxembourg Government as part of an administrative reform to better meet the challenges of the information society and support the spread of electronic exchanges within government. Originally CTIE looked into some of the free solutions available for vulnerability scanning but quickly saw that these did not contain all the features required to support a complete process for managing vulnerabilities in a cost-efficient way.
"Outsourcing can be very expensive and using open source tools is time consuming to manage. HIAB does what it should do - it's easily manageable, straight forward, and helps to achieve the defined level of security we had been looking for.", stated the Security Officer of CTIE.
**Excerpt from the Outpost24 case study; 'The Netherlands #1 Real Estate Website Relies on OUTSCAN for Automated External Vulnerability Assessment and Management'. As the leading real estate website in The Netherlands, Funda needed an automated process for external vulnerability management to reduce the amount of time spent on finding and correcting identified vulnerabilities manually.
Marcel Begnor, Funda IT Manager stated “There was an instance where I was surprised to see that the OUTSCAN report showed a high-risk finding on one of our company web-apps which runs on port 443. So, I started to look into the high-risk finding, which revealed a possible XSS/cross site scripting exploit. Two weeks later the manufacturer distributed an email saying they had serious exploits in the products with XSS/cross site scripting and that customers needed to update their servers and systems. So, Outpost24 actually gave me the warning two weeks in advance which was fantastic.”
Read more Outpost24 case studies at: http://outpost24.com/support-resources.html
"Outsourcing can be very expensive and using open source tools is time consuming to manage. HIAB does what it should do - it's easily manageable, straight forward, and helps to achieve the defined level of security we had been looking for.", stated the Security Officer of CTIE.
**Excerpt from the Outpost24 case study; 'The Netherlands #1 Real Estate Website Relies on OUTSCAN for Automated External Vulnerability Assessment and Management'. As the leading real estate website in The Netherlands, Funda needed an automated process for external vulnerability management to reduce the amount of time spent on finding and correcting identified vulnerabilities manually.
Marcel Begnor, Funda IT Manager stated “There was an instance where I was surprised to see that the OUTSCAN report showed a high-risk finding on one of our company web-apps which runs on port 443. So, I started to look into the high-risk finding, which revealed a possible XSS/cross site scripting exploit. Two weeks later the manufacturer distributed an email saying they had serious exploits in the products with XSS/cross site scripting and that customers needed to update their servers and systems. So, Outpost24 actually gave me the warning two weeks in advance which was fantastic.”
Read more Outpost24 case studies at: http://outpost24.com/support-resources.html
Outpost24 Product Updates April 1st 2011
Advanced Web Application Scanner: The Web Application Scanner has been enhanced to a Full Web Application Scanner. This module is available as an additional module to your current OUTSCAN or HIAB subscription. Both OUTSCAN and HIAB will continue to support the current basic Web Application Scanning for reflected XSS and SQL Injection as before without the additional module. The enhanced Web Application Module has advanced settings for the Web Application Scanner which will be available upon acquiring the Web Application Module.
Export Reports from Dashboard: Users can now export a report from the Dashboard. The report will be exported as a PDF.
Create Dynamic Groups based on a result after a scan: Users will have the ability to create Dynamic Target Groups based on information in the Reporting Tool. For example, if a User decides to filter and sort the findings to view only the High Risk findings for Internet Explorer, then the User can right click on the filtered findings to create a Dynamic Target Group to always show Targets with High Risk Internet Explorer findings.
Smart Display of Top Groups in Dashboard: The Top Groups grid in the Dashboard has been changed to a 'Tree Target Group Administration' which allows the nodes to be collapsed or expanded and remain in memory. Top Groups are shown based on each Groups own value and is not summarized for Parent Groups.
HIAB event when opening a back channel: The HIAB can be set up to send an event via email, syslog or snmp when the back channel has been activated or deactivated. This information is also stored in the Audit Log.
Export Reports from Dashboard: Users can now export a report from the Dashboard. The report will be exported as a PDF.
Create Dynamic Groups based on a result after a scan: Users will have the ability to create Dynamic Target Groups based on information in the Reporting Tool. For example, if a User decides to filter and sort the findings to view only the High Risk findings for Internet Explorer, then the User can right click on the filtered findings to create a Dynamic Target Group to always show Targets with High Risk Internet Explorer findings.
Smart Display of Top Groups in Dashboard: The Top Groups grid in the Dashboard has been changed to a 'Tree Target Group Administration' which allows the nodes to be collapsed or expanded and remain in memory. Top Groups are shown based on each Groups own value and is not summarized for Parent Groups.
HIAB event when opening a back channel: The HIAB can be set up to send an event via email, syslog or snmp when the back channel has been activated or deactivated. This information is also stored in the Audit Log.
10 Tips for Staying Safe on Social Network Sites
Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person. While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that's available.
Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer or sharing your information without your knowledge.
How can you protect yourself?
1. Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine.
2. Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it.
3. Be wary of strangers - The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites.
4. Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities.
5. Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people.
6. Be wary of third-party applications - Third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable and avoid applications that seem suspicious.
7. Use strong passwords - Protect your account with passwords that cannot easily be guessed. Also, make sure that information given in your profile does not help give away your password, for example; favorite sports team, pets name, etc.
8. Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam.
9. Keep software, particularly your web browser, up to date - Install software updates so that attackers cannot take advantage of known problems or vulnerabilities.
10. Use and maintain anti-virus software - Anti-virus software helps protect your computer against known viruses, so you may be able to detect and remove the virus before it can do any damage.
**This information is available on the US-CERT website as a National Cyber Alert System Security Tip.
Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting your computer or sharing your information without your knowledge.
How can you protect yourself?
1. Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine.
2. Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it.
3. Be wary of strangers - The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites.
4. Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities.
5. Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people.
6. Be wary of third-party applications - Third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable and avoid applications that seem suspicious.
7. Use strong passwords - Protect your account with passwords that cannot easily be guessed. Also, make sure that information given in your profile does not help give away your password, for example; favorite sports team, pets name, etc.
8. Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam.
9. Keep software, particularly your web browser, up to date - Install software updates so that attackers cannot take advantage of known problems or vulnerabilities.
10. Use and maintain anti-virus software - Anti-virus software helps protect your computer against known viruses, so you may be able to detect and remove the virus before it can do any damage.
**This information is available on the US-CERT website as a National Cyber Alert System Security Tip.
Outpost24 Security News April 1 2011
ata Breach Costs Rise: According to researchers at the Ponemon Institute and Symantec, the cost of a data breach rose for the fifth straight year to an average $7.2 million per incident, up 7 percent from 2009. That's $214 for every compromised customer record breached. The most expensive breach reported in 2010 was $35.3 million, and the least expensive was $780,000, both up from the previous year. A key factor in the rising cost is the fact that criminals account for a larger share of the data breaches and they are significantly more expensive to contain and fix.
Is Hacktivism the same as Cyber-Terrorism?: When a 22 year old Newcastle resident was branded a terrorist under Australian law for co-ordinating an internet attack by Anonymous members in reaction to the Internet Censorship Bill, University of NSW law researcher Keiran Hardy responded by stating that the boundaries between what is considered a protest, a criminal activity or terrorism online are becoming increasingly blurred. In his article, 'Operation Titstorm: Hacktivism or Cyber-Terrorism?', published this year, Hardy examines whether online protests could be prosecuted as acts of terrorism under the Commonwealth criminal code.
Average UK Business losing £10,000 yearly to Cyber Crime: The average UK business is losing £10,000 a year thanks to cyber espionage, extortion and other forms of online fraud. This information was revealed through the first joint Government and industry report into the extent and cost of cyber crime across the UK, launched by the Office of Cyber Security and Information Assurance in the Cabinet Office and information intelligence experts Detica. The cost to the economy, estimated at £27bn, is significant and likely to be growing.
Cyber Attacks Threaten Oil & Gas Security: Through an article featured in Security Advisor Middle East, Mohamed Rizvi, Manager, Information Security and Advisory Services at eHosting DataFort demonstrates the main threats to oil and gas security across the MENA region, stating that while cyber threats mainly focus on organizational data or classified information and that these attacks affect critical infrastructure which is common for all sectors. This includes connectivity between offshore refineries and the main offices via Internet to transmit data to local networks.
Biggest Single Source of Global Spam: Spam volumes have returned to normal following a holiday lull that saw a drastic reduction of junk mail. The Rustock botnet, which specializes in spamvertising unlicensed pharmaceutical websites, is once again "spewing copious volumes of useless junk mail courtesy of hundreds of thousands of compromised Windows machines." Its return on January 10th resulted in the doubling (98 percent increase) of global junk mail volumes over the course of just 24 hours according to MessageLabs.
Is Hacktivism the same as Cyber-Terrorism?: When a 22 year old Newcastle resident was branded a terrorist under Australian law for co-ordinating an internet attack by Anonymous members in reaction to the Internet Censorship Bill, University of NSW law researcher Keiran Hardy responded by stating that the boundaries between what is considered a protest, a criminal activity or terrorism online are becoming increasingly blurred. In his article, 'Operation Titstorm: Hacktivism or Cyber-Terrorism?', published this year, Hardy examines whether online protests could be prosecuted as acts of terrorism under the Commonwealth criminal code.
Average UK Business losing £10,000 yearly to Cyber Crime: The average UK business is losing £10,000 a year thanks to cyber espionage, extortion and other forms of online fraud. This information was revealed through the first joint Government and industry report into the extent and cost of cyber crime across the UK, launched by the Office of Cyber Security and Information Assurance in the Cabinet Office and information intelligence experts Detica. The cost to the economy, estimated at £27bn, is significant and likely to be growing.
Cyber Attacks Threaten Oil & Gas Security: Through an article featured in Security Advisor Middle East, Mohamed Rizvi, Manager, Information Security and Advisory Services at eHosting DataFort demonstrates the main threats to oil and gas security across the MENA region, stating that while cyber threats mainly focus on organizational data or classified information and that these attacks affect critical infrastructure which is common for all sectors. This includes connectivity between offshore refineries and the main offices via Internet to transmit data to local networks.
Biggest Single Source of Global Spam: Spam volumes have returned to normal following a holiday lull that saw a drastic reduction of junk mail. The Rustock botnet, which specializes in spamvertising unlicensed pharmaceutical websites, is once again "spewing copious volumes of useless junk mail courtesy of hundreds of thousands of compromised Windows machines." Its return on January 10th resulted in the doubling (98 percent increase) of global junk mail volumes over the course of just 24 hours according to MessageLabs.
Subscribe to:
Posts (Atom)