VariBlog - The Cloud Communications Blog » Social Enterprise

2010 Security Threats…. Adobe, Twitter and HTML

varidion — Tue, 29 Dec 2009 19:36:39 +0000

McAfee predict that Adobe, Facebook and Twitter will be the top hacks for 2010. Amongst its other predictions, it also sees the emergence of a new vehicle for attacks in the form of HTML 5, an update to the Web markup language that will support delivery of online video and allow Web applications to run offline.

HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users,” McAfee said.

As the browser becomes an integrated part of the desktop and its communication language can access local resources, security devices such as firewalls and Intrusion Detection Systems will be ineffective against these threats in 2010.

Speak to Varidion today about implementing a Next Generation Firewall, that understands these applications and can prevent your data leaving from under your nose.

Read the full report.

Social Enterprise can damage your wealth.

varidion — Mon, 21 Dec 2009 11:11:42 +0000

Attackers love to tempt people with freebies, security experts say. “The bait that works best is a popular device,” says Sherri Davidoff, a penetration tester who breaks into corporate networks. One of her most successful techniques is simple; a fake employee survey. Victims fill it out thinking they’ll qualify to win an iPod if they hand over sensitive information and 30% do!

It’s this trust that allowed the Koobface worm to spread throughout Facebook and led to a rash of direct-message attacks on Twitter. The worm connects to a site using log-in credentials stored in the gathered cookies and sends messages to the friends of an infected user. It also sends and receives information from an infected machine by connecting to remote servers and allows attackers to execute commands on infected machines. The worm is also targeting users of other social-networking sites, including MySpace, Bebo, Friendster, hi5, MyYearbook, Tagged.com, Netlog, Fubar, and LiveJournal.com.

It’s all part of the next round of social enterprise attacks and the Enterprise must be prepared. Social Networking applications are more than just another website, many have plug-ins and modules that push and pull information via HTTP while others use SSL and port hopping to bypass the corporate firewall. So if your protection, i.e. your firewall, doesn’t understand the applications your not protected. Assuming that all port 80 is HTTP is wrong. Assuming that all SSL traffic must be official because it’s encrypted is also wrong. Assuming you also block these sites via URL checking is also wrong.

The only way to protect yourself is by properly identifying the applications entering and leaving your network, by actual name and type not by IP address and port.

Just think what could be leaving your network… as you embrace the social enterprise because of the good benefits like productivity gains and cost savings, don’t inherit the bad bits such as data loss and theft. Speak to us about auditing your network and the applications using it and I bet we find applications in use you thought were blocked.

Stephen Fry Explains Web2.0

varidion — Tue, 08 Dec 2009 12:49:29 +0000

Many people ask, what is Web 2.0? I found this basic but good overview from none other than Stephen Fry

Confidential Data – Leaving via an IPS near you…

varidion — Tue, 08 Dec 2009 12:04:10 +0000

One of the biggest information security news items over the past Year is the leaking of confidential or sensitive data by specific applications. Ironically, the applications that facilitated these breaches were specifically forbidden, but because these programs masquerade as valid applications or hide within SSL encryption, traditional network security and IPS appliances are oblivious to the breaches.

With today’s dynamic applications, a next generation of network security device is required;

One that can identify the applications in use, even when they are trying to hide.
One that can identify who has these applications, either through choice or via malware infection.
One that will control what’s entering and leaving your network, even if it’s encrypted inside SSL.

And until recently you needed to add another point solution or applicance to protect your network.

Next Generation Firewall vendor, Palo Alto Networks, has grasped the nettle and created a Multi-Gigabit Firewall that can identify, control and report on over 1000 applications right down to a user level and even if shrouded in encryption. Refreshingly, implementing a Palo Alto Next Generation Firewall from Varidion will reduce your appliance sprawl as this single device delivers URL control; Spam filtering; Remote Access (IPSEC and SSL) and Malware detection all for less than £1,000 per month.

Can you afford not to implement one? Call us today..

File Sharing – Not Just a Geek Problem

varidion — Sat, 05 Dec 2009 13:52:31 +0000

An alarming trend has been indentified by our Partner, Palo Alto Networks, in their Applications Usage and Risks Report: browser based file sharing has overtaken the use of client specific Peer 2 Peer applications for the first time.

So what?

Well its simple, if today you detect and remove the use of file-sharing software within your business by managing and removing applications loaded onto your PCs, then this method is now redundant. That is, unless you plan to remove browsers from your PCs?

Browser-based file sharing applications are a direct avenue for the transfer of confidential data and allows user download of infected files and malware-infested advertising.

The remedy is simple; you need to identify and control your applications at the network layer. By their very nature, P2P, Malware and many Web2.0 applications masquerade as valid web and SSL traffic by hiding within their ports and protocols. So unless your firewall can identify these rogue applications you have no way of controlling them. Can your firewall distinguish between valid http and file-sharing http?

At Varidion, our Next Generation Firewall can identify and classify some 900 applications so control and protection is simple. If you still managing by port & protocol speak to us about a free trial of our service, we will even give you a report outlining all the applications in use on your network. I guarantee we’ll find something you don’t like!

Is Fixed Mobile Convergence too late?

varidion — Tue, 17 Nov 2009 11:44:19 +0000

IDC have reported that by 2013 it expects an 18% increase in the number of personal mobile phones used for business. In terms of actual devices this amounts to a staggering 57 Million mobile devices. And if IDC are correct, just think of all those expense claims; all those hours tagging your business calls and data usage from your personal bill!

But the real question isn’t how employees will get reimbursed for the business use; it’s has consumerisation driven the market to such a level that employees (consumers) will simply use their own device and bundle because its there, it’s the device they want, and allows them to integrate their work and life?

It’s a big question and one that if an Enterprise or Mobile Operator gets wrong could cost them millions. With Fixed Mobile Convergence solutions finally moving from PowerPoint into real demonstrable solutions, who owns the mobile device will be critical to the success of specific FMC solutions.

Lets look at our Generation Y workforce:

The mobile device they carry is a lifestyle decision.
They call 07 mobile numbers as opposed to 01/02 landlines.
Text and Instant Messenger are as important as Voice.
The biggest growth area of Social Networking is from mobile devices.

So if everyone is happy calling each other on their mobiles for business or pleasure, I can Text, Instant Message and update my Web 2.0 applications from my device, but more importantly it’s the device I wanted.

For me the question is simple: can the mobile operators deliver cost effective Fixed Mobile Convergence products before users don’t need them, because if there is no Fixed then you don’t need to converge it!

Embrace the Net Generation – You have NO Choice

varidion — Thu, 12 Nov 2009 09:39:18 +0000

There are lots of papers, blogs and videos amplifying the challenge of the coming wave of Generation Y people, but I thought the video below communicates this better than most. For those that don’t know, the Y Generation, or those born between the years 1982 and 2001, have been dubbed the “Net Generation” and have been found to use technology at a higher rate than members of any other generation.

By 2012, 52 per cent of the UK’s working population will be members of Generation Y, and they will be avid users of social networks such as Facebook, LinkedIn and Twitter.

As consumers of these social networks, these Gen Y’s are turning up to work at an enterprise and simply expect that social networks will be at their disposal. Many will find that companies have blocked these sites to protect productivity and efficiency. Those companies who block the use of social networking sites just don’t know how to utilise them appropriately to leverage their business. There are big companies out there that have embraced them, and have been using social networking tools for years, tapping into the collaborative working opportunities that are available via the internet. Staff who have access to these tools can communicate with clients via instant message. They could join the Facebook groups of client companies or follow them on Twitter. Millions of people are using Twitter to connect with their industry peers. Also, think about the power of a manager being able to connect with employees immediately regardless of where they are…. This is all possible, and it doesn’t breach security if implemented correctly… Speak to Varidion and start gaining the benefits of Web 2.0 today.

Twitter outpaces IM in the Social Enterprise

varidion — Tue, 10 Nov 2009 08:09:17 +0000

In a recent application survey of 200 Enterprises it was found that Twitter was used in 89% of companies monitored, up from 35% in Spring 2009, making it more popular than Instant Messenger. Amazingly the 250% increment of Twitter resulted in a 775% increase on bandwidth. The march of Social Networking applications into the Enterprise continues, with Facebook use increased by 192% and Google Apps was found in use at 82% of companies monitored. The facts are simple, you can’t stop the march of the Social Enterprise, your Employees will use these next generation Web 2.0 applications to do their job so best you learn how to manage & control these. However, there’s the rub, most technologies today can only turn these applications Off or On so restricting access to the good along with the bad. At Varidion with our Partner Palo Alto Networks we have created a managed security service that allows businesses to fully embrace all the benefits of the Social Enterprise with piece of mind these applications are being used for the right reason. Call Varidion today to discuss our Managed Security Services.

Customer complaints on Facebook – Who cares? Retailers Must!

varidion — Tue, 03 Nov 2009 09:06:03 +0000

Today the consumer is more likely to air their grievances on social networking sites such as Facebook, Twitter and their Blogs before making an actual complaint to the retailer, but only the Web 2.0 savvy retailers are listening.

According to Brand Reputation, over 80% of surveyed consumers are more likely to look for online reviews than 12 months ago, but crucially they are five times more likely to tell friends and post negative feedback.

Brand Reputations CEO said, “When this trend occurs via the Web, these numbers quickly multiply and could spell disaster for retailers who don’t have strategies in place.”

It’s critical a retailer embraces Social Media, the Net-Generation consumer doesn’t read Which, they take peer review and negative feedback as their key litmus test. So while the Retailers website has become its shop front, Social Media will be become its marketing media, but unless managed and controlled it could prove fatal.

Enterprise 2.0 – Can you afford not to be one?

varidion — Mon, 19 Oct 2009 10:04:12 +0000

Time and time again CIOs and IT managers we speak to claim they believe that Social Networking and Web 2.0 applications deliver their business value but when further interrogated they cant quantify this. But the amusing point is… they comment that their corporate security policy prevents access to these anyway, but they know the employee is using them! So again, security is used an excuse not to adopt something businesses simply don’t understand….

In the recent McKinsey Report: Building the Web 2.0 Enterprise the facts are stark, more and more companies are using Web 2.0 applications within their businesses but crucially they are seeing real benefits. Of the 1,500 CIOs surveyed during the report a key swing was noted; web based tools usage reduced to 58% from 70%, so what are people using? Wikis and RSS both saw double-digit growth but the prize goes to Blogs, a huge 61% increase on the previous year. The survey also shows that the use of these tools is both intense and wide-ranging. Companies report that they are using Web 2.0 both within and outside their walls and they forge tighter links with customers and suppliers and engage employees more successfully.

Also fundamental changes are beginning to take place among companies as a result of their ambitious use of Web 2.0. These companies are not only using more technologies but also leveraging them to change management practices and organizational structures. Some are taking steps to open their corporate “ecosystems” by encouraging customers to join them in developing products and by using new tools to tap distributed knowledge, but the key fact is simple; those who have adopted these tools see them delivering a competitive advantage and they will allow them to become more aggressive in the marketplace against their rivals.

Can you afford not to be a 2.0 Enterprise?