Why complex pa55w0rdz don’t work…..

May 20, 2010 by varidion Leave a Comment

Gmail, Yahoo, Hotmail, DropBox, ShareFile….. that’s why!

It’s very simple.  You can’t stop staff trying to extend their days or be available 24 x 7,  and it’s not just the younger Generation Y workers.  Gen X and even boomers have now shifted from work life balance to work life integration…..  So what’s this got to do with passwords? 

It’s data loss… 

Todays connected staff want to carry on their good work on that important spreadsheet or presentation at home, and the best way is the simplest way, email it or upload it to their home and personal account.  Instant data loss!  What protects this corporate data?  A weak password.

Probably their wife’s name,  kid’s name, a pet’s name or if they are security conscious they may have included their date of birth to help throw in a few numbers.  And this is all very public information, but if you don’t know it just ask for it. 

A recent blog claimed that as long as general questions are used as a ‘forgot password’ backup, most web authentication is no more secure than personal knowledge questions.

Joseph Bonneau from the University of Cambridge wrote that with incidents such as Sarah Palin‘s web mail account being hacked and the taking of Twitter documents from a Gmail account, the questions and answers for forgotten passwords are easy to look up online, often found in public records, and easy for friends and acquaintances to guess.

So Security Manager –  do you know what data is leaving your network?  No?   Speak to Varidion and we will show you…..

Filed under DLP, Managed Security, Next Generation Firewalls, Palo Alto Networks, Social Enterprise Tagged with ,

2010 Security Threats…. Adobe, Twitter and HTML

December 29, 2009 by varidion Leave a Comment

McAfee predict that Adobe, Facebook and Twitter will be the top hacks for 2010.  Amongst its other predictions, it also sees the emergence of a new vehicle for attacks in the form of HTML 5, an update to the Web markup language that will support delivery of online video and allow Web applications to run offline.

HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users,” McAfee said.

As the browser becomes an integrated part of the desktop and its communication language can access local resources, security devices such as firewalls and Intrusion Detection Systems will be ineffective against these threats in 2010.

Speak to Varidion today about implementing a Next Generation Firewall, that understands these applications and can prevent your data leaving from under your nose.

Read the full report.

Filed under Managed Security, Social Enterprise Tagged with , , ,

Social Enterprise can damage your wealth.

December 21, 2009 by varidion Leave a Comment

Attackers love to tempt people with freebies, security experts say.  “The bait that works best is a popular device,” says Sherri Davidoff, a penetration tester who breaks into corporate networks.  One of her most successful techniques is simple; a fake employee survey.  Victims fill it out thinking they’ll qualify to win an iPod if they hand over sensitive information and 30% do!

It’s this trust that allowed the Koobface worm to spread throughout Facebook and led to a rash of direct-message attacks on Twitter.  The worm connects to a site using log-in credentials stored in the gathered cookies and sends messages to the friends of an infected user.  It also sends and receives information from an infected machine by connecting to remote servers and allows attackers to execute commands on infected machines.  The worm is also targeting users of other social-networking sites, including MySpace, Bebo, Friendster, hi5, MyYearbook, Tagged.com, Netlog, Fubar, and LiveJournal.com.

It’s all part of the next round of social enterprise attacks and the Enterprise must be prepared.  Social Networking applications are more than just another website, many have plug-ins and modules that push and pull information via HTTP while others use SSL and port hopping to bypass the corporate firewall.  So if your protection, i.e. your firewall, doesn’t understand the applications your not protected.  Assuming that all port 80 is HTTP is wrong.  Assuming that all SSL traffic must be official because it’s encrypted is also wrong.  Assuming you also block these sites via URL checking is also wrong.

The only way to protect yourself is by properly identifying the applications entering and leaving your network, by actual name and type not by IP address and port.

Just think what could be leaving your network…  as you embrace the social enterprise because of the good benefits like productivity gains and cost savings, don’t inherit the bad bits such as data loss and theft.  Speak to us about auditing your network and the applications using it and I bet we find applications in use you thought were blocked.

Filed under Managed Security, Social Enterprise Tagged with , , ,

Stephen Fry Explains Web2.0

December 8, 2009 by varidion Leave a Comment

Many people ask, what is Web 2.0?  I found this basic but good overview from none other than Stephen Fry

Filed under Social Enterprise Tagged with , , ,

Is Fixed Mobile Convergence too late?

November 17, 2009 by varidion Leave a Comment

IDC have reported that by 2013 it expects an 18% increase in the number of personal mobile phones used for business.  In terms of actual devices this amounts to a staggering 57 Million mobile devices.  And if IDC are correct, just think of all those expense claims;  all those hours tagging your business calls and data usage from your personal bill!

But the real question isn’t how employees will get reimbursed for the business use;  it’s has consumerisation driven the market to such a level that employees (consumers) will simply use their own device and bundle because its there, it’s the device they want, and allows them to integrate their work and life?

It’s a big question and one that if an Enterprise or Mobile Operator gets wrong could cost them millions.  With Fixed Mobile Convergence solutions finally moving from PowerPoint into real demonstrable solutions, who owns the mobile device will be critical to the success of specific FMC solutions.

Lets look at our Generation Y workforce:Gen Yer

  • The mobile device they carry is a lifestyle decision.
  • They call 07 mobile numbers as opposed to 01/02 landlines.
  • Text and Instant Messenger are as important as Voice.
  • The biggest growth area of Social Networking is from mobile devices.

So if everyone is happy calling each other on their mobiles for business or pleasure, I can Text, Instant Message and update my Web 2.0 applications from my device, but more importantly it’s the device I wanted.

For me the question is simple: can the mobile operators deliver cost effective Fixed Mobile Convergence products before users don’t need them, because if there is no Fixed then you don’t need to converge it!

Filed under FMC, Social Enterprise Tagged with , , , ,

Twitter outpaces IM in the Social Enterprise

November 10, 2009 by varidion 1 Comment

In a recent application survey of 200 Enterprises it was found that Twitter was used in 89% of companies monitored, up from 35% in Spring 2009, making it more popular than Instant Messenger.  Amazingly the 250% increment of Twitter resulted in a 775% increase on bandwidth. social_networking The march of Social Networking applications into the Enterprise continues, with Facebook use increased by 192% and Google Apps was found in use at 82% of companies monitored. The facts are simple, you can’t stop the march of the Social Enterprise, your Employees will use these next generation Web 2.0 applications to do their job so best you learn how to manage & control these.  However, there’s the rub, most technologies today can only turn these applications Off or On so restricting access to the good along with the bad.  At Varidion with our Partner Palo Alto Networks we have created a managed security service that allows businesses to fully embrace all the benefits of the Social Enterprise with piece of mind these applications are being used for the right reason.   Call Varidion today to discuss our Managed Security Services.

Filed under Managed Security, Social Enterprise Tagged with , , , ,

Customer complaints on Facebook – Who cares? Retailers Must!

November 3, 2009 by varidion Leave a Comment

Today the consumer is more likely to air their grievances on social networking sites such as Facebook, Twitter and their Blogs before making an actual complaint to the retailer, but only the Web 2.0 savvy retailers are listening.

According to Brand Reputation, over 80% of surveyed consumers are more likely to look for online reviews than 12 months ago, but crucially they are five times more likely to tell friends and post negative feedback.

Brand Reputations CEO said, “When this trend occurs via the Web, these numbers quickly multiply and could spell disaster for retailers who don’t have strategies in place.”

It’s critical a retailer embraces Social Media, the Net-Generation consumer doesn’t read Which, they take peer review and negative feedback as their key litmus test.  So while the Retailers website has become its shop front, Social Media will be become its marketing media, but unless managed and controlled it could prove fatal.

Filed under Managed Security, Social Enterprise Tagged with , , , , ,

Banning access to Social Networking from the corporate network is futile

October 22, 2009 by varidion 2 Comments

Monday at Gartner Symposium in Florida, Carol Rozwell, of Gartner gave some wise words:

“Banning access to social media from the corporate network is futile.”

Carol is correct, we can’t stop social networking, you only have to look at the largest firewall installed, China!   They have failed to manage the flow of incoming information via Web 2.0 sites.  Today’s world we live in is digitally enabled and socially connected.  Moreover, the enterprise cannot protect its self from everything, they must learn to balance risk and performance, cloud and software as a service has great value, but they will introduce a change in how technology is managed and controlled.  Web 2.0, SaaS and Internet based social networking applications to carry real threats to corporations and must be managed effectively with today’s tools that understand these tools…

Filed under Managed Security, Social Enterprise Tagged with , , , , ,

Statefull Inspection Swiss Cheese – What’s the Point of your Firewall?

October 20, 2009 by varidion 1 Comment

swiss_cheese

Todays Firewalls

I’m sorry to tell you, its got more holes than a Swiss Cheese! Don’t be alarmed…..      most have.

Why?   They’re just simply out of date….

Basically today’s Web 2.0 applications have technology leapfrogged your security infrastructure, so while you diligently close ports and protocols these Net Generation applications choose another port, or better still masquerade as a valid protocol such as HTTPS so your firewall hasn’t a clue. Worried? You should be.

To restore the firewall as the core of your security infrastructure you need to look deeper into the traffic that’s flowing through it, something yesterday’s firewalls simply don’t and can’t do, that was until Nir Zuk one of the inventors of Statefull Inspection Technology headed back to the drawing board…. The outcome, a truly application aware security device that can accurately identify and classify over 900 of the today’s most dynamic applications irrespective of port, protocol but crucially evasion tactic. So finally the Enterprise can adopt Web 2.0 collaboration tools with the piece of mind they can actually control them.

Today, many Enterprises block applications such as Webex, LogMeIn, Yoics and P2P applications for very obvious reasons, again I have bad news, they are in use, you just can’t see them as they look just like valid http and http/s traffic. The facts are stark, in a recent application usage report of 60 large enterprises representing the behavior of 900,000 users, Peer 2 Peer applications were found in 92% of the enterprises, and web based file sharing in 72% of the companies and guess what; 100% had Firewalls and a further 82% had additional devices such as a Proxy, URL filter or an IPS.

Now that’s a great investment! Upgrade your business today speak to Varidion about an application aware network.

Filed under Managed Security, Social Enterprise Tagged with , , , , , , ,

Enterprise 2.0 – Can you afford not to be one?

October 19, 2009 by varidion 1 Comment

Time and time again CIOs and IT managers we speak to claim they believe that Social Networking and Web 2.0 applications deliver their business value but when further interrogated they cant quantify this.  But the amusing point is… they comment that their corporate security policy prevents access to these anyway, but they know the employee is using them!  So again, security is used an excuse not to adopt something businesses simply don’t understand….

In the recent McKinsey Report: Building the Web 2.0 Enterprise the facts are stark, more and more companies are using Web 2.0 applications within their businesses but crucially they are seeing real benefits.  Of the 1,500 CIOs surveyed during the report a key swing was noted; web based tools usage reduced to 58% from 70%, so what are people using?  Wikis and RSS both saw double-digit growth but the prize goes to Blogs, a huge 61% increase on the previous year. The survey also shows that the use of these tools is both intense and wide-ranging.  Companies report that they are using Web 2.0 both within and outside their walls and they forge tighter links with customers and suppliers and engage employees more successfully.

Also fundamental changes are beginning to take place among companies as a result of their ambitious use of Web 2.0.  These companies are not only using more technologies but also leveraging them to change management practices and organizational structures.  Some are taking steps to open their corporate “ecosystems” by encouraging customers to join them in developing products and by using new tools to tap distributed knowledge, but the key fact is simple; those who have adopted these tools see them delivering a competitive advantage and they will allow them to become more aggressive in the marketplace against their rivals.

Can you afford not to be a 2.0 Enterprise?

Filed under Social Enterprise, Varidion Tagged with , , , ,