Posts Tagged ‘network security’

Breaches, Breaches, Everywhere … and not an end in sight!

Posted in Security on October 27th, 2009 by Robin – Be the first to comment

Security terms like “data breach” are probably known to most households and businesses, but many of us don’t realize just how prevalent the problem really is. We’ve become accustomed to news reports of large data exposures, and to receiving letters in the mail indicating that our private information may have been compromised.

Just as with most things, we slowly become desensitized to recurring news of data loss events, and often choose to accept those events as an inevitable part of life that we have no control over. We only start to pay attention when we see the effect of a breach impacting our personal finances, our jobs, or an organization that we do business with.

Privacy Rights Clearinghouse (PRC) is a nonprofit consumer information and advocacy organization, and a source that I frequently quote when speaking to groups about the topic of information breaches and data leak protection. PRC maintains a chronology of data incidents involving private or confidential data, and it certainly makes for interesting reading.

October was another busy month for breach activity. While you probably didn’t hear about these events in the mainstream media, as of this writing PRC lists no fewer than 12 separate events of compromised information. Some of the data compromised included U.S. Social Security numbers and patient medical information. Breached organizations this month include the U.S. Army, BlueCross BlueShield, and several education and medical institutions. The breaches occurred through a number of common data leak conduits, including discarded documents, lost USB thumb drives, and stolen laptops. One event was the result of an incorrectly disposed of disk unit that contained 76 million (yes, million!) records on US military veterans.

So with this many data breaches occurring in any given month, it still amazes me that IT teams even now have to sell management on the value of securing data assets. When we conduct compliance assessment scans, we still come across the “it will never happen to us!” mentality. We also hear “it’s okay since my users don’t know how to do that,” which is almost as bad. Trust me when I say: It can happen to you, and it only takes one user who knows how to do it to bring the whole organization crashing down.

If all of this breach information still isn’t enough to spur you to move forward with your own security initiative, then perhaps you’ll be interested in this week’s news about the $275,000 fine leveled against ChoicePoint, one of the nations largest data brokers (http://www.ftc.gov/opa/2009/10/choicepoint.shtm).

For more information on PRC, or to view their continuously expanding list of data incidents, visit their Web site at www.privacyrights.org.

How to Survive a Data Breach—Webinar 11/18/2009

Posted in Webinars on October 22nd, 2009 by Christopher – Be the first to comment

Statistics suggest that it’s not a matter of if you will suffer some form of corporate data loss, but when. Giant corporations, with a significant investment in security infrastructure, have found themselves on the wrong side of the headlines. If it can happen to them, it can happen to you! Building a plan that encompasses both security and compliance controls, as well as incident planning ensures that you minimize the risk, and know how to react if the worst case scenario occurs.

Join this webinar to hear discussion of:

  • Common causes of a Data Breach
  • Security Incident Response (SIR) planning
  • Manic response vs. Measured response
  • Breach cost projection / price of protection
  • What types of IBM i activities can (and cannot) be audited
  • What mechanisms are available to perform IBM i audit data forensics and intrusion alerting

Attendees are eligible to receive a FREE compliance assessment.

Products Featured
PowerTech Compliance Monitor
PowerTech Interact

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-Presenter: Jill Martin, PowerTech

Wednesday, November 18, 2009
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
robin-headshotRobin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.

jill-martin-headshotJill Martin is Technical Services Manager with the PowerTech Group, and brings a strong IBM i background to a security discussion. Jill has worked in a number of roles in the industry including a Help/Systems technical trainer, sales account manager, and most recently as a key member of the security team. Contact Jill at jill.martin@powertech.com.

Securing and Controlling Your Powerful Users—Webinar 11/11/2009

Posted in Webinars on October 22nd, 2009 by Christopher – Be the first to comment

One of the greatest challenges that an organization faces when securing an IBM i environment is protecting the system from the very people who are also charged with its care: programmers, administrators, and security officers. While these power users often need access to restricted objects and commands, they rarely need that level of access 24 hours a day, and definitely not without accountability.

Join this important session to learn about the vulnerabilities associated with powerful users. Discover Authority Broker, an award winning approach to regaining the control that your auditors demand, while still allowing your administrators and programmers to do their jobs.

Attendees are eligible to receive a FREE compliance assessment.

Products Featured
Authority Broker (with live demo)

Presenters
Main Presenter: Jill Martin, PowerTech
Co-presenter: Paul Culin, PowerTech

Wednesday, November 11, 2009
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
jill-martin-headshotJill Martin is Technical Services Manager with the PowerTech Group, and brings a strong IBM i background to a security discussion. Jill has worked in a number of roles in the industry including a Help/Systems technical trainer, sales account manager, and most recently as a key member of the security team. Contact Jill at jill.martin@powertech.com.

Paul ‘Paulie’ Culin is a security advisor with the PowerTech Group. As a product expert, his role at PowerTech includes managing numerous client training and implementation engagements, as well as hosting security presentations, webinars, and product demonstrations.

“It’s the 4th quarter, with only minutes left on the clock!”

Posted in Security on October 20th, 2009 by Robin – Be the first to comment

The PowerTech corporate offices in Eden Prairie, Minnesota, recently celebrated the arrival of October with a noticeable drop in outside temperatures, and a chilly blanket of several inches of snow. I’m told that hardy Minnesotans embrace these seasonal changes, but, coming from Iowa I know what the word “embraces” translates to: thick jackets, heavy boots, and a car that groans like a wounded animal when you try to start it in the morning!

It’s also the kick-off for the traditional fourth-quarter push for companies to allocate the remainder of their budgets. While this year has seen extensive financial hardship for individuals and companies alike, it has been an interesting one for a security solution provider such as PowerTech. While many technology initiatives were put on hold, or eliminated completely, many organizations have recognized that this type of economy is when you should be investing in security, as hardship often leads to a significant rise in security threats to your data.

A reduction in the workforce often stretches remaining resources to the limit, and manual tasks become an invasive burden on those companies already running with a lean staff. Who has time to manually pour through server event logs, when a day is consumed with “more important” tasks that someone else used to do?

The departure of users who had unrestricted access to corporate data provides an unparalleled threat of data leakage. With an increase in the number of disgruntled employees, even read-only access—once seen as the Holy Grail of data protection—is enough clearance to drag-and-drop a file onto a PC, and then smuggle it outside the borders of the organization through a variety of channels. USB thumb-drives now cost well under $100 for a 32GB model; enough space to hold almost seven DVDs worth of data! Internet-based e-mail services, such as Gmail and Yahoo, operate outside the control of corporate e-mail systems, and provide a lightning-fast conduit to transfer data out of the workplace. What’s most challenging about data theft detection is that the object that was stolen still can be found where you left it!

As you set your sights on the arrival of 2010, and a new decade of positive economic change, you might want to start working on that IBM i security initiative that you’ve been meaning to get to for the last few years. Give PowerTech a call! We have solutions that not only help prevent data leakage, but also ease the burden of monitoring system and security events—even in real-time.

Now, does somebody around here know where I can get a remote-starter for my car?

Configuring Real-time Security Event Notification Webinar—10/21/2009

Posted in Webinars on October 9th, 2009 by Christopher – Be the first to comment

The IBM i operating system includes a facility to audit system and user events. However, once the event data is collected the challenge becomes how to disseminate the raw data into useful information, and how to do it in real-time.

Join this webinar to understand:

  • How to configure the IBM i operating system to record system and user events
  • Adding PowerTech Network Security to audit network-based events (FTP, ODBC)
  • How to send real-time alert notifications as syslog events to a Security Information and Event Management (SIEM) console using PowerTech Interact
  • How to send real-time alert notifications to email addresses and cell phones using Help/Systems’ Robot/Alert

Attendees are eligible to receive a FREE compliance assessment.

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-presenter: Paul Culin, PowerTech (Interact)
Co-presenter: Jill Martin, PowerTech (Robot)

Wednesday, October 21, 2009
8 a.m. Pacific / 10 a.m. Central / 11 a.m. Eastern
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bio
robin-headshotRobin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.