EdgeWave Security Solution Supports YouTube EDU to Ensure Safe and Productive Web Content for Students

EdgeWave Inc., a leading provider of Secure Content Management (SCM) solutions, today announced that its brand new release, iPrism Web Security v7.0, includes native support for student access to YouTube EDU-only content. The seamless integration allows educational institutions to support compliance to acceptable use policies for accessing video content that has been deemed by school administrators to be safe and appropriate, while other video content is blocked.

YouTube EDU is a free service that provides educators and their students with access to hundreds of thousands of educational videos from well-known organizations such as Stanford, PBS and TED, as well as from popular up-and-coming YouTube partners like Khan Academy, Steve Spangler Science and Numberphile. YouTube for Schools was launched in December 2011 as a way to deliver YouTube EDU’s growing collection of educational content to as many schools as possible. The service offers school-friendly features such as the ability for teachers to customize their own content by creating playlists to add to their curricula. YouTube EDU helps teachers create these lists by organizing content by subject and grade for quick access. The addition of iPrism Web Security support gives schools added assurance that students will have access to only the YouTube for Schools content they have chosen, while other video content will be blocked.

“There’s enormous appetite from teachers to use educational YouTube videos in the classroom. We’ve been working on technology solutions to make it easier for schools to access just the videos from within YouTube EDU,” said Angela Lin, Head of Education at YouTube. “Smart technology like EdgeWave’s will make it easier for busy school IT administrators to enable access to YouTube EDU, giving teachers an engaging new resource to educate and inspire their students and bring learning to life.”

“Enabling schools and educational customers to create safe and productive internet access is critical to supporting an effective learning environment for our education customers,” said Steve Kelley, SVP of Corporate Development and Product Strategy at EdgeWave. “Working together with YouTube EDU to ensure that only approved content is delivered to students offers a great benefit to our mutual customers.”

EdgeWave’s iPrism Web Security solution was originally developed to serve the education market and has a strong track record with K-12 schools. EdgeWave has long supported school Web safety and CIPA requirements and the latest release of iPrism v7.0, which was announced today, continues that commitment. Many iPrism features are aimed at mitigating the threats schools face such as Web 2.0 applications, circumvention attempts and remote and roaming users who access the school network. Added support for YouTube EDU furthers EdgeWave’s commitment to the education market.

For more information regarding the integration of iPrism v7.0 and YouTube EDU, please visit:
http://www.edgewave.com/products/web_security/technology_youtubeSchools.asp.

To attend a joint webinar discussing this announcement and corresponding integrated solution, please sign up at: http://www.edgewave.com/resources/Youtube_webinar.asp.

About YouTube for Schools
YouTube for Schools is a network setting that lets schools access free educational YouTube videos while restricting access to other YouTube content. Students can learn from more than 500,000 videos, from well-known organizations like Stanford, PBS and TED, and from up-and-coming YouTube partners with millions of views, like Khan Academy, Steve Spangler Science and Numberphile. Schools can also customize their YouTube for Schools experience by granting access to additional YouTube videos for viewing only within their school network.

Pravin Kothari, Founder and CEO of CipherCloud, comments on the recent Global Payments breach

“While MasterCard and Visa continue to investigate the massive security breach of Global Payments, what’s most shocking is that breaches happen so often that it’s actually not shocking anymore. This time, over 50,000 Visa and MasterCard cardholders may have had their personal data stolen. Although the breach details are not yet disclosed, people familiar with the investigation estimated that it could be hundreds of thousands.

“The breach is an example of why PCI DSS compliance is inadequate. In spite of growing profits and huge revenues in billions of dollars, companies such as Global Payments are focusing more on doing minimal to somehow obtaining compliance certification than on really protecting their customer data.  If companies don’t implement enough controls to protect sensitive data, it’s only a question of when, not if, a breach will happen as cybercriminals are becoming highly advanced and organized. A small missing technical control can become executives’ nightmare and business disaster on such breaches as they suffer significant impact on reputation, revenues and stock prices.

“It’s time for organizations to take greater responsibility for the protection of their customers’ sensitive data, regardless of where it resides—behind their firewall, with a business partner, or in the cloud. Demanding that businesses encrypt sensitive customer data is a step in the right direction.” 

Data Privacy Day and Thoughts from a Security CEO

January 28^th is the annual Data Privacy Day.  Data Privacy Day is an international celebration designed to promote awareness about privacy and education about best privacy practices.

Stina Ehrensvard, CEO for Yubico shares her thoughts on the importance of this day.

“The Internet was designed for sharing, not security. As we have moved our business, e-governments and social lives online, and as these digital services become more and more sophisticated, so do fraudsters. Online identity theft is today the fastest going crime, with trillions of dollars in yearly losses.

However, just as the safety belt for cars was not adopted in larger scale until it was a simple one second procedure, users will not adopt online identity protection if it is too complicated to use. And just as your driver license verifies your identity across multiple services, a secure and simple identity and authentication method that can be re-used across the range of Internet services will be needed for mass implementation. White House Initiative National Trusted Identities in Cyberspace (NSTIC) could make a difference here, driving mass implementation of online identity protection for US citizens and services, based on open identity standards and new authentication technologies.”

San Diego’s NextLevel Internet Delivers 2011 Year in Review

NextLevel Internet, Inc., a leader in mission-critical Internet access and hosted voice services, is pleased to deliver a 2011 year in review and 2012 technology forecast.

“2011 was our most profitable and successful year to date. Not only did we see double digit growth in revenue and client base, but we also increased our number of employees by 26 percent,” said Jerry Morris, founder of NextLevel Internet, Inc. “We are continuously adapting and evolving our service offerings to make sure we are providing our B2B clients with the best privately managed voice, Internet, and cloud based data services available in the market. As we look forward into 2012, we see this trend to continue as we will be offering new services to remain ahead of the ever changing needs of our clients.”

Customer Satisfaction — In 2011, NextLevel Internet received the highest recognition for the company’s customer service and support. The company scored a Customer Excellence rating of 98 percent in a survey to the company’s existing client base. Conducted by Strategic Business Communications, Inc. (SBC) during a three month period from February through April 2011, the outside blind survey asked respondents to rate interactions, transactions and satisfaction levels between themselves and NextLevel Internet.

California Power Outage — Further expanding on NextLevel Internet’s mission-critical offerings; during the massive power outage on September 8, 2011, the company’s NextLevel Voice(TM) and Co-location services provided uninterrupted service to emergency organizations and first responders. The power outage, which was the largest recorded in the region’s history, lasting more than 10 hours left roughly eight million people and thousands of organizations in parts of Southern California, Arizona and New Mexico without power, Internet, and phone access. This disruption of power and the associated loss of connectivity could have resulted in the loss of life, money, or reputation for many of those affected.

NextLevel Voice Adoption Rate — Introduced as a new service in 2008, NextLevel Internet’s flexible hosted voice service, NextLevel Voice saw an increase in revenues of 65 percent during 2011. Clients have installed and retained NextLevel’s voice solutions because of the quality, reliability, affordability and disaster recovery (DR) attributes.

NextLevel Voice provides organizations with 10 to 500+ employees the advanced features and security of a sophisticated Private Branch Exchange (PBX) system for a fraction of the cost, with unsurpassed ease of use and zero system maintenance fees.

Data Center Expansion — In 2011, the company increased access to its new, secure, 88,000 square foot, SAS 70 Type II compliant data center in Rancho Bernardo, CA. The expansion to the new World Trade Drive Data Center followed the relocation of NextLevel Internet’s headquarters to North County San Diego in September 2010. SAS 70 Type II compliance certifies that NextLevel Internet’s data center has adequate controls and safeguards in place when hosting and processing data for the company’s clients.

Managed Internet Infrastructure — NextLevel Internet’s privately managed Clear Channel connectivity options allow businesses with 10 to 500+ employees the ability to control the quality of service (QoS) and class of service (CoS) to include its hosted voice service offerings. NextLevel’s mission critical Internet access and 24/7 NOC services are designed to give businesses everything they need to maximize company uptime and headquarter all remote sites.

For organizations that would like to request more information on NextLevel Internet’s business-to-business co-location, Internet, hosted voice, and managed data services, please visit www.nextlevelinternet.com .

Statement from Yubico CEO on Zappos.com Security Breach

“A security breach of the magnitude experienced by Zappos.com is a serious concern for any business that relies exclusively on Internet orders for sales,” said Stina Ehrensvard, CEO, Yubico, Palo Alto, California and Stockholm, Sweden, commenting on how hackers exposed 24 million client records in a security breach over the weekend.  “While it appears Zappos’ securely protected the database that housed credit card information, hardware security modules (HSMs) could have prevented the exposure of Zappos’ customer password data that were compromised from the organization’s servers in Kentucky.  The exposure of email addresses and password hashes of weak and duplicated passwords leaves customers exposed across potentially many sites.  The perception is HSM and related services are very expensive, but the cost and complexity for this needed technology has fallen dramatically to a few hundred dollars and the cost of not deploying it is very high as Zappos has shown.”

“Additionally, Zappos has reset and expired their customers passwords and is helping them choose new passwords.  We believe a better solution is the new breed of consumer-friendly one time passcode tokens that users can keep on their key chains to replace weak and duplicated passwords,” Ehrensvard continued.

DeviceLock Names Vincent Schiavo as Chief Executive Officer

DeviceLock, Inc., a leading developer of endpoint data leak prevention software, is pleased to announce the appointment of Vincent M. Schiavo as the company’s Chief Executive Officer. In this role, Mr. Schiavo will focus on the global expansion of DeviceLock endpoint data leak prevention software and the execution of the organization’s vision and strategic direction.

A veteran of the computer industry for more than 30 years, most recently Mr. Schiavo served as the Executive Vice President of Worldwide Sales for LogLogic, a San Jose-based security information and event management provider.

Prior to LogLogic, Mr. Schiavo was the Senior Vice President of Worldwide Sales and Marketing for Secure Computing, a San Jose-based web information security company which was acquired by McAfee in 2008. During his six-and-a-half-year tenure at Secure Computing, Mr. Schiavo built a worldwide sales team that drove the company’s billings from under $36M to over $300M per year.

“Vince brings an impressive resume from both a business perspective and depth of technology expertise,” said Ashot Oganesyan, founder, DeviceLock, Inc. “We look forward to using Vince’s strong business background to continue to expand our global reach.”

“The introduction of employee-owned devices such as smart-phones, digital cameras, iPads and other USB-attached devices has dramatically increased the risk of data loss and information theft in the enterprise,” said Vince Schiavo, CEO, DeviceLock, Inc. “DeviceLock has positioned itself as a premier enforcer against data loss and as an integral part of a successful security strategy. As we continue to grow our company, we are committed to maintaining our technology innovation leadership in this important industry segment.”

For organizations of any size and industry, DeviceLock software proactively protects endpoint computers against local data leaks and malware infiltration resulting from insider negligence, accidental mistakes or malicious actions. It enables IT security personnel to precisely control, log, shadow-copy and audit end-user access to all types of local ports and peripheral devices, including personal mobile devices such as smart-phones, iPads, iPods, digital cameras and other dockable devices.

(Source: Yahoo!)

DeviceLock Receives Two U.S. Patents for Local Sync Control Technology

DeviceLock today announced that it has been granted two patents by the United States Patent and Trademark Office for its local synchronization filtering technology. The patented technology allows businesses to control the transfer of data between endpoint computers and locally connected mobile devices such as smartphones, tablets and PDAs, including Windows Mobile, Palm, iPhone, iPod touch, and iPad devices.

 An integral part of the DeviceLock software suite since 2007, this patented technology allows security administrators to centrally manage which types of data users can synchronize between corporate PCs and their mobile devices. Protected by US patents US7,899,779 and US7,899,782, DeviceLock’s local sync control technology significantly increases the level of corporate endpoint protection against data leaks. These can be caused by employees connecting personal smartphones or tablets to their office computers through a local interface and by mistake or negligence copying sensitive corporate information to their mobile device.

DeviceLock can recognize and filter numerous data object types for iTunes, ActiveSync, WMDC and HotSync protocols, letting administrators selectively allow or block synchronization of files, emails, email attachments, accounts, contacts, tasks, notes, calendar items, bookmarks, and various media types.

To view the release in its entirety, please visit http://mwne.ws/iIeg6w

ANX Nominated for 2011 Hot Companies and Best Products Awards

Network Products Guide has named ANX a finalist for the 6^th Annual 2011 Hot Companies and Best Products Awards in both the Hot Companies and Hot Technologies categories. These industry and peer awards from Network Products Guide are the world’s premier information technology awards honoring achievements and recognitions in every facet of the IT industry. Winners will be honored in Las Vegas on Tuesday, May 10, 2011 during the 6^th annual dinner and presentations.

ANX products and solutions enable over 16,000 organizations, scaling from SMBs to global enterprises, to secure and exchange information, while meeting complex compliance requirements. With the finalization of three major business acquisitions, ANX maintains strong momentum through customer and overall business growth. Through its most recent acquisition of governance, risk and compliance (GRC) solutions provider TruArx, ANX has also been selected as a finalist for TruComply, ANX’s flagship GRC technology. TruComply is an easy-to-use software-as-a-service GRC application. The solution enables organizations to quickly implement and continuously review control status to improve protection and reduce the cost of risk and compliance.

For more info click here.

(Source: marketwire.com)

ANX to Help USRowing Go for the Gold

ANXeBusiness Corp. (ANX), a provider of managed security, compliance and connectivity solutions, and USRowing have signed a two-year agreement designating ANX as an official corporate sponsor of the U.S. Men’s National Team through the 2012 Olympic Games in London.

“USRowing looks for sponsors that possess the same drive and dedication as our athletes,” said Glenn Merry, executive director of USRowing. “We are proud to include ANX as our most recent US Rowing sponsor. As we go for gold, the support of our sponsors, families, and fans back home goes beyond measure.”

ANX’s solutions help companies secure and exchange information, meet complex compliance requirements, and allow them to focus on their core business. ANX offers:

• Integrated Security and Compliance Solutions for large and medium enterprises
• Risk Management and Compliance Consulting and Implementation Services
• Secure Connectivity and Transaction Delivery Services supporting collaboration in communities of interest

Thousands of customers in the healthcare, retail, automotive and financial service sector rely on ANX for security and compliance solutions.

“ANX employees are passionate about delivering value and support to our customers,” said Rich Stanbaugh, president and CEO of ANXeBusiness. “From one great team to another, we’re proud to support USRowing’s quest for gold.”

ANX Introduces Cashier Security Awareness Training for Merchant PCI Compliance

ANXeBusiness Corp. (ANX), a provider of networking and security managed services, today announced the new Cashier Security Awareness Training component of its TruPCI Compliance Management Solution. Created to help Level 4 Merchants meet PCI DSS Requirement 12.6.1, “Educate personnel upon hire and at least annually,” ANX Cashier Security Awareness Training differs from traditional courses by focusing on the unique needs of cashiers.

This brief, online course covers critical merchant security issues, teaching cashiers how to:

• Identify fraudulent credit/debit cards
• Protect sensitive areas and equipment
• Ensure that receipts do not reveal sensitive data
• Help prevent insider theft
• Spot and report suspicious behavior

This course is the latest addition to ANX’s PCI eLearning curriculum.  For more details, visit – http://bit.ly/gmto0J

Data Locker DL3 USB 3.0 AES Encrypted Portable Hard Drive Debuts at 2011 CES

Data Locker Inc. (www.lockerdrive.com), a leading developer of encrypted data storage products, announced the new Data Locker DL3,  encrypted USB 3.0 portable hard drive at the 2011 Consumer Electronics Show in Las Vegas.   Data Locker DL3 is billed as the most secure portable hard drive in the industry due to its 256 bit AES XTS mode full drive encryption, two factor authentication and patented touch screen authentication panel. 

The Data Locker DL3 builds on the success of Data Locker’s previous award winning personal secured storage devices that feature an enhanced touch screen, secure external USB hard drive with PIN-only access.  The encryption and data management is performed at the device level and is completely platform and operating system independent, eliminating the need for any software and drivers.

“We’ve had considerable success with our Data Locker secure portable hard drives with the federal government and in business environments that require an easy to use and implement portable data security solution which is compatible with all operating systems and environments” said Jay Kim, Founder and COO, Data Locker.  “By launching the DL3 at CES, we believe there are a significant number of customers who can appreciate the amazing simplicity of our approach to securing their portable data.”

Additional features of Data Locker 3 include:

• SuperSpeed USB 3.0 interface
• 256 bit AES XTS mode crypto engine
• Absolutely no drivers or software
• Two factor authentication with option RFID mode
• Up to 1 TB storage capacity
• Rapid key zeroization for secure redeployment
• Multi-lingual user interface
• Firmware-based anti-malware protection
• Self-destruct mode for brute force attack defense
• Randomized keypad to eliminate fingerprint-lifting and shoulder hacks
• Tamper evident enclosure
• Shock and drop resistant

Pricing and Availability

The Data Locker DL3 pricing starts at $299 and is available in 500GB, 1TB and 128GB SSD capacities.  The unit will be available in March 2011.

Based in Overland Park, Kansas, Data Locker has developed a strong track record of combining the convenience of portable external storage devices with enhanced data security features.  Data Locker products are easy-to-use storage devices perfect for storing sensitive or confidential data, all with the assurance of a secure touch screen interface.  These devices insure that all data on the hard drive is completely protected from unauthorized access should the external drive get lost or stolen.

Demonstrations of Data Locker DL3 will be at the company’s booth #31849 in the South Hall on the Upper Level of the Hilton Las Vegas Convention Center.

Athena Security Announces Firewall Rule Tracker

Athena Security, the developers of Athena FirePAC, a comprehensive enterprise firewall audit and operations tool, today announced the release of Firewall Rule Tracker, the industry’s only asynchronous documentation solution for recording the reason why specific firewall rules exist in enterprise networks.

While firewalls are widely deployed in more than 97 percent of enterprises today, firewall rulebases have grown at an alarming rate. The knowledge surrounding legacy rules dissipates over time, leaving enterprises with too many risky rules that remain unjustified. At heart, the system tracks rules based on what the rule is doing, rather than its line number in the configuration (which changes every time new rules are added or deleted). This is perhaps the biggest reason why documentation is oftentimes inconsistent and incomplete.  Performing a textual comparison of the rule before and after it has been modified does not capture the full story, but that is the extent to what is available from most change management systems.

“Our consulting partners tell us that less than 20 percent of the clients they audit can demonstrate up-to date and complete documentation,” says Anjali Gurnani, vice president of business development, Athena Security. “It is scary to think that the original reason why certain rules are providing access to critical network systems and confidential data may no longer be known.”

For auditors, especially PCI QSAs, reviewing the documentation for each firewall rule is an ideal place to identify lax security controls, general rulebase neglect and other red flags that trigger the need for further investigation. For companies that wish to correct this deficiency in their security program, Athena’s Rule Tracker offers an easy way to set things right. Unlike elaborate systems that involve months of process re-alignment, Athena’s Rule Tracker recognizes that teams collaborate far more easily with spreadsheets. By using a spreadsheet approach and built-in intelligence to make the system highly user-friendly, Athena’s Rule Tracker is flexible enough to be used in any change process.

Rule Tracker compares two versions of a configuration and immediately identifies what changed so users can add missing documentation which is then automatically retained and available for reporting.

What Athena accomplishes for organizations is a convenient and simple way to certify what access is acceptable throughout the rule’s lifecycle. The benefits of using the Rule Tracker to facilitate documentation are:

— Device connections are not required to identify rule changes
— Business justification history is retained in-system, so users can isolate missing information and add it incrementally
— Users can generate spreadsheet reports, share with other stakeholders, and re-import documentation changes to the database
— Support for mixed vendor network environments including Cisco, Check Point and Netscreen firewalls

Athena is offering the Rule Tracker to end users looking to comply with PCI DSS 1.1.5 and NERC R2.2, or for internal documentation and security reporting purposes. While the system is designed to keep documentation current on a perpetual basis, consultants will also find the tool a handy way to bring clients up-to-date on regularly scheduled intervals.

The Athena Firewall Rule Tracker is available immediately as a standalone tool and also as an add-on solution to its FirePAC product. Pricing starts at $250/firewall. For more information, please see http://www.athenasecurity.net/index.html.