Data Privacy Day and Thoughts from a Security CEO

January 28^th is the annual Data Privacy Day.  Data Privacy Day is an international celebration designed to promote awareness about privacy and education about best privacy practices.

Stina Ehrensvard, CEO for Yubico shares her thoughts on the importance of this day.

“The Internet was designed for sharing, not security. As we have moved our business, e-governments and social lives online, and as these digital services become more and more sophisticated, so do fraudsters. Online identity theft is today the fastest going crime, with trillions of dollars in yearly losses.

However, just as the safety belt for cars was not adopted in larger scale until it was a simple one second procedure, users will not adopt online identity protection if it is too complicated to use. And just as your driver license verifies your identity across multiple services, a secure and simple identity and authentication method that can be re-used across the range of Internet services will be needed for mass implementation. White House Initiative National Trusted Identities in Cyberspace (NSTIC) could make a difference here, driving mass implementation of online identity protection for US citizens and services, based on open identity standards and new authentication technologies.”

San Diego’s NextLevel Internet Delivers 2011 Year in Review

NextLevel Internet, Inc., a leader in mission-critical Internet access and hosted voice services, is pleased to deliver a 2011 year in review and 2012 technology forecast.

“2011 was our most profitable and successful year to date. Not only did we see double digit growth in revenue and client base, but we also increased our number of employees by 26 percent,” said Jerry Morris, founder of NextLevel Internet, Inc. “We are continuously adapting and evolving our service offerings to make sure we are providing our B2B clients with the best privately managed voice, Internet, and cloud based data services available in the market. As we look forward into 2012, we see this trend to continue as we will be offering new services to remain ahead of the ever changing needs of our clients.”

Customer Satisfaction — In 2011, NextLevel Internet received the highest recognition for the company’s customer service and support. The company scored a Customer Excellence rating of 98 percent in a survey to the company’s existing client base. Conducted by Strategic Business Communications, Inc. (SBC) during a three month period from February through April 2011, the outside blind survey asked respondents to rate interactions, transactions and satisfaction levels between themselves and NextLevel Internet.

California Power Outage — Further expanding on NextLevel Internet’s mission-critical offerings; during the massive power outage on September 8, 2011, the company’s NextLevel Voice(TM) and Co-location services provided uninterrupted service to emergency organizations and first responders. The power outage, which was the largest recorded in the region’s history, lasting more than 10 hours left roughly eight million people and thousands of organizations in parts of Southern California, Arizona and New Mexico without power, Internet, and phone access. This disruption of power and the associated loss of connectivity could have resulted in the loss of life, money, or reputation for many of those affected.

NextLevel Voice Adoption Rate — Introduced as a new service in 2008, NextLevel Internet’s flexible hosted voice service, NextLevel Voice saw an increase in revenues of 65 percent during 2011. Clients have installed and retained NextLevel’s voice solutions because of the quality, reliability, affordability and disaster recovery (DR) attributes.

NextLevel Voice provides organizations with 10 to 500+ employees the advanced features and security of a sophisticated Private Branch Exchange (PBX) system for a fraction of the cost, with unsurpassed ease of use and zero system maintenance fees.

Data Center Expansion — In 2011, the company increased access to its new, secure, 88,000 square foot, SAS 70 Type II compliant data center in Rancho Bernardo, CA. The expansion to the new World Trade Drive Data Center followed the relocation of NextLevel Internet’s headquarters to North County San Diego in September 2010. SAS 70 Type II compliance certifies that NextLevel Internet’s data center has adequate controls and safeguards in place when hosting and processing data for the company’s clients.

Managed Internet Infrastructure — NextLevel Internet’s privately managed Clear Channel connectivity options allow businesses with 10 to 500+ employees the ability to control the quality of service (QoS) and class of service (CoS) to include its hosted voice service offerings. NextLevel’s mission critical Internet access and 24/7 NOC services are designed to give businesses everything they need to maximize company uptime and headquarter all remote sites.

For organizations that would like to request more information on NextLevel Internet’s business-to-business co-location, Internet, hosted voice, and managed data services, please visit www.nextlevelinternet.com .

Statement from Yubico CEO on Zappos.com Security Breach

“A security breach of the magnitude experienced by Zappos.com is a serious concern for any business that relies exclusively on Internet orders for sales,” said Stina Ehrensvard, CEO, Yubico, Palo Alto, California and Stockholm, Sweden, commenting on how hackers exposed 24 million client records in a security breach over the weekend.  “While it appears Zappos’ securely protected the database that housed credit card information, hardware security modules (HSMs) could have prevented the exposure of Zappos’ customer password data that were compromised from the organization’s servers in Kentucky.  The exposure of email addresses and password hashes of weak and duplicated passwords leaves customers exposed across potentially many sites.  The perception is HSM and related services are very expensive, but the cost and complexity for this needed technology has fallen dramatically to a few hundred dollars and the cost of not deploying it is very high as Zappos has shown.”

“Additionally, Zappos has reset and expired their customers passwords and is helping them choose new passwords.  We believe a better solution is the new breed of consumer-friendly one time passcode tokens that users can keep on their key chains to replace weak and duplicated passwords,” Ehrensvard continued.

DeviceLock Names Vincent Schiavo as Chief Executive Officer

DeviceLock, Inc., a leading developer of endpoint data leak prevention software, is pleased to announce the appointment of Vincent M. Schiavo as the company’s Chief Executive Officer. In this role, Mr. Schiavo will focus on the global expansion of DeviceLock endpoint data leak prevention software and the execution of the organization’s vision and strategic direction.

A veteran of the computer industry for more than 30 years, most recently Mr. Schiavo served as the Executive Vice President of Worldwide Sales for LogLogic, a San Jose-based security information and event management provider.

Prior to LogLogic, Mr. Schiavo was the Senior Vice President of Worldwide Sales and Marketing for Secure Computing, a San Jose-based web information security company which was acquired by McAfee in 2008. During his six-and-a-half-year tenure at Secure Computing, Mr. Schiavo built a worldwide sales team that drove the company’s billings from under $36M to over $300M per year.

“Vince brings an impressive resume from both a business perspective and depth of technology expertise,” said Ashot Oganesyan, founder, DeviceLock, Inc. “We look forward to using Vince’s strong business background to continue to expand our global reach.”

“The introduction of employee-owned devices such as smart-phones, digital cameras, iPads and other USB-attached devices has dramatically increased the risk of data loss and information theft in the enterprise,” said Vince Schiavo, CEO, DeviceLock, Inc. “DeviceLock has positioned itself as a premier enforcer against data loss and as an integral part of a successful security strategy. As we continue to grow our company, we are committed to maintaining our technology innovation leadership in this important industry segment.”

For organizations of any size and industry, DeviceLock software proactively protects endpoint computers against local data leaks and malware infiltration resulting from insider negligence, accidental mistakes or malicious actions. It enables IT security personnel to precisely control, log, shadow-copy and audit end-user access to all types of local ports and peripheral devices, including personal mobile devices such as smart-phones, iPads, iPods, digital cameras and other dockable devices.

(Source: Yahoo!)

DeviceLock Receives Two U.S. Patents for Local Sync Control Technology

DeviceLock today announced that it has been granted two patents by the United States Patent and Trademark Office for its local synchronization filtering technology. The patented technology allows businesses to control the transfer of data between endpoint computers and locally connected mobile devices such as smartphones, tablets and PDAs, including Windows Mobile, Palm, iPhone, iPod touch, and iPad devices.

 An integral part of the DeviceLock software suite since 2007, this patented technology allows security administrators to centrally manage which types of data users can synchronize between corporate PCs and their mobile devices. Protected by US patents US7,899,779 and US7,899,782, DeviceLock’s local sync control technology significantly increases the level of corporate endpoint protection against data leaks. These can be caused by employees connecting personal smartphones or tablets to their office computers through a local interface and by mistake or negligence copying sensitive corporate information to their mobile device.

DeviceLock can recognize and filter numerous data object types for iTunes, ActiveSync, WMDC and HotSync protocols, letting administrators selectively allow or block synchronization of files, emails, email attachments, accounts, contacts, tasks, notes, calendar items, bookmarks, and various media types.

To view the release in its entirety, please visit http://mwne.ws/iIeg6w

ANX Nominated for 2011 Hot Companies and Best Products Awards

Network Products Guide has named ANX a finalist for the 6^th Annual 2011 Hot Companies and Best Products Awards in both the Hot Companies and Hot Technologies categories. These industry and peer awards from Network Products Guide are the world’s premier information technology awards honoring achievements and recognitions in every facet of the IT industry. Winners will be honored in Las Vegas on Tuesday, May 10, 2011 during the 6^th annual dinner and presentations.

ANX products and solutions enable over 16,000 organizations, scaling from SMBs to global enterprises, to secure and exchange information, while meeting complex compliance requirements. With the finalization of three major business acquisitions, ANX maintains strong momentum through customer and overall business growth. Through its most recent acquisition of governance, risk and compliance (GRC) solutions provider TruArx, ANX has also been selected as a finalist for TruComply, ANX’s flagship GRC technology. TruComply is an easy-to-use software-as-a-service GRC application. The solution enables organizations to quickly implement and continuously review control status to improve protection and reduce the cost of risk and compliance.

For more info click here.

(Source: marketwire.com)

ANX to Help USRowing Go for the Gold

ANXeBusiness Corp. (ANX), a provider of managed security, compliance and connectivity solutions, and USRowing have signed a two-year agreement designating ANX as an official corporate sponsor of the U.S. Men’s National Team through the 2012 Olympic Games in London.

“USRowing looks for sponsors that possess the same drive and dedication as our athletes,” said Glenn Merry, executive director of USRowing. “We are proud to include ANX as our most recent US Rowing sponsor. As we go for gold, the support of our sponsors, families, and fans back home goes beyond measure.”

ANX’s solutions help companies secure and exchange information, meet complex compliance requirements, and allow them to focus on their core business. ANX offers:

• Integrated Security and Compliance Solutions for large and medium enterprises
• Risk Management and Compliance Consulting and Implementation Services
• Secure Connectivity and Transaction Delivery Services supporting collaboration in communities of interest

Thousands of customers in the healthcare, retail, automotive and financial service sector rely on ANX for security and compliance solutions.

“ANX employees are passionate about delivering value and support to our customers,” said Rich Stanbaugh, president and CEO of ANXeBusiness. “From one great team to another, we’re proud to support USRowing’s quest for gold.”

ANX Introduces Cashier Security Awareness Training for Merchant PCI Compliance

ANXeBusiness Corp. (ANX), a provider of networking and security managed services, today announced the new Cashier Security Awareness Training component of its TruPCI Compliance Management Solution. Created to help Level 4 Merchants meet PCI DSS Requirement 12.6.1, “Educate personnel upon hire and at least annually,” ANX Cashier Security Awareness Training differs from traditional courses by focusing on the unique needs of cashiers.

This brief, online course covers critical merchant security issues, teaching cashiers how to:

• Identify fraudulent credit/debit cards
• Protect sensitive areas and equipment
• Ensure that receipts do not reveal sensitive data
• Help prevent insider theft
• Spot and report suspicious behavior

This course is the latest addition to ANX’s PCI eLearning curriculum.  For more details, visit – http://bit.ly/gmto0J

Data Locker DL3 USB 3.0 AES Encrypted Portable Hard Drive Debuts at 2011 CES

Data Locker Inc. (www.lockerdrive.com), a leading developer of encrypted data storage products, announced the new Data Locker DL3,  encrypted USB 3.0 portable hard drive at the 2011 Consumer Electronics Show in Las Vegas.   Data Locker DL3 is billed as the most secure portable hard drive in the industry due to its 256 bit AES XTS mode full drive encryption, two factor authentication and patented touch screen authentication panel. 

The Data Locker DL3 builds on the success of Data Locker’s previous award winning personal secured storage devices that feature an enhanced touch screen, secure external USB hard drive with PIN-only access.  The encryption and data management is performed at the device level and is completely platform and operating system independent, eliminating the need for any software and drivers.

“We’ve had considerable success with our Data Locker secure portable hard drives with the federal government and in business environments that require an easy to use and implement portable data security solution which is compatible with all operating systems and environments” said Jay Kim, Founder and COO, Data Locker.  “By launching the DL3 at CES, we believe there are a significant number of customers who can appreciate the amazing simplicity of our approach to securing their portable data.”

Additional features of Data Locker 3 include:

• SuperSpeed USB 3.0 interface
• 256 bit AES XTS mode crypto engine
• Absolutely no drivers or software
• Two factor authentication with option RFID mode
• Up to 1 TB storage capacity
• Rapid key zeroization for secure redeployment
• Multi-lingual user interface
• Firmware-based anti-malware protection
• Self-destruct mode for brute force attack defense
• Randomized keypad to eliminate fingerprint-lifting and shoulder hacks
• Tamper evident enclosure
• Shock and drop resistant

Pricing and Availability

The Data Locker DL3 pricing starts at $299 and is available in 500GB, 1TB and 128GB SSD capacities.  The unit will be available in March 2011.

Based in Overland Park, Kansas, Data Locker has developed a strong track record of combining the convenience of portable external storage devices with enhanced data security features.  Data Locker products are easy-to-use storage devices perfect for storing sensitive or confidential data, all with the assurance of a secure touch screen interface.  These devices insure that all data on the hard drive is completely protected from unauthorized access should the external drive get lost or stolen.

Demonstrations of Data Locker DL3 will be at the company’s booth #31849 in the South Hall on the Upper Level of the Hilton Las Vegas Convention Center.

Athena Security Announces Firewall Rule Tracker

Athena Security, the developers of Athena FirePAC, a comprehensive enterprise firewall audit and operations tool, today announced the release of Firewall Rule Tracker, the industry’s only asynchronous documentation solution for recording the reason why specific firewall rules exist in enterprise networks.

While firewalls are widely deployed in more than 97 percent of enterprises today, firewall rulebases have grown at an alarming rate. The knowledge surrounding legacy rules dissipates over time, leaving enterprises with too many risky rules that remain unjustified. At heart, the system tracks rules based on what the rule is doing, rather than its line number in the configuration (which changes every time new rules are added or deleted). This is perhaps the biggest reason why documentation is oftentimes inconsistent and incomplete.  Performing a textual comparison of the rule before and after it has been modified does not capture the full story, but that is the extent to what is available from most change management systems.

“Our consulting partners tell us that less than 20 percent of the clients they audit can demonstrate up-to date and complete documentation,” says Anjali Gurnani, vice president of business development, Athena Security. “It is scary to think that the original reason why certain rules are providing access to critical network systems and confidential data may no longer be known.”

For auditors, especially PCI QSAs, reviewing the documentation for each firewall rule is an ideal place to identify lax security controls, general rulebase neglect and other red flags that trigger the need for further investigation. For companies that wish to correct this deficiency in their security program, Athena’s Rule Tracker offers an easy way to set things right. Unlike elaborate systems that involve months of process re-alignment, Athena’s Rule Tracker recognizes that teams collaborate far more easily with spreadsheets. By using a spreadsheet approach and built-in intelligence to make the system highly user-friendly, Athena’s Rule Tracker is flexible enough to be used in any change process.

Rule Tracker compares two versions of a configuration and immediately identifies what changed so users can add missing documentation which is then automatically retained and available for reporting.

What Athena accomplishes for organizations is a convenient and simple way to certify what access is acceptable throughout the rule’s lifecycle. The benefits of using the Rule Tracker to facilitate documentation are:

— Device connections are not required to identify rule changes
— Business justification history is retained in-system, so users can isolate missing information and add it incrementally
— Users can generate spreadsheet reports, share with other stakeholders, and re-import documentation changes to the database
— Support for mixed vendor network environments including Cisco, Check Point and Netscreen firewalls

Athena is offering the Rule Tracker to end users looking to comply with PCI DSS 1.1.5 and NERC R2.2, or for internal documentation and security reporting purposes. While the system is designed to keep documentation current on a perpetual basis, consultants will also find the tool a handy way to bring clients up-to-date on regularly scheduled intervals.

The Athena Firewall Rule Tracker is available immediately as a standalone tool and also as an add-on solution to its FirePAC product. Pricing starts at $250/firewall. For more information, please see http://www.athenasecurity.net/index.html.

The growing security needs of Smartphones

Guest post by Britney Baker 

Setting the Scene: Why Hackers Might Target Phones

For a long time, viruses and security issues have been limited to traditional computers. Although a number of other types of devices have computer chips and can even run software, they were hard or impossible for a hacker to get into, and there wasn’t much benefit to hacking them. However, as smartphones have gotten more popular recently, and have become more complex, they have begun to offer another platform for hackers to attack. Smartphones have a couple of key features that make them good for hackers to attack. For one thing, the software is complex, and there is an open application platform, so they have the ability to write malware or to exploit a phone. Secondly, the phones are all connected to the internet, so there is an easy way to attack the phones. Lastly, the phones have things of value - they may have personal information, passwords, even banking information. These factors make phones a good medium for malicious hackers to attempt to exploit.

How Viruses Get to Your Phone

There have been some issues related to security and smartphones, but to date few of them have been actual viruses. For instance, Android had a scare with a wallpaper application that got millions of downloads, and was secretly sending personal information to a site in China. RIM, maker of the BlackBerry, has been in the news recently due to conflicts with several countries who wanted access to certain BlackBerrys’ information. The ironic thing about the story is that BlackBerry was so secure that RIM literally didn’t have the private information to hand over to the governments. The compromise that they came to was to have RIM run servers in these countries, so that the governments could spy on encrypted messages.

Protecting Your Phone

The thing we should all remember with smartphones is that they possess a great deal of personal information, and should be treated with the same care or better that we would use with a computer. Beware of unknown applications, don’t go to bad websites, and protect important files. Here’s a list of some security applications that are being developed for smartphones :

·         DroidSecurity Android Antivirus

DroidSecurity has distributed over 2 million copies of their free antivirus software, and they also offer a premium version.

·         McAffe

McAffe is known to currently be working on an antivirus program for the iPhone, but it has not been released to the public yet.

·         Norton Antivirus

Norton, a very popular security company, currently makes a mobile antivirus program for Symbian and Windows Mobile Phones.

When she’s not getting excited about new gadgets, Britney Baker writes about prepaid cell phones for PrepaidCellphones.net. Her latest article took a look at the GoPhone from AT&T.

October is National Cyber Security Awareness Month (NCSAM)

It’s October 1st! Today kicks off the Annual National Cyber Security Awareness Month to help increase awareness of the dangers that exist online and develop best practices to avoid being a victim of cybercrime. 

Established by the National Cyber Security Alliance (NCSA), a non-profit partnership of educational institutions, professional organizations, corporations and the Federal government. National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.

Today’s evolving Web-based threats such as phishing attacks, spyware and identity theft are top concerns for businesses and consumers alike. By utilizing proper precautions such as multiple passwords, updated security patches, and software solutions - ex. web filtering, anti-virus, firewalls - users can build a strong defense against cyber crime. National Cyber Security Awareness Month reaches more millions of Americans through media, middle school and high school lesson plans, and partnerships with dozens of companies and associations.

The success of National Cyber Security Awareness Month rests everyone to engage in education and awareness activities. There are opportunities for everyone from home users to major corporations and government entities to get involved.

To view ways that you can get involved with NCSAM, please visit for tips -  http://www.staysafeonline.org/content/get-involved-0

Here are four tips for parents to help their children safely surf the web.

Place the computer in an open area of the home – computer time becomes a family activity. If the screen is easily visible, your children will be much more hesitant to do activities that can be considered questionable. 

Develop and discuss a set of rules for online activity – by thoroughly discussing what types of activities you feel are inappropriate for computer use, you children will already know what they should or should not do. Create a pledge with what activities they will or will not do and have them sign it. 

Pay attention to what your children are doing online – check the browsing and recent page accessed history, unfortunately, this activity be easily erased if your children know how. If that is the case, you may want to install web filtering and monitoring software. 

Educate yourself and share your knowledge – this could be the most important step. If you are aware of the dangers online (viruses, online predators, social media threats, etc.) you will be able to have educated discussions with your children about Internet safely and why they need to be careful with who they talk to and what information they share. 

What are you doing to support National Cyber Security Awareness Month?? spread the word and surf safely!