Symantec Corp. released the India findings of its global 2010 State of Enterprise Security study.  The study found that 42 per cent of Indian enterprises rate cyber security their top issue. This isn’t a surprise, considering that 66 percent of enterprises experienced cyber attacks in the past 12 months.  These attacks cost Indian enterprises an average of over INR 58,00,000 in lost revenue in 2009, apart from bigger financial losses due to loss of confidential data and productivity. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues.

Security is of great concern to Indian enterprises. Forty-two per cent of the enterprises surveyed rank cyber risk as their top concern, more than natural disasters, terrorism and traditional crime combined. Reflecting that perception, Indian enterprises are intently focused on IT security. In the past 12 months, 66 per cent of Indian enterprises experienced cyber attacks. Worse, 51 per cent reported that cyber attacks have stayed the same or grown over the past 12 months. The attacks experienced in 2009 were a combination of external and internal attacks.

While the average revenue lost by Indian enterprises due to cyber attacks was INR 58,59,234 in 2009, the value of lost confidential data and lost productivity was also high. Indian enterprises lost an average of INR 94,56,216 in organization, customer and employee data in 2009, and an average of INR 84,57,037 in productivity.

Back to Top

At RSA Conference 2010, Microsoft Corp. outlined how the company continues to make progress toward its End to End Trust vision. In his keynote address, Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, explained how the company’s vision for End to End Trust applies to cloud computing, detailed progress toward a claims-based identity metasystem, and called for public and private organizations alike to prevent and disrupt cybercrime.

Charney explained that identity solutions that provide more secure and private access to both on-site and cloud applications are key to enabling a safer, more trusted enterprise and Internet. As part of that effort, Microsoft today released a community technology preview of the U-Prove technology, which enables online providers to better protect privacy and enhance security through the minimal disclosure of information in online transactions. To encourage broad community evaluation and input, Microsoft announced it is providing core portions of the U-Prove intellectual property under the Open Specification Promise, as well as releasing open source software development kits in C# and Java editions. Charney encouraged the industry, developers and IT professionals to develop identity solutions that help protect individual privacy.

As further evidence of how the company is enabling a safer, more trusted enterprise, Microsoft also released Forefront Identity Manager 2010, a part of its Business Ready Security strategy. Forefront Identity Manager enables policy-based identity management across diverse environments, empowers business customers with self-service capabilities, and provides IT professionals with rich administrative tools.

Back to Top

eGestalt announced the availability of SecureGRC, a breakthrough solution that provides an end-to-end integration of Security monitoring with IT-Governance, Risk Management and Compliance (IT-GRC) management solutions using a cloud based delivery model. The combined solution provides an ability to address all the Enterprise needs around Security, Compliance and risk management and provides automation and integration of policy controls to manage security and IT-GRC related issues. A number of innovative cost and ownership models are available. There is a ‘Software-as-a-Service’ (SaaS) model coupled with an on-premises deployment or a completely on-demand cloud based service subscription offering. This will enable up to 10x total cost of ownership reduction especially for the cost-conscious Small and Medium business (SMB) segment.

SecureGRC includes all security and IT-GRC functions required to be compliant with ready to use compliance frameworks, leading edge context based inference engines, most advanced alert processing and easy to use logging and monitoring solution.  It is a complete end-to-end automation of all Enterprise security, compliance, audit, and risk management needs.

There is built in Framework support for RBI Compliance, NSE, BSE, MCDEX, PCI, ISO, COBiT, SOX, BASEL II, HIPAA, FISMA, and other country specific frameworks which are ready to use. SecureGRC has a not-so-far-seen value-add in terms of integrating, synergizing and transforming information from various sources into alert raising actionable solutions, helping in identifying the source of the attempted attack through pattern and correlation analysis, and plugging the loop hole before it takes major dimensions.

Back to Top

eScan has received “Advanced+” award from AV Comparatives in the this year’s first On-Demand Detection Test. eScan successfully passed comparative testing by AV-Comparatives, which saw the antivirus solutions of twenty leading vendors products put through their paces.

The tests were designed to determine the ability of each security solution to detect the very latest Malware. The use of such a technique for evaluation purposes is considered particularly important as a user's computer should be protected against even the very latest threats for which signatures do not yet exist. The latest test set used was much smaller then the previous times. This was a deliberate attempt by AV Comparatives so as to receive the most accurate and authentic results and hence the norms were stricter too.

eScan received the AV-Comparatives highest award “Advanced+” after demonstrating excellent results in Malware detection and with the lowest number of false positives amongst the products test. Since its launch last year, eScan 10 has proven to be a technologically advanced solution, providing a simplified GUI which makes it easy to operate even for a novice user. eScan 10 also features real time network activity monitor; making use of a TCP viewer utility, solidly implemented high quality main anti-Malware, anti-hacking components and many additional tools.

Back to Top

BitDefender presented the results of a study concerning the exposure of users’ private data as a result of social gaming. Today’s entertainment applications available in social networks require users to gather a considerable amount of friends and supporters to play the same game in order to attain higher scores. To achieve this, players have developed channels, groups and fan pages, which facilitate the interaction between them.

Spammers and phishers also exploit this opportunity, by creating fake profiles and resorting to bots that sends spam messages on groups, as the BitDefender case study presented at the MIT Spam Conference shows. Unlike the regular social networking spam, when the users are enticed to add the spammer in their circle of friends, the social gaming-related phony profiles are willingly added by the users as an immediate consequence of their interest in enlarging the supportive players’ community. This makes it almost impossible for the bogus accounts to be automatically suspended, since the spammers’ action does not constitute an abuse.

The study also demonstrates that the most successful fake accounts are those miming real profiles, which hold plenty of details and pictures of the user behind. In an acceptance experiment, BitDefender researchers created three honeypot profiles – one without any picture and holding few details, another with an image and some information and a third with a large amount of data and photos. All three profiles where subscribed to general interest groups. One hour after starting to add people to each profile, the circle of friends enlarged with 23 connections for the 1st profile, 47 for the 2nd profile and 53 for the 3rd profile.

Back to Top

eScan security experts have warned against opening emails or their attachments with subject lines such as “You have received A Hallmark E-Card!”, “Your friend invited you to twitter!”, “Thank you from Google!”, “Jessica would like to be your friend on hi5!” and “Shipping update for your Amazon.com order 254-71546325-658732”. These emails also carry zipped attachments which have been found to contain new variants of the malware in the wild.

The “You have received A Hallmark E-Card!”, spam email comes with postcard.zip or similarly named attachment. The payload in the zip file contains malware that has the capability to mass mail message(s) with the built-in SMTP client engine to the email addresses harvested from the local computer. The payload also contains a malware with the characteristics of Vundo (aka VirtuMonde/VirtuMundo), a trojan horse that cause popups and advertises rogue antispyware programs. Vundo can infect a system when a browser just visits a Web site link contained in a spammed email. It is known to add itself to the startup registry, create a DLL file in the Windows system32 directory and inject it into system processes winlogon.exe and explorer.exe. The malware can also send downloads/requests to get other files from Internet and spread quickly by itself in a network. 

Another email doing the rounds is taking advantage of the popularity of the social networking sites such as “Twitter” and “Hi5” to spread itself. These spam emails carry a deadly payload of a variant of the Buzus worm that is network aware bot creating trojan. The malware spreading spam also had subject lines such as “Thank you from Google!” and  “Shipping update for your Amazon.com order 254-71546325-658732” and were found to be with  attachments that had typical names such as Invitation Card.zip or Postcard.zip or Shipping documents.zip or CV-20100120-112.zip. Any unsuspecting user who opens the files gets infected immediately and the malware then tries to infect other systems in the network by sending the same malicious emails to addresses harvested from local address books on the infected computers.

Back to Top

Facebook users have been caught up in a Trojan-spreading scheme this week: in the form of e-mails notifying Facebook users that the passwords to their accounts have been changed due to security reasons. The recipients of this fake notification are prompted to open an attached .zip file in order to find out their new allocated password.

Instead of a new password, the zip file hides Trojan.Dropper.Oficla.G. As its name suggests, this piece of malware contains malicious or potentially unwanted software which it ‘drops’ and installs on the system. Frequently, the dropper installs a backdoor which allows remote, covert access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system.

Infection rates are expected to boom because the social engineering behind this mechanism proves to be efficient. Facebook is a highly popular social network and accessing it for discussions or for its popular applications has become a daily habit for very many people. No matter why people access the social network, the e-mail informing them about the alleged password change is likely to drive them towards the same result: open the file to take a look inside and ultimately… get infected.

In order to stay safe, BitDefender recommends you never open attachments coming from unknown contacts. They also suggest people install and update a complete antimalware software solution.

Back to Top

VeriSign, Inc. hosted a summit of Internet policymakers, industry leaders and other stakeholders in Washington, D.C., to kick off a celebration of the economic, social and cultural impact of .com. On March 15, 1985, symbolics.com was the first .com registered in what had yet to be labeled the "world wide web." While it took nearly a decade for the domain -- and the consumer Internet -- to take off, today there are over 80 million .com websites and the domain is a prominent feature of one of our culture's most iconic developments.

The .com domain has defined a generation of innovation and entrepreneurism, serving as the launch pad for a new generation of companies that have transformed communications, commerce, entertainment and more. The .com domain remains at the center of nearly every major Internet trend. According to VeriSign's Internet Profiling Service there are 11.9 million e-commerce and online business websites, 1.8 million sports-related sites and 4.3 million entertainment-related sites with a .com web address. The most popular words among .com URL's today include "home" (1.2 million), "online" (1 million) and "land" (891,000).

To meet the infrastructure challenges expected by 2020, VeriSign is scaling and in some cases revamping the infrastructure that keeps .com running. VeriSign's 2020 technology roadmap calls for it to grow capacity 1,000 times today's level of 4 trillion queries to manage 4 quadrillion queries per day to support normal and peak attack volumes based on what the company has experienced as well as Internet attack trends.

Back to Top

VeriSign has been selected by Microsoft Corp. to provide code signing services for applications distributed through Windows Marketplace for Mobile.

Microsoft is relying on VeriSign Code Signing Services to safeguard applications developed for Windows phones. When a mobile application is signed with a VeriSign Code Signing Certificate, it signals to Windows phone owners that the application comes from a trusted publisher. A code signing certificate serves as virtual “shrink wrap” for downloaded applications by applying a digital signature that is independently verified by VeriSign. A broken digital signature tells users that the application has been tampered with or modified, and protects them from hackers or malicious code.

Windows Marketplace offers people an easy way to find and purchase high-quality mobile applications for both work and play, while creating a new opportunity for developers to reach millions of people using Windows phones worldwide. In addition to an array of essential business applications, Windows phone owners can download applications for Facebook, MySpace, Netflix, Twikini, WunderRadio and ZAGAT, as well as leading game titles including Sudoku, “Guitar Hero World Tour” and the “PAC-MAN” series, all of which can be easily purchased and installed directly on a Windows phone. All purchased applications are certified by Microsoft to run on Windows phones and are backed by a simple return policy.

VeriSign’s role as code signing partner for Windows phone applications is the latest in a long history of collaboration with Microsoft. The companies recently announced plans for Microsoft to use proven VeriSign Secure Sockets Layer (SSL) Certificates and VeriSign Code Signing Certificates to safeguard cloud-based services and applications developed and deployed on the Windows Azure platform.

Back to Top

The Certified Information Systems Auditor (CISA) credential, one of the globally recognized professional designations from ISACA, continues its growth at a record pace. ISACA, a nonprofit association of IT governance, security and assurance professionals, recently reached a milestone by certifying the 75,000 CISA.

Since its introduction in 1978, the CISA credential has become recognized and adopted worldwide as a symbol of excellence in information technology audit, control and security professionals. In fact, a survey of ISACA members revealed that 93 percent of CISAs value their certification, and 72 percent of CISAs believe that the CISA certification has helped advance their career. In addition, a 2010 study by Foote Partners LLC found CISA to be among top three certifications with the highest pay premiums in the security category, and an Information Security Media Group study found CISA to be among the top 10 sought-after certifications for 2010.  

CISA has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past three years. This accreditation is a benchmark for global organizations that certify individuals worldwide. The CISA exam is now offered in 12 languages and at more than 200 locations worldwide. The next exams will be held in June and December 2010.
ISACA also administers the Certified Information Security Manager (CISM) certification, established in 2002 and earned by more than 12,500 professionals since its inception; the Certified in the Governance of Enterprise IT (CGEIT) certification, which has been earned by more than 4,000 professionals since it was established in 2007; and the new Certified in Risk and Information Systems Control (CRISC) certification.

Back to Top

eScan now comes with the eScan Rescue Disk File Creation option. Using this, users can create the eScan Rescue Disk that will help them to clean boot their computers to scan and clean infected windows systems from Rootkits and file infectors that cannot be cleaned in the normal Windows mode. The Rescue Disk File creation feature is easy to use and the windows based bootable CD/DVD with the ISO image file can be created by following the eScan Rescue Disk File creation wizard.

Users can also download the eScan Rescue Disk ISO image from www.escanav.com/escanrd/
The user guide on how to create and use the eScan Rescue Disk is available at www.escanav.com/escanrd/escanrd_user_guide.asp

Back to Top

F5 Networks, Inc. and Infoblox, the leading provider of DNS, DHCP and IPAM (DDI) solutions, announced a partnership agreement. F5 and Infoblox have partnered to develop a solution to simplify and speed deployment of the Domain Name System Security Extensions (DNSSEC). 
F5 and Infoblox together deliver the market’s only fully integrated and complete DNSSEC solution including high-performance DNS and global server load balancing functions, all supporting signed DNSSEC data. This provides customers a scalable, manageable, and secure DNS infrastructure that is equipped to withstand DNS attacks. The solution is a combination of Infoblox’s purpose-built appliances that deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, and F5 BIG-IP Global Traffic Manager appliances optimized with hardware acceleration facilitating real-time signing of DNSSEC signature queries.

Back to Top

Symantec Corp. announced Web Security Monitoring, a new managed security services offering designed to help customers protect their end users and online Web presence from pervasive Web threats. Web Security Monitoring provides 24x7 monitoring and analysis of Web security technologies to protect organizations – enabling rapid reaction to threats to end users, Web presence and confidential data, identifying gaps in security controls to foster proactive security improvements and demonstrating compliance to internal policies and industry regulations.

Through Web Security Monitoring, Symantec synthesizes customer log data with a reliable source of up-to-date global threat intelligence and performs vigilant monitoring to help ensure optimal protection. Furthermore, the service monitors organizations’ proxy and gateway security devices for connections from hosts within their networks to sites suspected or known to contain malicious code and provides a daily summary report of this activity. If a policy violation or compromise occurs, the customer is notified immediately. This constant vigilance establishes an ‘early warning’ system and facilitates strengthening of policies and protective measures against the ever-present Web threat vector.

Symantec Web Security Monitoring fosters an ongoing, dynamic relationship between Symantec and its customers by giving them superior security coverage through correlation with existing network security protections, host and endpoint activity and real-time global threat intelligence. Symantec Web Security Monitoring service complements Symantec products and services designed to protect customers from the explosion of Web threats, including Symantec Web Gateway and Symantec Hosted Web Security. The combination of gateway devices, active monitoring and management, real-time threat intelligence and cloud-based Web security services delivers a comprehensive portfolio to protect against today’s Web threats.

Back to Top

Websense announced an expanded partnership with Juniper Networks to offer Websense leading content security solutions with Juniper Networks SRX Series Services Gateways. The expanded partnership covers Websense Web Security Gateway and Data Loss Prevention (DLP) technologies—part of the newly unveiled Websense TRITON system—and is designed to leverage Juniper's high-performance security infrastructure to enable joint customers to build secure Web 2.0 and content-rich networks without sacrificing performance or scale.

The joint solution simplifies network topology and consolidates security functionality to optimize network service and performance. Juniper's SRX Series, a high-performance, carrier-grade security and networking platform capable of 120Gbps of firewall performance, 30Gbps of IPS performance, 10M sessions, and the integrated AppSecure services suite, combined with Websense Web Security Gateway with real-time content analytics, integrated enterprise -class data loss prevention and centralized management delivers lower total cost of ownership by reducing the number of security nodes and related management.

In addition to real-time content scanning and classification, the Websense Web Security Gateway interoperates with Juniper's SRX Series to leverage security intelligence gathered from the 50 million real-time data collecting systems of the Websense ThreatSeeker(R) Network and Websense continuously updated database of millions of classified URLs across more than 90 categories, in more than 50 languages. The Websense Web Security Gateway continues to evolve as the most knowledgeable resource on the ever shifting Web -- gathering data through unique partnerships with Facebook, bit.ly and Value Added Service providers, like Radialpoint, to collect and categorize Web intelligence that is unavailable to other security providers.

Back to Top

McAfee announced the formation of the McAfee Vulnerability Detection and Response Group, which draws from all critical areas of McAfee malware response teams - including McAfee Labs, Office of the CTO and Foundstone Professional Services.

This group is chartered to respond to critical outbreaks by providing incident response and forensics specialties, as well detailed “root cause” analysis, leverage the in-depth analysis performed everyday by the security experts within McAfee to further serve customers and partners and also will provide detailed vulnerability analysis of malware samples.

The primary functions of the group entail two service offerings: McAfee Internet Response and McAfee Vulnerability Search. The group was formed as a way to help customers better protect themselves from threats such as Operation Aurora. As part of its ongoing research into the details of Operation Aurora, McAfee has discovered that intellectual property repositories were a common target. McAfee researchers are performing ongoing analysis of software configuration management products, which have been found to contain numerous default security weaknesses.

Back to Top