As of July, WhatsUp Event Archiver, an important tool for audit requirements and regulatory compliance, has been certified for compliance with all U.S. Army and Department of Defense (DoD) standards of security, compatibility, and sustainability.

The Certificate of Networthiness (CoN Cert #: 201004611) allows WhatsUp Event Archiver to serve as an enterprise software product that can be deployed in the Army Enterprise Infrastructure Network utilized by the U.S. Army, all National Guard, Army Reserve and DoD organizations. Event Archiver enables the Army to streamline the process of clearing, collecting, consolidating, and storing log data for auditing and compliance purposes, while at the same time exceeding the strict security, sustainability, and interoperability requirements that are in place.

Event Archiver automates log collection, clearing, and consolidation as part of the WhatsUp Event Log Management Suite. The Suite also includes WhatsUp Event Analyst, for event examination, log trends analysis, and reporting; WhatsUp Event Alarm, for monitoring, alerting, and real-time notification of key events; and WhatsUp Event Rover, for on-the-fly forensics and log data mining.

To learn more about WhatsUp Event Archiver and the rest of the Event Log Management Suite, click here.

Try it free for 30 days!

Enhanced by Zemanta

Have you ever seen “Runaway”? It’s a 1984 flick staring Tom Selleck as a police officer who specializes in malfunctioning robots. There’s a famous scene where he’s being chased and attacked by these electronic spidery spybots.

This scene is actually playing out right under your nose. Think of your data as Tom Selleck and the spidery spybots as … well, spybots.

The quiet threat: Cyber spies are already in your systems.”

Bob Violino poses the question in a recent article on InfoWorld.com: “Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit?

Violino states that “this might sound far-fetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize,” he goes on to say that “a growing number of companies are being spied upon electronically by sources from other countries, most notably China. What makes these attacks so troublesome is that their techniques are often undetectable by the usual security tools. Electronic spies try to get into systems without causing disruptions, so they can quietly gather information over a period of time.”

Sounds like an article you should check out, and sounds like a job for Sgt. Jack R. Ramsay.

Facebook helpfully informs you that “[a]nyone can opt out of appearing here by changing their Search privacy settings” — but that doesn’t help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!
Ron Bowes | SkullSecurity.org

It seems lately that when it comes to Facebook I’m noticing two big problems:

(1) My friend Robin is obsessed with Farmville, and every 5 minutes with the updates.
(2) Facebook has no respect for people’s privacy, and 100 million Facebook users information has published online.

Let’s discuss the latter.

Ron Bowes used code to scan the 500 million Facebook profiles for information not hidden by privacy settings. He collected the personal information of 100 million, and posted the information online.

Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details,” Bowes goes on to say that “If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops :)

Check out this article on MSNBC.com for the full story.

Also, there’s some interesting results from a survey by the University of Michigan and Foresee Results, where it’s revealed that Facebook has scored extremely low in the area of customer satisfaction.

According to the study, and this article on Epic.org, Facebook winds up “in the bottom 5% of all measured private sector companies and in the same range as airlines and cable companies.” Epic’s report states that the low scores can be contributed to “privacy concerns, frequent changes to the website, and commercialization and advertising.”

Both articles are interesting reads. Now, if anyone has any advice or thoughts on how to deal with Robin, that’d be greatly appreciated.

I spent my morning reading through the 2010 Data Breach Investigations Report that was just published by the Verizon RISK Team and the United States Secret Service.  This is an amazingly insightful report with lots of information to digest.  If the topic of data breaches interests you, I highly recommend finding time to read through it.

Data breaches are scary.   Nobody wants to be a victim… And nobody wants their company to be the next headline on the news.

Data breaches are expensive.  According to the Ponemon Institute’s 2009 Cost of a Data Breach study, the average cost of each compromised record is $204.

Here are 5 quick recommendations that I’d like you to consider:

  • Recognize your data:  Before you can protect confidential, sensitive and important data you must first go through an exercise of identifying where it lives, who has access to it, how it’s handled, what systems it touches, and make sure any and all interactions with the data is fully visible and auditable.
  • Take proactive precautions:  The majority of breaches were deemed “avoidable” if the company had followed some security basics.  Only 4 percent of breaches required difficult and expensive protective measures.  Enforce policies that control access and handling of critical data.
  • Watch for ‘minor’ policy violations:  The study finds a correlation between seemingly minor policy violations and more serious abuse.  This suggests that organizations should investigate all policy violations.  Based on case data, the presence of illegal content on user systems or other inappropriate behavior is a reasonable indicator of a future breach.  Actively searching for such indicators may prove even more effective.
  • Monitor and filter outbound traffic:  At some point during the sequence of events in many breaches, something (data, communications, connections) goes out externally via an organization’s network that, if prevented, could break the chain and stop the breach. By monitoring, understanding and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
  • If a breach has been identified, don’t keep it to yourself:  Standard procedure for data breach recovery should be to quickly identify the severity of the breach… And affected individuals have a right to know that sensitive information about them has accidently been compromised.

I’m going to end this blog post by asking you to estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204.  I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment.

Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address.”
Jeremiah Grossman, founder and CTO of WhiteHat Security

Here’s another new threat to your personal information, and another example how no company is exempt from security breaches.

According to an article written by Thomas Claburn of InformationWeek: “a flaw in the implementation of Safari’s AutoFill mechanism can be exploited to grab Mac users’ names, street addresses, and e-mail addresses.”

[The] entire process takes mere seconds and represents a major breach in online privacy,” says Jeremiah Grossman who believes that “the security flaw may reside in the open-source WebKit engine used by Safari and that the flaw may be present in older versions of Google’s Chrome browser, which also relies on the WebKit engine.”

The article and Grossman’s own blog are worth checking out as it was once all too rare to hear the words “Apple” and “security flaw” in the same sentence.

That’s right. Get ready to say goodbye to cloud computing.

Not the hosting and using of services over the Internet, oh no. I’m talking about the term “Cloud Computing.”

Well, that’s just one of John Soat’s “Five Predictions Concerning Cloud Computing

What are the five predictions?

  • All applications will move into the cloud.
  • Platform-as-a-service (PaaS) will supplant software-as-a-service (SaaS) as the most important form of cloud computing for small and, especially, mid-size businesses.
  • Private clouds will be the dominant form of cloud computing in large enterprises
  • Hybrid clouds eventually will dominate enterprise IT architectures
  • The term “cloud computing” will drop off the corporate lexicon.

This is a fun and engaging read, and the comments afterward are equally as interesting. Worth checking out.

It is likely my own employees will approach me with confused expressions and ask why I would take time to defend Solarwinds’ earning announcement yesterday. My product management and development teams can point to the deliberate design differences WhatsUp Gold is built with that make it more usable than Orion and my sales staff will argue that the WhatsUp Gold pricing model with unlimited monitors per device is a higher value and better integrity solution than the exploitive SolarWinds model of charging per instance of a monitor per interface. I enthusiastically agree with my product and sales teams! We are a better choice but that war is won in the field, within the network environments of all size companies. Today, what is more important to me is addressing the macro issue of transformation the network management and performance market is undergoing. It is a revolutionary change and companies like Ipswitch WhatsUp Gold and SolarWinds are leading and the market will not be the same again.

Wall Street Process Has No Regard for the Road Less Traveled
Wall Street reacted negatively to SolarWinds’ earnings for Q2 and forecast for Q3 and 2010. That’s what Wall Street does – mathematicians and bean counters dedicated to predicting the economic fate of companies like SolarWinds. The decision to go public is filled with sexy connotations of wealth and power and for some those dreams are realized. For others however, the aspirations of money and parallel the 2 wheel car driving the mountain road designed for four wheel drive trucks. You set out and quickly discover the ride is going to be hellish and there is 90% chance you will break down before your reach the destination. SolarWinds lowered its earnings outlook but I think they still represent a model business in terms of growth and profit. Public markets are demanding and when you show up to the game having the reputation of hitting home runs every time you’re at bat; solid singles and triples get you boo from the street. Solarwinds will be fine. They will acquire accretive businesses to boost growth numbers while sacrificing margin and the Wall Street critics will continue their predictable judgments. In all this drama, the fact that the marketplace has and is undergoing a huge shift in the way it buys and uses software will be lost to the financial noise of Wall Street.

“No One Gets Fired Anymore for Not Buying HP Openview
Up until the genesis of the recent recession, the famous line thrown around by some buyers was “no one gets fired for buying HP”. I am sure it’s still true that the IT management teams of the upper echelon of F250 companies still feel this way and who can blame them – heck, with all the golf outings and high priced dinners they receive from the HP, CA and IBM guys, it’s real hard to say no.

However, this recession and the ongoing humility brought by global markets have changed the IT landscape forever. Budgets are slashed and we (Ipswitch) predict based on our prospective interviews with thousands of IT buyers that budgets are permanently reduced but most importantly; for the first time in many of their careers, IT staff is expected to look at non-Big 4 solutions specific to network and performance management. The strong, double digit growth both Ipswitch WhatsUp Gold and Solarwinds are experiencing is proof positive that IT buyers are not only looking outside the big 4, they are buying outside the big 4. Ipswitch WhatsUp Gold and SolarWinds have had their best financial years in recessionary years.

“Solutions are Replacing Platforms”
There is no magic nor any tricks. We are selling more because we have designed solutions that are replacing existing platforms – Yes it is that exciting and that powerful. The notion that large firms have more complexity is true. The notion that the complexity can be managed with more complexity is not true. Solutions can now replace platforms. And…a side but important benefit has also been realized. Because buyers can buy best in class solutions from different vendors, the onus in now on every vendor including Ipswitch to build the best in class solution in every area we compete on or our buyers will go to a different a vendor. That is a world of difference away from yesteryear when you bought the HP platform and then were forced to buy ONLY HP plug-ins at a high cost and low usability standard.

Wall Street will continue its ferocious review of SolarWinds and others and the consequences will be seen in attractive headlines on yahoo finance and the WSJ. Take a step back and look beyond the boundaries of Wall Street’s cares. The network management and performance space is officially changed and Ipswitch WhatsUp Gold and SolarWinds will be leading that change by bringing the simplicity that enables management over complexity.

And…don’t fall victim to the idiotic and verbose statements made by the on sleuth of new entrants looking to cash in to the opportunity in this new market. Hardware solutions are the wrong alternative. The MSP space is alive simply because usability by vendors including us was too lax for a little while but we are back with better than ever usability that enables every company of every size the opportunity to manage and drive the sacred network assets.

Enhanced by Zemanta

The World Cup has been over for more than a week, but the effects of it are still being felt around the business world. Productivity undoubtedly decreased for many businesses, as a recent Ipswitch survey collected by WhatsUp Gold’s World Cup Network Traffic Calculator revealed an average increase of 81% in bandwidth usage during the tournament with over 1,200 responses.

Many European nations saw increases in bandwidth in excess of 90%, including Spain with 95%, the Netherlands with 97%, and the UK with 95%. At the same time, South Africa had to cope with network bandwidth maxing out at 100%. These results greatly exceeded many network managers’ predictions. Even the US experienced bandwidth use up to 77% of capacity during important matches.

Unfortunately, what cannot be quantified is the lost business experienced by many due to compromised operations because of the increase in network traffic. The repercussions of such surges almost resulted in the collapse the UK web-based streaming provider ITV. Because all games were streaming online, numerous businesses encountered network disruption and issues with connectivity as employees around the world followed the World Cup games from their desktop. These issues included constrained WAN connectivity and heightened security risks like viruses, Spyware and other Malware attacks, as more and more people were visiting untrusted sites rather than official broadcasts.

While this kind of network disruption is never ideal, it is fortunate that the World Cup took place during the non-peak business months of the summer. However, the unexpected increase in bandwidth across-the-board exposes the vulnerability that exists year-round for many networks.

A tool like the WhatsUp Gold Flow Monitor can insulate your network from vulnerability, by tracking and alerting you to any unexpected spikes in bandwidth use by users, hosts, and applications and allowing you to resolve congestion to ensure critical business applications get the bandwidth they need.

Learn more about WhatsUp Gold Flow Monitor or try it free for 30 days

Enhanced by Zemanta

The Ipswitch Network Management Division launched their new WhatsUp Golds partner program in North America yesterday, July 20. The new program offers greater value and revenue opportunities for Ipswitch’s highly-valued partners focused on effectively positioning and selling WhatsUp Gold products and solutions.

The program offers 3 different partnership levels Authorized, Silver, and Gold.  The new program is designed to provide partners with tools and resources that will enable them to identify new sales opportunities, accelerate time to market and drive long term customer engagements. Some of the new benefits available to partners include:

  • Tiered discount Levels
  • Deal registration and exclusive lead-generation
  • Specialized product promotions
  • Customizable, turnkey marketing tools
  • Online technical and sales certification programs
  • Dedicated account management

For more information on becoming a WhatsUp Gold partner, please visit:

http://www.whatsupgold.com/partners/partner-programs.aspx

To view the press release, visit:

http://www.whatsupgold.com/resources/pressDetail.aspx?id=102

If you are an existing WhatsUp Gold partner, visit the partner portal for more information on the features and benefits of the program. To learn more about how the new program directly benefits you and your business, register for our Partner Webinar Session “Introducing the New WhatsUp Gold Partner Program”:

August 17, 2010 1:00pm

September 14, 2010 1:00pm

We are sorry for any concern we are causing anyone at this time.”

It’s pretty certain that those are 13 words that no CEO ever wants to have to say. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

Seems that some computer files containing the personal information of about 800,000 people might have been misplaced or possibly lost or maybe even stolen.

We’re talking about information such as names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, diagnoses, treatments relating to hospital and home health care visits … just to name a few pieces of personal information, you get the picture.

800,000 records. 800,000 reasons why Managed File Transfer is important. Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

Seems that somewhere in the process of these 800,000 records being shipped to a contractor to be destroyed, and actually getting to the contractor to be destroyed they disappeared.

Boston.com has some information worth reading.

Forgive the obvious Ipswitch plug here, but c’mon, any one of these solutions could help any CEO avoid having to say those 13 words.

So, that’s today’s 800,000 reasons why MFT is important, and how to avoid those 13 words. As a special bonus for you, here’s 7 words you’d surely like to steer clear of:

We are still searching for those files.’’

Just ask Richard H. Aubut, president and CEO of the Weymouth hospital.

There’s some interesting news going on regarding a warning that Microsoft gave on Friday (7/16/10) about hackers exploiting a critical unpatched Windows vulnerability.

I read on Networkworld.com that “hackers have been exploiting a bug in Windows ‘shortcut’ files, the placeholders typically dropped on the desktop or into the Start menu to represent links to actual files or programs.”

Also in the article, Dave Forstrom, one of the directors in Microsoft’s Trustworthy Computing group, said:

In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware.”

If you’re unfamiliar with Stuxnet, it’s a “clan of malware that includes a Trojan horse that downloads further attack code, including a rootkit that hides evidence of the attack.”

Siemens, according to this Computerworld article, sees this virus as “new and highly sophisticated“, and in the same article there’s a disturbing quote from a large utility IT professional:

This has all the hallmarks of weaponized software, probably for espionage,” said Jake Brodsky, who asked that his company not be identified because he was not authorized to speak on its behalf.

In the end, I think that Chester Wisniewski, senior security advisor at Sophos, is right on when he perfectly summed up the virus with one word. He simply called the threat “nasty“.

I just finished reading a great article in Network Computing titled “Managed File Transfer Asserts Data Governance In Transit”.  Author Neil Roiter hit the nail right on the head by calling out the importance of visibility and governance over person-to-person file transfers.  And if you don’t believe us, just ask any eDiscovery judge!

Sure, organizations absolutely positively must carefully consider how to transfer staggering volumes of data between systems and servers, both inside and outside the organization – all with management, policy enforcement and visibility capabilities.

That being said, individual employees are sending files to other people too… And unless IT provides them with an easy-to-use process to accomplish this, they will find their own ways, such as personal email accounts, USB drives, online file sharing services, etc.

Increased focus on data security, governance, regulatory compliance and eDiscovery has really put pressure on IT to not only have complete visibility into the processes involved in data transfer, but ALSO THE PEOPLE.  Frank Kenney,  sums it up well  in the article:

“MFT can bring (person-to-person) file transfer under the corporate governance umbrella. We can give people ad hoc technology and enforce the use of those technologies. We make capabilities dead easy to easy and enterprises have the right policies in place about how to use them. MFT products provide visibility and validation through dashboards, reporting, real-time updates on data transfer and audit trails.

Some day, an eDiscovery judge may ask you to provide an audit trail with proof of chain-of-custody for a particular file that has bounced around your company and between people.  Here are just a few questions you’ll need to be able to answer:   Who sent what?  When?  Where?  To whom?  Was it encrypted?  And did it get there?

What will your answer be?