Ericka Chickowski did a nice job in her Dark Reading article on how old-fashioned FTP introduces unnecessarily levels of compliance and security risks to organizations.  And here’s an alarming data point from Harris Interactive – approximately 50% of organizations are currently using the FTP protocol to send and exchange files and data.

Talk of security concerns with FTP is certainly not new.  FTP was never designed to provide any type of encryption, making it possible for data to be compromised while in-transit.  A common answer for this is to use encrypted standards-based protocols such as SSL/FTPS and SSH/SFTP.

Luckily, modern managed file transfer solutions deliver not only the security you know your business requires, but also the visibility and control that IT needs to properly govern company information.

Ipswitch’s Greg Faubert offers his thoughts in the Dark Reading article:

“While FTP is a ubiquitous protocol, depending on it as a standard architecture for file exchange is a bad strategy…. The PCI standards look specifically at the security surrounding your FTP environment. It is a significant area of focus for auditors, and they will fail companies in their PCI audits for a lack of adequate controls.”

And yet, somehow, many organizations continue to rely on unencrypted FTP to transport mission-critical or sensitive information.  For those guilty, here are a few steps to help you get started in migrating away from antiquated FTP.  And don’t worry, it won’t be painful.

Ipswitch is proud to announce that the WhatsUp Gold suite of innovative IT management solutions has officially entered the evaluation stage for Common Criteria Evaluation Assurance Level 2 (EAL2).

Common Criteria for Information Technology Security Evaluation is one of the highest international standards for computer security certification in the world and is accepted by the United States Government and 26 additional countries.  EAL2 provides assurance that the Target of Evaluation (TOE) is supported by independent testing and meets the highest of security standards. 

The evaluation is being conducted on the suite of WhatsUp Gold products including WhatsUp Gold Premium and the following WhatsUp Gold plug-in modules: WhatsConnected, WhatsConfigured, WhatsVirtual, WhatsUp Flow Monitor, WhatsUp VoIP, and WhatsUp Failover Manager. WhatsUp Gold is built on a scalable and fully extensible architecture and provides a full set of services spanning the needs of small, midsize, and enterprise organizations. WhatsUp Gold enables IT professionals to manage all network environments, from single-site networks to complex, geographically-dispersed environments, including network devices, locations, servers, resources, applications, virtual network traffic and log files from a single console. 

To learn more about the WhatsUp Gold Suite, click here. To read the full press release on this exciting news, click here.

To learn more about Common Criteria, visit: http://www.commoncriteriaportal.org 

Enhanced by Zemanta

Results from a recent survey, focusing on the network monitoring software licensing process, have finally been revealed.  In this recent survey, the Ipswitch Network Management Division set out to explore the scope, causes, and impact of IT buyer confusion due to complex software licensing and its effect on purchase behavior. The survey reflects input from a broad range of IT professionals managing networks of small, mid-sized and enterprise organizations throughout Europe and the U.S. 

 So, what exactly did the results indicate? Here are some key statistics:

  • More than 50% of network professionals report selecting an insufficient IT monitoring license level to monitor their infrastructure and applications assets
  • A whopping 67% of mid-sized businesses and 75% of enterprises  exceeded the limit of their selected license level at the end of their first year

Additionally, survey results reveal that estimating errors are more likely when selecting a network monitoring license based on “elements” instead of a direct count of, say, the number of “devices.”  In addition, what constitutes an “element” is a major cause for this confusion and budget overspending for comparable functionality and value. The surprise most often occurs at the first-year renewal, when organizations are locked-in to pay more.

What makes these “elements” confusing? “IT management professionals often don’t completely understand the element based licensing process,”explains Ennio Carboni, President of Ipswitch Network Management Division.  “This results in suboptimal value from licensed monitoring capacity. Customers either overcompensate to buy at higher priced tiers, or they buy less and compromise the level of monitoring they need.  WhatsUp Gold has always offered a clear, device-based licensing model that keeps things simple.”

With the intent of clearing up the market confusion on network monitoring licensing based on information collected from the survey, WhatsUp Gold will include a comparative element count in all of its price sheets and web listings with immediate effect.

Take Back Your Network March Madness Style with WhatsUp Gold! Our latest infographic illustrates how WhatsUp Gold can help you manage your network and battle against common problems that emerge each day.  Whether you’re faced with router failure or an internet outages, WhatsUp Gold can help you take back your network.

As I sit in my office, I periodically look over at a fake plastic tree nearby. As I look at it, about the only maintenance that it would ever need is a periodic dusting. It doesn’t require any sunlight, water or fertilizer to keep its color or shape.                                                                                     

Contrast this to the flower boxes around my home. Since I live in a climate that carries all four seasons, there is a point where no plants are able to thrive. During the winter, the plant energy retreats into the root system to hibernate, and when the ground temperature is warm enough, things begin to grow again. The problem is that sometimes weeds apparently receive this warm weather trigger when the temperature is barely above freezing. No flowers grow, but the weeds are in full-on growth mode as soon as the snow melts. Left untamed, the weeds will sprout, and if nothing is done, they will overtake the flowers.

So, how is this analogy akin to IT Management? Well, to be honest, the fake tree has very little to do with it, but if you do nothing to improve and maintain your IT Management situation, eventually, you’ll be tossed out as my fake tree will be someday. IT Management must be more like how I attack the weeds in my flower boxes. If your IT infrastructure is left unchecked, weeds will appear. These IT “weeds” could be anything from an unpatched desktop, to the wiring closet that has more patch cables than original wiring, to VM sprawl (the morning glory of weeds), to an untrained user who opens every email sent to him/her. These IT weeds start small — but spread. Good IT Management practices will have tools, policies, and procedures defined to discover these IT weeds quickly, and snuff them out while they are still small. Without best practices, you’ll never discover these weeds until it’s too late – when they damage the flowers around them, leading to IT service disruptions.

My advice, given my experience in this industry, is to follow a couple of very simple steps and always adhere to the K.I.S.S. principle (Keep it Simple, Stupid). First, know what you have to maintain and stay on top of it. How many flower gardens do you own? Is it the whole yard (a small company’s IT), a corner flower bed (the web server pool) or the prize rose garden (the new private cloud initiative)? Once you have defined your boundaries, always know what’s there, and keep on top of anything that changes.

Second, build in maintenance periods for your “turf.” No one likes unplanned downtime, but maintenance periods, scheduled well in advance, are invaluable. They allow you the time to remove the unwanted weeds in your specific garden, for pruning last year’s growth (deleting unused VMs, reclaiming licenses), fertilizing for new growth (adding storage or memory), or simply adding new plants (new services, or software) to the mix. A regular maintenance plan will help keep your IT infrastructure weed-free for the entire growing season.

An ounce of prevention is worth a pound of cure. This adage holds true whether for the weeds in your flower bed or IT Management. It’s all about being proactive to protect your business – but you often don’t necessarily have the time or resources to do it. Instead of spending upwards of 30 hours a month troubleshooting connectivity issues or needless hours troubleshooting misconfigured devices because you didn’t have alerting or automated configuration management in place, with the WhatsConnected and WhatsConfigured plugins, you’ll have proactive IT management without the labor.  With real-time insight into unauthorized configuration changes with WhatsConfigured, and automatic discovery of all your connected resources across your entire infrastructure with WhatsConnected, you’ll be on top of changes in your infrastructure the moment they happen – before these IT “weeds” turn into major business disruptions. Try 30-day free trials of WhatsConnected and WhatsConfigured today.

This has been a very newsworthy week for data breach research.  Dr. Larry Ponemon, the Ponemon Institute’s privacy advocate and researcher, released their yearly U.S. Cost of Data Breach Study which wrapped up the latest statistics for 2011.  After six years of less-than-encouraging news, there were a few surprises in this report.

First, the average organizational cost of a data breach declined from $7.2 million to $5.5 million and the cost per record declined from $214 in 2010 to $194 in2011, a 9% decline.  With new headlines declaring a breach daily, how could this be?  Well it appears that organizations are becoming better at managing the costs incurred as they respond and resolve a data breach incident.  Secondly, fewer customers are abandoning companies after a data breach has occurred.  It appears that organizations are taking more appropriate steps to keep their customer base loyal and repair damages to their reputation post-breach.  OR, have customer’s mindsets shifted to believe that data breaches are just a part of doing business – their data isn’t secure with any vendor?

Companies report that their data breaches were smaller in scale and resulted in a lower rate of customer churn.

Second, the report indicates “negligent employees and malicious attacks are most often the cause of the data breach.”  Employee or contractor negligence makes up 39% for the root cause of breaches while 37% of breaches concern malicious or criminal attack.  In addition, malicious attacks present the most costly types of breaches with a cost of $222 per record breached.

Third, organizations that employ a CISO (Chief Information Security Officer) with responsibility for data protection see an average cost of a data breach reduced by as much as $80 per compromised record.  This research point makes a lot of sense.  Organizations that have an active CISO that is conducting data protection training for employees and is advocating the appropriate processes, people and technologies to protect the organization will be much better prepared to handle a breach event.

And finally, the report shows that breach detection and escalation costs have declined in 2011, but the cost to notify victims of the breach increased.  It is believed that the increase in regulatory requirements governing data breach notifications has impacted the notification costs.  Additionally, the report indicates quick notifications and rapid responses can cost organizations $33 more per compromised record.  And, failing to accurately determine the number of affected individuals can result in notifying more people than necessary, leading to higher customer churn.

The report isn’t all doom and gloom this year.  Dr. Ponemon concluded that for the first time, “companies participating in our annual study report that their data breaches were smaller in scale and resulted in a lower rate of churn.”  We see a little light at the end of the tunnel proving that the preventative actions that organizations are putting in place do work.

We are excited to be part of AFCEA’s TechNet Land Forces – Southwest, the first in a series event in of TechNet Land Forces conferences. 

TechNet Land Forces – Southwest is the premier conference for Network Security and Operations with a focus on the ground component of the Army and Marine Corps, including components of Homeland Security, Industry, Academia, and Border Control. The conference also gathers the brightest Government, industry, and academia speakers whom will address a range of topics and focus on the challenges of network security issues of today and training cyber warriors of tomorrow.

If you are at the show, make sure you stop by the WhatsUp Gold booth #124 – You can chat with the team about any questions you may have, watch a product demonstration, pick up some fun swag, or just say “hi”!

Enhanced by Zemanta

“An ounce of prevention is worth a pound of cure”.  Benjamin Franklin coined this expression to help convey that it is better to try to avoid problems in the first place rather than attempt to fix them once bad things happen. Waiting to fix these issues can be very costly – as many organizations have discovered when responding to data breaches.  Unfortunately research from the Ponemon Institute indicates that threats are not going away anytime soon.  Dr. Ponemon indicates “The threat from cyber attacks today is nearing statistical certainty, and businesses of every type and size are vulnerable to attacks.”

The Verizon 2011 Data Breach Investigations Report back up Ben’s advice as it pertains to managing organization’s logs.  According to the report, less than 1% of the breaches that they analyzed were discovered through log analysis, while 69% of those breaches were detectable via log evidence.  This data leads me to believe that either:

  • Organizations are not maintaining and using the their logs to identify unusual behavior
  • OR, they maintain logs, but are not taking advantage of the data that is available to them.

Less than 1% of the breaches analyzed were discovered through log analysis, while 69% of those breaches were detectable via log evidence.

– Verizon’s 2011 Data Breach Investigations Report

Moving forward, organizations must take a more preventative approach.  Data protection requirements in the European Union, Canada as well as the United States expect organizations to show that they are doing their due diligence to protect both customer and employee data.  These countries are enforcing stiff penalties to companies that show negligence protecting sensitive data.

According to the Verizon report, 46% of breaches are discovered by external parties.  A preventative approach must be taken to discover anomalies and breaches internally.  Most organizations are already logging critical data from their servers and devices.  Why not take advantage of this data that is already at your fingertips?  While administrators are often overwhelmed by the vast quantity of data that is reported from their logs, tools like WhatsUp Log Management can help automate, alert and report on data anomalies occurring within your network.

To that end, the Ipswitch Network Management division today announced the inclusion of new European Union data protection reports in WhatsUp Log Management release v10.1.1.  New functionality will assist customers address data protection reporting mandates and includes new reports for:

  • United Kingdom Data Protection Act 1998
  • United Kingdom Corporate Governance Code 2010
  • German Federal Data Protection Act 2009
  • French Data Protection Act 2004
  • French Financial Security Law 2003

 

Here’s a great write-up of how Rochester General Hospital is using Ipswitch’s MOVEit solution to manage over 400,000 electronic billing transfers per year to dozens of payer systems.

Quick background on the business need:  Rochester General Hospital needs to exchange patient records, insurance claims, and billing information from their electronic medical record (EMR) and accounting systems with many health providers and insurance companies.

Security and compliance are critically important:  Not only do the transfers need to be reliable to facilitate timely payments, but they also needed to be highly secure and auditable to protect patient privacy and ensure compliance with HIPAA and HITECH.

Ipswitch eliminated complexity and created efficiencies:

“We needed to consolidate on a standard way to transfer files to many different payer systems…. MOVEit consolidated a number of batch files and legacy tools into a single, secure and easy to use file transfer solution,” says Dylan Taft, Systems Engineer at RGH.

“In the event of an audit, MOVEit allows us to provide chain-of-custody and non-repudiation with just a few clicks.  Without MOVEit, we wouldn’t have this visibility.”

If we didn’t have MOVEit, we would have to hire one or two additional people just to review the log files every day – not to mention lost files, information arriving late, and frustrated doctors and payers.”

Do you have a great Ipswitch story of your own to tell?  Email us at mystories@ipswitch.com…. We can’t wait to hear all about it!

Today, math enthusiasts around the world celebrate the mysteriously long number, Pi, which has been calculated to over 1 trillion digits passed the decimal.  The Greek letter represents the ratio of the circumference of a circle to its diameter and has roused an annual celebration on 3/14 for the past four years. Pi is a transcendental and irrational number, meaning it will continue infinitely without repeating, which is why it has confused yet fascinated mathematicians for centuries.

For years, Pi Day has been bringing fun to math classrooms as well as admitted math geeks around the world.  Even those who are not typically excited over math equations often take part in the celebration, for example, by eating pie! There is an endless amount of ways to take part in the celebration.  For example, take on a Pi Day Challenge. If you’re looking for more unique ways to celebrate, check out how some enthusiasts spent last year’s Pi Day! Happy Pi Day videos.  Here at WhatsUp Gold, we wish you a Happy Pi Day 2012!

Are you a network administrator who needs a tool to help you identify and isolate network connectivity problems? Using Visual TraceRoute will reduce the time it takes you to isolate and identify segment failures or bandwidth bottlenecks within your network.

Key features of Visual TraceRoute include:

  • Visualize trace data in real-time using the Topology map
  • Perform traces with ICMP, UDP, and TCP protocols
  • Isolate segment failures and bandwidth bottlenecks
  • Identify response times, domain names hop-by-hop
  • Conduct multiple traces simultaneously
  • Execute Continuous, Timed or one-time traces

Watch this 2 minute explainer to learn more about the free Visual TraceRoute tool.

Did you that there are monthly contests on the WUGspace Community? February’s contest involved coming up with the best caption for the picture below (if you don’t recall – the WhatsUp Gold ninja participated in Movember!)

Yesterday, the WhatsUp Gold Guru, Jason Williams, announced the winner on WUGspace. So who was the lucky winner? By an astonishing 42% of the votes – Stan Johnson’s entry, “Rogue Server. You have dishonored my network. Now you must die!” was the obvious choice. Congratulations to Stan! Not only will he be receiving a $50 Amazon.com gift card, but he will also be receiving a “WIN” badge and 35 additional WUGspace points!

March’s contest is to name your favorite WhatsUp Gold feature. Interested in participating, but not a WUGspace member yet? Join today!