Vote for The Security Samurai in the 2013 SBN Social Security Blogger Awards!

With the NFL playoffs in full swing and the NHL back in action, we’ve been inspired to enter a competition of our own. We’re currently facing off against our fellow security bloggers in the 2013 Security Blogger Network Social Security Blogger Awards.

As the Security Bloggers Network (SBN) is the world’s largest collection of information security bloggers, we’re up against some great competition. That’s where you, our readers, come in.

SBN is picking its finalists through a public vote, and we’re hoping you can tell them just how much you enjoy The Security Samurai. Whether you rely on our blog for an inside look at some of the biggest security trends or can’t get enough of our company updates and partner launch announcements, we’d very much appreciate your participation in this simple voting process.

You can cast your vote here until Friday, January 25. When you do show us some love, send us a tweet to @StillSecure. We’ll be sure to thank you by sending one back.

2013 Predictions from Rajat Bhargava, Chairman, President and CEO of StillSecure

We at StillSecure believe that 2013 will finally be the year that organizations demand security be included cloud offerings — en masse.  We also think the recent shift to cloud-usage based models will continue so much so that enterprise class product suites will fall out of favor. This is a direct result of customer demand for automation – and not just any automation, but automation without significant security touch points.

Don’t believe us? Take a look at the recent Gartner research that was recently discussed in a recent article in PCR.  Titled “Why you should assess your cloud computing practices,” the article all but proves our claim above by stating “considerations such as encryption have led research firm Gartner to identify the challenge of data security, resiliency and compliance in the cloud, and predict that, by 2016, 25 percent of enterprises will secure access to cloud-based services and vendor platforms through a unified solution to broker security in the cloud and enforce security policies, a step that is also advisable to all retailers.”

Our team at StillSecure is also seeing another big push – compliance in the cloud is continuing to be a huge focus for our partners and customers, especially for those in the financial services and healthcare industries, which are looking to ensure that HIPAA HITECH and PCI DSS compliance obligations are covered.

Furthermore, we think that there will be a greater emphasis within financial institutions to offer security solutions that address bring your own device (BYOD) issues, as well as enable better technology that can detect rogue devices and guest access. We’re already noticing this on the government side for sure. For example, the Department of Defense (DoD) has set the bar high for security and continues to innovate on an aggressive level. We are proud to be working with them as a valued partner on most of the NAC needs.

Lastly, and somewhat unrelatedly, we see Twitter growing as a true medium for influencers and engineers in the security industry.  We typically shy away from such mediums (knowing the risks involved) but the fact of the matter is that analysts, reporters and bloggers are covering breaches and hacker movement in real-time and we are relying on the reporting of trends, story links and predictions more and more. Here is our first list of top reporters, bloggers, and analysts we think every security engineer should follow (#FivetoFollowin2013):

Be sure to also follow @StillSecure. We’re looking forward to a safe and secure 2013!

A Look Back at StillSecure’s Achievements in 2012

2013 is finally here!  We have already hit the ground running in the New Year, but wanted to take the time to recap some of our company’s highlights from 2012. We are grateful for the relationships we have continued to cultivate in 2012 with our valued clients, partners, analysts and media professionals.

As you may recall from past blog posts and press releases we’ve issued, StillSecure was recognized for both our advancements with security technology and exemplary managed security services offerings.   Some of these top industry awards included:

Some additional team achievements in 2012 included:

  • We hosted our first annual Security Summit in Boston that brought together some of the most educated leaders in the space, including analysts, media and senior executives from the cloud security and hosting industries. Should we mention that it will continue in 2013?
  • Due to strong customer demand, and an incredible team of security engineers, we proudly launched HIPAA Essential. The product not only meets HIPAA HITECH requirements, but customers that utilize HIPAA Essential also inherit its controls and certification, while reducing the risk of significant violation fines from HIPAA HITECH enforcement. And it’s audited by Coalfire Systems, the independent IT Governance, Risk and Compliance (IT GRC) firm.
  • Our PCI Complete offering, the market’s leading PCI compliance solution for data center and cloud providers, was updated and independently certified for PCI DSS v2.0.
  • And of course, we expanded our social media presence by regularly posting industry news, security tips, and advancements on our blog, The Security Samurai, and on our Twitter page.

We are looking forward to a safe and secure 2013! Let us know in the comments what you are most looking forward to in the New Year!

Happy New Year!

We would like to wish all of our readers a safe and secure holiday season and a Happy New Year!

We hope that our partners enjoy the holiday season with family and friends, and rest assured that our team is continuing to work 24×7 to keep any scrooge trying to access your networks out! Relax and enjoy the season knowing that StillSecure has your back. We look forward to working with all of our customers and partners in the new year.

Safe Access® Named a Finalist in 2013 SC Magazine Readers Trust Awards

We recently learned that our network access control security solution Safe Access was shortlisted as a finalist in the 2013 SC Magazine Readers Trust Awards. We are thrilled about this recognition, especially since Safe Access was just named Best Endpoint Security Solution by Government Security News.

We strive to deliver the most secure solutions on the market, and certainly believed that we were on the right track – however these acknowledgements give us the validation that we are indeed getting it right!

What’s more, as a finalist in the Readers Trust category, we are quite aware that the voters are, well, you– our readers, partners, customers, fellow security pros, and Twitter followers. As much as we pride ourselves on the value of our technology, we also hold dear our loyal and supportive community. Whether you share your insights with us on Twitter or provide feedback on our products, you have helped us to develop some of the best security solutions on the market.  And we hope that you continue to support us, and not just tell us when we are doing something right – but also when we can help you problem solve or educate on new or evolving security needs.  Don’t hold back, and please keep reaching out.

The winners of the SC Magazine Awards will not be announced until February, so stay tuned! In the meantime, we’d love to know why you voted for Safe Access. Let us know in the comments below, or feel free to send us a tweet.

How to Survive the Impending Zombie Apocalypse Survey Results Revealed: Read Our New “Zombified” Infographic Novel on Internet Risk Management

In a society full of polarized opinions, there seems to be one thing everyone agrees on lately: zombies are coming, and we need a plan. Alright, maybe this discussion is tongue-in-cheek (for most of us), but it’s a good metaphor for the risks we face with our IT as cyber crimes grow year after year.

According to a June 2011 Ponemon Institute survey of IT security officials at 583 U.S. companies:

  • 90 percent of companies had been breached in the prior year
  • 59 percent of companies had been breached more than once in the prior year
In other words, 9 out of 10 companies were successfully attacked at some point within a 12-month period. If you aren’t among them, it’s only a matter of time.

Recently, StillSecure and Hostway – a managed, cloud, and hybrid hosting provider – conducted some research to determine what companies were doing to prepare for Internet security attacks. The results? Let’s just say we recognized some clear gaps between what people know they should do and what they’re actually doing.

So here they are – the results of our Internet risk-management survey, presented as an entertaining graphic novel…with zombieeeees! Hover over the skull icons to see our data.

Read the Infographic Novel

Government Security News Honored Safe Access in 4th Annual Homeland Security Awards

Last week, Government Security News named our network access control security solution, Safe Access, as the winner of its “Best Endpoint Security Solution” Award.  This honor was announced at the magazine’s 4th Annual Homeland Security Awards event in Washington, D.C.  Our win means that Safe Access, which delivers a full range of functionality from testing to remediation, as well as wide ranging BYOD support, was recognized as the most secure NAC solution on the market.  We are absolutely delighted to be to be recognized for this high honor.

For more than 12 years, we at StillSecure have been delivering a complete NAC solution that stops unauthorized access, prevents malicious endpoint activity, and enforces government (and commercial) organizations’ security policies.  When we say Safe Access is a “complete” solution, we mean that Safe Access delivers a full range of NAC functionality, including pre-connect testing, post-connect monitoring, enforcement and quarantining, identity-based management, and remediation.

The GSN awards program celebrates the leading vendors of IT and physical security products for notable achievements in government initiatives.  Recipients are recognized for helping governmental agencies maintain secure network access control solutions, which is no small task as NAC providers must work around the clock to help them eliminate security breaches.  However, our hard work has paid off handsomely – this win comes as a welcomed validation of our continued innovation and success in the NAC marketplace.

And, a big congratulations to each of the other Homeland Security Awards winners!  A full list can be seen here  and our “official” announcement can be seen here.

Security Event Log Management – Detecting attacks by their side-effects in log data

James D. Brown, CTO, StillSecure

Log Management can mean everything from consuming logs and placing them into a central location for search and review to performing smart filtering and notifications, to zeroing in on particular areas of interest such as system and application health, configuration auditing, and security event identification and response. It’s this latter form that I mean to discuss as I continue my series on layered security, and as I’ve done in the past, I’ll be talking about why no one security tool can provide sufficient security for your environment.

What is it? 

StillSecure’s take on log management is actually what we call Security Event Log Management (SELM) to reflect the fact that we focus on security events only, and not on other areas. We analyze log events and notify our customers and/or take preventive action if we detect attacks in progress, or evidence of an actual compromise.

While we only analyze potential security events, we archive all log data (including system and application health and configuration auditing data) for a minimum of 12 months in case you need the data later for audits, forensics, or other reasons.

How does it work? 

Our Network Security Appliance collects data from the servers, switches, and endpoint we protect. We do this by collecting data from multiple log sources in a protected environment, either by taking raw log information from syslog, or by installing a lightweight agent on the protected hosts.

We send all this log data up to our server farm where it’s split into two separate paths: an archive path for long-term (at least 12 months) storage, and an analysis path. The archive path compresses and securely stores the log data in case it’s needed in the future. The analysis path is where each security related log event – determined by a complex set of rules developed by our Security Alert Team (SAT) – is assessed and the customer notified if we see potential evidence of system compromise or attacks in progress.

Why do I need it?

Security Event Log Management is yet another layer of security, deployed with the goal of making it ever more difficult for an attacker to breach your network unnoticed and unstopped. SELM actually catches the side-effects of an attack in progress or what that’s already occurred by looking at how the system reacts to the attack in its logs.

Security Event Log Management is yet another layer of security, deployed with the goal of making it ever more difficult for an attacker to breach your network unnoticed and unstopped. SELM actually catches the side-effects of an attack in progress or what that’s already occurred by looking at how the system reacts to the attack in its logs.

The classic example of this is identifying multiple login attempts from a single IP address. In this case, other security measures see nothing wrong, because the attacker is connecting to a port that you’ve allowed through your firewall, the attacker is acting according to accepted protocols as far as IDPS and WAF are concerned, so they don’t flag anything. However, an intruder that is allowed to go unchecked and try different passwords over and over may eventually get lucky and gain remote access to your system.

With SELM, our Security Operations Centers will not only identify that the attack is occurring, but they will take steps to block further traffic from the offending IP address, especially if the source IP address has a reputation as an attacker host. Finally, we’ll notify you of the attempted breach, so that can take any other necessary steps, like auditing your user accounts, changing your firewall configuration, or adding a VPN to prevent the exposure of the attacked service.

Another important benefit of SELM is protection against trusted agents like malicious employees. In this case, SELM continuously ships log evidence off the attacked servers to a protected server off-site where the data is analyzed and archived, and where it’s available should the attacker try to later cover their tracks. The data is stored exactly as it’s sent from the server (with the minor exception of reversible lossless compression), so the chain of evidence is preserved. That will give you the ammunition you need to take steps to recover your losses.

Why managed Security Event Log Management?

Like most security solutions, if you don’t monitor them 24×7, don’t keep all your signatures up to date, or you’re not sure how to tune, manage, and analyze their output, you’re not getting meaningful protection. SELM is no different: it’s useful only if you’re also vigilant.

Further, having to set up a remote log storage facility that complies with best practices such as the PCI DSS or SSAE-16 is expensive, and you have to go through an annual audit to maintain compliance. A lot of times, it’s just too costly and too distracting for your business to go through all that hassle.

With StillSecure’s Security Event Log Management, you get expert monitoring and response, full integration with a variety of other security services, preventive action, and 24×7 notifications so you can sleep at night knowing you’re protected. You also benefit from StillSecure’s Security Alert Team and their efforts to continually find new ways to detect attacks visible through logs.

Coming up next … 

In my next post, I’ll talk about how File Integrity Monitoring fits with the SELM picture to provide even more protection and exposes even more side-effects of an attack that again may not be detectable by IDPS, or WAF.

Healthcare-record compliance is a SaaS problem too

Among companies handling patient records, the Health Information Technology for Economic and Clinical Health (HITECH) Act is old news. Going into effect in February 2009, this legislation sought to advance health information technology use standards to eventually make certain functions and safeguards mandatory, increasing the requirements for compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Software as a Service (SaaS) providers, though, may not be fully aware of the significance of HITECH as it relates to their handling of data. A SaaS that deals with healthcare information, such as one that provides practice management or electronic health and medical record (EHR/EMR) applications, is subject to the same compliance standards as the medical institution itself.

Compliance gets fairly complicated, as one might expect. Privacy safeguards apply to the vast majority of patient data, and HITECH demands evidence of administrative (policy/procedure) safeguards, physical security (local access to hosting hardware) and technical safety (remote access/communication control).

Addressing HIPAA HITECH’s requirements takes a skilled IT team who can manage compliance, plus external audit and IT resources. That’s all as expensive as it sounds, but there is another option available.

SaaS providers seeking secure, scalable infrastructure to handle medical data are increasingly using third-party managed or hybrid hosting solutions. Hostway, in partnership with StillSecure, offers a third-party audited HIPAA HITECH-specific compliance bundle that addresses the bulk of compliance concerns. At the same time, partnering with a hosting provider like Hostway also provides SaaS businesses with expert technicians, proven tools and technology, and certified processes.

Third-party hosting suppliers should be carefully assessed for compliance capability across managed servers, private clouds and hybrid clouds. Ideally, an auditor-approved solution is available that specifically addresses HIPAA HITECH compliance.

Here’s a quick look at what a SaaS should demand of a hosting partner where HITECH is concerned:

  • Policies and procedures: A reliable security operations center should be backed by change control management, daily security log reviews, periodic firewall rule configuration reviews, alert escalation and incident response procedures.
  • Analysts: Response time is a big element of compliance. Around-the-clock IT availability on security and HIPAA HITECH management is essential. Worldwide threat monitoring and ability to address incoming customer inquiries are also key components.

SaaS providers have to take a serious look at how they are securing the data that passes through their applications. But rather than invest the time and money to build up a HIPAA HITECH compliance solution of their own, these companies should shop for an independently audited solution from a hosting provider. What a SaaS needs is out there, ready to go at a minor expense relative to do-it-yourself compliance. Look for a vendor with a package of proven network security and compliance technologies, a comprehensive data center safety plan, and round-the-clock expert monitoring and management. Then let them handle the hosting, so you can stick to what you do best – the business of developing and providing your software to the healthcare practices that depend on you.

To learn even more about HIPAA HITECH and available solutions to help keep your business in compliance, attend Hostway and StillSecure’s free webinar on November 28, 2012. Reserve your seat now.

It’s All About Data Security

StillSecure Security Expert Jack Callaghan to present at this year’s ISACA Conference

StillSecure’s resident security expert Jack Callaghan has been invited again this year as a presenter at ISACA’s North America Information Security and Risk Management (ISR M) and IT Governance Risk and Compliance Conference (IT GR C) taking place November 14-16 in Las Vegas.  The world-class event is designed to help address the issues and concerns of information security, governance, compliance and risk management professionals.

Callaghan will leverage his security and compliance expertise to discuss the current threat landscape. He’ll explore why understanding where data lives and how it is protected have become essential to successfully protecting an organization’s most critical assets.

Jack, along with 3 other industry experts will be part of Track 5: IT Risk and Exposure Management Solutions panel, entitled, “Industrial Control Systems with Supervisory Control and Data Acquisition (ICS/SCADA) Panel:  Discussion on Your Enterprise’s Preparedness and Ability to Mitigate Risk on Nov. 14, from 3:45 – 5:00 p.m.

The panel will examine a SCADA-related incident and its affects across individual, enterprise, and governmental boundaries.  Working with attendees the experts will examine operational impacts, levels of preparedness, readiness to mitigate, and the response of organizations.  During the panel the practical ability for all participants to utilize, manage and secure their data assets will be reviewed, focusing on the practical steps toward continuity under such adverse conditions.

As a regular attendee and presenter at ISACA events for more than 10 years, Jack sees participation as invaluable to working effectively within the security community.  According to Jack, “The exchange of experience and discoveries generates crucial insights to a rapidly changing landscape of threats and exploits. There’s no magic bullet, only knowledge and vigilance.  Data is today’s coin-of-the-realm, theft is eternal, only the ‘tech’ changes.”

Jack will also be presenting two sessions:

Check out this ISACA video to watch Jack in action talking about the latest security and risk trends.

Jack was also recently invited to participate in this year’s ISACA Task Force.  More to come on that front so stay tuned!