Archive for October, 2011

Heathrow,12th October 2011

RSA Executives Call for New Approach to Security

Building on Valuable Lessons Learned, Executives Offer Insights and Steps to Develop the Advanced Security Systems Needed to Thwart Advanced Threats

RSA Conference Europe 2011 – London

Following on from the well publicised breach at RSA earlier this year all eyes were on the RSA Excecutives for the keynote speech delivered at the RSA conference in London last week.

“From an Armadillo point of view as one of RSA’s largest partners in EMEA, I was very interested in the steps RSA has taken post the much publicised breach. More importantly I was looking for RSA to further demonstrate their strength in dealing with the ever evolving security threats we now all face. Armadillo has been very much ahead of the game in this area, already discussing various advanced solutions with our clients to enhance the traditional security solutions which have now been proved to be ineffective. ” said Andy Mayle - Technical Manager at Armadillo Managed Services Ltd”

The RSA European conference delivered on both fronts and below is a summary of the main message to be taken from the week.

RSA executives deliver keynote address to IT professionals assembled to gain insights from security leaders’ “Lesson’s Learned” and advice for preparing for and mitigating advanced cyber threats

Company launches RSA NetWitness® Spectrum to accelerate the identification of zero day malware that blocking tools often miss

RSA announces software developer kits (SDKs) designed to help mobile application developers embed strong layers of security and access control into leading mobile application platforms

Executives of RSA, The Security Division of EMC (NYSE: EMC) today advised security professionals that the new fact of life for IT organizations is a state of persistent, dynamic, intelligent threats in which it is no longer a matter of if an organization will be compromised, but more likely when and how. The key to combating these threats, they say, is to recognize the different tactics and tools used in these advanced attacks and automate the response of controls to defend information assets, isolate compromised elements of the infrastructure and ensure that network compromise does not lead to damage to the business.

In a joint keynote address, Art Coviello, Executive Vice President for EMC and Executive Chairman of RSA, and Tom Heiser, President of RSA, discussed the evolving threat landscape and urged organizations to create advanced security systems capable of defending against these new threats and agile enough to meet the advanced challenges of today’s hyper-extended enterprise.

“2011 has been quite a year for us and for anyone on the security side of IT,” said Art Coviello during his keynote address. “It’s been a year of headline grabbing attacks across every corner of the world. Organizations are defending themselves with the information security equivalent of the Maginot Line as their adversaries easily outflank perimeter defenses. People are the new perimeter contending with zero-day malware delivered through spear-phishing attacks that are invisible to traditional perimeter-based security defenses such as Anti Virus and Intrusion Detection Systems. Clearly conventional security is either not effective or not enough. The threat landscape is evolving and our security systems must change to outpace our adversaries.”

To defend against advanced threats, security programs must evolve to be risk-based, agile and contextual.

Risk-based – Risk is a function of the threat landscape, including understanding an organization’s adversaries and capabilities compared with the relative security exposure of the organization’s information assets. Intelligence about your potential attackers and most valuable assets shows you where to focus your efforts, such as what systems to protect and what users to closely monitor.

Agile – The threat landscape will continue to evolve, and a successful outcome requires that organizations have the agility to process, incorporate and analyze new sources of internal and external intelligence - on the fly. Automation is absolutely essential for security to work at the speed and scale of the networks and cyber threats we face.

Contextual – Incident response, investigation and remediation are most effective when a security event is delivered with complete context around it. The success of prioritizing and decision-making is dependent on having the best information available. Organizations must adopt a “big data” view of information security in which their security teams have real-time access to the entirety of information relevant to the detection of security problems. Big data combined with high-speed analytics provides the contextual view needed to defend against advanced threats.

RSA President Tom Heiser conveyed ‘Lessons Learned’ from the attack on RSA, and from an insider’s vantage point, offered specific advice on what organizations can do to help harden their defenses and adapt appropriately to the evolving threats. He advised, “Sophisticated attackers know traditional security controls and are adapting and changing tactics… determined to find exploits in complex, rapidly evolving IT environments and through people.”

Heiser closed his remarks by offering five categories of forward-leaning practices for getting ahead of advanced cyber threats:

Re-visit your view of risk — Conduct a risk assessment to identify your high value / high risk information assets, looking at things from an opponent’s perspective, and with an eye to real, not theoretical, opponents.

Re-think zero-day malware protection – don’t stop using traditional anti-virus tools, but recognize that they alone will not be sufficient against customized attacks.

Deploy security and network forensics capabilities for continuous monitoring, for deeper awareness and analysis of network traffic (this is different from traditional intrusion detection, which is past its freshness).

Harden authentication and tighten access control.

Increase user and executive education and communication – the human dimension is as important as the tools you deploy.

Additional News from RSA

The company also announced the availability of RSA NetWitness Spectrum, a state-of-the-art malware analytical workbench that revolutionizes the identification and analysis of zero-day malware. Conference delegates can see the new capabilities in booth #D1.

RSA is also offering software developers the capability to build in additional layers of security and access control into mobile applications for the leading mobile application platforms through the integration of RSA’s award-winning RSA SecurID and RSA Adaptive Authentication solutions. By extending strong and risk-based authentication controls to mobile, developers of mobile applications for business, banking and data access can help increase security and confidence in their mobile products.

Heathrow, 6th October 2011

Armadillo and RedSeal Selected by Betfair for Proactive Network Security

Global Online Betting Market Leader Embraces RedSeal Security Solutions

SAN MATEO, CA–(Marketwire - Sep 19, 2011) - RedSeal Systems, Inc. today announced that online gaming giant Betfair has selected RedSeal’s proactive network security assessment solutions to further strengthen its defensive infrastructure and protect critical information systems.

RedSeal empowers enterprise organizations to analyze any possible path of access permitted or denied across their entire network to understand real-world points of IT risk before they can be compromised.

Rather than addressing individual threats, aggregating log data or auditing the behavior of individual firewalls or routers, RedSeal models the interaction of all network defenses to provide detailed visibility into any gaps in security, empower continuous compliance with industry regulations and ensure protection of key business assets.

By providing management with the unique ability to identify exposure to real-world threats and create metrics to trend the efficacy of network security defenses over time, RedSeal allows organizations with complex infrastructure to understand and improve the effectiveness of their overall security strategy.

“The complexity and incessant change in today’s enterprise networks has made it impossible for people to manage security without the aid of automation,” said Dr. Mike Lloyd, Chief Technology Officer at RedSeal. “We’re very pleased to list Betfair as a customer, as they are a high-profile leader in their industry who recognized RedSeal as a solution that’s necessary to address today’s real-world security challenges.”

Facilitating Betfair’s adoption of RedSeal was UK security systems integration specialists Armadillo, which has established a long-standing reputation within the gaming industry, along with other key verticals including the government and financial services sectors.

“RedSeal represents a tremendous opportunity for enterprise organizations to adopt a powerful, innovative new methodology for visualizing network security to bolster compliance and improve protection of assets and information,” said Mark Newns, CEO of Armadillo. “We’re proud to have helped bring RedSeal into a respected organization such as Betfair and believe that there’s huge potential for this solution to advance network security and risk management across our entire customer base.”

For more information on RedSeal Systems solutions and professional services, please contact us at +44(0)208 6106090 or email info@armadillouk.com to arrange a demo

About RedSeal Systems, Inc.
RedSeal Systems develops proactive network security assessment software that enables organizations to visualize their security standing, maintain continuous compliance with regulations and better protect their critical assets. Unlike systems that detect attacks once they occur, RedSeal identifies holes in security infrastructure before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls and all other network security devices, delivering in-depth understanding of real-world exposure. For more information, visit RedSeal at www.redseal.net

About Armadillo
Armadillo is the UK’s leading security solutions integrator with an extensive portfolio of complementary products that make us unique in our ability to provide true end-to-end security solutions, customised to meet a client’s specific technology and budgetary requirements. Our approach to delivering client solutions has evolved over a number of years through a wealth of experience in architecting, delivering and maintaining solutions for large and small enterprises across all market sectors, featuring strongly in the financial services, online gaming, legal, public, retailing and Government sectors. For more information, visit Armadillo at www.armadillouk.com

About Betfair
Betfair is one of the world’s largest international online sports betting providers and pioneered the betting exchange in 2000. Driven by cutting-edge technology, Betfair enables customers to choose their own odds and bet against each other. The company now processes over five million transactions a day from its three million registered customers around the world. In addition to sports betting, Betfair offers a portfolio of innovative products including casino, exchange games and poker. Betfair has twice been named the UK’s ‘Company of the Year’ by the Confederation of British Industry and has won two prestigious Queen’s Awards for Enterprise, being recognised for Innovation in 2003 and most recently for International Trade in 2008. Betfair currently employs over 2,000 people worldwide. The company holds betting licences in Gibraltar, the US, Tasmania, Italy and Malta. For more information, visit Betfair at www.betfair.com